CVE Field Guide

Critical CVEs

CVE	Title	Updated	Score
CVE-2026-40492	SAIL has heap buffer overflow in XWD decoder — bits_per_pixel vs pixmap_depth type confusion in byte-swap	18.04.2026	9.8
CVE-2026-40493	SAIL has heap buffer overflow in PSD decoder — bpp mismatch in LAB 16-bit mode	18.04.2026	9.8
CVE-2026-40494	SAIL has heap buffer overflow in TGA RLE decoder — raw packet path missing bounds check	18.04.2026	9.8
CVE-2026-40317	NovumOS has Privilege Escalation in the Syscall Interface	18.04.2026	9.4
CVE-2026-40572	NovumOS has Arbitrary Memory Mapping via Syscall 15 (MemoryMapRange)	18.04.2026	9
CVE-2026-40484	ChurchCRM: Authenticated Remote Code Execution via Unrestricted PHP File Write in Database Restore Function	17.04.2026	9.1
CVE-2026-40324	Hot Chocolate's Utf8GraphQLParser has Stack Overflow via Deeply Nested GraphQL Documents	17.04.2026	9.1
CVE-2026-40582	ChurchCRM: Authentication Bypass in `/api/public/user/login` Allows Bypass of 2FA and Account Lockout	17.04.2026	9.1
CVE-2026-40477	Improper restriction of the scope of accessible objects in Thymeleaf expressions	17.04.2026	9.1
CVE-2026-40478	Improper neutralization of specific syntax patterns for unauthorized expressions in Thymeleaf	17.04.2026	9.1
CVE-2026-40258	Gramps Web API has Zip Slip Path Traversal in Media Archive Import	17.04.2026	9.1
CVE-2026-40351	FastGPT: NoSQL Injection in loginByPassword leads to Authentication Bypass	17.04.2026	9.8
CVE-2026-23500	Dolibarr: OS Command Injection (RCE) via MAIN_ODT_AS_PDF configuration	18.04.2026	9.4
CVE-2026-32105	xrdp: RDP MAC signature (dataSignature) never verified on receive — integrity bypass in non-TLS mode	17.04.2026	9.3
CVE-2026-35546	Anviz Products Missing Authentication for Critical Function	17.04.2026	9.8
CVE-2026-40342	Firebird: Path Traversal + Arbitrary File Write Leads to Remote Code Execution	17.04.2026	10
CVE-2026-40525	OpenViking Authentication Bypass via VikingBot OpenAPI	17.04.2026	9.1
CVE-2026-6284	Horner Automation Cscape and XL4, XL7 PLC Weak password requirements	17.04.2026	9.3
CVE-2025-15623	Sparx Pro Cloud Server reveals sensitive information to an unauthenticated user	17.04.2026	9.3
CVE-2025-15624	Plaintext Storage of a Password in Sparx Pro Cloud Server.	17.04.2026	9.3
CVE-2025-15625	Unauthenticated execution of arbitrary SQL queries in Sparx Pro Cloud Server	17.04.2026	9.5
CVE-2026-6443	Accordion and Accordion Slider 1.4.6 - Injected Backdoor	17.04.2026	9.8
CVE-2026-40322	SiYuan: Mermaid `javascript:` Link Injection Leads to Stored XSS and Electron RCE	17.04.2026	9.1
CVE-2026-6270	@fastify/middie vulnerable to middleware authentication bypass in child plugin scopes	16.04.2026	9.1
CVE-2026-31843		16.04.2026	10
CVE-2026-3596	Riaxe Product Customizer <= 2.1.2 - Missing Authorization to Unauthenticated Arbitrary Options Update to Privilege Escalation via 'install-imprint' AJAX Action	16.04.2026	9.8
CVE-2026-6348	Simopro Technology｜WinMatrix - Missing Authentication	16.04.2026	9.3
CVE-2026-6349	HGiga｜iSherlock - OS Command Injection	16.04.2026	10
CVE-2026-6350	Openfind｜MailGates/MailAudit - Stack-based Buffer Overflow	16.04.2026	9.3
CVE-2026-40504	Creolabs Gravity < 0.9.6 Heap Buffer Overflow via gravity_vm_exec	16.04.2026	9.3
CVE-2026-40959		16.04.2026	9.3
CVE-2026-4880	Barcode Scanner (+Mobile App) <= 1.11.0 - Unauthenticated Privilege Escalation via Insecure Token Authentication	16.04.2026	9.8
CVE-2026-6388	Argocd-image-updater: argocd image updater: cross-namespace privilege escalation via insufficient namespace validation	16.04.2026	9.1
CVE-2026-40173	Dgraph: Unauthenticated pprof endpoint leaks admin auth token	16.04.2026	9.4
CVE-2025-41118	Sensitive COS `SecretKey` exposed in plaintext via configuration API due to missing type protection	15.04.2026	9.1
CVE-2026-5189	Nexus Repository 3 - Hardcoded Credential in Internal Database Component	16.04.2026	9.2
CVE-2025-15610		15.04.2026	9.3
CVE-2026-20147	Cisco Identity Services Engine Remote Code Execution Vulnerability	16.04.2026	9.9
CVE-2026-20180	Cisco Identity Services Engine Multiple Remote Code Execution Vulnerability	16.04.2026	9.9
CVE-2026-20184	Cisco Webex Meetings Certificate Validation Vulnerability	16.04.2026	9.8
CVE-2026-20186	Cisco Identity Services Engine Multiple Authenticated Remote Code Execution Vulnerability	16.04.2026	9.9
CVE-2026-5387	AVEVA Pipeline Simulation Missing Authorization	15.04.2026	9.3
CVE-2026-33805	@fastify/reply-from vulnerable to connection header abuse enabling stripping of proxy-added headers	15.04.2026	9
CVE-2026-33807	@fastify/express vulnerable to middleware path doubling causing authentication bypass in child plugin scopes	15.04.2026	9.1
CVE-2026-33808	@fastify/express vulnerable to middleware authentication bypass via URL normalization gaps (duplicate slashes and semicolons)	15.04.2026	9.1
CVE-2025-14813	GOSTCTR implementation unable to process more than 255 blocks correctly	15.04.2026	9.3
CVE-2026-5598	Non-constant time comparisons risk private key leakage in FrodoKEM.	15.04.2026	10
CVE-2026-3461	Visa Acceptance Solutions <= 2.1.0 - Unauthenticated Authentication Bypass via Billing Email	15.04.2026	9.8
CVE-2026-1555	WebStack <= 1.2024 - Unauthenticated Arbitrary File Upload	15.04.2026	9.8
CVE-2026-39842	OpenRemote is Vulnerable to Expression Injection	16.04.2026	10
CVE-2026-39399	NuGet Gallery: Arbitrary Blob Overwrite via Nuspec Confusion and URI Fragment Truncation	15.04.2026	9.6
CVE-2026-34457	OAuth2 Proxy: Health Check User-Agent Matching Bypasses Authentication in auth_request Mode	15.04.2026	9.1
CVE-2026-35031	Jellyfin: Potential RCE via subtitle upload path traversal + .strm chain	16.04.2026	10
CVE-2026-35033	Jellyfin: Potential SSRF + Arbitrary file read via stream argument injection	15.04.2026	9.3
CVE-2026-27304	ColdFusion \| Improper Input Validation (CWE-20)	15.04.2026	9.3
CVE-2026-27243	Adobe Connect \| Cross-site Scripting (Reflected XSS) (CWE-79)	14.04.2026	9.3
CVE-2026-27245	Adobe Connect \| Cross-site Scripting (Reflected XSS) (CWE-79)	14.04.2026	9.3
CVE-2026-27246	Adobe Connect \| Cross-site Scripting (DOM-based XSS) (CWE-79)	14.04.2026	9.3
CVE-2026-27303	Adobe Connect \| Deserialization of Untrusted Data (CWE-502)	15.04.2026	9.6
CVE-2026-34615	Adobe Connect \| Deserialization of Untrusted Data (CWE-502)	15.04.2026	9.3
CVE-2026-26149	Microsoft Power Apps Security Feature Bypass	17.04.2026	9
CVE-2026-33824	Windows Internet Key Exchange (IKE) Service Extensions Remote Code Execution Vulnerability	17.04.2026	9.8
CVE-2026-39808		15.04.2026	9.1
CVE-2026-39813		15.04.2026	9.1
CVE-2025-63939		14.04.2026	9.8
CVE-2025-65135		14.04.2026	9.8
CVE-2026-38526		14.04.2026	9.9
CVE-2025-8095	Recoverable obfuscation using the OECH1 prefix encoding in OpenEdge	15.04.2026	9.1
CVE-2026-2449		14.04.2026	9
CVE-2026-40288	PraisonAI: Critical RCE via `type: job` workflow YAML	14.04.2026	9.8
CVE-2026-40289	PraisonAI Browser Server allows unauthenticated WebSocket clients to hijack connected extension sessions	14.04.2026	9.1
CVE-2026-40313	PraisonAI: ArtiPACKED Vulnerability via GitHub Actions Credential Persistence	14.04.2026	9.1
CVE-2026-6264	Critical Security fix for the Talend JobServer and Talend Runtime	16.04.2026	9.8
CVE-2026-4365	LearnPress <= 4.3.2.8 - Missing Authorization to Unauthenticated Arbitrary Quiz Answer Deletion	14.04.2026	9.1
CVE-2026-27681	SQL Injection vulnerability in SAP Business Planning and Consolidation and SAP Business Warehouse	14.04.2026	9.9
CVE-2026-22562		14.04.2026	9.8
CVE-2026-22563		14.04.2026	9.8
CVE-2026-22564		14.04.2026	9.8
CVE-2026-40042	Pachno 1.0.6 Wiki TextParser XML External Entity Injection	14.04.2026	9.3
CVE-2026-40044	Pachno 1.0.6 FileCache Deserialization Remote Code Execution	13.04.2026	9.3
CVE-2026-6100	Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure	14.04.2026	9.1
CVE-2026-6195	Totolink A7100RU CGI cstecgi.cgi setPasswordCfg os command injection	13.04.2026	9.3
CVE-2026-23891	Decidim has a Cross-site scripting (XSS) vulnerability via user name field	14.04.2026	9.3
CVE-2026-4810	Remote Code Execution in Google Agent Development Kit (ADK)	13.04.2026	9.3
CVE-2026-34865		13.04.2026	10
CVE-2026-6154	Totolink A7100RU CGI cstecgi.cgi setWizardCfg os command injection	13.04.2026	9.3
CVE-2026-6155	Totolink A7100RU CGI cstecgi.cgi setWanCfg os command injection	14.04.2026	9.3
CVE-2026-6156	Totolink A7100RU CGI cstecgi.cgi setIpQosRules os command injection	13.04.2026	9.3
CVE-2026-6139	Totolink A7100RU CGI cstecgi.cgi UploadOpenVpnCert os command injection	14.04.2026	9.3
CVE-2026-6140	Totolink A7100RU CGI cstecgi.cgi UploadFirmwareFile os command injection	13.04.2026	9.3
CVE-2026-6138	Totolink A7100RU CGI cstecgi.cgi setAccessDeviceCfg os command injection	13.04.2026	9.3
CVE-2026-6132	Totolink A7100RU CGI cstecgi.cgi setLedCfg os command injection	13.04.2026	9.3
CVE-2026-6131	Totolink A7100RU CGI cstecgi.cgi setTracerouteCfg os command injection	14.04.2026	9.3
CVE-2019-25709	CF Image Hosting Script 1.6.5 Unauthorized Database Access	15.04.2026	9.3
CVE-2026-6115	Totolink A7100RU CGI cstecgi.cgi setAppCfg os command injection	13.04.2026	9.3
CVE-2026-6116	Totolink A7100RU CGI cstecgi.cgi setDiagnosisCfg os command injection	13.04.2026	9.3
CVE-2026-6112	Totolink A7100RU CGI cstecgi.cgi setRadvdCfg os command injection	15.04.2026	9.3
CVE-2026-6113	Totolink A7100RU CGI cstecgi.cgi setTtyServiceCfg os command injection	14.04.2026	9.3
CVE-2026-6114	Totolink A7100RU CGI cstecgi.cgi setNetworkCfg os command injection	14.04.2026	9.3
CVE-2026-31845		13.04.2026	9.3

Latest Updates

CVE	Title	Updated	Score
CVE-2026-25917	Apache Airflow: API extra-links triggers XCom deserialization/class instantiation (Airflow 3.1.5)	18.04.2026
CVE-2026-30898	Apache Airflow: Bad example of BashOperator shell injection via dag_run.conf	18.04.2026
CVE-2026-30912	Apache Airflow: Exposing stack trace in case of constraint error	18.04.2026
CVE-2026-32228	Apache Airflow: Users with asset materialization permisssions could trigger Dags they had no access to	18.04.2026
CVE-2026-32690	Apache Airflow: 3.x - Nested Variable Secret Values Bypass Redaction via max_depth=1	18.04.2026
CVE-2026-41254		18.04.2026	4
CVE-2026-41253		18.04.2026	6.9
CVE-2026-4801	Page Builder Gutenberg Blocks <= 3.1.16 - Authenticated (Contributor+) Stored Cross-Site Scripting via External iCal Feed Data	18.04.2026	6.4
CVE-2026-6048	Flipbox Addon for Elementor <= 2.1.1 - Authenticated (Author+) Stored Cross-Site Scripting via Custom Attributes	18.04.2026	6.4
CVE-2026-6518	CMP – Coming Soon & Maintenance Plugin by NiteoThemes <= 4.1.16 - Missing Authorization to Authenticated (Administrator+) Arbitrary File Upload and Remote Code Execution	18.04.2026	8.8
CVE-2026-40491	gdown Affected by Arbitrary File Write via Path Traversal in gdown.extractall	18.04.2026	6.5
CVE-2026-40492	SAIL has heap buffer overflow in XWD decoder — bits_per_pixel vs pixmap_depth type confusion in byte-swap	18.04.2026	9.8
CVE-2026-40493	SAIL has heap buffer overflow in PSD decoder — bpp mismatch in LAB 16-bit mode	18.04.2026	9.8
CVE-2026-40494	SAIL has heap buffer overflow in TGA RLE decoder — raw packet path missing bounds check	18.04.2026	9.8
CVE-2026-1559	Youzify <= 1.3.6 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'checkin_place_id' Parameter	18.04.2026	6.4
CVE-2026-1838	Hostel <= 1.1.6 - Reflected Cross-Site Scripting via 'shortcode_id' Parameter	18.04.2026	6.1
CVE-2026-35582	Emissary has an OS Command Injection via Unvalidated IN_FILE_ENDING / OUT_FILE_ENDING in Executrix	18.04.2026	8.8
CVE-2026-40487	Postiz Has Unrestricted File Upload via MIME Type Spoofing that Leads to Stored XSS	18.04.2026	8.9
CVE-2026-40489	editorconfig-core-c has incomplete fix for CVE-2023-0341	18.04.2026
CVE-2026-40490	AsyncHttpClient leaks authorization credentials to untrusted domains on cross-origin redirects	18.04.2026	6.8
CVE-2026-35465	SecureDrop Client has path injection in read_gzip_header_filename()	18.04.2026	7.5
CVE-2026-40317	NovumOS has Privilege Escalation in the Syscall Interface	18.04.2026	9.4
CVE-2026-40350	Movary User Management (/settings/users) has Authorization Bypass that Allows Low-Privileged Users to Enumerate All Users and Create Administrator Accounts	18.04.2026	8.8
CVE-2026-40572	NovumOS has Arbitrary Memory Mapping via Syscall 15 (MemoryMapRange)	18.04.2026	9
CVE-2026-40346	NocoBase has SSRF in Workflow HTTP Request and Custom Request Plugins	17.04.2026
CVE-2026-40347	Python-Multipart affected by Denial of Service via large multipart preamble or epilogue data	17.04.2026	5.3
CVE-2026-40348	Movary has Authenticated SSRF via Jellyfin Server URL Verification that Allows Internal Network Probing	18.04.2026	7.7
CVE-2026-40349	Authenticated Movary User Can Self-Escalate to Administrator via PUT /settings/users/{userId} by Setting isAdmin=true	18.04.2026	8.8
CVE-2026-40593	ChurchCRM: Stored XSS in UserEditor.php via Login Name Field	18.04.2026	4.8
CVE-2026-40337	Sentry kernel has incomplete ownership check for IRQ line manipulation	17.04.2026	5.1
CVE-2026-40338	libgphoto2 has OOB read in ptp_unpack_Sony_DPD() enumeration count parsing in ptp-pack.c	17.04.2026	5.2
CVE-2026-40339	libgphoto2 has OOB read in ptp_unpack_Sony_DPD() FormFlag parsing in ptp-pack.c	17.04.2026	5.2
CVE-2026-40340	libgphoto2 has OOB read in ptp_unpack_OI() in ptp-pack.c via malicious PTP ObjectInfo response	17.04.2026	6.1
CVE-2026-40341	libgphoto2 has an OOB Read in ptp_unpack_EOS_FocusInfoEx	17.04.2026	3.5
CVE-2026-40581	ChurchCRM: Cross-Site Request Forgery (CSRF) in SelectDelete.php Leading to Permanent Data Deletion	17.04.2026	8.1
CVE-2026-2262	Easy Appointments <= 3.12.21 - Unauthenticated Sensitive Information Exposure via REST API	17.04.2026	7.5
CVE-2026-40335	libgphoto2 has OOB read in ptp_unpack_DPV() UINT128/INT128 handling in ptp-pack.c	17.04.2026	5.2
CVE-2026-40336	libgphoto2 has memory leak in ptp_unpack_Sony_DPD() secondary enumeration list in ptp-pack.c	17.04.2026	2.4
CVE-2026-40483	ChurchCRM: Stored XSS in PledgeEditor.php via Donation Comment Field	17.04.2026	5.4
CVE-2026-40484	ChurchCRM: Authenticated Remote Code Execution via Unrestricted PHP File Write in Database Restore Function	17.04.2026	9.1
CVE-2026-40485	ChurchCRM: Username Enumeration via Differential Response in Public Login API	17.04.2026	5.3
CVE-2026-40323	SP1 V6 Recursion Circuit Row-Count Binding Gap	17.04.2026
CVE-2026-40324	Hot Chocolate's Utf8GraphQLParser has Stack Overflow via Deeply Nested GraphQL Documents	17.04.2026	9.1
CVE-2026-40333	libgphoto2 has OOB read in ptp_unpack_EOS_ImageFormat() and ptp_unpack_EOS_CustomFuncEx() due to missing length parameter in ptp-pack.c	17.04.2026	6.1
CVE-2026-40334	libgphoto2 missing null termination in ptp_unpack_Canon_FE() filename buffer in ptp-pack.c	17.04.2026	3.5
CVE-2026-40480	ChurchCRM has Missing Object-Level Authorization / IDOR in `/api/person/{personId}`	17.04.2026
CVE-2026-40482	ChurchCRM has Authenticated SQL Injection in `/api/families/byCheckNumber/{scanString}`	17.04.2026
CVE-2026-40582	ChurchCRM: Authentication Bypass in `/api/public/user/login` Allows Bypass of 2FA and Account Lockout	17.04.2026
CVE-2026-40481	monetr: Unauthenticated Stripe webhook reads attacker-sized request bodies before signature validation	17.04.2026
CVE-2026-2434	Pz-LinkCard <= 2.5.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes	17.04.2026	6.4
CVE-2026-40479	Kimai: Stored XSS via Incomplete HTML Attribute Escaping in Team Member Widget	17.04.2026	5.4
CVE-2026-40486	Kimai's User Preferences API allows standard users to modify restricted attributes: hourly_rate, internal_rate	17.04.2026	4.3
CVE-2026-5250		17.04.2026
CVE-2026-40476	graphql-php: Denial of Service via quadratic complexity in OverlappingFieldsCanBeMerged validation	17.04.2026
CVE-2026-40477	Improper restriction of the scope of accessible objects in Thymeleaf expressions	17.04.2026	9.1
CVE-2026-40478	Improper neutralization of specific syntax patterns for unauthorized expressions in Thymeleaf	17.04.2026	9.1
CVE-2026-40474	wger has Broken Access Control in the Global Gym Configuration Update Endpoint	17.04.2026	7.6
CVE-2026-5720	miniupnpd Integer Underflow SOAPAction Header Parsing	17.04.2026
CVE-2026-29013	libcoap Out-of-Bounds Read in OSCORE CBOR Unwrap Handling	17.04.2026
CVE-2026-40258	Gramps Web API has Zip Slip Path Traversal in Media Archive Import	17.04.2026	9.1
CVE-2026-40304	zrok's broken ownership check in DELETE /api/v2/unaccess allows non-admin to delete global frontend records	17.04.2026	5.3
CVE-2026-40305	DNN has Force Friend Request Acceptance	17.04.2026	4.3
CVE-2026-40306	DNN has same HostGUID for all new installs	17.04.2026
CVE-2026-40321	DotNetNuke.Core has stored cross-site-scripting (XSS) via SVG upload	17.04.2026	8.1
CVE-2026-40351	FastGPT: NoSQL Injection in loginByPassword leads to Authentication Bypass	17.04.2026	9.8
CVE-2026-40352	FastGPT: NoSQL Injection in updatePasswordByOld Leads to Account Takeover	17.04.2026	8.8
CVE-2026-40353	wger: Stored XSS via Unescaped License Attribution Fields	17.04.2026
CVE-2026-40155	Auth0 Next.js SDK has Improper Proxy Cache Lookup	17.04.2026	5.4
CVE-2026-40196	HomeBox has Unauthorized API Access via Retained defaultGroup ID After Group Access Revocation	17.04.2026	8.1
CVE-2026-40293	OpenFGA Playground Preshared Key Exposure	17.04.2026	6.5
CVE-2026-40299	next-intl has an open redirect vulnerability	17.04.2026
CVE-2026-40301	rhukster/dom-sanitizer: SVG <style> tag allows CSS injection via unfiltered url() and @import directives	17.04.2026	4.7
CVE-2026-40302	zrok has reflected XSS in GitHub OAuth callback via unsanitized refreshInterval error rendering	18.04.2026	6.1
CVE-2026-40303	zrok allows unauthenticated DoS via unbounded memory allocation in striped session cookie parsing	17.04.2026	7.5
CVE-2026-23500	Dolibarr: OS Command Injection (RCE) via MAIN_ODT_AS_PDF configuration	18.04.2026
CVE-2026-33436	Stirling-PDF: Reflected XSS through crafted filename in file upload functionality	17.04.2026	3.1
CVE-2026-35402	mcp-neo4j-cypher: SSRF and Data Modification via read_only Mode Bypass Through CALL Procedures	17.04.2026
CVE-2026-35603	Claude Code: Insecure System-Wide Configuration Loading Enables Local Privilege Escalation on Windows	17.04.2026
CVE-2026-40284	WeGIA has stored XSS in listar_despachos.php	17.04.2026	6.8
CVE-2026-40285	WeGIA has SQL Injection via Session Variable Override in DespachoControle.php	17.04.2026	8.8
CVE-2026-40286	WeGIA has Cross-Site Scripting in Controle de Contribuição	17.04.2026	7.5
CVE-2026-40527	radare2 Command Injection via DWARF Parameter Names	17.04.2026
CVE-2026-33145	xrdp: Authenticated RCE via unsanitized AlternateShell execution in xrdp-sesman	18.04.2026	6.3
CVE-2026-33689	xrdp: Pre-authentication out-of-bounds reads in channel parsers	17.04.2026
CVE-2026-35512	xrdp: Heap buffer overflow in EGFX channel	17.04.2026
CVE-2026-40282	WeGIA has stored XSS in intercorrencia_visualizar.php	17.04.2026
CVE-2026-32623	xrdp: Heap buffer overflow in NeutrinoRDP channel reassembly	18.04.2026
CVE-2026-32624	xrdp: Heap buffer overflow in xrdp_sec_process_logon_info() via incorrect g_strncat length calculation	17.04.2026
CVE-2026-32650	Anviz CrossChex Standard Algorithm Downgrade	17.04.2026	7.5
CVE-2026-33516	xrdp: Pre-authentication out-of-bounds reads in RDP capability and channel parsers	17.04.2026
CVE-2026-35682	Anviz CX2 Lite Command Injection	17.04.2026	8.8
CVE-2026-40283	WeGIA has stored XSS in profile_paciente.php	17.04.2026	6.8
CVE-2026-40434	Anviz CrossChex Standard Improper Verification of Source of a Communication Channel	17.04.2026	8.1
CVE-2026-31927	Anviz CX7 Firmware Relative Path Traversal	17.04.2026	4.9
CVE-2026-32105	xrdp: RDP MAC signature (dataSignature) never verified on receive — integrity bypass in non-TLS mode	17.04.2026
CVE-2026-32107	xrdp: Fail-open privilege drop in sesexec — child processes may execute as root if setuid fails	17.04.2026	8.8
CVE-2026-32324	Anviz CX7 Firmware Use of Hard-coded Cryptographic Key	17.04.2026	7.7
CVE-2026-32648	Anviz Products Missing Authorization	17.04.2026	5.3
CVE-2026-33569	Anviz Products Cleartext Transmission of Sensitive Information	17.04.2026	6.5
CVE-2026-35061	Anviz Products Missing Authorization	17.04.2026	5.3
CVE-2026-35546	Anviz Products Missing Authentication for Critical Function	17.04.2026	9.8
CVE-2026-40066	Anviz Products Download of Code Without Integrity Check	17.04.2026	8.8
CVE-2026-40342	Firebird: Path Traversal + Arbitrary File Write Leads to Remote Code Execution	17.04.2026	10
CVE-2026-40461	Anviz Products Missing Authentication for Critical Function	17.04.2026	7.5
CVE-2026-33093	Anviz Products Missing Authorization	17.04.2026	5.3
CVE-2026-34232	Firebird: DoS via `op_response` packet from client	17.04.2026	7.5
CVE-2026-35215	Firebird: DoS via malicious slice descriptor in slice packet	17.04.2026	7.5
CVE-2026-28214	Firebird server hangs when using specific clumplet on batch creation	17.04.2026
CVE-2026-28224	Firebird Null Pointer Dereference via CryptCallback causes DOS	17.04.2026	8.2
CVE-2026-33337	Firebird has a buffer overflow when parsing corrupted slice packets	17.04.2026	7.5
CVE-2026-6437	AWS EFS CSI Driver Mount Option Injection	17.04.2026	6.5
CVE-2026-27890	Firebird has Pre-Auth DOS when Processing Out of Order CNCT_specific_data Segments	17.04.2026	8.2
CVE-2026-28212	Firebird has potential server crash via null pointer dereference when processing op_slice packet	17.04.2026	7.5
CVE-2026-40525	OpenViking Authentication Bypass via VikingBot OpenAPI	17.04.2026
CVE-2025-65104	Firebird: Information leak vulnerability in firebird3 client when used with newer server	17.04.2026	7.9
CVE-2026-40320	Giskard has an Unsandboxed Jinja2 Template Rendering in ConformityCheck	17.04.2026
CVE-2026-5710	Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.9.6 - Unauthenticated Limited Arbitrary File Read via mfile Field	17.04.2026	7.5
CVE-2026-5718	Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.9.6 - Unauthenticated Arbitrary File Upload via Non-ASCII Filename Blacklist Bypass	17.04.2026	8.1
CVE-2026-40319	Giskard has a Regular Expression Denial of Service (ReDoS) in RegexMatching Check	17.04.2026
CVE-2026-40518	ByteDance DeerFlow Path Traversal and Arbitrary File Write via Bootstrap Mode	17.04.2026
CVE-2026-3464	WP Customer Area <= 8.3.4 - Authenticated (Subscriber+) Arbitrary File Read/Deletion via ajax_attach_file	17.04.2026	8.8
CVE-2026-21733	GPU DDK - Incorrect flags validation in RGXDerivePTEProt8 can allow GPU to overwrite read-only shared memory (e.g. libc.so)	17.04.2026
CVE-2026-40515	OpenHarness Permission Bypass via grep and glob root argument	17.04.2026
CVE-2026-40516	OpenHarness SSRF via web_fetch and web_search	17.04.2026
CVE-2026-21709		18.04.2026
CVE-2026-6284	Horner Automation Cscape and XL4, XL7 PLC Weak password requirements	17.04.2026
CVE-2026-6497	prasathmani TinyFileManager File Upload filemanager.php server-side request forgery	17.04.2026
CVE-2026-37749		17.04.2026
CVE-2026-41153		17.04.2026	5.8
CVE-2026-6493	lukevella rallly Reset Password reset-password-form.tsx cross site scripting	17.04.2026
CVE-2026-6496	prasathmani TinyFileManager POST Parameter filemanager.php path traversal	17.04.2026
CVE-2025-70795		17.04.2026
CVE-2026-31317		17.04.2026
CVE-2026-6491	libvips nip2 vips7compat.c im_minpos_vec heap-based overflow	18.04.2026
CVE-2026-6492	arnobt78 Hotel Booking Management System Health Check Endpoint detailed information disclosure	17.04.2026
CVE-2026-40458	Cross-Site Request Forgery in PAC4J	17.04.2026
CVE-2026-40459	LDAP Injection in PAC4J	17.04.2026
CVE-2026-6490	QueryMine sms GET Request Parameter deletecourse.php sql injection	17.04.2026
CVE-2026-6488	QueryMine sms GET Request Parameter editcourse.php sql injection	17.04.2026
CVE-2026-6489	QueryMine sms Background Management addteacher.php unrestricted upload	17.04.2026
CVE-2026-6486	classroombookings User Display Name layout.php read cross site scripting	18.04.2026
CVE-2026-6487	Qihui jtbc5 CMS Code Endpoint manage.php path traversal	17.04.2026
CVE-2026-6507	Dnsmasq: dnsmasq: denial of service due to out-of-bounds write in dhcp bootreply processing	17.04.2026
CVE-2025-46606		18.04.2026	6.2
CVE-2026-23777		17.04.2026	4.3
CVE-2026-28263		18.04.2026	5.9
CVE-2025-46605		18.04.2026	6.2
CVE-2025-46607		18.04.2026	6.6
CVE-2025-46641		18.04.2026	6.6
CVE-2026-35072		18.04.2026	6.7
CVE-2026-35073		18.04.2026	6.7
CVE-2026-35074		18.04.2026	6.7
CVE-2026-5131	Server-Side Request Forgery in GREENmod	17.04.2026
CVE-2026-35153		18.04.2026	6.7
CVE-2026-6483	Wavlink WL-WN530H4 internet.cgi snprintf os command injection	17.04.2026