Total CVEs

142,250

Critical Severity

3,947

High Severity

14,209

Last 7 Days

1,911
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 16,561 - 16,580 of 38,655 CVEs
CVE-2026-5407 MEDIUM - 5.5

SMB2 protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

Vendor: wireshark
Product: wireshark
Published: Apr 30, 2026
Source: NVD
CVE-2026-5406 MEDIUM - 5.5

FC-SWILS protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

Vendor: wireshark
Product: wireshark
Published: Apr 30, 2026
Source: NVD
CVE-2026-5402 HIGH - 8.8

TLS protocol dissector heap overflow in Wireshark 4.6.0 to 4.6.4 allows denial of service and possible code execution

Vendor: wireshark
Product: wireshark
Published: Apr 30, 2026
Source: NVD
CVE-2026-5401 MEDIUM - 5.5

AFP Spotlight protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

Vendor: wireshark
Product: wireshark
Published: Apr 30, 2026
Source: NVD
CVE-2026-5299 MEDIUM - 5.5

ICMPv6 PvD protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

Vendor: wireshark
Product: wireshark
Published: Apr 30, 2026
Source: NVD
CVE-2026-42798 MEDIUM - 4.0

Little CMS (lcms2) 2.16 through 2.18 before 2.19 has an integer overflow in ParseCube in cmscgats.c.

Vendor: littlecms
Product: little cms color engine
Published: Apr 30, 2026
Source: NVD
CVE-2026-42511 HIGH - 7.3

The BOOTP file field is written to the lease file without escaping embedded double-quotes, allowing injection of arbitrary dhclient.conf directives. When the lease file is subsequently re-parsed by dhclient, e.g., after a system restart, an attacker-controlled field from the lease is passed to dhcl...

Vendor: FreeBSD
Product: FreeBSD
Published: Apr 30, 2026
Source: NVD
CVE-2026-41226 MEDIUM - 6.1

Open redirect vulnerability exists in Multiple laser printers and MFPs which implement Ricoh Web Image Monitor. When accessing a specially crafted URL, the user may be redirected to an arbitrary website. As a result, the user may become a victim of a phishing attack.

Vendor: Ricoh Company, Ltd.
Product: Multiple laser printers and MFPs which implement Web Image Monitor
Published: Apr 30, 2026
Source: NVD
CVE-2024-39847 HIGH - 7.5

Unauthenticated attackers can exploit a weakness in the XML parser functionality of the SOAP endpoints in 4D server. This allows them to obtain read access to files on the application server and adjacent network shares, and perform HTTP GET requests to arbitrary services.

Vendor: 4D
Product: 4D Server
Published: Apr 30, 2026
Source: NVD
CVE-2026-7379 MEDIUM - 5.5

Memory leak in sharkd 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

Vendor: wireshark
Product: wireshark
Published: Apr 30, 2026
Source: NVD
CVE-2026-7378 MEDIUM - 5.5

Crash in sharkd 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

Vendor: wireshark
Product: wireshark
Published: Apr 30, 2026
Source: NVD
CVE-2026-7376 MEDIUM - 5.5

Crash in sharkd 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

Vendor: wireshark
Product: wireshark
Published: Apr 30, 2026
Source: NVD
CVE-2026-7375 MEDIUM - 5.5

UDS protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

Vendor: wireshark
Product: wireshark
Published: Apr 30, 2026
Source: NVD
CVE-2026-6868 MEDIUM - 5.5

HTTP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

Vendor: wireshark
Product: wireshark
Published: Apr 30, 2026
Source: NVD
CVE-2025-13030 HIGH - 7.1

All versions of the package django-mdeditor are vulnerable to Missing Authentication for Critical Function in the image upload endpoint. An attacker can upload malicious files and achieve arbitrary code execution since this endpoint lacks authentication protection and proper sanitisation of file nam...

Vendor: pylixm
Product: django-mdeditor
Published: Apr 30, 2026
Source: NVD
CVE-2026-7470 HIGH - 8.8

A flaw has been found in Tenda 4G300 US_4G300V1.0Mt_V1.01.42_CN_TDC01. Affected is the function sub_427C3C of the file /goform/SafeMacFilter. This manipulation of the argument page causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been published and m...

Vendor: tenda
Product: 4g300_firmware
Published: Apr 30, 2026
Source: NVD
CVE-2026-7469 MEDIUM - 6.3

A vulnerability was detected in Tenda 4G300 US_4G300V1.0Mt_V1.01.42_CN_TDC01. This impacts the function sub_425A28 of the file /goform/DelFil. The manipulation of the argument delflag results in command injection. The attack may be launched remotely. The exploit is now public and may be used.

Vendor: tenda
Product: 4g300_firmware
Published: Apr 30, 2026
Source: NVD
CVE-2026-7468 HIGH - 7.3

A security vulnerability has been detected in 1024-lab smart-admin up to 3.30.0. This affects an unknown function of the file /smart-admin-api/druid/index.html of the component Demo Site. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been d...

Published: Apr 30, 2026
Source: NVD
CVE-2026-7447 MEDIUM - 6.3

A flaw has been found in SourceCodester Pet Grooming Management Software 1.0. This vulnerability affects unknown code of the file /admin/update_customer.php. This manipulation of the argument type/length/business parameter validity causes sql injection. The attack is possible to be carried out remot...

Published: Apr 30, 2026
Source: NVD
CVE-2026-7446 HIGH - 7.3

A vulnerability was detected in VetCoders mcp-server-semgrep 1.0.0. This affects the function analyze_results/filter_results/export_results/compare_results/scan_directory/create_rule of the file src/index.ts of the component MCP Interface. The manipulation of the argument ID results in os command in...

Published: Apr 30, 2026
Source: NVD