Total CVEs

143,793

Critical Severity

4,093

High Severity

14,778

Last 7 Days

1,509
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 19,601 - 19,620 of 40,198 CVEs

Rejected reason: This CVE has the been REJECTED and will not be published by the CNA.

Published: Apr 22, 2026
Source: NVD
CVE-2026-6857 HIGH - 7.5

A flaw was found in camel-infinispan. This vulnerability involves unsafe deserialization in the ProtoStream remote aggregation repository. A remote attacker with low privileges could exploit this by sending specially crafted data, leading to arbitrary code execution. This allows the attacker to gain...

Published: Apr 22, 2026
Source: NVD
CVE-2026-6855 HIGH - 7.1

A flaw was found in InstructLab. A local attacker could exploit a path traversal vulnerability in the chat session handler by manipulating the `logs_dir` parameter. This allows the attacker to create new directories and write files to arbitrary locations on the system, potentially leading to unautho...

Published: Apr 22, 2026
Source: NVD
CVE-2026-6848 MEDIUM - 5.4

A flaw was found in Red Hat Quay. When Red Hat Quay requests password re-verification for sensitive operations, such as token generation or robot account creation, the re-authentication prompt can be bypassed. This allows a user with a timed-out session, or an attacker with access to an idle authent...

Published: Apr 22, 2026
Source: NVD
CVE-2026-33601 MEDIUM - 4.4

If you use the zoneToCache function with a malicious authoritative server, an attacker can send a zone that result in a null pointer dereference, caused by a missing consistency check and leading to a denial of service.

Vendor: PowerDNS
Product: Recursor
Published: Apr 22, 2026
Source: NVD
CVE-2026-33600 MEDIUM - 4.4

An RPZ sent by a malicious authoritative server can result in a null pointer dereference, caused by a missing consistency check and leading to a denial of service.

Vendor: PowerDNS
Product: Recursor
Published: Apr 22, 2026
Source: NVD
CVE-2026-33262 MEDIUM - 5.9

An attacker can send replies that result in a null pointer dereference, caused by a missing consistency check and leading to a denial of service. Cookies are disabled by default.

Vendor: PowerDNS
Product: Recursor
Published: Apr 22, 2026
Source: NVD
CVE-2026-33261 MEDIUM - 5.9

A zone transition from NSEC to NSEC3 might trigger an internal inconsistency and cause a denial of service.

Vendor: PowerDNS
Product: Recursor
Published: Apr 22, 2026
Source: NVD
CVE-2026-33260 MEDIUM - 5.3

An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default.

Vendor: PowerDNS
Product: Authoritative, DNSdist, Recursor
Published: Apr 22, 2026
Source: NVD
CVE-2026-33259 MEDIUM - 5.0

Having many concurrent transfers of the same RPZ can lead to inconsistent RPZ data, use after free and/or a crash of the recursor. Normally concurrent transfers of the same RPZ zone can only occur with a malfunctioning RPZ provider.

Vendor: PowerDNS
Product: Recursor
Published: Apr 22, 2026
Source: NVD
CVE-2026-33258 MEDIUM - 5.3

By publishing and querying a crafted zone an attacker can cause allocation of large entries in the negative and aggressive NSEC(3) caches.

Vendor: PowerDNS
Product: Recursor
Published: Apr 22, 2026
Source: NVD
CVE-2026-33257 MEDIUM - 5.3

An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default.

Vendor: PowerDNS
Product: Authoritative, DNSdist, Recursor
Published: Apr 22, 2026
Source: NVD
CVE-2026-33256 MEDIUM - 5.3

An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default.

Vendor: PowerDNS
Product: Recursor
Published: Apr 22, 2026
Source: NVD
CVE-2026-1930 MEDIUM - 4.3

The Emailchef plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the page_options_ajax_disconnect() function in all versions up to, and including, 3.5.1. This makes it possible for authenticated attackers, with Subscriber-level access and abo...

Published: Apr 22, 2026
Source: NVD
CVE-2026-1913 MEDIUM - 6.4

The Gallagher Website Design plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's login_link shortcode in all versions up to, and including, 2.6.4 due to insufficient input sanitization and output escaping on the 'prefix' attribute. This makes it possible...

Published: Apr 22, 2026
Source: NVD
CVE-2026-1395 MEDIUM - 6.4

The Gutentools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Slider block's block_id attribute in all versions up to, and including, 1.1.3. This is due to insufficient input sanitization and output escaping combined with a custom unescaping routine that reintrod...

Published: Apr 22, 2026
Source: NVD
CVE-2026-6846 HIGH - 7.8

A flaw was found in binutils. A heap-buffer-overflow vulnerability exists when processing a specially crafted XCOFF (Extended Common Object File Format) object file during linking. A local attacker could trick a user into processing this malicious file, which could lead to arbitrary code execution, ...

Published: Apr 22, 2026
Source: NVD
CVE-2026-6845 MEDIUM - 5.0

A flaw was found in binutils, specifically within the `readelf` utility. This vulnerability allows a local attacker to cause a Denial of Service (DoS) by tricking a user into processing a specially crafted Executable and Linkable Format (ELF) file. The exploitation of this flaw can lead to the syste...

Published: Apr 22, 2026
Source: NVD
CVE-2026-6844 MEDIUM - 5.5

A flaw was found in the `readelf` utility of the binutils package. A local attacker could exploit two Denial of Service (DoS) vulnerabilities by providing a specially crafted Executable and Linkable Format (ELF) file. One vulnerability, a resource exhaustion (CWE-400), can lead to an out-of-memory c...

Published: Apr 22, 2026
Source: NVD
CVE-2026-6843 MEDIUM - 5.5

A flaw was found in nano. A local user could exploit a format string vulnerability in the `statusline()` function. By creating a directory with a name containing `printf` specifiers, the application attempts to display this name, leading to a segmentation fault (SEGV). This results in a Denial of Se...

Published: Apr 22, 2026
Source: NVD