Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-7324 | HIGH | 7.3 | Memory safety bugs present in Firefox 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of … | Apr 28, 2026 |
| CVE-2026-7323 | HIGH | 7.3 | Memory safety bugs present in Firefox ESR 140.10.0 and Firefox 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with … | Apr 28, 2026 |
| CVE-2026-7322 | HIGH | 7.3 | Memory safety bugs present in Firefox ESR 115.35.0, Firefox ESR 140.10.0 and Firefox 150.0.0. Some of these bugs showed evidence of memory corruption and we … | Apr 28, 2026 |
| CVE-2026-7321 | CRITICAL | 9.6 | Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking component. This vulnerability was fixed in Firefox 150, Thunderbird 150, and Firefox ESR 140.10.1. | Apr 28, 2026 |
| CVE-2026-7320 | HIGH | 7.5 | Information disclosure due to incorrect boundary conditions in the Audio/Video component. This vulnerability was fixed in Firefox 150.0.1, Firefox ESR 140.10.1, and Firefox ESR 115.35.1. | Apr 28, 2026 |
| CVE-2026-7289 | HIGH | 8.8 | A vulnerability was found in D-Link DIR-825M 1.1.12. This issue affects the function sub_414BA8 of the file /boafrm/formWanConfigSetup. The manipulation of the argument submit-url results … | Apr 28, 2026 |
| CVE-2026-7288 | HIGH | 8.8 | A vulnerability has been found in D-Link DIR-825M 1.1.12. This vulnerability affects the function sub_4151FC of the file /boafrm/formVpnConfigSetup. The manipulation of the argument submit-url … | Apr 28, 2026 |
| CVE-2026-7283 | MEDIUM | 4.7 | A security flaw has been discovered in SourceCodester Pharmacy Sales and Inventory System 1.0. This impacts the function save_expired of the file /ajax.php?action=save_expired. The manipulation … | Apr 28, 2026 |
| CVE-2026-7282 | MEDIUM | 4.7 | A vulnerability was identified in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects the function delete_expired of the file /ajax.php?action=delete_expired. The manipulation of the … | Apr 28, 2026 |
| CVE-2026-40969 | LOW | 3.7 | The raw message of every server-side AuthenticationException is returned to the unauthenticated remote caller in the gRPC status description. This allows an attacker to obtain … | Apr 28, 2026 |
| CVE-2026-40968 | MEDIUM | 4.2 | When an authenticated user is denied access to a gRPC method, their authenticated identity remains bound to the gRPC worker thread and can be inherited … | Apr 28, 2026 |
| CVE-2026-40556 | UNKNOWN | — | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | Apr 28, 2026 |
| CVE-2026-27760 | HIGH | 8.1 | OpenCATS prior to commit 3002a29 contains a PHP code injection vulnerability in the installer AJAX endpoint that allows unauthenticated attackers to execute arbitrary code by … | Apr 28, 2026 |
| CVE-2025-67223 | HIGH | 7.5 | The Aranda File Server (AFS) component in Aranda Software Aranda Service Desk before 8.3.12 stores daily activity logs with predictable names in a publicly accessible … | Apr 28, 2026 |
| CVE-2026-7281 | LOW | 2.4 | A vulnerability was determined in SourceCodester Pharmacy Sales and Inventory System 1.0. The impacted element is the function supplier of the file /index.php?page=supplier. Executing a … | Apr 28, 2026 |
| CVE-2026-7272 | HIGH | 7.3 | A flaw has been found in WilliamCloudQi matlab-mcp-server up to ab88f6b9bf5f36f725e8628029f7f6dd0d9913ca. The affected element is the function generate_matlab_code/execute_matlab_code of the file src/index.ts of the component … | Apr 28, 2026 |
| CVE-2026-6706 | MEDIUM | 6.5 | Improper access control in the vault documentation feature in Devolutions Server 2026.1.14.0 and earlier allows an authenticated attacker to read documentation content from unauthorized vaults … | Apr 28, 2026 |
| CVE-2026-5944 | HIGH | 8.2 | An improper access control vulnerability exists in the Cisco Intersight Device Connector for Nutanix Prism Central. The service exposes an API passthrough endpoint on TCP … | Apr 28, 2026 |
| CVE-2026-40552 | UNKNOWN | — | mpGabinet is vulnerable to Remote Command Execution. An authorized user with access to the application and direct access to the backend database can achieve system … | Apr 28, 2026 |
| CVE-2026-40551 | UNKNOWN | — | mpGabinet performs client-side authentication. An attacker with access to any application instance connected to the backend server can bypass the login verification process by manipulating … | Apr 28, 2026 |
| CVE-2026-40550 | UNKNOWN | — | mpGabinet is vulnerable to Privilege Escalation due to excessive database privileges assigned to the user used by the application. An attacker with access to any … | Apr 28, 2026 |
| CVE-2026-7309 | MEDIUM | 4.3 | A flaw was found in the OpenShift Container Platform build system. A user with the `edit` ClusterRole can inject arbitrary environment variables, such as `LD_PRELOAD` … | Apr 28, 2026 |
| CVE-2026-7271 | MEDIUM | 5.3 | A vulnerability was detected in DV0x creative-ad-agent up to 751b9e5146604dc65049bd0f62dcbdad6212f8a3. Impacted is an unknown function of the file server/sdk-server.ts of the component creative-ad-agent-server. Performing a … | Apr 28, 2026 |
| CVE-2026-7269 | LOW | 2.4 | A vulnerability was found in SourceCodester Pharmacy Sales and Inventory System 1.0. Affected is an unknown function of the file /index.php?page=product. Performing a manipulation of … | Apr 28, 2026 |
| CVE-2026-5781 | UNKNOWN | — | An authorization vulnerability in MphRx's Minerva V3.6.0, specifically in the '/minerva/moUser/update' endpoint, could allow an authenticated user with user modification privileges to escalate their privileges … | Apr 28, 2026 |