Total CVEs

142,518

Critical Severity

3,992

High Severity

14,327

Last 7 Days

1,906
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 16,121 - 16,140 of 38,923 CVEs
CVE-2026-41684 MEDIUM - 6.5

Incus is a system container and virtual machine manager. Prior to version 7.0.0, backup.GetInfo() trusts the inline backup/index.yaml config when present and only falls back to parsing the legacy backup/container/backup.yaml file if result.Config == nil. As a result, an archive can carry a valid inl...

Vendor: go
Product: github.com/lxc/incus/v6/cmd/incusd
Published: May 04, 2026
Source: GitHub

Incus is a system container and virtual machine manager. Prior to version 7.0.0, user provided image and backup tarballs would be unpacked and YAML files parsed without any size restrictions. This was making it easy for an authenticated user to provide a crafted image or backup tarball that when par...

Vendor: go
Product: github.com/lxc/incus/v6/cmd/incusd
Published: May 04, 2026
Source: GitHub
CVE-2026-41647 MEDIUM - 6.5

Incus is a system container and virtual machine manager. Prior to version 7.0.0, a missing error handling could lead an authenticated Incus user to cause a daemon crash through the import of a truncated storage bucket backup file. This issue has been patched in version 7.0.0.

Vendor: go
Product: github.com/lxc/incus/v6/cmd/incusd
Published: May 04, 2026
Source: GitHub
CVE-2026-41258 CRITICAL - 9.1

OpenMRS is an open source electronic medical record system platform. From 2.7.0 to before 2.7.9 and 2.8.6, the ConceptReferenceRangeUtility.evaluateCriteria() method in OpenMRS Core evaluates database-stored criteria strings as Apache Velocity templates without any sandbox configuration. The Velocit...

Vendor: maven
Product: org.openmrs.api:openmrs-api
Published: May 04, 2026
Source: GitHub
CVE-2026-41181 MEDIUM - 5.8

Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.44, 3.6.15, and 3.7.0-rc.3, there is an information disclosure vulnerability in Traefik's errors (custom error pages) middleware. When the backend returns a response matching the configured status range, the middleware forwards t...

Vendor: go
Product: github.com/traefik/traefik/v2
Published: May 04, 2026
Source: GitHub
CVE-2026-40893 HIGH - 8.2

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, Gotenberg only checks if the tag is exactly FileName, so System:FileName slips right through and ExifTool happily renames the file. This allows remote attackers to move, rename, and change permissions for arbitrary files. Th...

Vendor: go
Product: github.com/gotenberg/gotenberg/v8
Published: May 04, 2026
Source: GitHub
CVE-2026-40251 MEDIUM - 6.5

Incus is a system container and virtual machine manager. In versions before 7.0.0, missing validation logic in the storage volume import logic allows an authenticated user with access to the storage volume feature to cause the Incus daemon to crash. The backup restore subsystem contains an out-of-bo...

Vendor: go
Product: github.com/lxc/incus/v6/cmd/incusd
Published: May 04, 2026
Source: GitHub

Postfix before 3.8.16, 3.9 before 3.9.10, and 3.10 before 3.10.9 sometimes allows a buffer over-read and process crash via an enhanced status code that lacks text after the third number.

Vendor: Postfix
Product: Postfix
Published: May 04, 2026
Source: NVD
CVE-2026-42154 HIGH - 7.5

Prometheus is an open-source monitoring system and time series database. Prior to versions 3.5.3 and 3.11.3, the remote read endpoint (/api/v1/read) does not validate the declared decoded length in a snappy-compressed request body before allocating memory. An unauthenticated attacker can send a smal...

Vendor: prometheus
Product: prometheus
Published: May 04, 2026
Source: NVD
CVE-2026-42151 HIGH - 7.5

Prometheus is an open-source monitoring system and time series database. Prior to versions 3.5.3 and 3.11.3, the client_secret field in the Azure AD remote write OAuth configuration (storage/remote/azuread) was typed as string instead of Secret. Prometheus redacts fields of type Secret when serving ...

Vendor: prometheus
Product: prometheus
Published: May 04, 2026
Source: NVD
CVE-2026-38751 HIGH - 7.2

OpenSTAManager version 2.10 and earlier contains an arbitrary file upload vulnerability in the module update functionality (modules/aggiornamenti/upload_modules.php)

Published: May 04, 2026
Source: NVD
CVE-2026-25863 HIGH - 7.5

Conditional Fields for Contact Form 7 WordPress plugin through version 2.6.7 contains an uncontrolled resource consumption vulnerability in the Wpcf7cfMailParser class where the hide_hidden_mail_fields_regex_callback() method reads an iteration count directly from user-supplied POST parameters witho...

Vendor: Jules Colle
Product: Conditional Fields for Contact Form 7
Published: May 04, 2026
Source: NVD

Incus is a system container and virtual machine manager. In versions before 7.0.0, broken TLS validation logic in the OVN database connection logic can allow connections to an attacker's OVN database. The OVN client implementations disable Go standard TLS server verification and replace it with...

Vendor: go
Product: github.com/lxc/incus/v6/cmd/incusd
Published: May 04, 2026
Source: GitHub
CVE-2026-43616 HIGH - 7.1

Detect-It-Easy prior to 3.21 contains a path traversal vulnerability that allows attackers to write arbitrary files to the filesystem by crafting malicious archive entries with relative traversal sequences or absolute paths. Attackers can exploit insufficient path normalization during archive extrac...

Vendor: horsicq
Product: DIE-engine
Published: May 04, 2026
Source: NVD
CVE-2026-42796 CRITICAL - 9.8

Arelle before 2.39.10 contains an unauthenticated remote code execution vulnerability in the /rest/configure REST endpoint that accepts a plugins query parameter and forwards it to the plugin manager without authentication or authorization. Attackers can supply a URL to a malicious Python file throu...

Vendor: Arelle
Product: Arelle
Published: May 04, 2026
Source: NVD
CVE-2026-42146 MEDIUM - 5.5

CImg Library is a C++ library for image processing. Prior to commit c3aacf5, the nb_colors field read from the BMP file header is used directly to compute an allocation size without validating it against the remaining file size. A crafted BMP file with a large nb_colors value triggers an out-of-memo...

Vendor: GreycLab
Product: CImg
Published: May 04, 2026
Source: NVD
CVE-2026-42144 MEDIUM - 6.1

CImg Library is a C++ library for image processing. Prior to commit 4ca26bc, there is an integer overflow vulnerability in the W*H*D size computation inside _load_pnm() that can bypass the memory allocation guard. A crafted PNM/PGM/PPM file with large dimension values causes the overflow to wrap aro...

Vendor: GreycLab
Product: CImg
Published: May 04, 2026
Source: NVD
CVE-2026-42140 MEDIUM - 4.4

PlantUML Macro is a macro for rendering UML diagrams from simple textual schemes. Prior to version 2.4.1, the PlantUML Macro is vulnerable to Server-Side Request Forgery (SSRF). The macro allows users to specify an alternative PlantUML server via the server parameter. However, the application does n...

Vendor: xwiki-contrib
Product: macro-plantuml
Published: May 04, 2026
Source: NVD
CVE-2026-42138 MEDIUM - 6.1

Dify is an open-source LLM app development platform. Prior to version 1.13.1, using the method POST /api/files/upload, any unauthenticated user can upload an SVG file with XSS. The method POST /v1/files/upload, which requires authentication through the application API, is also vulnerable. This issue...

Vendor: langgenius
Product: dify
Published: May 04, 2026
Source: NVD
CVE-2026-42092 MEDIUM - 6.5

titra is an open source time tracking project. In version 0.99.52, the globalsettings Meteor publication returns all global settings without any admin or role check. Any authenticated user can subscribe via DDP and receive sensitive configuration fields such as google_secret, openai_apikey, and goog...

Vendor: titraio
Product: titra
Published: May 04, 2026
Source: NVD