Total CVEs

142,588

Critical Severity

4,002

High Severity

14,356

Last 7 Days

1,782
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 18,541 - 18,560 of 38,993 CVEs
CVE-2026-40924 MEDIUM - 6.5

Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Prior to 1.11.1, the HTTP resolver's FetchHttpResource function calls io.ReadAll(resp.Body) with no response body size limit. Any tenant with permission to create TaskRuns or PipelineRuns that reference t...

Vendor: tektoncd
Product: pipeline
Published: Apr 21, 2026
Source: NVD
CVE-2026-40923 MEDIUM - 5.4

Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Prior to 1.11.1, a validation bypass in the VolumeMount path restriction allows mounting volumes under restricted /tekton/ internal paths by using .. path traversal components. The restriction check uses strin...

Vendor: tektoncd
Product: pipeline
Published: Apr 21, 2026
Source: NVD
CVE-2026-40911 CRITICAL - 10.0

WWBN AVideo is an open source video platform. In versions 29.0 and prior, the YPTSocket plugin's WebSocket server relays attacker-supplied JSON message bodies to every connected client without sanitizing the `msg` or `callback` fields. On the client side, `plugin/YPTSocket/script.js` contains t...

Vendor: WWBN
Product: AVideo
Published: Apr 21, 2026
Source: NVD
CVE-2026-40910 MEDIUM - 6.5

frp is a fast reverse proxy. From 0.43.0 to 0.68.0, frp contains an authentication bypass in the HTTP vhost routing path when routeByHTTPUser is used as part of access control. In proxy-style requests, the routing logic uses the username from Proxy-Authorization to select the routeByHTTPUser backend...

Vendor: fatedier
Product: frp
Published: Apr 21, 2026
Source: NVD
CVE-2026-40906 CRITICAL - 9.9

Electric is a Postgres sync engine. From 1.1.12 to before 1.5.0, the order_by parameter in the ElectricSQL /v1/shape API is vulnerable to error-based SQL injection, allowing any authenticated user to read, write, and destroy the full contents of the underlying PostgreSQL database through crafted ORD...

Vendor: electric-sql
Product: electric
Published: Apr 21, 2026
Source: NVD
CVE-2026-40905 HIGH - 8.1

LinkAce is a self-hosted archive to collect website links. Prior to 2.5.4, a password reset poisoning vulnerability was identified in the application due to improper trust of user-controlled HTTP headers. The application uses the X-Forwarded-Host header when generating password reset URLs. By manipu...

Vendor: Kovah
Product: LinkAce
Published: Apr 21, 2026
Source: NVD
CVE-2026-40895 HIGH - 7.5

follow-redirects is an open source, drop-in replacement for Node's `http` and `https` modules that automatically follows redirects. Prior to 1.16.0, when an HTTP request follows a cross-domain redirect (301/302/307/308), follow-redirects only strips authorization, proxy-authorization, and cooki...

Vendor: follow-redirects
Product: follow-redirects
Published: Apr 21, 2026
Source: NVD
CVE-2026-40892 CRITICAL - 9.8

PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, a stack buffer overflow exists in pjsip_auth_create_digest2() in PJSIP when using pre-computed digest credentials (PJSIP_CRED_DATA_DIGEST). The function copies credential data using cred_info->data...

Vendor: pjsip
Product: pjproject
Published: Apr 21, 2026
Source: NVD
CVE-2026-35252 MEDIUM - 6.4

Vulnerability in the Oracle Security Service product of Oracle Fusion Middleware (component: C Oracle SSL API). Supported versions that are affected are 12.2.1.4.0 and 12.1.3.0.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle S...

Vendor: oracle
Product: fusion_middleware
Published: Apr 21, 2026
Source: NVD
CVE-2026-35251 HIGH - 7.5

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.2.6. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracl...

Vendor: oracle
Product: vm_virtualbox
Published: Apr 21, 2026
Source: NVD

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.2.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle ...

Vendor: oracle
Product: vm_virtualbox
Published: Apr 21, 2026
Source: NVD

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.2.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle ...

Vendor: oracle
Product: vm_virtualbox
Published: Apr 21, 2026
Source: NVD
CVE-2026-35248 MEDIUM - 5.0

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.2.6. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracl...

Vendor: oracle
Product: vm_virtualbox
Published: Apr 21, 2026
Source: NVD
CVE-2026-35247 MEDIUM - 6.0

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.2.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle ...

Vendor: oracle
Product: vm_virtualbox
Published: Apr 21, 2026
Source: NVD
CVE-2026-35246 HIGH - 7.5

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.2.6. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracl...

Vendor: oracle
Product: vm_virtualbox
Published: Apr 21, 2026
Source: NVD
CVE-2026-35245 HIGH - 7.5

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via RDP to compromise Oracle VM VirtualBox. Successful attacks of thi...

Vendor: oracle
Product: vm_virtualbox
Published: Apr 21, 2026
Source: NVD
CVE-2026-35244 MEDIUM - 5.2

Vulnerability in the Oracle Hyperion Infrastructure Technology product of Oracle Hyperion (component: Lifecycle Management). The supported version that is affected is 11.2.24.0.000. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle H...

Published: Apr 21, 2026
Source: NVD
CVE-2026-35243 HIGH - 7.8

Vulnerability in the Oracle Application Development Framework (ADF) product of Oracle Fusion Middleware (component: ADF Faces). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where...

Vendor: oracle
Product: application_development_framework
Published: Apr 21, 2026
Source: NVD
CVE-2026-35242 HIGH - 7.5

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.2.6. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracl...

Vendor: oracle
Product: vm_virtualbox
Published: Apr 21, 2026
Source: NVD
CVE-2026-35241 MEDIUM - 5.7

Vulnerability in the PeopleSoft Enterprise CS Student Records product of Oracle PeopleSoft (component: Research Tracking). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise...

Vendor: oracle
Product: peoplesoft_enterprise_cs_student_records
Published: Apr 21, 2026
Source: NVD