Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-7341 | HIGH | 8.8 | Use after free in WebRTC in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted … | Apr 28, 2026 |
| CVE-2026-7340 | MEDIUM | 4.3 | Integer overflow in ANGLE in Google Chrome on Windows prior to 147.0.7727.138 allowed a remote attacker to perform an out of bounds memory read via … | Apr 28, 2026 |
| CVE-2026-7339 | HIGH | 8.8 | Heap buffer overflow in WebRTC in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. … | Apr 28, 2026 |
| CVE-2026-7338 | HIGH | 7.5 | Use after free in Cast in Google Chrome prior to 147.0.7727.138 allowed an attacker on the local network segment to potentially exploit heap corruption via … | Apr 28, 2026 |
| CVE-2026-7337 | HIGH | 8.8 | Type Confusion in V8 in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML … | Apr 28, 2026 |
| CVE-2026-7336 | HIGH | 8.8 | Use after free in WebRTC in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted … | Apr 28, 2026 |
| CVE-2026-7335 | HIGH | 8.8 | Use after free in media in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted … | Apr 28, 2026 |
| CVE-2026-7334 | HIGH | 8.8 | Use after free in Views in Google Chrome on Mac prior to 147.0.7727.138 allowed a remote attacker to potentially exploit heap corruption via a crafted … | Apr 28, 2026 |
| CVE-2026-7333 | CRITICAL | 9.6 | Use after free in GPU in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML … | Apr 28, 2026 |
| CVE-2026-5822 | UNKNOWN | — | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | Apr 28, 2026 |
| CVE-2026-42167 | HIGH | 8.1 | mod_sql in ProFTPD before 1.3.10rc1 allows remote attackers to execute arbitrary code via a username, in scenarios where there is logging of USER requests with … | Apr 28, 2026 |
| CVE-2026-7319 | HIGH | 7.3 | A flaw has been found in elinsky execution-system-mcp 0.1.0. The impacted element is the function _get_context_file_path of the file src/execution_system_mcp/server.py of the component add_action Tool. … | Apr 28, 2026 |
| CVE-2026-7318 | MEDIUM | 5.9 | A vulnerability was detected in elie mcp-project 0.1.0. The affected element is the function search_papers of the file research_server.py. The manipulation of the argument topic … | Apr 28, 2026 |
| CVE-2026-7317 | MEDIUM | 5.0 | A vulnerability was found in Grav CMS up to 1.7.49.5/2.0.0-beta.1. Affected by this vulnerability is the function FileCache::doGet of the file system/src/Grav/Framework/Cache/Adapter/FileCache.php of the component … | Apr 28, 2026 |
| CVE-2026-7316 | HIGH | 7.3 | A vulnerability has been found in eiliyaabedini aider-mcp up to 667b914301aada695aab0e46d1fb3a7d5e32c8af. Affected is an unknown function of the file aider_mcp.py of the component code_with_ai. The … | Apr 28, 2026 |
| CVE-2026-7315 | HIGH | 7.3 | A flaw has been found in eiceblue spire-pdf-mcp-server 0.1.1. This impacts the function get_pdf_path of the file src/spire_pdf_mcp/server.py of the component PDF File Handler. Executing … | Apr 28, 2026 |
| CVE-2026-7314 | HIGH | 7.3 | A vulnerability was detected in eiceblue spire-doc-mcp-server 1.0.0. This affects the function get_doc_path of the file src/spire_doc_mcp/api/base.py. Performing a manipulation of the argument document_name results … | Apr 28, 2026 |
| CVE-2026-7306 | MEDIUM | 5.6 | A security vulnerability has been detected in Xuxueli xxl-job up to 3.3.2. The impacted element is an unknown function of the file xxl-job-admin/src/main/java/com/xxl/job/admin/scheduler/openapi/OpenApiController.java of the … | Apr 28, 2026 |
| CVE-2026-7305 | MEDIUM | 6.3 | A weakness has been identified in Xuxueli xxl-job up to 3.3.2. The affected element is the function triggerJob of the file xxl-job-admin/src/main/java/com/xxl/job/admin/service/impl/XxlJobServiceImpl.java of the component … | Apr 28, 2026 |
| CVE-2026-7303 | LOW | 3.7 | A security flaw has been discovered in Xuxueli xxl-job up to 3.3.2. Impacted is the function logDetailCat of the file xxl-job-admin/src/main/java/com/xxl/job/admin/controller/biz/JobLogController.java of the component Execution … | Apr 28, 2026 |
| CVE-2026-7297 | LOW | 2.4 | A vulnerability was determined in SourceCodester Pizzafy Ecommerce System 1.0. This vulnerability affects the function save_user of the file /admin/ajax.php?action=save_user. Executing a manipulation of the … | Apr 28, 2026 |
| CVE-2026-7296 | LOW | 2.4 | A vulnerability was found in SourceCodester Pizzafy Ecommerce System 1.0. This affects the function save_order of the file /admin/ajax.php?action=save_order. Performing a manipulation of the argument … | Apr 28, 2026 |
| CVE-2026-41649 | HIGH | 7.7 | Outline is a service that allows for collaborative documentation. The `shares.create` API endpoint starting in version 0.86.0 and prior to version 1.7.0 has an insecure … | Apr 28, 2026 |
| CVE-2026-41446 | CRITICAL | 9.8 | Snap One WattBox 800 and 820 series firmware versions prior to 2.10.0.0 contain undisclosed diagnostic HTTP endpoints that require only the device MAC address and … | Apr 28, 2026 |
| CVE-2026-37750 | MEDIUM | 6.1 | A reflected Cross-Site Scripting (XSS) vulnerability in School Management System by mahmoudai1 allows unauthenticated remote attackers to execute arbitrary JavaScript in victim's browsers via the … | Apr 28, 2026 |