Search
19,079 CVEs
CVEs (19,079, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 176–200 of 19,079 (capped at 500)
| CVE ID | Severity | Patch | CVSS ↓ | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-41228 | CRITICAL | Patched | 9.9 | 2026-04-23 | Froxlor is open source server administration software. Prior to version 2.3.6, the Froxlor API endpoint `Customers.update` (and `Admins.update`) does not validate the `def_… |
| CVE-2026-40933 | CRITICAL | Patched | 9.9 | 2026-04-21 | Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, due to unsafe serialization of stdio commands in the MCP adapter, a… |
| CVE-2026-40906 | CRITICAL | Patched | 9.9 | 2026-04-21 | Electric is a Postgres sync engine. From 1.1.12 to before 1.5.0, the order_by parameter in the ElectricSQL /v1/shape API is vulnerable to error-based SQL injection, allowin… |
| CVE-2026-41329 | CRITICAL | Patched | 9.9 | 2026-04-21 | OpenClaw before 2026.3.31 contains a sandbox bypass vulnerability allowing attackers to escalate privileges via heartbeat context inheritance and senderIsOwner parameter ma… |
| CVE-2026-32604 | CRITICAL | Patched | 9.9 | 2026-04-20 | Spinnaker is an open source, multi-cloud continuous delivery platform. In versions prior to 2026.1.0, 2026.0.1, 2025.4.2, and 2025.3.2, a bad actor can execute arbitrary co… |
| CVE-2026-32613 | CRITICAL | Patched | 9.9 | 2026-04-20 | Spinnaker is an open source, multi-cloud continuous delivery platform. Echo like some other services, uses SPeL (Spring Expression Language) to process information - specif… |
| CVE-2026-30269 | CRITICAL | 9.9 | 2026-04-20 | Improper access control in Doorman v0.1.0 and v1.0.2 allows any authenticated user to update their own account role to a non-admin privileged role via /platform/user/{usern… | |
| CVE-2026-6643 | CRITICAL | Patched | 9.9 | 2026-04-20 | A stack-based buffer overflow vulnerability was found in the VPN Clients on the ADM. The issue stems from the use of unbounded sscanf() and passing user-controlled data dir… |
| CVE-2026-40342 | CRITICAL | Patched | 9.9 | 2026-04-17 | Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the external engine plugin loader concatenates a user-suppli… |
| CVE-2026-20180 | CRITICAL | Patched | 9.9 | 2026-04-15 | A vulnerability in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an… |
| CVE-2026-20186 | CRITICAL | Patched | 9.9 | 2026-04-15 | A vulnerability in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an… |
| CVE-2026-20147 | CRITICAL | Patched | 9.9 | 2026-04-15 | A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected… |
| CVE-2026-39842 | CRITICAL | Patched | 9.9 | 2026-04-15 | OpenRemote is an open-source IoT platform. Versions 1.21.0 and below contain two interrelated expression injection vulnerabilities in the rules engine that allow arbitrary … |
| CVE-2026-35031 | CRITICAL | Patched | 9.9 | 2026-04-14 | Jellyfin is an open source self hosted media server. Versions prior to 10.11.7 contain a vulnerability chain in the subtitle upload endpoint (POST /Videos/{itemId}/Subtitle… |
| CVE-2026-38526 | CRITICAL | 9.9 | 2026-04-14 | An authenticated arbitrary file upload vulnerability in the /admin/tinymce/upload endpoint of Webkul Krayin CRM v2.2.x allows attackers to execute arbitrary code via upload… | |
| CVE-2026-27681 | CRITICAL | 9.9 | 2026-04-14 | Due to insufficient authorization checks in SAP Business Planning and Consolidation and SAP Business Warehouse, an authenticated user can execute crafted SQL statements to … | |
| CVE-2026-5412 | CRITICAL | Patched | 9.9 | 2026-04-10 | In Juju versions prior to 2.9.57 and 3.6.21, an authorization issue exists in the Controller facade. An authenticated user can call the CloudSpec API method to extract the … |
| CVE-2026-40089 | CRITICAL | Patched | 9.9 | 2026-04-09 | Sonicverse is a Self-hosted Docker Compose stack for live radio streaming. The Sonicverse Radio Audio Streaming Stack dashboard contains a Server-Side Request Forgery (SSRF… |
| CVE-2026-34987 | CRITICAL | Patched | 9.9 | 2026-04-09 | Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime with its Winch (baseline) non-default compiler backend may allow properly … |
| CVE-2025-62718 | CRITICAL | Patched | 9.9 | 2026-04-09 | Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.31.0, Axios does not correctly handle hostname normalization when checking NO_PROXY … |
| CVE-2026-39888 | CRITICAL | Patched | 9.9 | 2026-04-08 | PraisonAI is a multi-agent teams system. Prior to 1.5.115, execute_code() in praisonaiagents.tools.python_tools defaults to sandbox_mode="sandbox", which runs user code in … |
| CVE-2026-39355 | CRITICAL | Patched | 9.9 | 2026-04-07 | Genealogy is a family tree PHP application. Prior to 5.9.1, a critical broken access control vulnerability in the genealogy application allows any authenticated user to tra… |
| CVE-2026-23696 | CRITICAL | 9.9 | 2026-04-07 | Windmill CE and EE versions 1.276.0 through 1.603.2 contain an SQL injection vulnerability in the folder ownership management functionality that allows authenticated attack… | |
| CVE-2026-34612 | CRITICAL | Patched | 9.9 | 2026-04-03 | Kestra is an open-source, event-driven orchestration platform. Prior to version 1.3.7, Kestra (default docker-compose deployment) contains a SQL Injection vulnerability tha… |
| CVE-2026-34838 | CRITICAL | Patched | 9.9 | 2026-04-02 | Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.156, 25.0.90, and 26.0.12, a vulnerability in the AbstractSettingsC… |