Total CVEs

141,292

Critical Severity

3,799

High Severity

13,738

Last 7 Days

1,604
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 13,861 - 13,880 of 37,697 CVEs

Saltcorn is an extensible, open source, no-code database application builder. Prior to versions 1.4.6, 1.5.6, and 1.6.0-beta.5, Saltcorn validates the post-login dest parameter with a string check that only blocks :/ and //. Because all WHATWG-compliant browsers normalise backslashes (\) to forward ...

Vendor: saltcorn
Product: saltcorn
Published: May 07, 2026
Source: NVD
CVE-2026-42241 MEDIUM - 5.3

ParquetSharp is a .NET library for reading and writing Apache Parquet files. From version 18.1.0 to before version 23.0.0.1, DecimalConverter.ReadDecimal makes a stackalloc using what might be an attacker-supplied value. If an attacker declares a decimal column with some unreasonable width, this cou...

Vendor: G-Research
Product: ParquetSharp
Published: May 07, 2026
Source: NVD
CVE-2026-42239 HIGH - 8.1

Budibase is an open-source low-code platform. Prior to version 3.35.10, the budibase:auth cookie containing the JWT session token is set with httpOnly: false at packages/backend-core/src/utils/utils.ts:218. JavaScript can read this cookie via document.cookie. This means every XSS becomes a full acco...

Vendor: Budibase
Product: budibase
Published: May 07, 2026
Source: NVD
CVE-2026-42225 MEDIUM - 5.9

PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, on GnuTLS builds, the SIP TLS transport (sip_transport_tls) can accept connections with invalid or untrusted certificates even when the application explicitly enables certificate verification via ve...

Vendor: pjsip
Product: pjproject
Published: May 07, 2026
Source: NVD
CVE-2026-39836 HIGH - 7.5

The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL (0).

Vendor: Go standard library
Product: net
Published: May 07, 2026
Source: NVD
CVE-2026-39826 MEDIUM - 6.1

If a trusted template author were to write a <script> tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the <script> block.

Vendor: Go standard library
Product: html/template
Published: May 07, 2026
Source: NVD
CVE-2026-39825 MEDIUM - 5.3

ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to remove query parameters which are not parsed by url.ParseQuery. ReversePro...

Vendor: Go standard library
Product: net/http/httputil
Published: May 07, 2026
Source: NVD
CVE-2026-39823 MEDIUM - 6.1

CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a <meta> tag's <content> attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the <content> attribute, the escaper would fail to similarly ...

Vendor: Go standard library
Product: html/template
Published: May 07, 2026
Source: NVD
CVE-2026-39820 HIGH - 7.5

Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations.

Vendor: Go standard library
Product: net/mail
Published: May 07, 2026
Source: NVD
CVE-2026-39819 MEDIUM - 5.3

The "go bug" command writes to two files with predictable names in the system temporary directory (for example, "/tmp"). An attacker with access to the temporary directory can create a symlink in one of these names, causing "go bug" to overwrite the target of the symlin...

Vendor: Go toolchain
Product: cmd/go
Published: May 07, 2026
Source: NVD
CVE-2026-39817 MEDIUM - 5.9

The "go tool pack" subcommand (usually used only by the compiler as an internal tool with known-good inputs) does not sanitize output filenames. Extracting a malicious archive file with the "pack" subcommand can write files to arbitrary locations on the filesystem.

Vendor: Go toolchain
Product: cmd/go
Published: May 07, 2026
Source: NVD
CVE-2026-33814 HIGH - 7.5

When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.

Vendor: golang.org/x/net, Go standard library
Product: golang.org/x/net/http2, net/http
Published: May 07, 2026
Source: NVD
CVE-2026-33811 HIGH - 7.5

When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash.

Vendor: Go standard library
Product: net
Published: May 07, 2026
Source: NVD
CVE-2026-42879 MEDIUM - 6.3

FacturaScripts is an open source accounting and invoicing software. In 2025.81 and earlier, an authenticated unrestricted file upload vulnerability exists in FacturaScripts' product image upload functionality. An attacker with valid credentials can upload a PHP file disguised as a GIF image (us...

Vendor: composer
Product: facturascripts/facturascripts
Published: May 07, 2026
Source: GitHub
CVE-2026-42878 MEDIUM - 5.3

FacturaScripts is an open source accounting and invoicing software. Prior to v2026, an unauthenticated information disclosure vulnerability in the Installer controller allows any remote attacker to trigger phpinfo() on a fresh FacturaScripts deployment by requesting /?phpinfo=TRUE, exposing full PHP...

Vendor: composer
Product: facturascripts/facturascripts
Published: May 07, 2026
Source: GitHub
CVE-2026-42877 MEDIUM - 5.4

FacturaScripts is an open source accounting and invoicing software. In 2025.92 and earlier, a stored Cross-Site Scripting (XSS) vulnerability exists in the product search modal of sales (Core/Lib/AjaxForms/SalesModalHTML.php) and purchases documents (Core/Lib/AjaxForms/PurchasesModalHTML.php). An au...

Vendor: composer
Product: facturascripts/facturascripts
Published: May 07, 2026
Source: GitHub

FacturaScripts is an open source accounting and invoicing software. Versions 2025.7 and prior contain a Reflected Cross-Site Scripting (XSS) vulnerability through the fsNick cookie parameter. The application reflects the cookie's value directly into the HTML without sanitization. The fsNick coo...

Vendor: composer
Product: facturascripts/facturascripts
Published: May 07, 2026
Source: GitHub
CVE-2026-27892 MEDIUM - 6.5

FacturaScripts is an open source accounting and invoicing software. In versions prior to 2026, the Library module stores and serves uploaded images byte-for-byte, without stripping EXIF/XMP/IPTC metadata. Any authenticated user who downloaded an image could extract the uploader's embedded metad...

Vendor: composer
Product: facturascripts/facturascripts
Published: May 07, 2026
Source: GitHub
CVE-2026-27891 HIGH - 7.2

FacturaScripts is an open source accounting and invoicing software. Versions 2026 and below contain a critical vulnerability in the Plugins::add() function. The system fails to properly validate the file paths within uploaded ZIP archives. This allows an attacker to perform a Zip Slip attack, leadin...

Vendor: composer
Product: facturascripts/facturascripts
Published: May 07, 2026
Source: GitHub
CVE-2026-8086 MEDIUM - 5.3

A vulnerability was identified in OSGeo gdal up to 3.13.0dev-4. This issue affects the function SWnentries of the file frmts/hdf4/hdf-eos/SWapi.c. Such manipulation of the argument DimensionName leads to heap-based buffer overflow. The attack must be carried out locally. The exploit is publicly avai...

Vendor: osgeo
Product: gdal
Published: May 07, 2026
Source: NVD