Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
12651
Total
850
Critical
3653
High
3967
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-1711 | UNKNOWN | — | Pega Platform versions 8.1.0 through 25.1.1 are affected by a Stored Cross-Site Scripting vulnerability in a user interface component. Requires a high privileged user with … | Apr 15, 2026 |
| CVE-2026-1564 | UNKNOWN | — | Pega Platform versions 8.1.0 through 25.1.1 are affected by an HTML Injection vulnerability in a user interface component. Requires a high privileged user with a … | Apr 15, 2026 |
| CVE-2026-6398 | UNKNOWN | — | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this … | Apr 15, 2026 |
| CVE-2026-40261 | HIGH | 8.8 | Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::syncCodeBase() method, which … | Apr 15, 2026 |
| CVE-2026-40186 | MEDIUM | 6.1 | ApostropheCMS is an open-source Node.js content management system. A regression introduced in commit 49d0bb7, included in versions 2.17.1 of the ApostropheCMS-maintained sanitize-html package bypasses allowedTags … | Apr 15, 2026 |
| CVE-2026-40176 | HIGH | 7.8 | Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::generateP4Command() method, which … | Apr 15, 2026 |
| CVE-2026-40173 | CRITICAL | 9.4 | Dgraph is an open source distributed GraphQL database. Versions 25.3.1 and prior contain an unauthenticated credential disclosure vulnerability where the /debug/pprof/cmdline endpoint is registered on … | Apr 15, 2026 |
| CVE-2026-22676 | HIGH | 7.8 | Barracuda RMM versions prior to 2025.2.2 contain a privilege escalation vulnerability that allows local attackers to gain SYSTEM-level privileges by exploiting overly permissive filesystem ACLs … | Apr 15, 2026 |
| CVE-2026-6385 | MEDIUM | 6.5 | A flaw was found in FFmpeg. A remote attacker could exploit this vulnerability by providing a specially crafted MPEG-PS/VOB media file containing a malicious DVD … | Apr 15, 2026 |
| CVE-2026-6384 | HIGH | 7.3 | A flaw was found in gimp. This buffer overflow vulnerability in the GIF image loading component's `ReadJeffsImage` function allows an attacker to write beyond an … | Apr 15, 2026 |
| CVE-2026-6364 | MEDIUM | 6.5 | Out of bounds read in Skia in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to obtain potentially sensitive information from process memory via … | Apr 15, 2026 |
| CVE-2026-6363 | HIGH | 8.8 | Type Confusion in V8 in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted … | Apr 15, 2026 |
| CVE-2026-6362 | MEDIUM | 6.3 | Use after free in Codecs in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially perform out of bounds memory access via a … | Apr 15, 2026 |
| CVE-2026-6361 | HIGH | 7.2 | Heap buffer overflow in PDFium in Google Chrome on Windows prior to 147.0.7727.101 allowed a remote attacker who convinced a user to engage in specific … | Apr 15, 2026 |
| CVE-2026-6360 | HIGH | 8.8 | Use after free in FileSystem in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. … | Apr 15, 2026 |
| CVE-2026-6359 | HIGH | 8.8 | Use after free in Video in Google Chrome on Windows prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to perform … | Apr 15, 2026 |
| CVE-2026-6358 | HIGH | 8.8 | Use after free in XR in Google Chrome on Android prior to 147.0.7727.101 allowed a remote attacker to perform an out of bounds memory read … | Apr 15, 2026 |
| CVE-2026-6319 | HIGH | 7.5 | Use after free in Payments in Google Chrome on Android prior to 147.0.7727.101 allowed a remote attacker who convinced a user to engage in specific … | Apr 15, 2026 |
| CVE-2026-6318 | HIGH | 8.8 | Use after free in Codecs in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted … | Apr 15, 2026 |
| CVE-2026-6317 | HIGH | 8.8 | Use after free in Cast in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium … | Apr 15, 2026 |
| CVE-2026-6316 | HIGH | 8.8 | Use after free in Forms in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted … | Apr 15, 2026 |
| CVE-2026-6315 | HIGH | 8.8 | Use after free in Permissions in Google Chrome on Android prior to 147.0.7727.101 allowed a remote attacker who convinced a user to engage in specific … | Apr 15, 2026 |
| CVE-2026-6314 | HIGH | 8.3 | Out of bounds write in GPU in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the GPU process to potentially perform … | Apr 15, 2026 |
| CVE-2026-6313 | LOW | 3.1 | Insufficient policy enforcement in CORS in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to leak cross-origin data … | Apr 15, 2026 |
| CVE-2026-6312 | LOW | 3.1 | Insufficient policy enforcement in Passwords in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to leak cross-origin data … | Apr 15, 2026 |