Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-7855 | HIGH | 8.8 | A vulnerability was detected in D-Link DI-8100 16.07.26A1. Affected by this issue is the function tggl_asp of the file /tggl.asp of the component HTTP Request … | May 05, 2026 |
| CVE-2026-7854 | CRITICAL | 9.8 | A security vulnerability has been detected in D-Link DI-8100 16.07.26A1. Affected by this vulnerability is the function url_rule_asp of the file /url_rule.asp of the component … | May 05, 2026 |
| CVE-2026-42997 | HIGH | 7.7 | An issue was discovered in idrac in OpenStack Ironic before 35.0.1. During import, a user invoking molds can request authorization to be sent to a … | May 05, 2026 |
| CVE-2026-38428 | CRITICAL | 9.8 | Kestra v1.3.3 and before is vulnerable to SQL Injection. The vulnerability occurs because user-controlled input from a GET parameter is directly concatenated into an SQL … | May 05, 2026 |
| CVE-2026-31835 | UNKNOWN | — | Vaultwarden is a Bitwarden-compatible server written in Rust. In versions 1.35.4 and earlier, the WebAuthn authentication flow in `validate_webauthn_login()` updates persistent credential metadata (1backup_eligible1 and … | May 05, 2026 |
| CVE-2026-30923 | UNKNOWN | — | ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. Libmodsecurity is one component of the ModSecurity v3 … | May 05, 2026 |
| CVE-2026-27960 | CRITICAL | 9.8 | OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. In versions 6.6.0 through 6.9.12, there is a privilege escalation vulnerability … | May 05, 2026 |
| CVE-2026-7853 | CRITICAL | 9.8 | A weakness has been identified in D-Link DI-8100 16.07.26A1. Affected is the function sprintf of the file /auto_reboot.asp of the component HTTP Handler. This manipulation … | May 05, 2026 |
| CVE-2026-7851 | HIGH | 7.2 | A vulnerability was identified in D-Link DI-8100 16.07.26A1. This affects the function sprintf of the file yyxz.asp. The manipulation of the argument ID leads to … | May 05, 2026 |
| CVE-2026-7847 | LOW | 2.6 | A vulnerability was found in chatchat-space Langchain-Chatchat up to 0.3.1.3. The affected element is the function _get_file_id of the file libs/chatchat-server/chatchat/server/api_server/openai_routes.py of the component Uploaded … | May 05, 2026 |
| CVE-2026-43002 | MEDIUM | 5.3 | An issue was discovered in OpenStack Horizon 25.6 and 25.7 before 25.7.3. There is a write operation to the session storage backend before authentication and … | May 05, 2026 |
| CVE-2026-38432 | MEDIUM | 6.1 | ERPNext v15.103.1 and before is vulnerable to Cross Site Scripting (XSS) in the Email Template engine. An attacker with permission to create or edit email … | May 05, 2026 |
| CVE-2026-38431 | CRITICAL | 9.8 | ERPNext v15.103.1 and before is vulnerable to Server-Side Template Injection (SSTI). An attacker with permission to create or edit email templates can inject template expressions … | May 05, 2026 |
| CVE-2026-38429 | UNKNOWN | — | OpenCMS v20 and before is vulnerable to XML External Entity (XXE) in the Admin Import DB feature due to insecure XML parsing of user supplied … | May 05, 2026 |
| CVE-2026-25589 | UNKNOWN | — | RedisBloom is a probabilistic data structures module for Redis. In all versions of RedisBloom before 2.8.20, the module does not properly validate serialized values processed … | May 05, 2026 |
| CVE-2026-25588 | UNKNOWN | — | RedisTimeSeries is a time-series module for Redis. In all versions before 1.12.14 of RedisTimeSeries, the module does not properly validate serialized values processed through the … | May 05, 2026 |
| CVE-2026-25243 | HIGH | 8.8 | Redis is an in-memory data structure store. In versions of redis-server up to 8.6.3, the RESTORE command does not properly validate serialized values. An authenticated … | May 05, 2026 |
| CVE-2026-23631 | HIGH | 8.1 | Redis is an in-memory data structure store. In all versions of redis-server with Lua scripting, an authenticated attacker can exploit the master-replica synchronization mechanism to … | May 05, 2026 |
| CVE-2026-23479 | HIGH | 8.8 | Redis is an in-memory data structure store. In redis-server from 7.2.0 until 8.6.3, the unblock client flow does not handle an error return from `processCommandAndResetClient` … | May 05, 2026 |
| CVE-2026-7865 | UNKNOWN | — | A hidden console command is vulnerable to command injection flaw when control characters are passed to its second argument. A third party researcher Eugene Lim … | May 05, 2026 |
| CVE-2026-7846 | LOW | 2.6 | A vulnerability has been found in chatchat-space Langchain-Chatchat up to 0.3.1.3. Impacted is the function files of the file libs/chatchat-server/chatchat/server/api_server/openai_routes.py of the component OpenAI-Compatible File … | May 05, 2026 |
| CVE-2026-7845 | LOW | 2.6 | A flaw has been found in chatchat-space Langchain-Chatchat up to 0.3.1.3. This issue affects the function PIL.Image.tobytes of the file libs/chatchat-server/chatchat/webui_pages/dialogue/dialogue.py of the component Vision … | May 05, 2026 |
| CVE-2026-7844 | MEDIUM | 6.3 | A vulnerability was detected in chatchat-space Langchain-Chatchat up to 0.3.1.3. This vulnerability affects the function files/list_files/retrieve_file/retrieve_file_content/delete_file of the file libs/chatchat-server/chatchat/server/api_server/openai_routes.py of the component Compatible File … | May 05, 2026 |
| CVE-2026-7412 | HIGH | 8.6 | In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, the Operation Delegation feature fails to validate the destination URI of delegated requests. An unauthenticated … | May 05, 2026 |
| CVE-2026-7411 | CRITICAL | 10.0 | In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, inadequate path normalization in the Submodel HTTP API allows an unauthenticated remote attacker to perform … | May 05, 2026 |