Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-30769 | HIGH | 7.8 | An issue in the TVicPort64.sys component of EnTech Taiwan TVicPort Product v4.0, File v5.2.1.0 allows attackers to escalate privileges via sending crafted IOCTL 0x80002008 requests. | Apr 29, 2026 |
| CVE-2026-2810 | UNKNOWN | — | Netskope was notified about a potential gap in the Endpoint DLP Module for Netskope Client on Windows systems. The successful exploitation of the gap can … | Apr 29, 2026 |
| CVE-2025-56537 | MEDIUM | 6.1 | A stored cross-site scripting (XSS) vulnerability in opennebula v6.10.0.1 and fixed in v.7.0 allows attackers to execute arbitrary web scripts or HTML via injecting a … | Apr 29, 2026 |
| CVE-2025-56536 | MEDIUM | 6.1 | A stored cross-site scripting (XSS) vulnerability in opennebula v6.10.0.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the … | Apr 29, 2026 |
| CVE-2025-56535 | MEDIUM | 6.1 | A cross-site scripting (XSS) vulnerability in opennebula v6.10.0.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the zone … | Apr 29, 2026 |
| CVE-2025-56534 | MEDIUM | 6.1 | A cross-site scripting (XSS) vulnerability in the custom authenticator driver of opennebula v6.10.0.1 allows attackers to execute arbitrary web scripts or HTML via a crafted … | Apr 29, 2026 |
| CVE-2026-7384 | HIGH | 7.3 | A vulnerability was detected in ezequiroga mcp-bases 357ca19c7a49a9b9cb2ef639b366f03aba8bea39/c630b8ab0f970614d42da8e566e9c0d15a16414c. This impacts the function search_papers of the file research_server.py. Performing a manipulation of the argument topic results … | Apr 29, 2026 |
| CVE-2026-7111 | HIGH | 8.4 | Text::CSV_XS versions before 1.62 for Perl have a use-after-free when registered callbacks extend the Perl argument stack, which may enable type confusion or memory corruption. … | Apr 29, 2026 |
| CVE-2026-5161 | HIGH | 8.8 | Improper link resolution before file access ('link following') vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus About allows Symlink Attack. This issue affects Pardus … | Apr 29, 2026 |
| CVE-2026-5141 | HIGH | 8.8 | Improper Privilege Management, Improper Access Control, Incorrect privilege assignment vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Software Center allows Hijacking a privileged process. … | Apr 29, 2026 |
| CVE-2026-41952 | HIGH | 7.8 | Local privilege escalation due to improper input validation. The following products are affected: Acronis DeviceLock DLP (Windows) before build 9.0.93212, Acronis Cyber Protect Cloud Agent … | Apr 29, 2026 |
| CVE-2026-41220 | HIGH | 7.8 | Local privilege escalation due to improper input validation. The following products are affected: Acronis DeviceLock DLP (Windows) before build 9.0.93212, Acronis Cyber Protect Cloud Agent … | Apr 29, 2026 |
| CVE-2026-38992 | UNKNOWN | — | Cockpit v2.13.5 and earlier is vulnerable to arbitrary code execution via the filter parameter within multiple endpoints. This vulnerability allows an attacker to run system … | Apr 29, 2026 |
| CVE-2026-36841 | CRITICAL | 9.8 | TOTOLINK N200RE V5 was discovered to contain a command injection vulnerability via the macstr and bandstr parameters in the formMapDelDevice function. | Apr 29, 2026 |
| CVE-2026-36837 | HIGH | 7.5 | TOTOLINK A3002RU V3 <= V3.0.0-B20220304.1804 was discovered to contain a stack-based buffer overflow via the hostname parameter in the formMapDelDevice function. | Apr 29, 2026 |
| CVE-2026-25852 | MEDIUM | 6.7 | Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis DeviceLock DLP (Windows) before build 9.0.93212. | Apr 29, 2026 |
| CVE-2026-5140 | HIGH | 8.8 | Improper neutralization of CRLF sequences ('CRLF injection') vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus allows Authentication Bypass. This issue affects Pardus: from <=0.6.4 … | Apr 29, 2026 |
| CVE-2026-42525 | MEDIUM | 4.3 | Jenkins Microsoft Entra ID (previously Azure AD) Plugin 666.v6060de32f87d and earlier does not restrict the redirect URL after login, allowing attackers to perform phishing attacks. | Apr 29, 2026 |
| CVE-2026-42524 | HIGH | 8.0 | Jenkins HTML Publisher Plugin 427 and earlier does not escape job name and URL in the legacy wrapper file, resulting in a stored cross-site scripting … | Apr 29, 2026 |
| CVE-2026-42523 | CRITICAL | 9.0 | Jenkins GitHub Plugin 1.46.0 and earlier improperly processes the current job URL as part of JavaScript implementing validation of the feature "GitHub hook trigger for … | Apr 29, 2026 |
| CVE-2026-42522 | MEDIUM | 4.3 | A missing permission check in Jenkins GitHub Branch Source Plugin 1967.vdea_d580c1a_b_a_ and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL with … | Apr 29, 2026 |
| CVE-2026-42521 | MEDIUM | 6.5 | Jenkins Matrix Authorization Strategy Plugin 2.0-beta-1 through 3.2.9 (both inclusive) invokes parameterless constructors of classes specified in configuration when deserializing inheritance strategies, without restricting the … | Apr 29, 2026 |
| CVE-2026-42520 | HIGH | 7.5 | Jenkins Credentials Binding Plugin 719.v80e905ef14eb_ and earlier does not sanitize file names for file and zip file credentials, allowing attackers able to provide credentials to … | Apr 29, 2026 |
| CVE-2026-42519 | MEDIUM | 4.3 | A missing permission check in Jenkins Script Security Plugin 1399.ve6a_66547f6e1 and earlier allows attackers with Overall/Read permission to enumerate pending and approved Script Security classpaths. | Apr 29, 2026 |
| CVE-2026-42652 | HIGH | 7.1 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpeverest User Registration user-registration allows Reflected XSS.This issue affects User Registration: from n/a … | Apr 29, 2026 |