CVE Field Guide

Critical CVEs

CVE Title Updated Score
CVE-2018-25316 Tenda W308R v2 V5.07.48 Cookie Session Weakness DNS Change 29.04.2026 9.3
CVE-2018-25317 Tenda W3002R/A302/W309R V5.07.64_en Cookie Session Weakness DNS Change 29.04.2026 9.3
CVE-2018-25318 Tenda FH303/A300 V5.07.68_EN Cookie Session Weakness DNS Change 29.04.2026 9.3
CVE-2026-30893 Wazuh cluster sync path traversal in decompress_files() enables arbitrary file write and code execution from authenticated cluster peer 29.04.2026 9
CVE-2026-26015 Unauthenticated RCE in DocsGPT MCP STDIO Configuration 29.04.2026 10
CVE-2026-41940 cPanel and WHM Authentication Bypass via Login Flow 30.04.2026 9.3
CVE-2026-5166 Path Traversal in TUBITAK BILGEM's Pardus Software Center 29.04.2026 9.6
CVE-2026-3325 SQL injection in MegaCMS by CRM Sistemas de Fidelización 29.04.2026 10
CVE-2026-41446 WattBox 800 & 820 Series < 2.10.0.0 RCE via Diagnostic Endpoints 29.04.2026 9.2
CVE-2026-24178 29.04.2026 9.8
CVE-2026-3893 Carlson Software VASCO-B GNSS Receiver Missing Authentication for Critical Function 29.04.2026 9.4
CVE-2026-41386 OpenClaw < 2026.3.22 - Privilege Escalation via Unbound Bootstrap Setup Codes 29.04.2026 9.1
CVE-2026-27760 OpenCATS PHP Code Injection via installer AJAX endpoint 28.04.2026 9.2
CVE-2026-5779 Multiple vulnerabilities in MphRx's Minerva 28.04.2026 9.4
CVE-2026-7241 Totolink A8000RU CGI cstecgi.cgi setWiFiBasicCfg os command injection 29.04.2026 9.3
CVE-2026-7242 Totolink A8000RU CGI cstecgi.cgi setOpenVpnClientCfg os command injection 28.04.2026 9.3
CVE-2026-7243 Totolink A8000RU CGI cstecgi.cgi setRadvdCfg os command injection 28.04.2026 9.3
CVE-2026-7244 Totolink A8000RU CGI cstecgi.cgi setWiFiEasyGuestCfg os command injection 28.04.2026 9.3
CVE-2026-7248 D-Link DI-8100 CGI Endpoint tgfile.htm tgfile_htm buffer overflow 29.04.2026 9.3
CVE-2026-7240 Totolink A8000RU CGI cstecgi.cgi setVpnAccountCfg os command injection 29.04.2026 9.3
CVE-2026-32644 Milesight Cameras Use of Hard-coded Cryptographic Key 28.04.2026 9.2
CVE-2026-7202 Totolink A8000RU CGI cstecgi.cgi setWiFiWpsStart os command injection 29.04.2026 9.3
CVE-2026-7203 Totolink A8000RU CGI cstecgi.cgi setUrlFilterRules os command injection 29.04.2026 9.3
CVE-2026-7204 Totolink A8000RU CGI cstecgi.cgi setPptpServerCfg os command injection 28.04.2026 9.3
CVE-2026-40976 29.04.2026 9.1
CVE-2026-7156 Totolink A8000RU CGI cstecgi.cgi CsteSystem os command injection 28.04.2026 9.3
CVE-2026-7154 Totolink A8000RU CGI cstecgi.cgi setAdvancedInfoShow os command injection 28.04.2026 9.3
CVE-2026-7155 Totolink A8000RU CGI cstecgi.cgi setLoginPasswordCfg os command injection 28.04.2026 9.3
CVE-2026-7152 Totolink A8000RU CGI cstecgi.cgi setTelnetCfg os command injection 28.04.2026 9.3
CVE-2026-7153 Totolink A8000RU CGI cstecgi.cgi setMiniuiHomeInfoShow os command injection 28.04.2026 9.3
CVE-2026-7139 Totolink A8000RU CGI cstecgi.cgi setWiFiAclRules os command injection 29.04.2026 9.3
CVE-2026-7140 Totolink A8000RU CGI cstecgi.cgi CsteSystem os command injection 27.04.2026 9.3
CVE-2026-7136 Totolink A8000RU CGI cstecgi.cgi setDmzCfg os command injection 27.04.2026 9.3
CVE-2026-7137 Totolink A8000RU CGI cstecgi.cgi setStorageCfg os command injection 27.04.2026 9.3
CVE-2026-7138 Totolink A8000RU CGI cstecgi.cgi setNtpCfg os command injection 27.04.2026 9.3
CVE-2026-41462 ProjeQtor < 12.4.4 Unauthenticated SQL Injection via Login 27.04.2026 9.3
CVE-2026-7123 Totolink A8000RU CGI cstecgi.cgi setIptvCfg os command injection 27.04.2026 9.3
CVE-2026-7124 Totolink A8000RU CGI cstecgi.cgi setIpv6LanCfg os command injection 27.04.2026 9.3
CVE-2026-7125 Totolink A8000RU CGI cstecgi.cgi setWiFiEasyCfg os command injection 27.04.2026 9.3
CVE-2026-7121 Totolink A8000RU CGI cstecgi.cgi setWizardCfg os command injection 27.04.2026 9.3
CVE-2026-7122 Totolink A8000RU CGI cstecgi.cgi setUPnPCfg os command injection 29.04.2026 9.3
CVE-2026-22336 WordPress Directorist Booking plugin < 3.0.2 - SQL Injection vulnerability 28.04.2026 9.3
CVE-2026-22337 WordPress Directorist Social Login plugin < 2.1.4 - Privilege Escalation vulnerability 28.04.2026 9.8
CVE-2026-41409 Apache MINA: CWE-502 Deserialization of Untrusted Data 27.04.2026 9.8
CVE-2026-41635 Apache MINA: AbstractIoBuffer.resolveClass() null-clazz Branch Skips acceptMatchers Filter — Full Object Deserialization RCE 28.04.2026 9.8
CVE-2026-42363 GeoVision GV-IP Device Utility Device Authentication insufficient encryption vulnerability 27.04.2026 9.3
CVE-2026-7037 Totolink A8000RU CGI cstecgi.cgi setVpnPassCfg os command injection 27.04.2026 9.3
CVE-2026-31682 bridge: br_nd_send: linearize skb before parsing ND options 27.04.2026 9.1
CVE-2026-31685 netfilter: ip6t_eui64: reject invalid MAC header for all packets 27.04.2026 9.4
CVE-2026-6951 25.04.2026 9.2
CVE-2026-41248 Official Clerk JavaScript SDKs: Middleware-based route protection bypass 27.04.2026 9.1
CVE-2026-41478 Saltcorn: SQL Injection via Unparameterized Sync Endpoints (maxLoadedId) 27.04.2026 10
CVE-2026-41428 Budibase: Authentication Bypass via Unanchored Regex in Public Endpoint Matcher — Unauthenticated Access to Protected Endpoints 24.04.2026 9.1
CVE-2026-41327 Dgraph: Pre-Auth Full Database Exfiltration via DQL Injection in Upsert Condition Field 24.04.2026 9.1
CVE-2026-41492 Unauthenticated Admin Token Disclosure Leading to Authentication Bypass via /debug/vars in Dgraph 24.04.2026 9.8
CVE-2026-41328 Dgraph: Pre-Auth Full Database Exfiltration via DQL Injection in NQuad Lang Field 24.04.2026 9.1
CVE-2026-6911 Authentication Bypass via Missing JWT Signature Verification in AWS Ops Wheel 24.04.2026 9.3
CVE-2026-39920 BridgeHead FileStore < 24A Apache Axis2 Default Credentials RCE 24.04.2026 9.3
CVE-2026-31536 smb: server: let send_done handle a completion without IB_SEND_SIGNALED 27.04.2026 9.8
CVE-2026-31589 mm: call ->free_folio() directly in folio_unmap_invalidate() 27.04.2026 9.8
CVE-2026-31607 usbip: validate number_of_packets in usbip_pack_ret_submit() 27.04.2026 9.8
CVE-2026-31608 smb: server: avoid double-free in smb_direct_free_sendmsg after smb_direct_flush_send_list() 27.04.2026 9.8
CVE-2026-31609 smb: client: avoid double-free in smbd_free_send_io() after smbd_send_batch_flush() 27.04.2026 9.8
CVE-2026-31633 rxrpc: Fix integer overflow in rxgk_verify_response() 27.04.2026 9.8
CVE-2026-31636 rxrpc: fix RESPONSE authenticator parser OOB read 27.04.2026 9.1
CVE-2026-31637 rxrpc: reject undecryptable rxkad response tickets 27.04.2026 9.8
CVE-2026-31649 net: stmmac: fix integer underflow in chain mode 27.04.2026 9.8
CVE-2026-31657 batman-adv: hold claim backbone gateways by reference 27.04.2026 9.8
CVE-2026-31659 batman-adv: reject oversized global TT response buffers 27.04.2026 9.8
CVE-2026-31668 seg6: separate dst_cache for input and output paths in seg6 lwtunnel 27.04.2026 9.8
CVE-2026-31669 mptcp: fix slab-use-after-free in __inet_lookup_established 27.04.2026 9.8
CVE-2026-25660 Authentication bypass for certain API calls 24.04.2026 9.3
CVE-2026-21515 Azure IoT Central Elevation of Privilege Vulnerability 28.04.2026 9.9
CVE-2026-1950 No checking of the length of the buffer with the file name in AS320T 24.04.2026 9.8
CVE-2026-1951 No checking of the length of the buffer with the directory name in AS320T 24.04.2026 9.8
CVE-2026-1952 Denial of service via the undocumented subfunction in AS320T 24.04.2026 9.8
CVE-2026-1949 Incorrect calculation of buffer size on the stack in AS320T 24.04.2026 9.8
CVE-2026-25775 SenseLive X3050 Missing authentication for critical function 24.04.2026 9.3
CVE-2026-27843 SenseLive X3050 Missing authentication for critical function 24.04.2026 9.2
CVE-2026-35503 SenseLive X3050 Use of Hard-coded Credentials 24.04.2026 9.3
CVE-2026-39462 SenseLive X3050 Insufficiently Protected Credentials 24.04.2026 9.3
CVE-2026-40620 SenseLive X3050 Missing authentication for critical function 24.04.2026 9.3
CVE-2026-40630 SenseLive X3050 Authentication bypass using an alternate path or channel 24.04.2026 9.3
CVE-2026-24303 Microsoft Partner Center Elevation of Privilege Vulnerability 28.04.2026 9.6
CVE-2026-32210 Microsoft Dynamics 365 (online) Spoofing Vulnerability 28.04.2026 9.3
CVE-2026-33102 Microsoft 365 Copilot Elevation of Privilege Vulnerability 28.04.2026 9.3
CVE-2026-33819 Microsoft Bing Remote Code Execution Vulnerability 28.04.2026 10
CVE-2026-35431 Microsoft Entra ID Entitlement Management Spoofing Vulnerability 28.04.2026 10
CVE-2026-26210 KTransformers Unsafe Deserialization RCE via balance_serve 24.04.2026 9.3
CVE-2026-41274 Flowise: Cypher Injection in GraphCypherQAChain 24.04.2026 9.3
CVE-2026-6942 radare2-mcp <=1.6.0 OS Command Injection via Shell Metacharacter Bypass 29.04.2026 9.3
CVE-2026-25874 LeRobot Unsafe Deserialization Remote Code Execution via gRPC 24.04.2026 9.3
CVE-2026-41264 Flowise: CSV Agent Prompt Injection Remote Code Execution Vulnerability 24.04.2026 9.2
CVE-2026-41265 Flowise: Airtable_Agent Code Injection Remote Code Execution Vulnerability 23.04.2026 9.2
CVE-2026-41137 Flowise: Code Injection in CSVAgent leads to Authenticated RCE 23.04.2026 9.4
CVE-2026-6074 Path traversal: '.../...//' in Intrado 911 Emergency Gateway (EGW) 23.04.2026 9.3
CVE-2026-31533 net/tls: fix use-after-free in -EBUSY error path of tls_do_encryption 27.04.2026 9.8
CVE-2025-62373 Pipecat vulnerable to Remote Code Execution by Pickle Deserialization via LivekitFrameSerializer 23.04.2026 9.8
CVE-2026-23751 Kofax Capture 6.0.0.0 Unauthenticated File Read/Write & SMB Coercion via .NET Remoting 25.04.2026 9.3
CVE-2026-40470 Hackage package and doc upload stored XSS vulnerability 23.04.2026 9.9
CVE-2026-40471 Hackage CSRF vulnerability 23.04.2026 9.6
CVE-2026-40472 Hackage package metadata stored XSS vulnerability 23.04.2026 9.9
CVE-2026-41460 SocialEngine <= 7.8.0 SQL Injection via activity/index/get-memberall 29.04.2026 9.3
CVE-2026-39440 WordPress FunnelFormsPro plugin <= 3.8.1 - Remote Code Execution (RCE) vulnerability 23.04.2026 9.9

Latest Updates

CVE Title Updated Score
CVE-2026-7164 pf can overflow the stack parsing crafted SCTP packets 30.04.2026
CVE-2024-39847 Arbitrary File Read and Server Side Request Forgery via XML External Entities in 4D Server SOAP 30.04.2026
CVE-2026-42511 Remote code execution via malicious DHCP options 30.04.2026
CVE-2026-42798 30.04.2026 4
CVE-2026-7270 Local privilege escalation via execve() 30.04.2026
CVE-2026-41226 30.04.2026
CVE-2026-5299 Uncontrolled Recursion in Wireshark 30.04.2026 5.5
CVE-2026-5401 Uncontrolled Recursion in Wireshark 30.04.2026 5.5
CVE-2026-5402 Heap-based Buffer Overflow in Wireshark 30.04.2026 8.8
CVE-2026-5406 Uncontrolled Recursion in Wireshark 30.04.2026 5.5
CVE-2026-5407 Loop with Unreachable Exit Condition ('Infinite Loop') in Wireshark 30.04.2026 5.5
CVE-2026-5408 Uncontrolled Recursion in Wireshark 30.04.2026 5.5
CVE-2026-5409 Uncontrolled Recursion in Wireshark 30.04.2026 5.5
CVE-2026-5653 Heap-based Buffer Overflow in Wireshark 30.04.2026 5.5
CVE-2026-5654 Stack-based Buffer Overflow in Wireshark 30.04.2026 5.5
CVE-2026-5655 Use After Free in Wireshark 30.04.2026 5.5
CVE-2026-5657 Double Free in Wireshark 30.04.2026 5.5
CVE-2026-6519 Loop with Unreachable Exit Condition ('Infinite Loop') in Wireshark 30.04.2026 5.5
CVE-2026-6520 Loop with Unreachable Exit Condition ('Infinite Loop') in Wireshark 30.04.2026 5.5
CVE-2026-6521 Loop with Unreachable Exit Condition ('Infinite Loop') in Wireshark 30.04.2026 5.5
CVE-2026-6522 Loop with Unreachable Exit Condition ('Infinite Loop') in Wireshark 30.04.2026 5.5
CVE-2026-6523 Loop with Unreachable Exit Condition ('Infinite Loop') in Wireshark 30.04.2026 5.5
CVE-2026-6524 Access of Uninitialized Pointer in Wireshark 30.04.2026 5.5
CVE-2026-6526 NULL Pointer Dereference in Wireshark 30.04.2026 5.5
CVE-2026-6527 Uncontrolled Recursion in Wireshark 30.04.2026 5.5
CVE-2026-6528 Loop with Unreachable Exit Condition ('Infinite Loop') in Wireshark 30.04.2026 5.5
CVE-2026-6529 Heap-based Buffer Overflow in Wireshark 30.04.2026 5.5
CVE-2026-6530 Heap-based Buffer Overflow in Wireshark 30.04.2026 5.5
CVE-2026-6531 Loop with Unreachable Exit Condition ('Infinite Loop') in Wireshark 30.04.2026 5.5
CVE-2026-6532 Buffer Over-read in Wireshark 30.04.2026 5.5
CVE-2026-6533 Improperly Controlled Sequential Memory Allocation in Wireshark 30.04.2026 5.5
CVE-2026-6534 Loop with Unreachable Exit Condition ('Infinite Loop') in Wireshark 30.04.2026 5.5
CVE-2026-6535 Improperly Controlled Sequential Memory Allocation in Wireshark 30.04.2026 5.5
CVE-2026-6536 Loop with Unreachable Exit Condition ('Infinite Loop') in Wireshark 30.04.2026 5.5
CVE-2026-6537 Stack-based Buffer Overflow in Wireshark 30.04.2026 5.5
CVE-2026-6538 Stack-based Buffer Overflow in Wireshark 30.04.2026 5.5
CVE-2026-6867 Improperly Controlled Sequential Memory Allocation in Wireshark 30.04.2026 5.5
CVE-2026-6869 Improperly Controlled Sequential Memory Allocation in Wireshark 30.04.2026 5.5
CVE-2026-6870 Access of Uninitialized Pointer in Wireshark 30.04.2026 5.5
CVE-2025-13030 30.04.2026 7.1
CVE-2026-6868 Stack-based Buffer Overflow in Wireshark 30.04.2026 5.5
CVE-2026-7375 Loop with Unreachable Exit Condition ('Infinite Loop') in Wireshark 30.04.2026 5.5
CVE-2026-7376 NULL Pointer Dereference in Wireshark 30.04.2026 5.5
CVE-2026-7378 Heap-based Buffer Overflow in Wireshark 30.04.2026 5.5
CVE-2026-7379 Missing Release of Memory after Effective Lifetime in Wireshark 30.04.2026 5.5
CVE-2026-7470 Tenda 4G300 SafeMacFilter sub_427C3C stack-based overflow 30.04.2026
CVE-2026-7469 Tenda 4G300 DelFil sub_425A28 command injection 30.04.2026
CVE-2026-7447 SourceCodester Pet Grooming Management Software update_customer.php sql injection 30.04.2026
CVE-2026-7468 1024-lab smart-admin Demo Site index.html access control 30.04.2026
CVE-2026-7445 ZachHandley ZMCPTools MCP Log Resource ResourceManager.ts path traversal 29.04.2026
CVE-2026-7446 VetCoders mcp-server-semgrep MCP index.ts create_rule os command injection 30.04.2026
CVE-2026-7443 BurtTheCoder mcp-dnstwist MCP index.ts fuzz_domain os command injection 29.04.2026
CVE-2026-6221 29.04.2026
CVE-2026-7381 Plack::Middleware::XSendfile versions through 1.0053 for Perl can allow client-controlled path rewriting 29.04.2026
CVE-2026-7419 UTT HiPER 1250GW formTaskEdit_ap strcpy buffer overflow 29.04.2026
CVE-2026-7420 UTT HiPER 1250GW ConfigAdvideo strcpy buffer overflow 29.04.2026
CVE-2026-7417 Algovate xhs-mcp MCP mcp.server.ts xhs_publish_content server-side request forgery 29.04.2026
CVE-2026-7418 UTT HiPER 1250GW NTP strcpy buffer overflow 29.04.2026
CVE-2026-7416 PolarVista xcode-mcp-server MCP index.ts run_tests os command injection 29.04.2026
CVE-2026-7409 SourceCodester Pizzafy Ecommerce System ajax.php save_user sql injection 29.04.2026
CVE-2026-7410 SourceCodester Pizzafy Ecommerce System ajax.php add_to_cart sql injection 29.04.2026
CVE-2026-7407 SourceCodester Pizzafy Ecommerce System Setting ajax.php save_settings sql injection 29.04.2026
CVE-2026-7408 SourceCodester Pizzafy Ecommerce System ajax.php save_menu sql injection 29.04.2026
CVE-2025-50328 29.04.2026
CVE-2026-1858 wget2 Improper Certificate Validation 29.04.2026 4.8
CVE-2026-7403 geldata gel-mcp server.py fetch_rule path traversal 29.04.2026
CVE-2026-7404 getsimpletool mcpo-simple-server base_manager.py delete_shared_prompt path traversal 29.04.2026
CVE-2018-25298 Merge PACS 7.0 Cross-Site Request Forgery via merge-viewer 29.04.2026
CVE-2018-25299 Prime95 29.4b8 Local Buffer Overflow via SEH 29.04.2026
CVE-2018-25300 XATABoost CMS 1.0.0 SQL Injection via news.php 29.04.2026
CVE-2018-25301 Easy MPEG to DVD Burner 1.7.11 SEH Local Buffer Overflow 29.04.2026
CVE-2018-25302 Allok AVI to DVD SVCD VCD Converter 4.0.1217 Buffer Overflow SEH 29.04.2026
CVE-2018-25303 Allok Video to DVD Burner 2.6.1217 Buffer Overflow SEH 29.04.2026
CVE-2018-25304 Free Download Manager 2.0 Built 417 Local Buffer Overflow SEH 29.04.2026
CVE-2018-25305 librsvg2-bin 2.40.13 Buffer Overflow via Malformed SVG 29.04.2026
CVE-2018-25306 PDFunite 0.41.0 Buffer Overflow via Malformed PDF 29.04.2026
CVE-2018-25307 SysGauge Pro 4.6.12 Local Buffer Overflow SEH 29.04.2026
CVE-2018-25308 BuddyPress Xprofile Custom Fields Type 2.6.3 Remote Code Execution 29.04.2026
CVE-2018-25309 MyBB Recent threads 17.0 Persistent Cross-Site Scripting 29.04.2026
CVE-2018-25310 VideoFlow Digital Video Protection DVP 10 Authenticated Remote Code Execution 29.04.2026
CVE-2018-25311 VideoFlow Digital Video Protection DVP 10 Authenticated Directory Traversal 2.10 (X-Prototype-Version: 1.6.0.2) 29.04.2026
CVE-2018-25312 LifeSize ClearSea 3.1.4 Directory Traversal Remote Code Execution 29.04.2026
CVE-2018-25313 SysGauge 4.5.18 Local Denial of Service via Proxy Configuration 29.04.2026
CVE-2018-25314 Allok soft WMV to AVI MPEG DVD WMV Converter 4.6.1217 Buffer Overflow 29.04.2026
CVE-2018-25315 Alloksoft Video joiner 4.6.1217 Buffer Overflow via License Name 29.04.2026
CVE-2018-25316 Tenda W308R v2 V5.07.48 Cookie Session Weakness DNS Change 29.04.2026
CVE-2018-25317 Tenda W3002R/A302/W309R V5.07.64_en Cookie Session Weakness DNS Change 29.04.2026
CVE-2018-25318 Tenda FH303/A300 V5.07.68_EN Cookie Session Weakness DNS Change 29.04.2026
CVE-2026-34965 Cockpit CMS Authenticated Remote Code Execution via Collections 29.04.2026 8.8
CVE-2026-7400 geekgod382 filesystem-mcp-server read_file_tool/write_file_tool server.py is_path_allowed path traversal 29.04.2026
CVE-2026-7401 SourceCodester CET Automated Grading System with AI Predictive Analytics Registration index.php register cross site scripting 29.04.2026
CVE-2026-7425 Out-of-Bounds Read in Router Advertisement Option Parser in FreeRTOS-Plus-TCP 29.04.2026 6.5
CVE-2026-7426 Out-of-Bounds Write via Unsanitized Prefix Length in Router Advertisement Processing in FreeRTOS-Plus-TCP 29.04.2026 8.1
CVE-2026-27105 29.04.2026 6.3
CVE-2026-7398 florensiawidjaja BioinfoMCP Upload Endpoint app.py upload path traversal 29.04.2026
CVE-2026-7422 MAC Address Validation Bypass in FreeRTOS-Plus-TCP IPv4 and IPv6 Packet Processing 29.04.2026 6.5
CVE-2026-7423 Integer Underflow in ICMP Echo Reply Processing in FreeRTOS-Plus-TCP 29.04.2026 5.3
CVE-2026-7424 Integer Underflow in DHCPv6 Sub-Option Parser in FreeRTOS-Plus-TCP 29.04.2026 8.1
CVE-2026-7466 AgentFlow Arbitrary Python Pipeline Execution via pipeline_path 29.04.2026
CVE-2026-26206 Wazuh: API brute-force protection bypass via race condition in login attempt tracking 29.04.2026 6.5
CVE-2026-28221 Wazuh: Pre-auth stack-based buffer overflow in wazuh-remoted print_hex_string() due to signed char promotion on x86_64 29.04.2026 6.5
CVE-2026-30893 Wazuh cluster sync path traversal in decompress_files() enables arbitrary file write and code execution from authenticated cluster peer 29.04.2026 9
CVE-2026-41499 Wazuh: Multiple Heap-based NULL WRITE Buffer Underflows in parse_uname_string() 29.04.2026 6.5
CVE-2026-7397 NousResearch hermes-agent file_tools.py _check_sensitive_path symlink 29.04.2026
CVE-2026-7439 AgentFlow Local Web API Content-Type Validation Bypass 29.04.2026
CVE-2026-26015 Unauthenticated RCE in DocsGPT MCP STDIO Configuration 29.04.2026
CVE-2026-26204 Wazuh: Heap-based NULL WRITE Buffer Underflow in GetAlertData 29.04.2026 4.4
CVE-2026-5712 IdentityIQ Role Editor Incorrect Authorization Vulnerability 30.04.2026 8
CVE-2026-7394 SourceCodester Pizzafy Ecommerce System GET Parameter view_order.php sql injection 29.04.2026
CVE-2026-7396 NousResearch hermes-agent WeChat Work Platform Adapter wecom.py path traversal 29.04.2026
CVE-2026-6914 MD5 checksum creation may cause availability loss 29.04.2026
CVE-2026-6915 Flaw in the updateUser Command May Allow Unauthorized Configuration Change 29.04.2026
CVE-2026-7392 SourceCodester Pharmacy Sales and Inventory System ajax.php delete_supplier sql injection 29.04.2026
CVE-2026-7393 SourceCodester Pizzafy Ecommerce System File Extension admin_class_novo.php save_menu unrestricted upload 29.04.2026
CVE-2026-0204 30.04.2026
CVE-2026-0205 29.04.2026
CVE-2026-0206 29.04.2026
CVE-2026-7391 SourceCodester Pharmacy Sales and Inventory System ajax.php save_supplier sql injection 29.04.2026
CVE-2025-56534 29.04.2026
CVE-2025-56535 29.04.2026
CVE-2025-56536 29.04.2026
CVE-2025-56537 29.04.2026
CVE-2026-2810 Endpoint DLP Driver Out-of-Bounds Read 29.04.2026
CVE-2026-30769 29.04.2026
CVE-2026-37555 29.04.2026
CVE-2026-40229 Helpy 2.8.0 - Stored XSS in post author display via PostsHelper 29.04.2026
CVE-2026-40230 Helpy 2.8.0 - Stored XSS in knowledgebase Doc body rendering 29.04.2026
CVE-2026-42198 pgjdbc: Unbounded PBKDF2 iterations in SCRAM authentication allows CPU exhaustion DoS 29.04.2026 7.5
CVE-2026-7389 EyouCMS common.php GetSortData sql injection 29.04.2026
CVE-2026-7390 SourceCodester Pharmacy Sales and Inventory System index.php customer cross site scripting 29.04.2026
CVE-2026-38991 29.04.2026
CVE-2026-38993 29.04.2026
CVE-2026-41940 cPanel and WHM Authentication Bypass via Login Flow 30.04.2026
CVE-2026-5166 Path Traversal in TUBITAK BILGEM's Pardus Software Center 29.04.2026 9.6
CVE-2026-6849 OS Command Injection in TUBITAK BILGEM's Pardus OS My Computer 29.04.2026 8.8
CVE-2026-7386 fatbobman mail-mcp-bridge mail_mcp_server.py path traversal 29.04.2026
CVE-2026-7388 EyouCMS Template File FilemanagerLogic.php editFile code injection 29.04.2026
CVE-2026-25852 29.04.2026
CVE-2026-36837 29.04.2026
CVE-2026-36841 29.04.2026
CVE-2026-38992 29.04.2026
CVE-2026-41220 29.04.2026
CVE-2026-41952 29.04.2026
CVE-2026-5141 Improper Access Control in TUBITAK BILGEM's Pardus Software Center 29.04.2026 8.8
CVE-2026-5161 Improper Authentication in TUBITAK BILGEM's Pardus About 29.04.2026 8.8
CVE-2026-7111 Text::CSV_XS versions before 1.62 for Perl have a use-after-free when registered callbacks extend the Perl argument stack, which may enable type confusion or memory corruption 29.04.2026
CVE-2026-7384 ezequiroga mcp-bases research_server.py search_papers path traversal 29.04.2026
CVE-2026-42519 29.04.2026
CVE-2026-42520 29.04.2026
CVE-2026-42521 29.04.2026
CVE-2026-42522 29.04.2026
CVE-2026-42523 29.04.2026
CVE-2026-42524 29.04.2026
CVE-2026-42525 29.04.2026
CVE-2026-5140 Authorization Bypass in TUBITAK BILGEM's Pardus Update 29.04.2026 8.8
CVE-2026-22741 Static resource cache poisoning in Spring MVC and WebFlux 29.04.2026 3.1
CVE-2026-22745 CVE-2026-22745 : Denial of service in static resource handling on Windows platforms 29.04.2026 5.3
CVE-2026-2902 WP Meteor Website Speed Optimization Addon <= 3.4.16 - Unauthenticated Stored Cross-Site Scripting via Comment 29.04.2026 6.1
CVE-2026-42248 Missing Signature Verification for Updates in Ollama 29.04.2026
CVE-2026-42249 Remote Code Execution in Ollama via Update Mechanism 29.04.2026