Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-7508 | MEDIUM | 6.3 | A vulnerability was found in Bootstrap CMS 0.9.0-alpha. Affected is an unknown function of the file resources/views/pages/show.blade.php of the component Page Creation Handler. Performing a … | Apr 30, 2026 |
| CVE-2026-7506 | HIGH | 7.3 | A vulnerability has been found in SourceCodester Hotel Management System 1.0. This impacts an unknown function of the file /index.php/reservation/check. Such manipulation of the argument … | Apr 30, 2026 |
| CVE-2026-7505 | HIGH | 7.3 | A flaw has been found in nextlevelbuilder GoClaw and GoClaw Lite up to 3.8.5. This affects an unknown function of the component RPC Handler. This … | Apr 30, 2026 |
| CVE-2026-4178 | UNKNOWN | — | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | Apr 30, 2026 |
| CVE-2026-28909 | MEDIUM | 6.5 | Users who connect to malicious registries with hostnames matching the bypass patterns will have their registry credentials exposed in plaintext. This issue is fixed in … | Apr 30, 2026 |
| CVE-2026-7551 | HIGH | 8.8 | HKUDS OpenHarness contains a remote code execution vulnerability in the /bridge slash command that allows remote senders accepted by configuration to execute arbitrary operating system … | Apr 30, 2026 |
| CVE-2026-7503 | HIGH | 8.8 | A vulnerability was detected in code-projects for Plugin 4.1.2cu.5137. The impacted element is the function setWiFiMultipleConfig in the library /lib/cste_modules/wireless.so of the file /cgi-bin/cstecgi.cgi. The … | Apr 30, 2026 |
| CVE-2026-7502 | MEDIUM | 5.4 | A security vulnerability has been detected in LinkStackOrg LinkStack up to 4.8.6. The affected element is the function saveLink of the file app/Http/Controllers/UserController.php of the … | Apr 30, 2026 |
| CVE-2026-6543 | HIGH | 8.8 | IBM Langflow Desktop 1.0.0 through 1.8.4 Langflow allows an attacker to execute arbitrary commands with the privileges of the process running Langflow. This allows reading … | Apr 30, 2026 |
| CVE-2026-6542 | MEDIUM | 6.5 | IBM Langflow OSS 1.0.0 through 1.8.4 could allow any user to supply a flow_id to read transaction logs and vertex build data belonging to other … | Apr 30, 2026 |
| CVE-2026-6389 | HIGH | 8.8 | IBM Turbonomic prometurbo agent 8.16.0 through 8.17.6 IBM Turbonomic Application Resource Management grants excessive cluster‑wide permissions, including unrestricted read access to all secrets. An attacker … | Apr 30, 2026 |
| CVE-2026-40687 | MEDIUM | 4.8 | In Exim before 4.99.2, when the SPA authentication driver is used with an adversarial SPA resource, there can be an out-of-bounds write that crashes the … | Apr 30, 2026 |
| CVE-2026-40686 | LOW | 3.7 | In Exim before 4.99.2, when utf8 operators are enabled, there is an out-of-bounds read if large UTF-8 trailing characters are present (malformed UTF-8 header data). … | Apr 30, 2026 |
| CVE-2026-40685 | MEDIUM | 6.5 | In Exim before 4.99.2, when JSON lookup is enabled, an out-of-bounds heap write can occur when a JSON operator encounters malformed JSON in an untrusted … | Apr 30, 2026 |
| CVE-2026-40684 | MEDIUM | 5.9 | In Exim before 4.99.2, on systems using musl libc (not glibc), an attacker can crash the connection instance when malformed DNS data is present in … | Apr 30, 2026 |
| CVE-2026-3345 | MEDIUM | 6.5 | IBM Langflow Desktop <=1.8.4 Langflow could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request … | Apr 30, 2026 |
| CVE-2026-2311 | MEDIUM | 6.4 | IBM i 7.6, 7.5, 7.4, 7.3, and 7.2 s vulnerable to privilege escalation caused by an invalid IBM i Web Administration GUI authorization check. A … | Apr 30, 2026 |
| CVE-2026-1577 | MEDIUM | 6.5 | IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause … | Apr 30, 2026 |
| CVE-2025-36335 | MEDIUM | 6.2 | IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.3.0, 5.3.1 stores user credentials in plain text which can be read by a local user. | Apr 30, 2026 |
| CVE-2025-36180 | MEDIUM | 5.3 | IBM watsonx.data 2.2 through 2.3 IBM Lakehouse does not properly restrict communication between pods which could allow an attacker to transfer data between pods without … | Apr 30, 2026 |
| CVE-2025-36122 | MEDIUM | 6.5 | IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes DB2 Connect Server) could allow an authenticated user to cause … | Apr 30, 2026 |
| CVE-2025-14688 | MEDIUM | 5.3 | IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause … | Apr 30, 2026 |
| CVE-2026-7501 | LOW | 3.5 | A weakness has been identified in LinkStackOrg LinkStack up to 4.8.6. Impacted is the function editPage of the file app/Http/Controllers/UserController.php. Executing a manipulation of the … | Apr 30, 2026 |
| CVE-2026-7435 | HIGH | 7.2 | SSCMS v7.4.0 contains a SQL injection vulnerability in the stl:sqlContent tag where the queryString attribute is passed directly to database execution without parameterization or sanitization. … | Apr 30, 2026 |
| CVE-2026-6539 | MEDIUM | 4.4 | Notepad++ 8.9.3 contains a format string injection vulnerability in the Find Results panel handler that allows attackers to cause denial of service and information disclosure … | Apr 30, 2026 |