Total CVEs

143,232

Critical Severity

4,056

High Severity

14,610

Last 7 Days

1,242
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 19,721 - 19,740 of 39,637 CVEs

ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the GET /api/person/{personId} endpoint loads and returns person records without performing object-level authorization checks. Although the legacy PersonView.php page enforces canEditPerson() restrictions, the API laye...

Vendor: ChurchCRM
Product: CRM
Published: Apr 18, 2026
Source: NVD
CVE-2026-40349 HIGH - 8.8

Movary is a self hosted web app to track and rate a user's watched movies. Prior to version 0.71.1, an ordinary authenticated user can escalate their own account to administrator by sending `isAdmin=true` to `PUT /settings/users/{userId}` for their own user ID. The endpoint is intended to let a...

Vendor: leepeuker
Product: movary
Published: Apr 18, 2026
Source: NVD
CVE-2026-40348 HIGH - 7.7

Movary is a self hosted web app to track and rate a user's watched movies. Prior to version 0.71.1, an ordinary authenticated user can trigger server-side requests to arbitrary internal targets through `POST /settings/jellyfin/server-url-verify`. The endpoint accepts a user-controlled URL, appe...

Vendor: leepeuker
Product: movary
Published: Apr 18, 2026
Source: NVD

libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, an out of bound read in ptp_unpack_EOS_FocusInfoEx could be used to crash libgphoto2 when processing input from untrusted USB devices. Commit c385b34af260595dfbb5f9329526be5158985987 contains a patch. No known...

Vendor: gphoto
Product: libgphoto2
Published: Apr 18, 2026
Source: NVD
CVE-2026-40340 MEDIUM - 6.1

libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have an out-of-bounds read vulnerability in `ptp_unpack_OI()` in `camlibs/ptp2/ptp-pack.c` (lines 530โ€“563). The function validates `len < PTP_oi_SequenceNumber` (i.e., len < 48) but subsequently accesses off...

Vendor: gphoto
Product: libgphoto2
Published: Apr 18, 2026
Source: NVD
CVE-2026-40339 MEDIUM - 5.2

libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have an out-of-bounds read in `ptp_unpack_Sony_DPD()` in `camlibs/ptp2/ptp-pack.c` (line 842). The function reads the FormFlag byte via `dtoh8o(data, *poffset)` without a prior bounds check. The standard `ptp_unpa...

Vendor: gphoto
Product: libgphoto2
Published: Apr 18, 2026
Source: NVD
CVE-2026-40338 MEDIUM - 5.2

libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have an out-of-bounds read in the PTP_DPFF_Enumeration case of `ptp_unpack_Sony_DPD()` in `camlibs/ptp2/ptp-pack.c` (line 856). The function reads a 2-byte enumeration count N via `dtoh16o(data, *poffset)` without...

Vendor: gphoto
Product: libgphoto2
Published: Apr 18, 2026
Source: NVD
CVE-2026-40337 MEDIUM - 5.1

The Sentry kernel is a high security level micro-kernel implementation made for high security embedded systems. A given task with one of the DEV or IO capability is able to interact with another task's IRQ line through the __sys_int_* syscall familly. Prior to version 0.4.7, this can lead to Do...

Vendor: camelot-os
Product: sentry-kernel
Published: Apr 18, 2026
Source: NVD

libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have a memory leak in `ptp_unpack_Sony_DPD()` in `camlibs/ptp2/ptp-pack.c` (lines 884โ€“885). When processing a secondary enumeration list (introduced in 2024+ Sony cameras), the function overwrites dpd->FORM.Enu...

Vendor: gphoto
Product: libgphoto2
Published: Apr 18, 2026
Source: NVD
CVE-2026-40335 MEDIUM - 5.2

libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have an out-of-bounds read in `ptp_unpack_DPV()` in `camlibs/ptp2/ptp-pack.c` (lines 622โ€“629). The UINT128 and INT128 cases advance `*offset += 16` without verifying that 16 bytes remain in the buffer. The entry c...

Vendor: gphoto
Product: libgphoto2
Published: Apr 18, 2026
Source: NVD

libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, a missing null terminator exists in ptp_unpack_Canon_FE() in camlibs/ptp2/ptp-pack.c (line 1377). The function copies a filename into a 13-byte buffer using strncpy without explicitly null-terminating the resu...

Vendor: gphoto
Product: libgphoto2
Published: Apr 18, 2026
Source: NVD
CVE-2026-40333 MEDIUM - 6.1

libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, two functions in camlibs/ptp2/ptp-pack.c accept a data pointer but no length parameter, performing unbounded reads. Their callers in ptp_unpack_EOS_events() have xsize available but never pass it, leaving both...

Vendor: gphoto
Product: libgphoto2
Published: Apr 18, 2026
Source: NVD
CVE-2026-2262 HIGH - 7.5

The Easy Appointments plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.12.21 via the `/wp-json/wp/v2/eablocks/ea_appointments/` REST API endpoint. This is due to the endpoint being registered with `'permission_callback' => ...

Published: Apr 18, 2026
Source: NVD

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Published: Apr 17, 2026
Source: NVD
CVE-2026-40481 HIGH - 7.5

monetr is a budgeting application for recurring expenses. In versions 1.12.3 and below, the public Stripe webhook endpoint buffers the entire request body into memory before validating the Stripe signature. A remote unauthenticated attacker can send oversized POST payloads to cause uncontrolled memo...

Vendor: monetr
Product: monetr
Published: Apr 17, 2026
Source: NVD
CVE-2026-2434 MEDIUM - 6.4

The Pz-LinkCard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'blogcard' shortcode attributes in all versions up to, and including, 2.5.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contr...

Published: Apr 17, 2026
Source: NVD

miniupnpd contains an integer underflow vulnerability in SOAPAction header parsing that allows remote attackers to cause a denial of service or information disclosure by sending a malformed SOAPAction header with a single quote. Attackers can trigger an out-of-bounds memory read by exploiting improp...

Published: Apr 17, 2026
Source: NVD

graphql-go is a Go implementation of GraphQL. In versions 15.31.4 and below, the OverlappingFieldsCanBeMerged validation rule performs O(nยฒ) pairwise comparisons of fields sharing the same response name. An attacker can send a query with thousands of repeated identical fields, causing excessive CPU ...

Vendor: webonyx
Product: graphql-php
Published: Apr 17, 2026
Source: NVD
CVE-2026-40352 HIGH - 8.8

FastGPT is an AI Agent building platform. In versions prior to 4.14.9.5, the password change endpoint is vulnerable to NoSQL injection. An authenticated attacker can bypass the "old password" verification by injecting MongoDB query operators. This allows an attacker who has gained a low-pr...

Vendor: labring
Product: FastGPT
Published: Apr 17, 2026
Source: NVD
CVE-2026-40351 CRITICAL - 9.8

FastGPT is an AI Agent building platform. In versions prior to 4.14.9.5, the password-based login endpoint uses TypeScript type assertion without runtime validation, allowing an unauthenticated attacker to pass a MongoDB query operator object (e.g., {"$ne": ""}) as the password f...

Vendor: labring
Product: FastGPT
Published: Apr 17, 2026
Source: NVD