Total CVEs

143,745

Critical Severity

4,091

High Severity

14,757

Last 7 Days

1,554
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 781 - 800 of 1,590 CVEs

Vulnerability in the RDBMS component of Oracle Database Server. Supported versions that are affected are 19.3-19.30. Easily exploitable vulnerability allows high privileged attacker having Row Access Method privilege with network access via multiple protocols to compromise RDBMS. Successful attack...

Vendor: oracle
Product: database_server
Published: Apr 21, 2026
Source: NVD

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0....

Vendor: oracle
Product: jre
Published: Apr 21, 2026
Source: NVD

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0...

Vendor: oracle
Product: jre
Published: Apr 21, 2026
Source: NVD

Vulnerability in the Oracle User Management product of Oracle E-Business Suite (component: Workflow and Business Events). Supported versions that are affected are 12.2.7-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle User ...

Vendor: oracle
Product: user_management
Published: Apr 21, 2026
Source: NVD

Vulnerability in Oracle Java SE (component: Libraries). The supported version that is affected is Oracle Java SE: 25.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Successful attacks of this vulnerab...

Vendor: oracle
Product: jdk
Published: Apr 21, 2026
Source: NVD

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0....

Vendor: oracle
Product: graalvm
Published: Apr 21, 2026
Source: NVD

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to comp...

Vendor: oracle
Product: mysql_server
Published: Apr 21, 2026
Source: NVD
CVE-2026-6745 LOW - 3.5

A vulnerability was determined in Bagisto up to 2.3.15. Affected by this vulnerability is an unknown functionality of the component Custom Scripts Handler. This manipulation causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be...

Published: Apr 21, 2026
Source: NVD
CVE-2026-6743 LOW - 3.5

A vulnerability has been found in WebSystems WebTOTUM 2026. This impacts an unknown function of the component Calendar. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading the affected component...

Published: Apr 21, 2026
Source: NVD

BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.4.3, decode_signed32() in src/bacnet/bacint.c reconstructs a 32-bit signed integer from four APDU bytes using signed left shifts. When any of the four bytes has bit 7 set (value โ‰ฅ 0x80), the left-shift ope...

Vendor: bacnet-stack
Product: bacnet-stack
Published: Apr 21, 2026
Source: NVD

October is a Content Management System (CMS) and web platform. Prior to 3.7.16 and 4.1.16, fine-grained sub-permission checks for asset and blueprint file operations were not enforced in the CMS and Tailor editor extensions. This only affects backend users who were explicitly granted editor access b...

Vendor: octobercms
Product: october
Published: Apr 21, 2026
Source: NVD

October is a Content Management System (CMS) and web platform. Prior to 3.7.16 and 4.1.16, a reflected Cross-Site Scripting (XSS) vulnerability was identified in the backend DataTable widget where a query parameter was rendered without proper output escaping. This vulnerability is fixed in 3.7.16 an...

Vendor: octobercms
Product: october
Published: Apr 21, 2026
Source: NVD

HCL BigFix Service Management is susceptible to HTTP Request Smuggling.ย  HTTP request smuggling vulnerabilities arise when websites route HTTP requests through web servers with inconsistent HTTP parsing. HTTP Smuggling exploits inconsistencies in request parsing between front-end and back-end server...

Vendor: HCLSoftware
Product: BigFix Service Management (SM)
Published: Apr 21, 2026
Source: NVD

PcManager is affected by type privilege bypass, successful exploitation of this vulnerability may affect service availability

Vendor: Honor
Product: PcManager
Published: Apr 21, 2026
Source: NVD

OpenBao is an open source identity-based secrets management system. OpenBao's namespaces provide multi-tenant separation. Prior to version 2.5.3, a tenant who leaks token accessors can have their token revoked or renewed by a privileged administrator in another tenant. This is addressed in v2.5...

Vendor: openbao
Product: openbao
Published: Apr 21, 2026
Source: NVD

OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, `ExtractPluginFromImage()` in OpenBao's OCI plugin downloader extracts a plugin binary from a container image by streaming decompressed tar data via `io.Copy` with no upper bound on the number of bytes w...

Vendor: openbao
Product: openbao
Published: Apr 21, 2026
Source: NVD

OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, OpenBao's Certificate authentication method, when a token renewal is requested and `disable_binding=true` is set, attempts to verify the current request's presented mTLS certificate matches the orig...

Vendor: openbao
Product: openbao
Published: Apr 21, 2026
Source: NVD
CVE-2026-6651 LOW - 2.4

A security flaw has been discovered in erponline.xyz ERP Online up to 4.0.0. This vulnerability affects unknown code of the component Inventory Edit Item Page. The manipulation of the argument Item Name results in cross site scripting. The attack may be launched remotely. The exploit has been releas...

Published: Apr 20, 2026
Source: NVD
CVE-2026-6648 LOW - 3.5

A vulnerability was found in Qibo CMS 1.0. Affected by this vulnerability is an unknown functionality of the component Internal Message Module. Performing a manipulation results in cross site scripting. The attack can be initiated remotely. The exploit has been made public and could be used. The ven...

Published: Apr 20, 2026
Source: NVD
CVE-2026-6633 LOW - 3.5

A security flaw has been discovered in Yifang CMS up to 2.0.5. The impacted element is the function store of the file plugins/yifang_backend_account/logic/admin/L_rbac_admin.php of the component Extended Management Module. The manipulation of the argument Account results in cross site scripting. The...

Published: Apr 20, 2026
Source: NVD