Total CVEs

144,202

Critical Severity

4,148

High Severity

14,963

Last 7 Days

1,649
Quick preset (or use dates below)
Clear Filters
📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →
Showing 18,381 - 18,400 of 40,607 CVEs
CVE-2026-4502 MEDIUM - 6.5

IBM Langflow Desktop 1.2.0 through 1.8.4 Langflow could allow an authenticated attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to write arbitrary files on the system.

Published: Apr 30, 2026
Source: NVD
CVE-2026-40951 MEDIUM - 5.5

CVE-2026-40951 is a memory corruption vulnerability on Secure Access Windows clients prior to 14.50. Attackers with local control of the Windows client can send malformed data to an API and trigger a denial of service.

Vendor: Absolute Software
Product: Secure Access
Published: Apr 30, 2026
Source: NVD
CVE-2026-40950 MEDIUM - 6.5

CVE-2026-40950 is a buffer overflow vulnerability in the Secure Access server prior to 14.50. Attackers with control of a modified client can send a specially crafted message to the server and cause a denial of service

Vendor: Absolute Software
Product: Secure Access
Published: Apr 30, 2026
Source: NVD
CVE-2026-40949 MEDIUM - 4.4

CVE-2026-40949 is a buffer overflow vulnerability in the Secure Access Windows client prior to 14.50. Attackers with local control of the Windows client can use it to trigger a denial of service.

Vendor: Absolute Software
Product: Secure Access
Published: Apr 30, 2026
Source: NVD
CVE-2026-3346 MEDIUM - 6.4

IBM Langflow Desktop 1.6.0 through 1.8.4 Lanflow is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted sess...

Published: Apr 30, 2026
Source: NVD
CVE-2026-3340 MEDIUM - 6.5

IBM Langflow Desktop 1.0.0 through 1.8.4 IBM Langflow is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.

Published: Apr 30, 2026
Source: NVD
CVE-2026-33452 MEDIUM - 5.5

CVE-2026-33452 is a buffer overflow vulnerability in the Secure Access Windows client prior to 14.50. Attackers with local control of the Windows client can use it to ‘blue screen’ the system.

Vendor: Absolute Software
Product: Secure Access
Published: Apr 30, 2026
Source: NVD
CVE-2026-33451 HIGH - 7.8

CVE-2026-33451 is an arbitrary read/write vulnerability in the Secure Access Windows client prior to 14.50. Attackers with local control of the Windows client can send malformed data to an API and elevate their level of privilege to system.

Vendor: Absolute Software
Product: Secure Access
Published: Apr 30, 2026
Source: NVD
CVE-2026-33450 MEDIUM - 5.5

CVE-2026-33450 is an out of bounds read vulnerability in the Secure Access MacOS client prior to 14.50. Attackers with control of a modified server can send a malformed packet to the client causing a denial of service.

Vendor: Absolute Software
Product: Secure Access
Published: Apr 30, 2026
Source: NVD
CVE-2026-33449 HIGH - 7.5

CVE-2026-33449 is a buffer overflow in a message handling function of the Secure Access client prior to 14.50. Attackers with control of a modified server can send a cryptographically valid message to the client, overwriting a small portion of memory conceivably leading to a denial of service.

Vendor: Absolute Software
Product: Secure Access
Published: Apr 30, 2026
Source: NVD
CVE-2026-28532 MEDIUM - 6.5

FRRouting before 10.5.3 contains an integer overflow vulnerability in seven OSPF Traffic Engineering and Segment Routing TLV parser functions where a uint16_t accumulator variable truncates uint32_t values returned by the TLV_SIZE() macro, causing the loop termination condition to fail while pointer...

Vendor: FRRouting
Product: frr
Published: Apr 30, 2026
Source: NVD

Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, `pages.access/list` and `files.access/list` permissions are not consistently checked in the Panel and REST API. This issue has been patched in versions 4.9.0 and 5.4.0.

Vendor: composer
Product: getkirby/cms
Published: Apr 30, 2026
Source: GitHub
CVE-2026-42461 HIGH - 7.5

Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to version 1.18.0, four GET endpoints under /api/templates* in Arcane's Huma backend are registered without any Security requirement, allowing any unauthenticated network client to list and read the full...

Vendor: go
Product: github.com/getarcaneapp/arcane/backend
Published: Apr 30, 2026
Source: GitHub
CVE-2026-42560 CRITICAL - 9.1

auth provides authentication via oauth2, direct and email. From versions 1.18.0 to before 1.25.2 and 2.0.0 to before 2.1.2, the Patreon OAuth provider maps every authenticated Patreon account to the same local user.ID, instead of deriving a unique ID from the Patreon account returned by Patreon. In ...

Vendor: go
Product: github.com/go-pkgz/auth
Published: Apr 30, 2026
Source: GitHub
CVE-2026-42354 CRITICAL - 9.1

Sentry is an error tracking and performance monitoring tool. From version 21.12.0 to before version 26.4.1, a critical vulnerability was discovered in the SAML SSO implementation of Sentry. The vulnerability allows an attacker to take over any user account by using a malicious SAML Identity Provider...

Vendor: pip
Product: sentry
Published: Apr 30, 2026
Source: GitHub
CVE-2026-7429 MEDIUM - 4.6

SSCMS v7.4.0 contains a reflected cross-site scripting vulnerability in the STL processing endpoint that allows attackers to execute arbitrary JavaScript by crafting malicious STL template payloads that are decrypted and returned without proper sanitization. Attackers can exploit improper output enc...

Published: Apr 30, 2026
Source: NVD

CVE-2026-33448 is a format string vulnerability in the logging subsystem of Secure Access client for MacOS prior to 14.50. Attackers with control of a modified server can force the client to dump the contents of a small portion of memory to the log files potentially revealing secrets.

Vendor: Absolute Software
Product: Secure Access
Published: Apr 30, 2026
Source: NVD
CVE-2026-33447 CRITICAL - 9.8

CVE-2026-33447 is a buffer overflow in a message parsing function of the Secure Access client prior to 14.50. Attackers with control of a modified server can send a special packet that can overwrite a small portion of memory conceivably leading to memory corruption or denial of service.

Vendor: Absolute Software
Product: Secure Access
Published: Apr 30, 2026
Source: NVD
CVE-2026-33446 CRITICAL - 9.8

CVE-2026-33446 is a buffer overflow in the authentication sub-system of the Secure Access client prior to 14.50. Attackers with control of a modified server can send a special packet that can overwrite a small portion of memory conceivably leading to memory corruption or a denial of service.

Vendor: Absolute Software
Product: Secure Access
Published: Apr 30, 2026
Source: NVD
CVE-2025-56568 HIGH - 7.5

Assertion failure vulnerability in the PCO (Protocol Configuration Options) parser in the SMF (Session Management Function) component of Open5GS before v2.7.5 allows remote attackers to cause denial of service via specially crafted NGAP messages containing malformed length fields in protocol configu...

Published: Apr 30, 2026
Source: NVD