Total CVEs

142,696

Critical Severity

4,021

High Severity

14,390

Last 7 Days

1,439
Quick preset (or use dates below)
Clear Filters
📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →
Showing 18,781 - 18,800 of 39,101 CVEs
CVE-2026-33813 HIGH - 7.5

Parsing a WEBP image with an invalid, large size panics on 32-bit platforms.

Vendor: golang.org/x/image
Product: golang.org/x/image/webp
Published: Apr 21, 2026
Source: NVD
CVE-2026-33812 MEDIUM - 6.1

Parsing a malicious font file can cause excessive memory allocation.

Vendor: golang.org/x/image
Product: golang.org/x/image/font/sfnt
Published: Apr 21, 2026
Source: NVD

Noir is a Domain Specific Language for SNARK proving systems that is designed to use any ACIR compatible proving system, and Brillig is the bytecode ACIR uses for non-determinism. Noir programs can invoke external functions through foreign calls. When compiling to Brillig bytecode, the SSA instructi...

Vendor: rust
Product: brillig
Published: Apr 21, 2026
Source: GitHub
CVE-2026-6745 LOW - 3.5

A vulnerability was determined in Bagisto up to 2.3.15. Affected by this vulnerability is an unknown functionality of the component Custom Scripts Handler. This manipulation causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be...

Published: Apr 21, 2026
Source: NVD
CVE-2026-6744 MEDIUM - 6.3

A vulnerability was found in Bagisto up to 2.3.15. Affected is the function copy of the component Downloadable Link Handler. The manipulation results in server-side request forgery. The attack may be launched remotely. The exploit has been made public and could be used. The vendor was contacted earl...

Published: Apr 21, 2026
Source: NVD

Bludit CMS prior to commit 6732dde contains a reflected cross-site scripting vulnerability in the search plugin that allows unauthenticated attackers to inject arbitrary JavaScript by crafting a malicious search query. Attackers can execute malicious scripts in the browsers of users who visit crafte...

Vendor: bludit
Product: bludit
Published: Apr 21, 2026
Source: NVD

Horilla is a free and open source Human Resource Management System (HRMS). In 1.5.0, a broken access control vulnerability in the helpdesk attachment viewer allows any authenticated user to view attachments from other tickets by changing the attachment ID. This can expose sensitive support files and...

Vendor: horilla-opensource
Product: horilla
Published: Apr 21, 2026
Source: NVD

Horilla is a free and open source Human Resource Management System (HRMS). In 1.5.0, an insecure direct object reference in the employee document upload endpoint allows any authenticated user to overwrite or replace or corrupt another employee’s document by changing the document ID in the upload req...

Vendor: horilla-opensource
Product: horilla
Published: Apr 21, 2026
Source: NVD

Horilla is a free and open source Human Resource Management System (HRMS). In 1.5.0, an insecure direct object reference in the employee document viewer allows any authenticated user to access other employees’ uploaded documents by changing the document ID in the request. This exposes sensitive HR f...

Vendor: horilla-opensource
Product: horilla
Published: Apr 21, 2026
Source: NVD
CVE-2026-40614 HIGH - 8.8

PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, there is a buffer overflow when decoding Opus audio frames due to insufficient buffer size validation in the Opus codec decode path. The FEC decode buffers (dec_frame[].buf) were allocated based on a ...

Vendor: pjsip
Product: pjproject
Published: Apr 21, 2026
Source: NVD
CVE-2026-40613 HIGH - 7.5

Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.10.0, the STUN/TURN attribute parsing functions in coturn perform unsafe pointer casts from uint8_t * to uint16_t * without alignment checks. When processing a crafted STUN message with odd-aligned attribute boundaries, ...

Vendor: coturn
Product: coturn
Published: Apr 21, 2026
Source: NVD
CVE-2026-22751 MEDIUM - 4.8

Vulnerability in Spring Spring Security. Applications that explicitly configure One-Time Token login with JdbcOneTimeTokenService are vulnerable to a Time-of-check Time-of-use (TOCTOU) race condition. This issue affects Spring Security: from 6.4.0 through 6.4.15, from 6.5.0 through 6.5.9, from 7.0.0...

Vendor: Spring
Product: Spring Security
Published: Apr 21, 2026
Source: NVD
CVE-2026-40343 MEDIUM - 5.8

free5GC UDR is the user data repository (UDR) for free5GC, an an open-source project for 5th generation (5G) mobile core networks. In versions up to and including 1.4.2, a fail-open request handling flaw in the UDR service causes the `/nudr-dr/v2/policy-data/subs-to-notify` POST handler to continue ...

Vendor: go
Product: github.com/free5gc/udr
Published: Apr 21, 2026
Source: GitHub
CVE-2026-41194 MEDIUM - 5.4

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, the mailbox OAuth disconnect action is implemented as `GET /mailbox/oauth-disconnect/{id}/{in_out}/{provider}`. It removes stored OAuth metadata from the mailbox and then redirects. Because it is a GET route, no ...

Vendor: freescout-help-desk
Product: freescout
Published: Apr 21, 2026
Source: NVD
CVE-2026-41193 CRITICAL - 9.1

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, FreeScout's module installation feature extracts ZIP archives without validating file paths, allowing an authenticated admin to write files arbitrarily on the server filesystem via a specially crafted ZIP. V...

Vendor: freescout-help-desk
Product: freescout
Published: Apr 21, 2026
Source: NVD
CVE-2026-41192 HIGH - 7.1

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, the reply and draft flows trust client-supplied encrypted attachment IDs. Any IDs present in `attachments_all[]` but omitted from retained lists are decrypted and passed directly to `Attachment::deleteByIds()`. B...

Vendor: freescout-help-desk
Product: freescout
Published: Apr 21, 2026
Source: NVD
CVE-2026-40608 MEDIUM - 6.2

Next AI Draw.io is a next.js web application that integrates AI capabilities with draw.io diagrams. Prior to 0.4.15, the embedded HTTP sidecar contains three POST handlers (/api/state, /api/restore, and /api/history-svg) that process incoming requests by accumulating the entire request body into a J...

Vendor: DayuanJiang
Product: next-ai-draw-io
Published: Apr 21, 2026
Source: NVD
CVE-2026-40606 MEDIUM - 4.8

mitmproxy is a interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers and mitmweb is a web-based interface for mitmproxy. In mitmproxy 12.2.1 and below, the builtin LDAP proxy authentication does not correctly sanitize the username when querying the LDAP serv...

Vendor: mitmproxy
Product: mitmproxy
Published: Apr 21, 2026
Source: NVD
CVE-2026-40604 MEDIUM - 4.4

ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to 5.0.6, the opfilter Endpoint Security system extension (bundle ID uk.craigbass.clearancekit.opfilter) can be suspended with SIGSTOP or kill -STOP, or killed with SIGKILL/SIGTERM, by any proc...

Vendor: craigjbass
Product: clearancekit
Published: Apr 21, 2026
Source: NVD
CVE-2026-40599 HIGH - 7.1

ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to 5.0.5, ClearanceKit incorrectly treats a process with an empty Team ID and a non-empty Signing ID as an Apple platform binary. This bug allows a malicious software to impersonate an apple pr...

Vendor: craigjbass
Product: clearancekit
Published: Apr 21, 2026
Source: NVD