Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-4503 | HIGH | 7.5 | IBM Langflow Desktop 1.0.0 through 1.8.4 Langflow could allow an unauthenticated user to view other users' images due to an indirect object reference through a … | Apr 30, 2026 |
| CVE-2026-4502 | MEDIUM | 6.5 | IBM Langflow Desktop 1.2.0 through 1.8.4 Langflow could allow an authenticated attacker to traverse directories on the system. An attacker could send a specially crafted … | Apr 30, 2026 |
| CVE-2026-41263 | UNKNOWN | — | Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a timing side-channel vulnerability in Traefik's BasicAuth … | Apr 30, 2026 |
| CVE-2026-41174 | UNKNOWN | — | Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a potential vulnerability in Traefik's Kubernetes CRD … | Apr 30, 2026 |
| CVE-2026-40951 | UNKNOWN | — | CVE-2026-40951 is a memory corruption vulnerability on Secure Access Windows clients prior to 14.50. Attackers with local control of the Windows client can send malformed … | Apr 30, 2026 |
| CVE-2026-40950 | UNKNOWN | — | CVE-2026-40950 is a buffer overflow vulnerability in the Secure Access server prior to 14.50. Attackers with control of a modified client can send a specially … | Apr 30, 2026 |
| CVE-2026-40949 | UNKNOWN | — | CVE-2026-40949 is a buffer overflow vulnerability in the Secure Access Windows client prior to 14.50. Attackers with local control of the Windows client can use … | Apr 30, 2026 |
| CVE-2026-40912 | UNKNOWN | — | Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a high severity authentication bypass vulnerability in … | Apr 30, 2026 |
| CVE-2026-3346 | MEDIUM | 6.4 | IBM Langflow Desktop 1.6.0 through 1.8.4 Lanflow is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in … | Apr 30, 2026 |
| CVE-2026-3340 | MEDIUM | 6.5 | IBM Langflow Desktop 1.0.0 through 1.8.4 IBM Langflow is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests … | Apr 30, 2026 |
| CVE-2026-39858 | UNKNOWN | — | Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a high severity authentication bypass vulnerability in … | Apr 30, 2026 |
| CVE-2026-35051 | UNKNOWN | — | Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is an authentication bypass vulnerability in Traefik's ForwardAuth … | Apr 30, 2026 |
| CVE-2026-33452 | UNKNOWN | — | CVE-2026-33452 is a buffer overflow vulnerability in the Secure Access Windows client prior to 14.50. Attackers with local control of the Windows client can use … | Apr 30, 2026 |
| CVE-2026-33451 | UNKNOWN | — | CVE-2026-33451 is an arbitrary read/write vulnerability in the Secure Access Windows client prior to 14.50. Attackers with local control of the Windows client can send … | Apr 30, 2026 |
| CVE-2026-33450 | UNKNOWN | — | CVE-2026-33450 is an out of bounds read vulnerability in the Secure Access MacOS client prior to 14.50. Attackers with control of a modified server can … | Apr 30, 2026 |
| CVE-2026-33449 | UNKNOWN | — | CVE-2026-33449 is a buffer overflow in a message handling function of the Secure Access client prior to 14.50. Attackers with control of a modified server … | Apr 30, 2026 |
| CVE-2026-28532 | MEDIUM | 6.5 | FRRouting before 10.5.3 contains an integer overflow vulnerability in seven OSPF Traffic Engineering and Segment Routing TLV parser functions where a uint16_t accumulator variable truncates … | Apr 30, 2026 |
| CVE-2026-7429 | MEDIUM | 4.6 | SSCMS v7.4.0 contains a reflected cross-site scripting vulnerability in the STL processing endpoint that allows attackers to execute arbitrary JavaScript by crafting malicious STL template … | Apr 30, 2026 |
| CVE-2026-33448 | UNKNOWN | — | CVE-2026-33448 is a format string vulnerability in the logging subsystem of Secure Access client for MacOS prior to 14.50. Attackers with control of a modified … | Apr 30, 2026 |
| CVE-2026-33447 | UNKNOWN | — | CVE-2026-33447 is a buffer overflow in a message parsing function of the Secure Access client prior to 14.50. Attackers with control of a modified server … | Apr 30, 2026 |
| CVE-2026-33446 | UNKNOWN | — | CVE-2026-33446 is a buffer overflow in the authentication sub-system of the Secure Access client prior to 14.50. Attackers with control of a modified server can … | Apr 30, 2026 |
| CVE-2025-56568 | UNKNOWN | — | Assertion failure vulnerability in the PCO (Protocol Configuration Options) parser in the SMF (Session Management Function) component of Open5GS before v2.7.5 allows remote attackers to … | Apr 30, 2026 |
| CVE-2025-46115 | UNKNOWN | — | An issue in open5gs v.2.7.3 allows a remote attacker to cause a denial of service via a crafted PDU Session Modification Request | Apr 30, 2026 |
| CVE-2026-7461 | HIGH | 7.2 | Improper neutralization of inputs used in an OS command in the FSx Windows File Server volume mounting component in Amazon ECS Agent on Windows before … | Apr 30, 2026 |
| CVE-2026-40904 | HIGH | 8.1 | Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew … | Apr 30, 2026 |