Total CVEs

143,768

Critical Severity

4,091

High Severity

14,768

Last 7 Days

1,518
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 19,341 - 19,360 of 40,173 CVEs

xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) `DOMParser` and `XMLSerializer` module. In @xmldom/xmldom prior to versions 0.9.10 and 0.8.13 and xmldom version 0.6.0 and prior, the package allows attacker-controlled comment content to be serialized into XML without validating ...

Vendor: npm
Product: @xmldom/xmldom
Published: Apr 22, 2026
Source: GitHub
CVE-2026-41640 HIGH - 7.5

NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to version 2.0.39, the queryParentSQL() function in the core database package constructs a recursive CTE query by joining nodeIds with string concatenation instead of using paramete...

Vendor: npm
Product: @nocobase/database
Published: Apr 22, 2026
Source: GitHub
CVE-2026-41641 HIGH - 7.2

NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to version 2.0.39, the checkSQL() validation function that blocks dangerous SQL keywords (e.g., pg_read_file, LOAD_FILE, dblink) is applied on the collections:create and sqlCollecti...

Vendor: npm
Product: @nocobase/plugin-collection-sql
Published: Apr 22, 2026
Source: GitHub
CVE-2026-41650 MEDIUM - 6.1

fast-xml-parser allows users to process XML from JS object without C/C++ based libraries or callbacks. Prior to version 5.7.0, XMLBuilder does not escape the "-->" sequence in comment content or the "]]>" sequence in CDATA sections when building XML from JavaScript objects....

Vendor: npm
Product: fast-xml-parser
Published: Apr 22, 2026
Source: GitHub
CVE-2026-41645 MEDIUM - 5.3

Nuclei is a vulnerability scanner built on a simple YAML-based DSL. From version 3.0.0 to before version 3.8.0, a vulnerability in Nuclei's expression evaluation engine makes it possible for a malicious target server to inject and execute supported DSL expressions. This happens when HTTP respon...

Vendor: go
Product: github.com/projectdiscovery/nuclei/v3
Published: Apr 22, 2026
Source: GitHub
CVE-2026-41646 MEDIUM - 5.5

Nuclei is a vulnerability scanner built on a simple YAML-based DSL. From version 3.0.0 to before version 3.8.0, a vulnerability in Nuclei's JavaScript protocol runtime allows JavaScript templates to read local .js and .json files through the require() function, bypassing the default local file ...

Vendor: go
Product: github.com/projectdiscovery/nuclei/v3
Published: Apr 22, 2026
Source: GitHub
CVE-2026-41644 HIGH - 7.1

monetr is a budgeting application for recurring expenses. Prior to version 1.12.5, a server-side request forgery (SSRF) vulnerability in monetr's Lunch Flow integration allowed any authenticated user on a self-hosted instance to cause the monetr server to issue HTTP GET requests to arbitrary UR...

Vendor: go
Product: github.com/monetr/monetr
Published: Apr 22, 2026
Source: GitHub
CVE-2026-41591 MEDIUM - 6.4

Marko is a declarative, HTML-based language for building web apps. Prior to marko version 5.38.36 and prior to @marko/runtime-tags 6.0.164, when dynamic text is interpolated into a <script> or <style> tag the Marko runtime failed to prevent tag breakout when the closing tag used non-lowe...

Vendor: npm
Product: marko
Published: Apr 22, 2026
Source: GitHub
CVE-2026-41469 MEDIUM - 5.2

Beghelli Sicuro24 SicuroWeb does not enforce a Content Security Policy, allowing unrestricted loading of external JavaScript resources from attacker-controlled origins. When chained with the template injection and sandbox escape vulnerabilities present in the same application, the absence of CSP rem...

Vendor: Beghelli
Product: SicuroWeb (Sicuro24)
Published: Apr 22, 2026
Source: NVD
CVE-2026-41468 HIGH - 8.7

Beghelli Sicuro24 SicuroWeb embeds AngularJS 1.5.2, an end-of-life component containing known sandbox escape primitives. When combined with template injection present in the same application, these primitives allow attackers to escape the AngularJS sandbox and achieve arbitrary JavaScript execution ...

Vendor: Beghelli
Product: SicuroWeb (Sicuro24)
Published: Apr 22, 2026
Source: NVD
CVE-2026-41459 MEDIUM - 5.3

Xerte Online Toolkits versions 3.15 and earlier contain an information disclosure vulnerability that allows unauthenticated attackers to retrieve the full server-side filesystem path of the application root. Attackers can send a GET request to the /setup page to access the exposed root_path value re...

Vendor: thexerteproject
Product: xerteonlinetoolkits
Published: Apr 22, 2026
Source: NVD
CVE-2026-34415 CRITICAL - 9.8

Xerte Online Toolkits versions 3.15 and earlier contain an incomplete input validation vulnerability in the elFinder connector endpoint that fails to block PHP-executable extensions .php4 due to an incorrect regex pattern. Unauthenticated attackers can exploit this flaw combined with authentication ...

Vendor: thexerteproject
Product: xerteonlinetoolkits
Published: Apr 22, 2026
Source: NVD
CVE-2026-34414 HIGH - 7.1

Xerte Online Toolkits versions 3.15 and earlier contain a relative path traversal vulnerability in the elFinder connector endpoint at /editor/elfinder/php/connector.php where the name parameter in rename commands is not sanitized for path traversal sequences. Attackers can supply a name value contai...

Vendor: thexerteproject
Product: xerteonlinetoolkits
Published: Apr 22, 2026
Source: NVD
CVE-2026-34413 HIGH - 8.6

Xerte Online Toolkits versions 3.15 and earlier contain a missing authentication vulnerability in the elFinder connector endpoint at /editor/elfinder/php/connector.php where an HTTP redirect to unauthenticated callers does not call exit() or die(), allowing PHP execution to continue and process the ...

Vendor: thexerteproject
Product: xerteonlinetoolkits
Published: Apr 22, 2026
Source: NVD
CVE-2026-28950 MEDIUM - 6.2

A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.7.8 and iPadOS 18.7.8, iOS 26.4.2 and iPadOS 26.4.2. Notifications marked for deletion could be unexpectedly retained on the device.

Vendor: Apple
Product: iOS and iPadOS
Published: Apr 22, 2026
Source: NVD
CVE-2026-26354 HIGH - 8.1

Dell PowerProtect Data Domain with Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.60, contain a stack-based Buffer Overflow vulnerability. An unauthenticated attacker ...

Vendor: Dell
Product: PowerProtect Data Domain
Published: Apr 22, 2026
Source: NVD
CVE-2026-41422 HIGH - 8.3

Daptin is a GraphQL/JSON-API headless CMS. Prior to version 0.11.4, the /aggregate/:typename endpoint accepted column and group query parameters that were passed verbatim to goqu.L() โ€” a raw SQL literal expression builder โ€” without any validation. This bypassed all parameterization and allowed authe...

Vendor: go
Product: github.com/daptin/daptin
Published: Apr 22, 2026
Source: GitHub
CVE-2026-41240 MEDIUM - 6.1

DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Versions prior to 3.4.0 have an inconsistency between FORBID_TAGS and FORBID_ATTR handling when function-based ADD_TAGS is used. Commit c361baa added an early exit for FORBID_ATTR at line 1214. The same fix was not app...

Vendor: npm
Product: dompurify
Published: Apr 22, 2026
Source: GitHub
CVE-2026-41239 MEDIUM - 6.8

DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Starting in version 1.0.10 and prior to version 3.4.0, `SAFE_FOR_TEMPLATES` strips `{{...}}` expressions from untrusted HTML. This works in string mode but not with `RETURN_DOM` or `RETURN_DOM_FRAGMENT`, allowing XSS v...

Vendor: npm
Product: dompurify
Published: Apr 22, 2026
Source: GitHub
CVE-2026-41238 MEDIUM - 6.9

DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Versions 3.0.1 through 3.3.3 are vulnerable to a prototype pollution-based XSS bypass. When an application uses `DOMPurify.sanitize()` with the default configuration (no `CUSTOM_ELEMENT_HANDLING` option), a prior proto...

Vendor: npm
Product: dompurify
Published: Apr 22, 2026
Source: GitHub