Total CVEs

142,714

Critical Severity

4,025

High Severity

14,400

Last 7 Days

1,411
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 18,361 - 18,380 of 39,119 CVEs
CVE-2026-32885 MEDIUM - 6.5

DDEV is an open-source tool for running local web development environments for PHP and Node.js. Versions prior to 1.25.2 have unsanitized extraction in both `Untar()` and `Unzip()` functions in `pkg/archive/archive.go`. Downloads and extracts archives from remote sources without path validation. Ver...

Vendor: ddev
Product: ddev
Published: Apr 22, 2026
Source: NVD
CVE-2026-1660 MEDIUM - 6.5

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.3 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that under certain conditions could have allowed an authenticated user to cause denial of service when importing issues due to improper input validation.

Vendor: gitlab
Product: gitlab
Published: Apr 22, 2026
Source: NVD
CVE-2025-9957 LOW - 2.7

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.2 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that under certain conditions could have allowed an authenticated user with project owner permissions to bypass group fork prevention settings due to improper...

Vendor: gitlab
Product: gitlab
Published: Apr 22, 2026
Source: NVD
CVE-2025-6016 MEDIUM - 6.5

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.2 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that could have allowed an authenticated user to cause denial of service due to insufficient resource allocation limits when retrieving notes under certain con...

Vendor: gitlab
Product: gitlab
Published: Apr 22, 2026
Source: NVD
CVE-2025-3922 MEDIUM - 6.5

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.4 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that could have allowed an authenticated user to cause denial of service by overwhelming system resources under certain conditions due to insufficient resourc...

Vendor: gitlab
Product: gitlab
Published: Apr 22, 2026
Source: NVD
CVE-2025-0186 MEDIUM - 6.5

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.6 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that could have allowed an authenticated user to cause denial of service under certain conditions by exhausting server resources by making crafted requests to...

Vendor: gitlab
Product: gitlab
Published: Apr 22, 2026
Source: NVD
CVE-2026-30139 MEDIUM - 6.1

A reflected cross-site scripting (XSS) vulnerability in the AdvancedSearch functionality of Silverpeas Core before version 6.4.6 allows attackers to execute arbitrary JavaScript in the context of a user's browser via crafted input.

Published: Apr 22, 2026
Source: NVD
CVE-2025-58922 MEDIUM - 4.3

Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Avada allows Cross Site Request Forgery.This issue affects Avada: from n/a before 7.13.2.

Vendor: ThemeFusion
Product: Avada
Published: Apr 22, 2026
Source: NVD
CVE-2024-58344 MEDIUM - 6.4

Carbon Forum 5.9.0 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious JavaScript code through the Forum Name field in dashboard settings. Attackers with admin privileges can store JavaScript payloads in the Forum Name field that exec...

Vendor: 94Cb
Product: Carbon Forum
Published: Apr 22, 2026
Source: NVD
CVE-2018-25272 CRITICAL - 9.8

ELBA5 5.8.0 contains a remote code execution vulnerability that allows attackers to obtain database credentials and execute arbitrary commands with SYSTEM level permissions. Attackers can connect to the database using default connector credentials, decrypt the DBA password, and execute commands via ...

Vendor: Elba
Product: ELBA5
Published: Apr 22, 2026
Source: NVD
CVE-2018-25271 MEDIUM - 6.2

Textpad 8.1.2 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long buffer string through the Run command interface. Attackers can paste a 5000-byte payload into the Command field via Tools > Run to trigger a buffer overfl...

Vendor: Textpad
Product: Textpad
Published: Apr 22, 2026
Source: NVD
CVE-2018-25270 CRITICAL - 9.8

ThinkPHP 5.0.23 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by invoking functions through the routing parameter. Attackers can craft requests to the index.php endpoint with malicious function parameters to execute system commands...

Vendor: Thinkphp
Product: ThinkPHP
Published: Apr 22, 2026
Source: NVD
CVE-2018-25269 MEDIUM - 6.1

ICEWARP 11.0.0.0 contains a cross-site scripting vulnerability that allows attackers to inject malicious HTML elements into emails by embedding base64-encoded payloads in object and embed tags. Attackers can craft emails containing data URIs with embedded scripts that execute in the client when the ...

Vendor: icewarp
Product: ICEWARP Client
Published: Apr 22, 2026
Source: NVD
CVE-2018-25268 HIGH - 8.4

LanSpy 2.0.1.159 contains a local buffer overflow vulnerability that allows attackers to overwrite the instruction pointer by supplying oversized input to the scan field. Attackers can craft a payload with 688 bytes of padding followed by 4 bytes of controlled data to crash the application or potent...

Vendor: Lizardsystems
Product: LanSpy
Published: Apr 22, 2026
Source: NVD
CVE-2018-25267 MEDIUM - 6.2

UltraISO 9.7.1.3519 contains a local buffer overflow vulnerability in the Output FileName field of the Make CD/DVD Image dialog that allows attackers to overwrite SEH and SE handler records. Attackers can craft a malicious filename string with 304 bytes of data followed by SEH record overwrite value...

Vendor: Ultraiso
Product: UltraISO
Published: Apr 22, 2026
Source: NVD
CVE-2018-25266 MEDIUM - 6.2

Angry IP Scanner 3.5.3 contains a buffer overflow vulnerability in the preferences dialog that allows local attackers to crash the application by supplying an excessively large string. Attackers can generate a file containing a massive buffer of repeated characters and paste it into the unavailable ...

Vendor: Angryip
Product: Angry IP Scanner
Published: Apr 22, 2026
Source: NVD
CVE-2018-25265 HIGH - 8.4

LanSpy 2.0.1.159 contains a local buffer overflow vulnerability in the scan section that allows local attackers to execute arbitrary code by exploiting structured exception handling mechanisms. Attackers can craft malicious payloads using egghunter techniques to locate and execute shellcode, trigger...

Vendor: Lizardsystems
Product: LanSpy
Published: Apr 22, 2026
Source: NVD
CVE-2018-25262 MEDIUM - 6.2

Angry IP Scanner for Linux 3.5.3 contains a denial of service vulnerability that allows local attackers to crash the application by supplying malformed input to the port selection field. Attackers can craft a malicious string containing buffer overflow patterns and paste it into the Preferences Port...

Vendor: Angryip
Product: Angry IP Scanner for Linux
Published: Apr 22, 2026
Source: NVD
CVE-2018-25261 HIGH - 8.4

Iperius Backup 5.8.1 contains a local buffer overflow vulnerability in the structured exception handling (SEH) mechanism that allows local attackers to execute arbitrary code by supplying a malicious file path. Attackers can create a backup job with a crafted payload in the external file location fi...

Vendor: Iperiusbackup
Product: Iperius Backup
Published: Apr 22, 2026
Source: NVD
CVE-2018-25260 HIGH - 8.4

MAGIX Music Editor 3.1 contains a buffer overflow vulnerability in the FreeDB Proxy Options dialog that allows local attackers to execute arbitrary code by exploiting structured exception handling. Attackers can craft a malicious payload, paste it into the Server field via the CD menu's FreeDB ...

Vendor: Magix
Product: MAGIX Music Editor
Published: Apr 22, 2026
Source: NVD