NVD Vulnerability Information Top

Show Search Menu

Vendor Name
プロダクト・サービス名
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
In descending order of publication date
In descending order of update date
Number of items displayed

NVD Vulnerability Information Top

You can search the list of vulnerabilities managed by the NVD (National Vulnerability Database).
Since vulnerability information is often updated before JVN (Japan Vulnerability Note), vulnerabilities that are not listed in JVN may be updated.

If there is a vulnerability related to JVN (Japan Vulnerability Note), the information will be displayed on the detail page.

To search by CWE, please refer to the CWE Overview and check the CWE number.

CRITICAL
HIGH
MEDIUM
LOW

Update Date:May 6, 2026, 4:08 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
4051	5.5	MEDIUM Network	oracle	workflow	Vulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Workflow Loader). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows…	CWE-284 Improper Access Control	CVE-2026-34302	2026-04-24 23:27	2026-04-22	Show	GitHub Exploit DB Packet Storm

4052	7.5	HIGH Network	oracle	weblogic_server	Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that are affected are 12.2.1.4.0, 14.1.1.0.0, 14.1.2.0.0 and 15.1.1.0.0…	CWE-200 Information Exposure	CVE-2026-34305	2026-04-24 23:27	2026-04-22	Show	GitHub Exploit DB Packet Storm

4053	6.5	MEDIUM Network	oracle	peoplesoft_enterprise_fin_project_costing	Vulnerability in the PeopleSoft Enterprise FIN Project Costing product of Oracle PeopleSoft (component: Projects). The supported version that is affected is 9.2. Easily exploitable vulnerability al…	CWE-284 Improper Access Control	CVE-2026-34306	2026-04-24 23:26	2026-04-22	Show	GitHub Exploit DB Packet Storm

4054	5.4	MEDIUM Network	oracle	peoplesoft_enterprise_peopletools	Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Workflow). Supported versions that are affected are 8.61-8.62. Easily exploitable vulnerability allows…	CWE-284 Improper Access Control	CVE-2026-34307	2026-04-24 23:26	2026-04-22	Show	GitHub Exploit DB Packet Storm

4055	8.1	HIGH Network	oracle	peoplesoft_enterprise_peopletools	Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Security). Supported versions that are affected are 8.61-8.62. Easily exploitable vulnerability allows…	CWE-284 Improper Access Control	CVE-2026-34309	2026-04-24 23:25	2026-04-22	Show	GitHub Exploit DB Packet Storm

4056	7.5	HIGH Network	oracle	financial_services_analytical_applications_infrastructure	Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Platform). Supported versions that are affected ar…	CWE-284 Improper Access Control	CVE-2026-34310	2026-04-24 23:25	2026-04-22	Show	GitHub Exploit DB Packet Storm

4057	6.5	MEDIUM Network	oracle	weblogic_server	Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that are affected are 12.2.1.4.0, 14.1.1.0.0, 14.1.2.0.0 and 15.1.1.0.0…	CWE-285 CWE-601 Improper Authorization Open Redirect	CVE-2026-34315	2026-04-24 23:24	2026-04-22	Show	GitHub Exploit DB Packet Storm

4058	8.1	HIGH Network	sysadminsmedia	homebox	HomeBox is a home inventory and organization system. Versions prior to 0.25.0 contain a vulnerability where the defaultGroup ID remained permanently assigned to a user after being invited to a group,…	CWE-708 Incorrect Ownership Assignment	CVE-2026-40196	2026-04-24 23:23	2026-04-18	Show	GitHub Exploit DB Packet Storm

4059	7.2	HIGH Network	dolibarr	dolibarr_erp\/crm	Dolibarr ERP/CRM versions prior to 23.0.2 contain an authenticated remote code execution vulnerability in the dol_eval_standard() function that fails to apply forbidden string checks in whitelist mod…	CWE-95 CWE-94 Eval Injection Code Injection	CVE-2026-22666	2026-04-24 23:20	2026-04-7	Show	GitHub Exploit DB Packet Storm

4060	3.7	LOW Network	vmware	spring_security	Vulnerability in Spring Spring Security. If an application is using the UserDetails#isEnabled, #isAccountNonExpired, or #isAccountNonLocked user attributes, to enable, expire, or lock users, then Dao…	CWE-208 Information Exposure Through Timing Discrepancy	CVE-2026-22746	2026-04-24 23:20	2026-04-22	Show	GitHub Exploit DB Packet Storm

4061	8.1	HIGH Network	vmware	spring_security	Vulnerability in Spring Spring Security. SubjectX500PrincipalExtractor does not correctly handle certain malformed X.509 certificate CN values, which can lead to reading the wrong value for the usern…	CWE-297 Improper Validation of Certificate with Host Mismatch	CVE-2026-22747	2026-04-24 23:18	2026-04-22	Show	GitHub Exploit DB Packet Storm

4062	6.5	MEDIUM Network	vmware	spring_security	Vulnerability in Spring Spring Security. When an application configures JWT decoding with NimbusJwtDecoder or NimbusReactiveJwtDecoder, it must configure an OAuth2TokenValidator<Jwt> separately, for…	CWE-20 Improper Input Validation	CVE-2026-22748	2026-04-24 23:18	2026-04-22	Show	GitHub Exploit DB Packet Storm

4063	7.5	HIGH Network	vmware	spring_security	Vulnerability in Spring Spring Security. If an application is using securityMatchers(String) and a PathPatternRequestMatcher.Builder bean to prepend a servlet path, matching requests to that filter c…	CWE-693 Protection Mechanism Failure	CVE-2026-22753	2026-04-24 23:17	2026-04-22	Show	GitHub Exploit DB Packet Storm

4064	7.5	HIGH Network	vmware	spring_security	Vulnerability in Spring Spring Security. If an application uses <sec:intercept-url servlet-path="/servlet-path" pattern="/endpoint/**"/> to define the servlet path for computing a path matcher, then …	CWE-284 Improper Access Control	CVE-2026-22754	2026-04-24 23:16	2026-04-22	Show	GitHub Exploit DB Packet Storm

4065	5.5	MEDIUM Local	libsixel saitoha	libsixel	stb_image.h (aka the stb image loader) 2.19, as used in libsixel and other products, has a reachable assertion in stbi__create_png_image_raw.	CWE-617 Reachable Assertion	CVE-2022-27938	2026-04-24 23:12	2022-03-26	Show	GitHub Exploit DB Packet Storm

4066	5.5	MEDIUM Local	libsixel saitoha	libsixel	stb_image.h (también se conoce como el cargador de imágenes de stb) versión 2.19, como es usado en libsixel y otros productos, presenta una aserción alcanzable en la función stbi__create_png_image_raw	CWE-617 Reachable Assertion	CVE-2022-27938	2026-04-24 23:12	2022-03-26	Show	GitHub Exploit DB Packet Storm

4067	7.2	HIGH Network	mintplexlabs	anythingllm	A path traversal vulnerability exists in mintplex-labs/anything-llm versions up to and including 1.9.1, within the `AgentFlows` component. The vulnerability arises from improper handling of user inpu…	CWE-29 Path Traversal: '\..\filename'	CVE-2026-5627	2026-04-24 22:57	2026-04-7	Show	GitHub Exploit DB Packet Storm

4068	7.5	HIGH Network	nestjs	nest	Nest is a framework for building scalable Node.js server-side applications. Prior to 11.1.19, when an attacker sends many small, valid JSON messages in one TCP frame, handleData() recurses once per m…	CWE-674 Uncontrolled Recursion	CVE-2026-40879	2026-04-24 22:46	2026-04-22	Show	GitHub Exploit DB Packet Storm

4069	5.0	MEDIUM Network	openfga	helm_charts openfga	OpenFGA is an authorization/permission engine built for developers. Prior to version 1.14.1, in specific scenarios, models using conditions with caching enabled can result in two different check requ…	CWE-706 CWE-863 Use of Incorrectly-Resolved Name or Reference Incorrect Authorization	CVE-2026-41131	2026-04-24 22:44	2026-04-22	Show	GitHub Exploit DB Packet Storm

4070	7.8	HIGH Local	saitoha	libsixel	A vulnerability was found in saitoha libsixel up to 1.10.3. Affected by this issue is the function sixel_debug_print_palette of the file src/encoder.c of the component img2sixel. The manipulation res…	CWE-119 CWE-121 CWE-787 Incorrect Access of Indexable Resource ('Range Error') Stack-based Buffer Overflow Out-of-bounds Write	CVE-2025-9300	2026-04-24 22:44	2025-08-21	Show	GitHub Exploit DB Packet Storm

4071	7.8	HIGH Local	saitoha	libsixel	Se encontró una vulnerabilidad en saitoha libsixel hasta la versión 1.10.3. Este problema afecta a la función sixel_debug_print_palette del archivo src/encoder.c del componente img2sixel. La manipula…	CWE-119 CWE-121 CWE-787 Incorrect Access of Indexable Resource ('Range Error') Stack-based Buffer Overflow Out-of-bounds Write	CVE-2025-9300	2026-04-24 22:44	2025-08-21	Show	GitHub Exploit DB Packet Storm

4072	8.8	HIGH Local	packagekit_project	packagekit	PackageKit is a a D-Bus abstraction layer that allows the user to manage packages in a secure way using a cross-distro, cross-architecture API. PackageKit between and including versions 1.0.2 and 1.3…	CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition	CVE-2026-41651	2026-04-24 22:43	2026-04-22	Show	GitHub Exploit DB Packet Storm

4073	7.5	HIGH Network	coturn_project	coturn	Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.10.0, the STUN/TURN attribute parsing functions in coturn perform unsafe pointer casts from uint8_t * to uint16_t * wit…	CWE-704 Incorrect Type Conversion or Cast	CVE-2026-40613	2026-04-24 22:41	2026-04-22	Show	GitHub Exploit DB Packet Storm

4074	7.5	HIGH Network	protocol	libp2p	libp2p-rust is the official rust language Implementation of the libp2p networking stack. Prior to 0.17.1, libp2p-rendezvous server has no limit on how many namespaces a single peer can register. A m…	CWE-770 Allocation of Resources Without Limits or Throttling	CVE-2026-35405	2026-04-24 22:37	2026-04-8	Show	GitHub Exploit DB Packet Storm

4075	6.5	MEDIUM Network	libsixel	libsixel	In Libsixel prior to and including v1.10.3, a NULL pointer dereference in the stb_image.h component of libsixel allows attackers to cause a denial of service (DOS) via a crafted PICT file.	CWE-476 NULL Pointer Dereference	CVE-2021-45340	2026-04-24 22:35	2022-01-25	Show	GitHub Exploit DB Packet Storm

4076	6.5	MEDIUM Network	libsixel	libsixel	En Libsixel versiones anteriores a v1.10.3 incluyéndola, una desreferencia de puntero NULL en el componente stb_image.h de libsixel permite a atacantes causar una denegación de servicio (DOS) por med…	CWE-476 NULL Pointer Dereference	CVE-2021-45340	2026-04-24 22:35	2022-01-25	Show	GitHub Exploit DB Packet Storm

4077	8.8	HIGH Network	libsixel	libsixel	libsixel before 1.10 is vulnerable to Buffer Overflow in libsixel/src/quant.c:867.	CWE-787 Out-of-bounds Write	CVE-2021-40656	2026-04-24 22:34	2022-04-9	Show	GitHub Exploit DB Packet Storm

4078	8.8	HIGH Network	libsixel	libsixel	libsixel versiones anteriores a 1.10, es vulnerable a un desbordamiento del búfer en libsixel/src/quant.c:867	CWE-787 Out-of-bounds Write	CVE-2021-40656	2026-04-24 22:34	2022-04-9	Show	GitHub Exploit DB Packet Storm

4079	6.5	MEDIUM Network	saitoha	libsixel	An invalid read in the stb_image.h component of libsixel prior to v1.8.5 allows attackers to cause a denial of service (DOS) via a crafted PSD file.	CWE-125 Out-of-bounds Read	CVE-2020-21049	2026-04-24 22:34	2021-09-15	Show	GitHub Exploit DB Packet Storm

4080	6.5	MEDIUM Network	saitoha	libsixel	Una lectura no válida en el componente stb_image.h de libsixel versiones anteriores a v1.8.5, permite a atacantes causar una denegación de servicio (DOS) por medio de un archivo PSD diseñado	CWE-125 Out-of-bounds Read	CVE-2020-21049	2026-04-24 22:34	2021-09-15	Show	GitHub Exploit DB Packet Storm

4081	4.8	MEDIUM Network	mitmproxy	mitmproxy	mitmproxy is a interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers and mitmweb is a web-based interface for mitmproxy. In mitmproxy 12.2.1 and below, the b…	CWE-90 LDAP Injection	CVE-2026-40606	2026-04-24 22:33	2026-04-22	Show	GitHub Exploit DB Packet Storm

4082	8.2	HIGH Network	protocol	libp2p	libp2p-rust is the official rust language Implementation of the libp2p networking stack. Prior to 0.17.1, the rendezvous server stores pagination cookies without bounds. An unauthenticated peer can r…	CWE-770 Allocation of Resources Without Limits or Throttling	CVE-2026-35457	2026-04-24 22:32	2026-04-8	Show	GitHub Exploit DB Packet Storm

4083	2.7	LOW Network	openbao	openbao	OpenBao is an open source identity-based secrets management system. OpenBao's namespaces provide multi-tenant separation. Prior to version 2.5.3, a tenant who leaks token accessors can have their tok…	CWE-1259 Improper Restriction of Security Token Assignment	CVE-2026-40264	2026-04-24 22:29	2026-04-21	Show	GitHub Exploit DB Packet Storm

4084	4.9	MEDIUM Network	openbao	openbao	OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, when OpenBao revoked privileges on a role in the PostgreSQL database secrets engine, OpenBao failed to use …	CWE-89 SQL Injection	CVE-2026-39946	2026-04-24 22:28	2026-04-21	Show	GitHub Exploit DB Packet Storm

4085	3.1	LOW Network	openbao	openbao	OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, OpenBao's Certificate authentication method, when a token renewal is requested and `disable_binding=true` i…	CWE-295 Improper Certificate Validation	CVE-2026-39388	2026-04-24 22:27	2026-04-21	Show	GitHub Exploit DB Packet Storm

4086	7.6	HIGH Network	openremote	openremote	OpenRemote is an open-source internet-of-things platform. Prior to version 1.22.0, the Velbus asset import path parses attacker-controlled XML without explicit XXE hardening. An authenticated user wh…	CWE-611 XXE	CVE-2026-40882	2026-04-24 22:24	2026-04-23	Show	GitHub Exploit DB Packet Storm

4087	8.3	HIGH Network	rustfs	rustfs	RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-alpha.94, all four notification target admin API endpoints in `rustfs/src/admin/handlers/event.rs` use a `check_permissions…	CWE-862 Missing Authorization	CVE-2026-40937	2026-04-24 22:12	2026-04-23	Show	GitHub Exploit DB Packet Storm

4088	7.0	HIGH Network	openremote	openremote	OpenRemote is an open-source internet-of-things platform. Prior to version 1.22.1, a user who has `write:admin` in one Keycloak realm can call the Manager API to update Keycloak realm roles for users…	CWE-284 Improper Access Control	CVE-2026-41166	2026-04-24 22:10	2026-04-23	Show	GitHub Exploit DB Packet Storm

4089	5.3	MEDIUM Network	pypdf_project	pypdf	pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.1 can craft a PDF which leads to long runtimes. This requires cross-ref…	CWE-834 Excessive Iteration	CVE-2026-41168	2026-04-24 22:07	2026-04-23	Show	GitHub Exploit DB Packet Storm

4090	5.9	MEDIUM Network	leancrypto	leancrypto	The leancrypto library is a cryptographic library that exclusively contains only PQC-resistant cryptographic algorithms. Prior to version 1.7.1, lc_x509_extract_name_segment() casts size_t vlen to ui…	CWE-681 Incorrect Conversion between Numeric Types	CVE-2026-34610	2026-04-24 22:01	2026-04-3	Show	GitHub Exploit DB Packet Storm

4091	7.5	HIGH Network	saitoha	libsixel	libsixel 1.8.1 has a memory leak in sixel_decoder_decode in decoder.c, image_buffer_resize in fromsixel.c, and sixel_decode_raw in fromsixel.c.	CWE-772 Missing Release of Resource after Effective Lifetime	CVE-2018-14072	2026-04-24 21:56	2018-07-16	Show	GitHub Exploit DB Packet Storm

4092	7.5	HIGH Network	saitoha	libsixel	libsixel 1.8.1 tiene una fuga de memoria en sixel_decoder_decode en decoder.c e image_buffer_resize en fromsixel.c y sixel_decode_raw en fromsixel.c.	CWE-772 Missing Release of Resource after Effective Lifetime	CVE-2018-14072	2026-04-24 21:56	2018-07-16	Show	GitHub Exploit DB Packet Storm

4093	7.5	HIGH Network	saitoha	libsixel	libsixel 1.8.1 has a memory leak in sixel_allocator_new in allocator.c.	CWE-772 Missing Release of Resource after Effective Lifetime	CVE-2018-14073	2026-04-24 21:56	2018-07-16	Show	GitHub Exploit DB Packet Storm

4094	7.5	HIGH Network	saitoha	libsixel	libsixel 1.8.71 tiene una fuga de memoria en sixel_allocator_new en allocator.c.	CWE-772 Missing Release of Resource after Effective Lifetime	CVE-2018-14073	2026-04-24 21:56	2018-07-16	Show	GitHub Exploit DB Packet Storm

4095	5.5	MEDIUM Local	saitoha	libsixel	There is a heap-based buffer over-read at stb_image.h (function: stbi__tga_load) in libsixel 1.8.2 that will cause a denial of service.	CWE-125 Out-of-bounds Read	CVE-2018-19756	2026-04-24 21:56	2018-11-30	Show	GitHub Exploit DB Packet Storm

4096	5.5	MEDIUM Local	saitoha	libsixel	Existe una sobrelectura de búfer basada en memoria dinámica (heap) en stb_image.h (función: stbi__tga_load) en libsixel 1.8.2 que provoca una denegación de servicio (DoS).	CWE-125 Out-of-bounds Read	CVE-2018-19756	2026-04-24 21:56	2018-11-30	Show	GitHub Exploit DB Packet Storm

4097	6.5	MEDIUM Network	saitoha	libsixel	There is a NULL pointer dereference at function sixel_helper_set_additional_message (status.c) in libsixel 1.8.2 that will cause a denial of service.	CWE-476 NULL Pointer Dereference	CVE-2018-19757	2026-04-24 21:56	2018-11-30	Show	GitHub Exploit DB Packet Storm

4098	6.5	MEDIUM Network	saitoha	libsixel	Existe una desreferencia de puntero NULL en la función sixel_helper_set_additional_message (status.c) en libsixel 1.8.2 que provoca una denegación de servicio (DoS).	CWE-476 NULL Pointer Dereference	CVE-2018-19757	2026-04-24 21:56	2018-11-30	Show	GitHub Exploit DB Packet Storm

4099	5.5	MEDIUM Local	saitoha	libsixel	There is a heap-based buffer over-read at stb_image_write.h (function: stbi_write_png_to_mem) in libsixel 1.8.2 that will cause a denial of service.	CWE-125 Out-of-bounds Read	CVE-2018-19759	2026-04-24 21:56	2018-11-30	Show	GitHub Exploit DB Packet Storm

4100	5.5	MEDIUM Local	saitoha	libsixel	Existe una sobrelectura de búfer basada en memoria dinámica (heap) en stb_image_write.h (función: stbi_write_png_to_mem) en libsixel 1.8.2 que provoca una denegación de servicio (DoS).	CWE-125 Out-of-bounds Read	CVE-2018-19759	2026-04-24 21:56	2018-11-30	Show	GitHub Exploit DB Packet Storm