Total CVEs

143,232

Critical Severity

4,056

High Severity

14,610

Last 7 Days

1,270
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 19,601 - 19,620 of 39,637 CVEs

Fudo Enterprise in versions from 5.5.0 through 5.6.2 allows low privileged users to access certain administrator-only resources via improperly protected API endpoints. This includes sensitive information such as system logs and parts of system configuration settings. This vulnerability has been fixe...

Vendor: Fudo Security
Product: Fudo Enterprise
Published: Apr 20, 2026
Source: NVD
CVE-2026-6621 HIGH - 7.3

A vulnerability was determined in 1024bit extend-deep up to 0.1.6. The impacted element is an unknown function of the file index.js. This manipulation of the argument __proto__ causes improperly controlled modification of object prototype attributes. Remote exploitation of the attack is possible. Th...

Published: Apr 20, 2026
Source: NVD
CVE-2026-6620 MEDIUM - 6.3

A vulnerability was found in SonicCloudOrg sonic-server up to 2.0.0. The affected element is the function Upload of the file FileTool.java of the component File Upload Endpoint. The manipulation of the argument Type results in path traversal. The attack may be launched remotely. The exploit has been...

Published: Apr 20, 2026
Source: NVD
CVE-2026-6619 LOW - 3.5

A vulnerability has been found in langgenius dify up to 1.13.3. Impacted is the function openInNewTab of the file web/app/components/base/image-uploader/image-preview.tsx of the component ImagePreview. The manipulation of the argument filename leads to cross site scripting. The attack may be initiat...

Published: Apr 20, 2026
Source: NVD
CVE-2026-6618 MEDIUM - 6.3

A flaw has been found in langgenius dify up to 1.13.3. This issue affects the function parse_openai_plugin_json_to_tool_bundle of the file api/core/tools/utils/parser.py of the component ApiBasedToolSchemaParser. Executing a manipulation of the argument url can lead to server-side request forgery. T...

Published: Apr 20, 2026
Source: NVD
CVE-2026-5967 HIGH - 8.8

ThreatSonar Anti-Ransomware developed by TeamT5 has an Privilege Escalation vulnerability. Authenticated remote attackers with shell access can inject OS commands and execute them with root privileges.

Published: Apr 20, 2026
Source: NVD
CVE-2026-39454 HIGH - 7.8

SKYSEA Client View and SKYMEC IT Manager provided by Sky Co.,LTD. configure the installation folder with improper file access permission settings. A non-administrative user may manipulate and/or place arbitrary files within the installation folder of the product. As a result, arbitrary code may be e...

Vendor: Sky Co.,LTD.
Product: SKYSEA Client View, SKYMEC IT Manager
Published: Apr 20, 2026
Source: NVD
CVE-2026-6617 MEDIUM - 6.3

A vulnerability was detected in langgenius dify up to 0.6.9. This vulnerability affects the function get_api_tool_provider_remote_schema of the file api/services/tools/api_tools_manage_service.py of the component ApiToolManageService. Performing a manipulation of the argument url results in server-s...

Published: Apr 20, 2026
Source: NVD
CVE-2026-6616 MEDIUM - 6.3

A security vulnerability has been detected in TransformerOptimus SuperAGI up to 0.0.14. This affects the function extract_with_bs4/extract_with_3k/extract_with_lxml of the file superagi/helper/webpage_extractor.py of the component WebScraperTool. Such manipulation leads to server-side request forger...

Published: Apr 20, 2026
Source: NVD
CVE-2026-6615 HIGH - 7.3

A weakness has been identified in TransformerOptimus SuperAGI up to 0.0.14. Affected by this issue is the function Upload of the file superagi/controllers/resources.py of the component Multipart Upload Handler. This manipulation of the argument Name causes path traversal. It is possible to initiate ...

Published: Apr 20, 2026
Source: NVD
CVE-2026-5966 HIGH - 8.1

ThreatSonar Anti-Ransomware developed by TeamT5 has an Arbitrary File Deletion vulnerability. Authenticated remote attackers with web access can exploit Path Traversal to delete arbitrary files on the system.

Published: Apr 20, 2026
Source: NVD
CVE-2026-5964 CRITICAL - 9.8

EasyFlow .NET developed by Digiwin has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.

Published: Apr 20, 2026
Source: NVD
CVE-2026-5963 CRITICAL - 9.8

EasyFlow .NET developed by Digiwin has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.

Published: Apr 20, 2026
Source: NVD
CVE-2026-41282 MEDIUM - 4.0

ProjectDiscovery Nuclei 3 before 3.8.0 allows DSL expression injection. This affects use of -env-vars for multi-step templates against untrusted targets (not the default configuration).

Vendor: ProjectDiscovery
Product: Nuclei
Published: Apr 20, 2026
Source: NVD
CVE-2026-6644 CRITICAL - 9.1

A command injection vulnerability was found in the PPTP VPN Clients on the ADM. The vulnerability allows an administrative user to break out of the restricted web environment and execute arbitrary code on the underlying operating system. This occurs due to insufficient validation of user-supplied in...

Vendor: asustor
Product: data_master
Published: Apr 20, 2026
Source: NVD
CVE-2026-6643 CRITICAL - 9.9

A stack-based buffer overflow vulnerability was found in the VPN Clients on the ADM. The issue stems from the use of unbounded sscanf() and passing user-controlled data directly to printf(). Due to the lack of PIE and Stack Canary protections, an authenticated remote attacker can exploit these to ex...

Vendor: asustor
Product: data_master
Published: Apr 20, 2026
Source: NVD
CVE-2026-6614 MEDIUM - 6.3

A security flaw has been discovered in TransformerOptimus SuperAGI up to 0.0.14. Affected by this vulnerability is the function get_project/update_project/get_projects_organisation of the file superagi/controllers/project.py. The manipulation results in authorization bypass. The attack may be perfor...

Published: Apr 20, 2026
Source: NVD
CVE-2026-6613 MEDIUM - 6.3

A vulnerability was identified in TransformerOptimus SuperAGI up to 0.0.14. Affected is the function delete_agent/stop_schedule/get_schedule_data of the file superagi/controllers/agent.py. The manipulation of the argument agent_id leads to authorization bypass. The attack is possible to be carried o...

Published: Apr 20, 2026
Source: NVD
CVE-2026-6612 MEDIUM - 6.3

A vulnerability was determined in TransformerOptimus SuperAGI up to 0.0.14. This impacts the function get_agent_execution/update_agent_execution of the file superagi/controllers/agent_execution.py of the component Agent Execution Endpoint. Executing a manipulation of the argument agent_execution_id ...

Published: Apr 20, 2026
Source: NVD
CVE-2026-6611 LOW - 3.1

A vulnerability was found in liangliangyy DjangoBlog up to 2.1.0.0. This affects an unknown function of the file djangoblog/settings.py of the component File Upload Endpoint. Performing a manipulation of the argument SECRET_KEY results in use of hard-coded cryptographic key . Remote exploitation of...

Published: Apr 20, 2026
Source: NVD