CVE Field Guide

Critical CVEs

CVE Title Updated Score
CVE-2026-5387 AVEVA Pipeline Simulation Missing Authorization 15.04.2026 9.3
CVE-2026-33805 @fastify/reply-from vulnerable to connection header abuse enabling stripping of proxy-added headers 15.04.2026 9
CVE-2026-33807 @fastify/express vulnerable to middleware path doubling causing authentication bypass in child plugin scopes 15.04.2026 9.1
CVE-2026-33808 @fastify/express vulnerable to middleware authentication bypass via URL normalization gaps (duplicate slashes and semicolons) 15.04.2026 9.1
CVE-2025-14813 GOSTCTR implementation unable to process more than 255 blocks correctly 15.04.2026 9.3
CVE-2026-5588 PKIX draft CompositeVerifier accepts empty signature sequence as valid. 15.04.2026 10
CVE-2026-5598 Non-constant time comparisons risk private key leakage in FrodoKEM. 15.04.2026 10
CVE-2026-3461 Visa Acceptance Solutions <= 2.1.0 - Unauthenticated Authentication Bypass via Billing Email 15.04.2026 9.8
CVE-2026-1555 WebStack <= 1.2024 - Unauthenticated Arbitrary File Upload 15.04.2026 9.8
CVE-2026-39842 OpenRemote is Vulnerable to Expression Injection 14.04.2026 10
CVE-2026-39399 NuGet Gallery: Arbitrary Blob Overwrite via Nuspec Confusion and URI Fragment Truncation 15.04.2026 9.6
CVE-2026-34457 OAuth2 Proxy: Health Check User-Agent Matching Bypasses Authentication in auth_request Mode 14.04.2026 9.1
CVE-2026-35031 Jellyfin: Potential RCE via subtitle upload path traversal + .strm chain 14.04.2026 10
CVE-2026-35033 Jellyfin: Potential SSRF + Arbitrary file read via stream argument injection 15.04.2026 9.3
CVE-2026-27304 ColdFusion | Improper Input Validation (CWE-20) 15.04.2026 9.3
CVE-2026-27243 Adobe Connect | Cross-site Scripting (Reflected XSS) (CWE-79) 14.04.2026 9.3
CVE-2026-27245 Adobe Connect | Cross-site Scripting (Reflected XSS) (CWE-79) 14.04.2026 9.3
CVE-2026-27246 Adobe Connect | Cross-site Scripting (DOM-based XSS) (CWE-79) 14.04.2026 9.3
CVE-2026-27303 Adobe Connect | Deserialization of Untrusted Data (CWE-502) 15.04.2026 9.6
CVE-2026-34615 Adobe Connect | Deserialization of Untrusted Data (CWE-502) 15.04.2026 9.3
CVE-2026-26149 Microsoft Power Apps Security Feature Bypass 15.04.2026 9
CVE-2026-33824 Windows Internet Key Exchange (IKE) Service Extensions Remote Code Execution Vulnerability 15.04.2026 9.8
CVE-2026-39808 15.04.2026 9.1
CVE-2026-39813 15.04.2026 9.1
CVE-2025-63939 14.04.2026 9.8
CVE-2025-65135 14.04.2026 9.8
CVE-2026-38526 14.04.2026 9.9
CVE-2025-8095 Recoverable obfuscation using the OECH1 prefix encoding in OpenEdge 15.04.2026 9.1
CVE-2026-2449 14.04.2026 9
CVE-2026-40288 PraisonAI: Critical RCE via `type: job` workflow YAML 14.04.2026 9.8
CVE-2026-40289 PraisonAI Browser Server allows unauthenticated WebSocket clients to hijack connected extension sessions 14.04.2026 9.1
CVE-2026-40313 PraisonAI: ArtiPACKED Vulnerability via GitHub Actions Credential Persistence 14.04.2026 9.1
CVE-2026-6264 Critical Security fix for the Talend JobServer and Talend Runtime 14.04.2026 9.8
CVE-2026-4365 LearnPress <= 4.3.2.8 - Missing Authorization to Unauthenticated Arbitrary Quiz Answer Deletion 14.04.2026 9.1
CVE-2026-27681 SQL Injection vulnerability in SAP Business Planning and Consolidation and SAP Business Warehouse 14.04.2026 9.9
CVE-2026-22562 14.04.2026 9.8
CVE-2026-22563 14.04.2026 9.8
CVE-2026-22564 14.04.2026 9.8
CVE-2026-40042 Pachno 1.0.6 Wiki TextParser XML External Entity Injection 14.04.2026 9.3
CVE-2026-40044 Pachno 1.0.6 FileCache Deserialization Remote Code Execution 13.04.2026 9.3
CVE-2026-6100 Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure 14.04.2026 9.1
CVE-2026-6195 Totolink A7100RU CGI cstecgi.cgi setPasswordCfg os command injection 13.04.2026 9.3
CVE-2026-23891 Decidim has a Cross-site scripting (XSS) vulnerability via user name field 14.04.2026 9.3
CVE-2026-4810 Remote Code Execution in Google Agent Development Kit (ADK) 13.04.2026 9.3
CVE-2026-34865 13.04.2026 10
CVE-2026-6154 Totolink A7100RU CGI cstecgi.cgi setWizardCfg os command injection 13.04.2026 9.3
CVE-2026-6155 Totolink A7100RU CGI cstecgi.cgi setWanCfg os command injection 14.04.2026 9.3
CVE-2026-6156 Totolink A7100RU CGI cstecgi.cgi setIpQosRules os command injection 13.04.2026 9.3
CVE-2026-6139 Totolink A7100RU CGI cstecgi.cgi UploadOpenVpnCert os command injection 14.04.2026 9.3
CVE-2026-6140 Totolink A7100RU CGI cstecgi.cgi UploadFirmwareFile os command injection 13.04.2026 9.3
CVE-2026-6138 Totolink A7100RU CGI cstecgi.cgi setAccessDeviceCfg os command injection 13.04.2026 9.3
CVE-2026-6132 Totolink A7100RU CGI cstecgi.cgi setLedCfg os command injection 13.04.2026 9.3
CVE-2026-6131 Totolink A7100RU CGI cstecgi.cgi setTracerouteCfg os command injection 14.04.2026 9.3
CVE-2019-25709 CF Image Hosting Script 1.6.5 Unauthorized Database Access 15.04.2026 9.3
CVE-2026-6115 Totolink A7100RU CGI cstecgi.cgi setAppCfg os command injection 13.04.2026 9.3
CVE-2026-6116 Totolink A7100RU CGI cstecgi.cgi setDiagnosisCfg os command injection 13.04.2026 9.3
CVE-2026-6112 Totolink A7100RU CGI cstecgi.cgi setRadvdCfg os command injection 15.04.2026 9.3
CVE-2026-6113 Totolink A7100RU CGI cstecgi.cgi setTtyServiceCfg os command injection 14.04.2026 9.3
CVE-2026-6114 Totolink A7100RU CGI cstecgi.cgi setNetworkCfg os command injection 14.04.2026 9.3
CVE-2026-31845 13.04.2026 9.3
CVE-2026-4149 Sonos Era 300 SMB Response Out-Of-Bounds Access Remote Code Execution Vulnerability 13.04.2026 10
CVE-2026-5058 aws-mcp-server Command Injection Remote Code Execution Vulnerability 13.04.2026 9.8
CVE-2026-5059 aws-mcp-server AWS CLI Command Injection Remote Code Execution Vulnerability 13.04.2026 9.8
CVE-2026-40189 goshs has a file-based ACL authorization bypass in goshs state-changing routes 13.04.2026 9.3
CVE-2026-40175 Axios has Unrestricted Cloud Metadata Exfiltration via Header Injection Chain 14.04.2026 10
CVE-2026-40177 Password bypass when 2FA is activated 14.04.2026 9.3
CVE-2026-33707 Weak Password Recovery Mechanism for Forgotten Password in chamilo/chamilo-lms 13.04.2026 9.4
CVE-2026-33698 Chamilo LMS affected by unauthenticated RCE in main/install folder 15.04.2026 9.3
CVE-2026-32892 OS Command Injection in Chamilo LMS 1.11.36 14.04.2026 9.1
CVE-2026-40157 PraisonAI affected by arbitrary file write via path traversal in `praisonai recipe unpack` 14.04.2026 9.4
CVE-2026-5412 Juju CloudSpec API could leak senstive information 10.04.2026 9.9
CVE-2026-1115 Stored XSS in parisneo/lollms 10.04.2026 9.6
CVE-2026-6028 Totolink A7100RU CGI cstecgi.cgi setPptpServerCfg os command injection 10.04.2026 9.3
CVE-2026-6029 Totolink A7100RU CGI cstecgi.cgi setVpnAccountCfg os command injection 10.04.2026 9.3
CVE-2026-6026 Totolink A7100RU CGI cstecgi.cgi setPortalConfWeChat os command injection 10.04.2026 9.3
CVE-2026-6027 Totolink A7100RU CGI cstecgi.cgi setUrlFilterRules os command injection 14.04.2026 9.3
CVE-2026-6025 Totolink A7100RU CGI cstecgi.cgi setSyslogCfg os command injection 10.04.2026 9.3
CVE-2026-5996 Totolink A7100RU CGI cstecgi.cgi setAdvancedInfoShow os command injection 14.04.2026 9.3
CVE-2026-5997 Totolink A7100RU CGI cstecgi.cgi setLoginPasswordCfg os command injection 10.04.2026 9.3
CVE-2026-5993 Totolink A7100RU CGI cstecgi.cgi setWiFiGuestCfg os command injection 14.04.2026 9.3
CVE-2026-5994 Totolink A7100RU CGI cstecgi.cgi setTelnetCfg os command injection 10.04.2026 9.3
CVE-2026-5995 Totolink A7100RU CGI cstecgi.cgi setMiniuiHomeInfoShow os command injection 10.04.2026 9.3
CVE-2026-34424 Smart Slider 3 Pro 3.5.1.35 Supply Chain Attack Remote Access Toolkit 14.04.2026 9.3
CVE-2026-33771 CTP OS: Configuring password requirements does not work which permits the use of weak passwords 13.04.2026 9.1
CVE-2026-33784 JSI Virtual Lightweight Collector: Default password is not required to be changed which allows unauthorized high-privileged access 13.04.2026 9.3
CVE-2026-40154 PraisonAI Affected by Untrusted Remote Template Code Execution 10.04.2026 9.3
CVE-2026-40111 PraisonAIAgents has an OS Command Injection via shell=True in Memory Hooks Executor (memory/hooks.py) 13.04.2026 9.3
CVE-2026-5977 Totolink A7100RU CGI cstecgi.cgi setWiFiBasicCfg os command injection 14.04.2026 9.3
CVE-2026-5978 Totolink A7100RU CGI cstecgi.cgi setWiFiAclRules os command injection 14.04.2026 9.3
CVE-2026-5976 Totolink A7100RU CGI cstecgi.cgi setStorageCfg os command injection 13.04.2026 9.3
CVE-2025-13926 Contemporary Controls BASC 20T Reliance on Untrusted Inputs in a Security Decision 10.04.2026 9.3
CVE-2026-40088 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in praisonai 09.04.2026 9.7
CVE-2026-40089 Sonicverse has Server-Side Request Forgery via user-controlled URLs in dashboard API client 13.04.2026 9.9
CVE-2026-5194 wolfSSL ECDSA Certificate Verification 10.04.2026 9.3
CVE-2026-5975 Totolink A7100RU CGI cstecgi.cgi setDmzCfg os command injection 09.04.2026 9.3
CVE-2026-28205 Initialization of a resource with an insecure default in OpenPLC_V3 10.04.2026 9.2
CVE-2026-34971 Wasmtime miscompiled guest heap access enables sandbox escape on aarch64 Cranelift 13.04.2026 9
CVE-2026-34987 Wasmtime with Winch compiler backend on aarch64 may allow a sandbox-escaping memory access 10.04.2026 9
CVE-2026-35556 Plaintext storage of a password in OpenPLC_V3 10.04.2026 9.2
CVE-2026-39912 v2board / Xboard Authentication Token Exposure via loginWithMailLink 13.04.2026 9.1
CVE-2026-39980 OpenCTI affected by RCE via notifier template 09.04.2026 9.1
CVE-2026-39987 marimo Affected by Pre-Auth Remote Code Execution via Terminal WebSocket Authentication Bypass 09.04.2026 9.3
CVE-2025-62718 Axios has a NO_PROXY Hostname Normalization Bypass Leads to SSRF 14.04.2026 9.3
CVE-2026-34177 VM lowlevel restriction bypass via raw.apparmor and raw.qemu.conf 09.04.2026 9.1
CVE-2026-34178 Importing a crafted backup leads to project restriction bypass 09.04.2026 9.1
CVE-2026-34179 Update of type field in restricted TLS certificate allows privilege escalation to cluster admin 09.04.2026 9.1
CVE-2026-5852 Totolink A7100RU CGI cstecgi.cgi setIptvCfg os command injection 09.04.2026 9.3
CVE-2026-5853 Totolink A7100RU CGI cstecgi.cgi setIpv6LanCfg os command injection 09.04.2026 9.3
CVE-2026-5854 Totolink A7100RU CGI cstecgi.cgi setWiFiEasyCfg os command injection 09.04.2026 9.3
CVE-2026-5850 Totolink A7100RU CGI cstecgi.cgi setVpnPassCfg os command injection 13.04.2026 9.3
CVE-2026-5851 Totolink A7100RU CGI cstecgi.cgi setUPnPCfg os command injection 09.04.2026 9.3
CVE-2026-1830 Quick Playground <= 1.3.1 - Missing Authorization to Unauthenticated Arbitrary File Upload 09.04.2026 9.8
CVE-2026-3199 Nexus Repository 3 - Authenticated Remote Code Execution via Task Property Injection 09.04.2026 9.4
CVE-2026-40035 Unfurl - Werkzeug Debugger Exposure via String Config Parsing 09.04.2026 9.3
CVE-2026-39860 Nix sandbox escape: file write via symlink at FOD `.tmp` copy destination 09.04.2026 9
CVE-2026-39888 PraisonAIAgents has a sandbox escape via exception frame traversal in `execute_code` (subprocess mode) 09.04.2026 10
CVE-2026-39890 PraisonAI Affected by Remote Code Execution via YAML Deserialization in Agent Definition Loading 09.04.2026 9.8

Latest Updates

CVE Title Updated Score
CVE-2025-53444 WordPress Userpro plugin < 5.1.11 - Cross Site Request Forgery (CSRF) vulnerability 15.04.2026 4.3
CVE-2025-67841 15.04.2026
CVE-2026-30461 15.04.2026
CVE-2026-5387 AVEVA Pipeline Simulation Missing Authorization 15.04.2026
CVE-2025-12141 Grafana Alerting Editors can edit destination of webhooks they did not create 15.04.2026
CVE-2026-20202 Improper Input Validation during User Account Creation in Splunk Enterprise 15.04.2026 6.6
CVE-2026-20203 Improper Access Control in Data Model Acceleration in Splunk Enterprise 15.04.2026 4.3
CVE-2026-20204 Improper Handling and Insufficient Isolation of Specific Temporary Files in Splunk Enterprise 15.04.2026 7.1
CVE-2026-20205 Sensitive Information Disclosure in ''_internal'' index in Splunk MCP Server app 15.04.2026 7.2
CVE-2026-30615 15.04.2026
CVE-2026-30616 15.04.2026
CVE-2026-30617 15.04.2026
CVE-2026-30624 15.04.2026
CVE-2026-30625 15.04.2026
CVE-2024-53412 15.04.2026
CVE-2026-30364 15.04.2026
CVE-2026-4667 HP System Optimizer - Escalation of Privilege 15.04.2026
CVE-2026-4682 Certain HP DeskJet All In One (AIO) Devices – Potential Remote Code Execution & Potential Buffer Overflow 15.04.2026
CVE-2026-0827 15.04.2026
CVE-2026-1636 15.04.2026
CVE-2026-25219 Apache Airflow: Sensitive Azure Service Bus connection string (and possibly other providers) exposed to users with view access 15.04.2026
CVE-2026-4134 15.04.2026
CVE-2026-4135 15.04.2026
CVE-2026-4145 15.04.2026
CVE-2026-1852 Product Pricing Table by WooBeWoo <= 1.1.0 - Cross-Site Request Forgery to Stored XSS and Pricing Table Deletion 15.04.2026 6.1
CVE-2026-3590 Race Condition in Guest Magic Link Authentication Allows Token Reuse 15.04.2026 6.5
CVE-2026-30778 Apache SkyWalking: The SkyWalking OAP /debugging/config/dump endpoint may leak sensitive configuration information of MySQL/PostgreSQL. 15.04.2026
CVE-2026-27769 Connected Workspaces: Malicious remote server can manipulate arbitrary user's status 15.04.2026 2.7
CVE-2026-28741 CSRF Protection Bypass Allows Updating a User's Authentication Method 15.04.2026 6.8
CVE-2026-33805 @fastify/reply-from vulnerable to connection header abuse enabling stripping of proxy-added headers 15.04.2026
CVE-2026-40728 WordPress Magazine Blocks plugin <= 1.8.3 - Broken Access Control vulnerability 15.04.2026
CVE-2026-40729 WordPress 3D viewer – Embed 3D Models plugin <= 1.8.5 - Broken Access Control vulnerability 15.04.2026
CVE-2026-40730 WordPress ThemeGrill Demo Importer plugin <= 2.0.0.6 - Broken Access Control vulnerability 15.04.2026
CVE-2026-40734 WordPress Categories Images plugin <= 3.3.1 - Cross Site Scripting (XSS) vulnerability 15.04.2026
CVE-2026-40737 WordPress COMPE plugin <= 1.1.4 - Insecure Direct Object References (IDOR) vulnerability 15.04.2026
CVE-2026-40740 WordPress Tutor LMS plugin <= 3.9.7 - Broken Access Control vulnerability 15.04.2026
CVE-2026-40742 WordPress Nelio AB Testing plugin <= 8.2.8 - Sensitive Data Exposure vulnerability 15.04.2026
CVE-2026-40744 WordPress Beaver Builder plugin <= 2.10.1.2 - SQL Injection vulnerability 15.04.2026
CVE-2026-40745 WordPress Element Pack Elementor Addons plugin <= 8.4.2 - SQL Injection vulnerability 15.04.2026
CVE-2026-40763 WordPress Royal Elementor Addons plugin <= 1.7.1056 - Broken Access Control vulnerability 15.04.2026
CVE-2026-40764 WordPress Contact Form by WPForms plugin <= 1.10.0.2 - Cross Site Request Forgery (CSRF) vulnerability 15.04.2026
CVE-2026-40778 WordPress Majestic Support plugin <= 1.1.2 - Broken Access Control vulnerability 15.04.2026
CVE-2026-40784 WordPress FluentBoards plugin <= 1.91.2 - Insecure Direct Object References (IDOR) vulnerability 15.04.2026
CVE-2026-40786 WordPress MyRewards plugin <= 5.7.3 - Broken Access Control vulnerability 15.04.2026
CVE-2024-33618 15.04.2026 7.5
CVE-2026-33807 @fastify/express vulnerable to middleware path doubling causing authentication bypass in child plugin scopes 15.04.2026 9.1
CVE-2026-33808 @fastify/express vulnerable to middleware authentication bypass via URL normalization gaps (duplicate slashes and semicolons) 15.04.2026
CVE-2025-14813 GOSTCTR implementation unable to process more than 255 blocks correctly 15.04.2026
CVE-2026-0636 LDAP Injection Vulnerability in LDAPStoreHelper.java 15.04.2026
CVE-2026-3505 Unbounded PGP AEAD chunk size leads to pre-auth resource exhaustion. 15.04.2026
CVE-2026-5588 PKIX draft CompositeVerifier accepts empty signature sequence as valid. 15.04.2026
CVE-2026-5598 Non-constant time comparisons risk private key leakage in FrodoKEM. 15.04.2026
CVE-2025-40897 Incorrect authorization for Threat Intelligence in Guardian/CMC before 26.0.0 15.04.2026
CVE-2025-40899 Stored Cross-Site Scripting (XSS) in Assets and Nodes in Guardian/CMC before 26.0.0 15.04.2026
CVE-2025-52641 Internal Filesystem Exploration vulnerability 15.04.2026 2.9
CVE-2026-1782 MetForm Pro <= 3.9.7 - Unauthenticated Payment Amount Manipulation via 'mf-calculation' 15.04.2026 5.3
CVE-2026-3461 Visa Acceptance Solutions <= 2.1.0 - Unauthenticated Authentication Bypass via Billing Email 15.04.2026 9.8
CVE-2026-3642 e-shot <= 1.0.2 - Missing Authorization to Authenticated (Subscriber+) Form Settings Modification via AJAX 15.04.2026 5.3
CVE-2026-3643 Accessibly <= 3.0.3 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting via Widget Source Injection via REST API 15.04.2026 7.2
CVE-2026-3649 Katalogportal-pdf-sync Widget <= 1.0.0 - Missing Authorization to Authenticated (Subscriber+) Information Disclosure via 'katalogportal_shortcodePrinter' AJAX Action 15.04.2026 5.3
CVE-2026-3659 WP Circliful <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'id' Shortcode Attribute 15.04.2026 6.4
CVE-2026-3998 WM JqMath <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'style' Shortcode Attribute 15.04.2026 6.4
CVE-2026-4002 Petje.af <= 2.1.8 - Cross-Site Request Forgery to Account Deletion via 'petjeaf_disconnect' AJAX Action 15.04.2026 4.3
CVE-2026-4005 Coachific Shortcode <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'userhash' Shortcode Attribute 15.04.2026 6.4
CVE-2026-4011 Power Charts <= 0.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'id' Shortcode Attribute 15.04.2026 6.4
CVE-2026-4091 OPEN-BRAIN <= 0.5.0 - Cross-Site Request Forgery 15.04.2026 6.1
CVE-2026-5617 Login as User <= 1.0.3 - Authenticated (Subscriber+) Privilege Escalation via 'oclaup_original_admin' Cookie 15.04.2026 8.8
CVE-2026-5694 Quick Interest Slider <= 3.1.5 - Unauthenticated Stored Cross-Site Scripting 15.04.2026 7.2
CVE-2026-5717 VI: Include Post By <= 0.4.200706 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'class_container' Shortcode Attribute 15.04.2026 6.4
CVE-2026-5088 Apache::API::Password versions through v0.5.2 for Perl can generate insecure random values for salts 15.04.2026
CVE-2026-40719 15.04.2026 7.5
CVE-2026-6293 Inquiry form to posts or pages <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting via 'inq_header' Parameter 15.04.2026 4.3
CVE-2026-5160 15.04.2026 6.1
CVE-2026-26291 15.04.2026
CVE-2026-5397 Vulnerability Related to an Uncontrolled Search Path Element in a UPS Management Application 15.04.2026 7.8
CVE-2026-1555 WebStack <= 1.2024 - Unauthenticated Arbitrary File Upload 15.04.2026 9.8
CVE-2026-6328 XQUIC Improper STREAM Frame Validation in Initial/Handshake Packets 15.04.2026
CVE-2026-40499 radare2 < 6.1.4 Command Injection via PDB Parser print_gvars() 15.04.2026
CVE-2026-1509 Avada (Fusion) Builder <= 3.15.1 - Authenticated (Subscriber+) Limited Arbitrary WordPress Action Execution 15.04.2026 5.4
CVE-2026-1541 Avada (Fusion) Builder <= 3.15.1 - Authenticated (Subscriber+) Sensitive Information Exposure via Insecure Direct Object Reference 15.04.2026 4.3
CVE-2026-2834 Age Verification & Identity Verification by Token of Trust <= 3.32.3 - Unauthenticated Stored Cross-Site Scripting via 'description' Parameter 15.04.2026 7.2
CVE-2026-4812 Advanced Custom Fields (ACF®) <= 6.7.0 - Unauthenticated Missing Authorization to Arbitrary Post/Page Disclosure via AJAX Field Query Parameters 15.04.2026 5.3
CVE-2025-54550 Apache Airflow: RCE by race condition in example_xcom dag 15.04.2026
CVE-2026-33806 fastify vulnerable to Body Schema Validation Bypass via Leading Space in Content-Type Header 15.04.2026 7.5
CVE-2026-40105 XWiki has Reflected Cross-Site Scripting (XSS) in its page history compare functionality 15.04.2026
CVE-2026-40091 SpiceDB: SPICEDB_DATASTORE_CONN_URI is leaked on startup logs 15.04.2026 6
CVE-2026-40096 immich: Open Redirect via Shared Album name 14.04.2026
CVE-2026-40104 XWiki's REST APIs can list all pages/spaces, leading to unavailability 15.04.2026
CVE-2026-39963 Serendipity: Host Header Injection enables authentication cookie scoping to an attacker-controlled domain 15.04.2026 6.9
CVE-2026-39971 Serendipity: Host Header Injection leads to SMTP header injection via unvalidated HTTP_HOST 14.04.2026 7.2
CVE-2026-39984 Sigstore Timestamp Authority has Improper Certificate Validation in verifier 14.04.2026 5.5
CVE-2026-40090 Zarf has a Path Traversal via Malicious Package Metadata.Name — Arbitrary File Write 14.04.2026 7.1
CVE-2025-15470 Eleganzo <= 1.2 - Authenticated (Subscriber+) Arbitrary Directory Deletion 14.04.2026 6.5
CVE-2026-1314 3D FlipBook – PDF Embedder, PDF Flipbook Viewer, Flipbook Image Gallery <= 1.16.17 - Missing Authorization to Unauthenticated Private/Draft Flipbook Data Exposure 14.04.2026 5.3
CVE-2026-2396 List View Google Calendar <= 7.4.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via Event Description 14.04.2026 4.4
CVE-2026-39842 OpenRemote is Vulnerable to Expression Injection 14.04.2026 10
CVE-2026-39884 MCP Server Kubernetes has Argument Injection in its port_forward tool via space-splitting 14.04.2026 8.3
CVE-2026-27290 Adobe Framemaker | Untrusted Search Path (CWE-426) 15.04.2026 8.6
CVE-2026-27292 Adobe Framemaker | Use After Free (CWE-416) 15.04.2026 7.8
CVE-2026-27293 Adobe Framemaker | Heap-based Buffer Overflow (CWE-122) 15.04.2026 7.8
CVE-2026-27294 Adobe Framemaker | Out-of-bounds Read (CWE-125) 15.04.2026 7.8
CVE-2026-27295 Adobe Framemaker | Out-of-bounds Write (CWE-787) 15.04.2026 7.8
CVE-2026-27296 Adobe Framemaker | Integer Underflow (Wrap or Wraparound) (CWE-191) 15.04.2026 7.8
CVE-2026-27297 Adobe Framemaker | Integer Underflow (Wrap or Wraparound) (CWE-191) 15.04.2026 7.8
CVE-2026-27298 Adobe Framemaker | Access of Resource Using Incompatible Type ('Type Confusion') (CWE-843) 15.04.2026 7.8
CVE-2026-27299 Adobe Framemaker | Improper Input Validation (CWE-20) 15.04.2026 6.3
CVE-2026-27300 Adobe Framemaker | Access of Uninitialized Pointer (CWE-824) 14.04.2026 5.5
CVE-2026-27301 Adobe Framemaker | Heap-based Buffer Overflow (CWE-122) 14.04.2026 5.5
CVE-2026-39387 BoidCMS: Local File Inclusion (LFI) leads to Remote Code Execution (RCE) via tpl parameter 15.04.2026 7.2
CVE-2026-39399 NuGet Gallery: Arbitrary Blob Overwrite via Nuspec Confusion and URI Fragment Truncation 15.04.2026 9.6
CVE-2026-33414 PowerShell Command Injection in Podman HyperV Machine 14.04.2026
CVE-2026-35589 nanobot: Cross-Site WebSocket Hijacking in WhatsApp Bridge (CVE-2026-2577 Fix Update) 14.04.2026 8
CVE-2026-40688 15.04.2026 6.7
CVE-2026-34457 OAuth2 Proxy: Health Check User-Agent Matching Bypasses Authentication in auth_request Mode 14.04.2026 9.1
CVE-2026-35031 Jellyfin: Potential RCE via subtitle upload path traversal + .strm chain 14.04.2026 10
CVE-2026-35032 Jellyfin: Potential SSRF + Arbitrary file read via LiveTV M3U tuner 14.04.2026
CVE-2026-35033 Jellyfin: Potential SSRF + Arbitrary file read via stream argument injection 15.04.2026
CVE-2026-35034 Jellyfin: Potential Application DoS from excessively large SyncPlay group names 14.04.2026 6.5
CVE-2026-33021 libsixel: Use-after-free in sixel_encoder_encode_bytes() 14.04.2026 7.3
CVE-2026-33023 libsixel: Use-after-free in load_with_gdkpixbuf() 14.04.2026 7.8
CVE-2026-34454 OAuth2 Proxy: Session cookie not cleared when rendering sign-in page 15.04.2026 3.5
CVE-2026-27282 ColdFusion | Improper Input Validation (CWE-20) 14.04.2026 7.5
CVE-2026-27304 ColdFusion | Improper Input Validation (CWE-20) 15.04.2026 9.3
CVE-2026-27305 ColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22) 14.04.2026 8.6
CVE-2026-27306 ColdFusion | Improper Input Validation (CWE-20) 15.04.2026 8.4
CVE-2026-27307 ColdFusion | Uncontrolled Resource Consumption (CWE-400) 14.04.2026 2.4
CVE-2026-27308 ColdFusion | Uncontrolled Resource Consumption (CWE-400) 14.04.2026 2.4
CVE-2026-33018 libsixel: Use-After-Free in load_gif() 14.04.2026 7
CVE-2026-33019 libsixel: Integer overflow leads to Out-of-bounds Read in img2sixel 14.04.2026 7.1
CVE-2026-33020 libsixel: Integer Overflow in write_png_to_file() leads to Heap-based Buffer Overflow 15.04.2026 7.1
CVE-2026-33146 Docmost's Public Share Search Exposes Metadata of Restricted Children 15.04.2026 4.3
CVE-2026-33193 Docmost vulnerable to stored XSS via MIME type spoofing 14.04.2026 4.6
CVE-2026-34212 Docmost page content has stored XSS via unsanitized attachment URLs 14.04.2026 5.4
CVE-2026-34213 Docmost has cross-page attachment overwrite via flawed attachmentId overwrite validation 15.04.2026 5.4
CVE-2026-34619 ColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22) 14.04.2026 7.7
CVE-2026-40291 Chamilo LMS has Privilege Escalation via API User Role Modification 15.04.2026 8.8
CVE-2025-15565 Nexi XPay <= 8.3.0 - Missing Authorization to Unauthenticated Order Status Modification 15.04.2026 5.3
CVE-2026-34370 Chamilo LMS: IDOR in the Notebook Module allows an attacker to view other users' private notes 14.04.2026 6.5
CVE-2026-34602 Chamilo LMS: IDOR in /api/course_rel_users Allows Unauthorized Enrollment of Arbitrary Users into Courses 15.04.2026 7.1
CVE-2026-34631 InCopy | Out-of-bounds Write (CWE-787) 14.04.2026 7.8
CVE-2026-35196 Chamilo LMS has OS Command Injection via export_all_certificates action 15.04.2026 8.8
CVE-2026-39906 Unisys WebPerfect Image Suite 3.0 NTLMv2 Hash Leakage via .NET Remoting 14.04.2026
CVE-2026-39907 Unisys WebPerfect Image Suite 3.0 NTLMv2 Hash Leakage via WCF SOAP 14.04.2026
CVE-2026-33714 Chamilo LMS has Authenticated SQL Injection in statistics.ajax.php users_active action (2.0 RC2) 14.04.2026
CVE-2026-33715 Chamilo LMS has Unauthenticated SSRF and Open Email Relay via install.ajax.php test_mailer action 15.04.2026 7.2
CVE-2026-34160 Chamilo LMS: Unauthenticated SSRF via PENS Plugin allows attacker to probe internal network and reach cloud metadata services 15.04.2026 8.6
CVE-2026-34161 Chamilo LMS: Stored XSS via Malicious File Upload in Social Post Attachments Leads to Arbitrary JavaScript Execution 14.04.2026
CVE-2026-24893 openITCOCKPIT has Authenticated Command Injection Leading to Remote Code Execution via Host Address Macro Expansion 15.04.2026 8.8
CVE-2026-25125 October CMS: Environment Variable Exfiltration via INI Parser Interpolation 15.04.2026 4.9
CVE-2026-25133 October CMS has Stored XSS via SVG Filter Bypass 14.04.2026
CVE-2026-27287 InCopy | Out-of-bounds Read (CWE-125) 15.04.2026 7.8
CVE-2026-27222 Bridge | Divide By Zero (CWE-369) 14.04.2026 5.5
CVE-2026-27310 Bridge | Heap-based Buffer Overflow (CWE-122) 15.04.2026 7.8
CVE-2026-27311 Bridge | Heap-based Buffer Overflow (CWE-122) 15.04.2026 7.8
CVE-2026-27312 Bridge | Heap-based Buffer Overflow (CWE-122) 15.04.2026 7.8
CVE-2026-27313 Bridge | Heap-based Buffer Overflow (CWE-122) 15.04.2026 7.8
CVE-2026-34630 Bridge | Heap-based Buffer Overflow (CWE-122) 15.04.2026 7.8
CVE-2026-40683 14.04.2026 7.7
CVE-2026-27289 Photoshop Desktop | Out-of-bounds Read (CWE-125) 15.04.2026 7.8
CVE-2026-34618 Illustrator | Out-of-bounds Write (CWE-787) 15.04.2026 7.8