Total CVEs

142,750

Critical Severity

4,026

High Severity

14,425

Last 7 Days

1,421
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 18,561 - 18,580 of 39,155 CVEs
CVE-2026-6848 MEDIUM - 5.4

A flaw was found in Red Hat Quay. When Red Hat Quay requests password re-verification for sensitive operations, such as token generation or robot account creation, the re-authentication prompt can be bypassed. This allows a user with a timed-out session, or an attacker with access to an idle authent...

Published: Apr 22, 2026
Source: NVD
CVE-2026-33601 MEDIUM - 4.4

If you use the zoneToCache function with a malicious authoritative server, an attacker can send a zone that result in a null pointer dereference, caused by a missing consistency check and leading to a denial of service.

Vendor: PowerDNS
Product: Recursor
Published: Apr 22, 2026
Source: NVD
CVE-2026-33600 MEDIUM - 4.4

An RPZ sent by a malicious authoritative server can result in a null pointer dereference, caused by a missing consistency check and leading to a denial of service.

Vendor: PowerDNS
Product: Recursor
Published: Apr 22, 2026
Source: NVD
CVE-2026-33262 MEDIUM - 5.9

An attacker can send replies that result in a null pointer dereference, caused by a missing consistency check and leading to a denial of service. Cookies are disabled by default.

Vendor: PowerDNS
Product: Recursor
Published: Apr 22, 2026
Source: NVD
CVE-2026-33261 MEDIUM - 5.9

A zone transition from NSEC to NSEC3 might trigger an internal inconsistency and cause a denial of service.

Vendor: PowerDNS
Product: Recursor
Published: Apr 22, 2026
Source: NVD
CVE-2026-33260 MEDIUM - 5.3

An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default.

Vendor: PowerDNS
Product: Authoritative, DNSdist, Recursor
Published: Apr 22, 2026
Source: NVD
CVE-2026-33259 MEDIUM - 5.0

Having many concurrent transfers of the same RPZ can lead to inconsistent RPZ data, use after free and/or a crash of the recursor. Normally concurrent transfers of the same RPZ zone can only occur with a malfunctioning RPZ provider.

Vendor: PowerDNS
Product: Recursor
Published: Apr 22, 2026
Source: NVD
CVE-2026-33258 MEDIUM - 5.3

By publishing and querying a crafted zone an attacker can cause allocation of large entries in the negative and aggressive NSEC(3) caches.

Vendor: PowerDNS
Product: Recursor
Published: Apr 22, 2026
Source: NVD
CVE-2026-33257 MEDIUM - 5.3

An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default.

Vendor: PowerDNS
Product: Authoritative, DNSdist, Recursor
Published: Apr 22, 2026
Source: NVD
CVE-2026-33256 MEDIUM - 5.3

An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default.

Vendor: PowerDNS
Product: Recursor
Published: Apr 22, 2026
Source: NVD
CVE-2026-1930 MEDIUM - 4.3

The Emailchef plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the page_options_ajax_disconnect() function in all versions up to, and including, 3.5.1. This makes it possible for authenticated attackers, with Subscriber-level access and abo...

Published: Apr 22, 2026
Source: NVD
CVE-2026-1913 MEDIUM - 6.4

The Gallagher Website Design plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's login_link shortcode in all versions up to, and including, 2.6.4 due to insufficient input sanitization and output escaping on the 'prefix' attribute. This makes it possible...

Published: Apr 22, 2026
Source: NVD
CVE-2026-1395 MEDIUM - 6.4

The Gutentools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Slider block's block_id attribute in all versions up to, and including, 1.1.3. This is due to insufficient input sanitization and output escaping combined with a custom unescaping routine that reintrod...

Published: Apr 22, 2026
Source: NVD
CVE-2026-6846 HIGH - 7.8

A flaw was found in binutils. A heap-buffer-overflow vulnerability exists when processing a specially crafted XCOFF (Extended Common Object File Format) object file during linking. A local attacker could trick a user into processing this malicious file, which could lead to arbitrary code execution, ...

Published: Apr 22, 2026
Source: NVD
CVE-2026-6845 MEDIUM - 5.0

A flaw was found in binutils, specifically within the `readelf` utility. This vulnerability allows a local attacker to cause a Denial of Service (DoS) by tricking a user into processing a specially crafted Executable and Linkable Format (ELF) file. The exploitation of this flaw can lead to the syste...

Published: Apr 22, 2026
Source: NVD
CVE-2026-6844 MEDIUM - 5.5

A flaw was found in the `readelf` utility of the binutils package. A local attacker could exploit two Denial of Service (DoS) vulnerabilities by providing a specially crafted Executable and Linkable Format (ELF) file. One vulnerability, a resource exhaustion (CWE-400), can lead to an out-of-memory c...

Published: Apr 22, 2026
Source: NVD
CVE-2026-6843 MEDIUM - 5.5

A flaw was found in nano. A local user could exploit a format string vulnerability in the `statusline()` function. By creating a directory with a name containing `printf` specifiers, the application attempts to display this name, leading to a segmentation fault (SEGV). This results in a Denial of Se...

Published: Apr 22, 2026
Source: NVD
CVE-2026-6396 MEDIUM - 4.3

The Fast & Fancy Filter โ€“ 3F plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.2.2. This is due to missing nonce verification in the saveFields() function, which handles the fff_save_settins AJAX action. This makes it possible for unauthenticated ...

Published: Apr 22, 2026
Source: NVD
CVE-2026-6294 MEDIUM - 4.3

The Google PageRank Display plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.4. This is due to missing nonce validation in the gpdisplay_option() function, which handles the plugin settings page. The settings form does not include a wp_nonce_field(),...

Published: Apr 22, 2026
Source: NVD
CVE-2026-6246 MEDIUM - 6.4

The Simple Random Posts Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'container_right_width' attribute of the 'simple_random_posts' shortcode in all versions up to, and including, 0.3 due to insufficient input sanitization and output escapin...

Published: Apr 22, 2026
Source: NVD