Total CVEs

143,377

Critical Severity

4,061

High Severity

14,648

Last 7 Days

1,370
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 19,841 - 19,860 of 39,782 CVEs
CVE-2026-6048 MEDIUM - 6.4

The Flipbox Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Flipbox widget's button URL `custom_attributes` field in all versions up to, and including, 2.1.1 due to insufficient validation of custom attribute names. Specifically, the plugin uses `es...

Published: Apr 18, 2026
Source: NVD
CVE-2026-4801 MEDIUM - 6.4

The Page Builder Gutenberg Blocks โ€“ CoBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via external iCal feed data in all versions up to, and including, 3.1.16 due to insufficient output escaping of event titles, descriptions, and locations fetched from external iCal feeds in...

Published: Apr 18, 2026
Source: NVD
CVE-2026-40494 CRITICAL - 9.8

SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. Prior to commit 45d48d1f2e8e0d73e80bc1fd5310cb57f4547302, the TGA codec's RLE decoder in `tga.c` has an asymmetric bounds check vulnerability. The run-packet path (line 297) co...

Vendor: HappySeaFox
Product: sail
Published: Apr 18, 2026
Source: NVD
CVE-2026-40493 CRITICAL - 9.8

SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. Prior to commit c930284445ea3ff94451ccd7a57c999eca3bc979, the PSD codec computes bytes-per-pixel (`bpp`) from raw header fields `channels * depth`, but the pixel buffer is allocated...

Vendor: HappySeaFox
Product: sail
Published: Apr 18, 2026
Source: NVD
CVE-2026-40492 CRITICAL - 9.8

SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. Prior to commit 36aa5c7ec8a2bb35f6fb867a1177a6f141156b02, the XWD codec resolves pixel format based on `pixmap_depth` but the byte-swap code uses `bits_per_pixel` independently. Whe...

Vendor: HappySeaFox
Product: sail
Published: Apr 18, 2026
Source: NVD
CVE-2026-40491 MEDIUM - 6.5

gdown is a Google Drive public file/folder downloader. Versions prior to 5.2.2 are vulnerable to a Path Traversal attack within the extractall functionality. When extracting a maliciously crafted ZIP or TAR archive, the library fails to sanitize or validate the filenames of the archive members. This...

Vendor: wkentaro
Product: gdown
Published: Apr 18, 2026
Source: NVD
CVE-2026-40490 MEDIUM - 6.8

The AsyncHttpClient (AHC) library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. When redirect following is enabled (followRedirect(true)), versions of AsyncHttpClient prior to 3.0.9 and 2.14.5 forward Authorization and Proxy-Authorization headers...

Vendor: AsyncHttpClient
Product: async-http-client
Published: Apr 18, 2026
Source: NVD

editorconfig-core-c is an EditorConfig core library for use by plugins supporting EditorConfig parsing. Versions up to and including 0.12.10 have a stack-based buffer overflow in ec_glob() that allows an attacker to crash any application using libeditorconfig by providing a specially crafted direct...

Vendor: editorconfig
Product: editorconfig-core-c
Published: Apr 18, 2026
Source: NVD
CVE-2026-40487 HIGH - 8.9

Postiz is an AI social media scheduling tool. Prior to version 2.21.6, a file upload validation bypass allows any authenticated user to upload arbitrary HTML, SVG, or other executable file types to the server by spoofing the `Content-Type` header. The uploaded files are then served by nginx with a C...

Vendor: gitroomhq
Product: postiz-app
Published: Apr 18, 2026
Source: NVD
CVE-2026-1838 MEDIUM - 6.1

The Hostel plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'shortcode_id' parameter in all versions up to, and including, 1.1.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary ...

Published: Apr 18, 2026
Source: NVD
CVE-2026-1559 MEDIUM - 6.4

The Youzify plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'checkin_place_id' parameter in all versions up to, and including, 1.3.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-lev...

Published: Apr 18, 2026
Source: NVD
CVE-2026-40572 CRITICAL - 9.0

NovumOS is a custom 32-bit operating system written in Zig and x86 Assembly. In versions prior to 0.24, Syscall 15 (MemoryMapRange) allows Ring 3 user-mode processes to map arbitrary virtual address ranges into their address space without validating against forbidden regions, including critical kern...

Vendor: MinecAnton209
Product: NovumOS
Published: Apr 18, 2026
Source: NVD
CVE-2026-40350 HIGH - 8.8

Movary is a self hosted web app to track and rate a user's watched movies. Prior to version 0.71.1, an ordinary authenticated user can access the user-management endpoints `/settings/users` and use them to enumerate all users and create a new administrator account. This happens because the rout...

Vendor: leepeuker
Product: movary
Published: Apr 18, 2026
Source: NVD
CVE-2026-40317 CRITICAL - 9.3

NovumOS is a custom 32-bit operating system written in Zig and x86 Assembly. In versions prior to 0.24, Syscall 12 (JumpToUser) accepts an arbitrary entry point address from user-space registers without validation, allowing any Ring 3 user-mode process to jump to kernel addresses and execute arbitra...

Vendor: MinecAnton209
Product: NovumOS
Published: Apr 18, 2026
Source: NVD
CVE-2026-35465 HIGH - 7.5

SecureDrop Client is a desktop app for journalists to securely communicate with sources and handle submissions on the SecureDrop Workstation. In versions 0.17.4 and below, a compromised SecureDrop Server can achieve code execution on the Client's virtual machine (sd-app) by exploiting improper ...

Vendor: freedomofpress
Product: securedrop-client
Published: Apr 18, 2026
Source: NVD
CVE-2026-41078 MEDIUM - 5.9

OpenTelemetry dotnet is a dotnet telemetry framework. In 1.6.0-rc.1 and earlier, OpenTelemetry.Exporter.Jaeger may allow sustained memory pressure when the internal pooled-list sizing grows based on a large observed span/tag set and that enlarged size is reused for subsequent allocations. Under high...

Vendor: nuget
Product: OpenTelemetry.Exporter.Jaeger
Published: Apr 18, 2026
Source: GitHub
CVE-2026-40881 MEDIUM - 7.5

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.0 and zebra-network version 5.0.1, when deserializing addr or addrv2 messages, which contain vectors of addresses, Zebra would fully deserialize them up to a maximum length (over 233,000) that was derived from the 2 MiB mess...

Vendor: rust
Product: zebrad
Published: Apr 18, 2026
Source: GitHub
CVE-2026-40880 HIGH - 8.1

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.1 and zebra-consensus version 5.0.2, a logic error in Zebra's transaction verification cache could allow a malicious miner to induce a consensus split. By carefully submitting a transaction that is valid for height H+1 ...

Vendor: rust
Product: zebra-consensus
Published: Apr 18, 2026
Source: GitHub
CVE-2026-40593 MEDIUM - 4.8

ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the User Editor (UserEditor.php) renders stored usernames directly into an HTML input value attribute without applying htmlspecialchars(). An administrator can save a username containing HTML attribute-breaking charact...

Vendor: ChurchCRM
Product: CRM
Published: Apr 18, 2026
Source: NVD

ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the /api/public/user/login endpoint validates only the username and password before returning the user's API key, bypassing the normal authentication flow that enforces account lockout and two-factor authenticatio...

Vendor: ChurchCRM
Product: CRM
Published: Apr 18, 2026
Source: NVD