Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-24072 | HIGH | 8.8 | An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .htaccess authors to read files with the privileges of … | May 04, 2026 |
| CVE-2026-3120 | HIGH | 7.2 | Improper Control of Generation of Code ('Code Injection') vulnerability in Profelis Information and Consulting Trade and Industry Limited Company SambaBox allows OS Command Injection. This … | May 04, 2026 |
| CVE-2026-7750 | HIGH | 8.8 | A vulnerability was detected in Totolink N300RH 3.2.4-B20220812. This vulnerability affects the function setMacFilterRules of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The … | May 04, 2026 |
| CVE-2026-7749 | HIGH | 8.8 | A security vulnerability has been detected in Totolink N300RH 3.2.4-B20220812. This affects the function setWanConfig of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. … | May 04, 2026 |
| CVE-2026-7748 | HIGH | 8.8 | A weakness has been identified in Totolink N300RH 3.2.4-B20220812. Affected by this issue is the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi of the component POST … | May 04, 2026 |
| CVE-2026-33846 | HIGH | 7.5 | A heap buffer overflow vulnerability exists in the DTLS handshake fragment reassembly logic of GnuTLS. The issue arises in merge_handshake_packet() where incoming handshake fragments are … | May 04, 2026 |
| CVE-2026-7747 | CRITICAL | 9.8 | A security flaw has been discovered in Totolink N300RH 3.2.4-B20220812. Affected by this vulnerability is the function loginauth of the file /cgi-bin/cstecgi.cgi of the component … | May 04, 2026 |
| CVE-2026-7746 | MEDIUM | 6.3 | A vulnerability was identified in SourceCodester Web-based Pharmacy Product Management System 1.0. Affected is an unknown function of the file /product_expiry/edit-admin.php. Such manipulation of the … | May 04, 2026 |
| CVE-2026-7745 | MEDIUM | 6.3 | A vulnerability was determined in CodeAstro Online Classroom 1.0. This impacts an unknown function of the file /OnlineClassroom/facultydetails. This manipulation of the argument deleteid causes … | May 04, 2026 |
| CVE-2025-14320 | CRITICAL | 9.8 | Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Tegsoft Management and Information Services Trade Limited Company Online Support Application allows Reflected … | May 04, 2026 |
| CVE-2026-7744 | MEDIUM | 6.3 | A vulnerability was found in CodeAstro Online Classroom 1.0. This affects an unknown function of the file /OnlineClassroom/addnewstudent. The manipulation of the argument fname results … | May 04, 2026 |
| CVE-2026-7743 | MEDIUM | 6.3 | A vulnerability has been found in CodeAstro Online Classroom 1.0. The impacted element is an unknown function of the file /OnlineClassroom/studentdetails. The manipulation of the … | May 04, 2026 |
| CVE-2026-7742 | MEDIUM | 6.3 | A flaw has been found in CodeAstro Online Classroom 1.0. The affected element is an unknown function of the file /OnlineClassroom/facultylogin. Executing a manipulation of … | May 04, 2026 |
| CVE-2026-7741 | MEDIUM | 6.3 | A vulnerability was detected in CodeAstro Online Classroom 1.0. Impacted is an unknown function of the file /OnlineClassroom/studentlogin. Performing a manipulation of the argument sid … | May 04, 2026 |
| CVE-2026-7740 | LOW | 3.3 | A security vulnerability has been detected in justdan96 tsMuxer up to 2.7.0. This issue affects the function VvcVpsUnit::setFPS of the file tsMuxer/vvc.cpp. Such manipulation of … | May 04, 2026 |
| CVE-2026-7739 | LOW | 3.3 | A weakness has been identified in justdan96 tsMuxer up to 2.7.0. This vulnerability affects the function HevcVpsUnit::setFPS of the file /AFLplusplus/tsMuxer_prev/tsMuxer/hevc.cpp. This manipulation of the … | May 04, 2026 |
| CVE-2026-7738 | MEDIUM | 6.3 | A security flaw has been discovered in puchunjie doc-tools-mcp 1.0.18. This affects the function create_document/open_document of the file src/mcp-server.ts of the component MCP Interface. The … | May 04, 2026 |
| CVE-2026-7737 | MEDIUM | 5.3 | A vulnerability was identified in osrg GoBGP up to 4.3.0. Affected by this issue is the function BMPPeerUpNotification.ParseBody/BMPStatisticsReport.ParseBody of the file pkg/packet/bmp/bmp.go of the component … | May 04, 2026 |
| CVE-2026-7736 | HIGH | 7.3 | A vulnerability was determined in osrg GoBGP up to 4.3.0. Affected by this vulnerability is the function parseRibEntry of the file pkg/packet/mrt/mrt.go. Executing a manipulation … | May 04, 2026 |
| CVE-2026-5335 | MEDIUM | 5.3 | The Magic Export & Import WordPress plugin before 1.2.0 stores exported CSV files at a publicly accessible location, making it possible for any visitors to … | May 04, 2026 |
| CVE-2026-43864 | LOW | 2.5 | mutt before 2.3.2 has a show_sig_summary NULL pointer dereference. | May 04, 2026 |
| CVE-2026-43863 | LOW | 3.7 | mutt before 2.3.2 has an infinite loop in data_object_to_stream in crypt-gpgme.c. | May 04, 2026 |
| CVE-2026-43862 | LOW | 3.7 | In mutt before 2.3.2, the imap_auth_gss security level is mishandled. | May 04, 2026 |
| CVE-2026-43861 | LOW | 3.7 | mutt before 2.3.2 does not check for '\0' in url_pct_decode. | May 04, 2026 |
| CVE-2026-43860 | LOW | 3.7 | mutt before 2.3.2 sometimes truncates the hash_passwd by one byte for IMAP auth_cram MD5 digest. | May 04, 2026 |