Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-5780 | UNKNOWN | — | An insecure direct object reference (IDOR) vulnerability in MphRx's Minerva V3.6.0, specifically in the endpoint '/minerva/moUser/show/'. If this vulnerability is successfully exploited, an authenticated user … | Apr 28, 2026 |
| CVE-2026-5779 | UNKNOWN | — | An insecure direct object reference (IDOR) vulnerability in MphRx's Minerva V3.6.0, specifically in the '/minerva/user/updateUserProfile' endpoint. This allows an authenticated user to modify the information … | Apr 28, 2026 |
| CVE-2026-5435 | HIGH | 7.3 | The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to enforce the caller-supplied buffer length, and can … | Apr 28, 2026 |
| CVE-2026-7268 | MEDIUM | 6.3 | A vulnerability has been found in SourceCodester Pizzafy Ecommerce System 1.0. This impacts the function save_category of the file /admin/ajax.php?action=save_category. Such manipulation of the argument … | Apr 28, 2026 |
| CVE-2026-7267 | MEDIUM | 6.3 | A flaw has been found in SourceCodester Pizzafy Ecommerce System 1.0. This affects an unknown function of the file /view_prod.php. This manipulation of the argument … | Apr 28, 2026 |
| CVE-2026-7266 | MEDIUM | 6.3 | A vulnerability was detected in SourceCodester Pizzafy Ecommerce System 1.0. The impacted element is the function save_order of the file /admin/ajax.php?action=save_order. The manipulation of the … | Apr 28, 2026 |
| CVE-2026-7265 | MEDIUM | 6.3 | A security vulnerability has been detected in SourceCodester Pizzafy Ecommerce System 1.0. The affected element is the function Category of the file pizza/index.php?page=category. The manipulation … | Apr 28, 2026 |
| CVE-2026-3323 | HIGH | 7.5 | An unsecured configuration interface on affected devices allows unauthenticated remote attackers to access sensitive information, including hashed credentials and access codes. | Apr 28, 2026 |
| CVE-2026-7280 | MEDIUM | 6.7 | AVACAST developed by eMPIA Technology has a Unquoted Service Path vulnerability, allowing privileged local attackers to place a malicious executable file in a specific directory, … | Apr 28, 2026 |
| CVE-2026-7279 | HIGH | 7.8 | AVACAST developed by eMPIA Technology, has a DLL Hijacking vulnerability, allowing authenticated local attackers to place a malicious DLL in a specific directory, resulting in … | Apr 28, 2026 |
| CVE-2026-7264 | MEDIUM | 6.3 | A weakness has been identified in SourceCodester Pizzafy Ecommerce System 1.0. Impacted is the function get_cart_items of the file /admin/ajax.php?action=get_cart_items. Executing a manipulation of the … | Apr 28, 2026 |
| CVE-2026-41636 | HIGH | 7.5 | Uncontrolled Recursion vulnerability in Apache Thrift Node.js bindings This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes … | Apr 28, 2026 |
| CVE-2026-41607 | MEDIUM | 6.5 | Out-of-bounds Read vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue. | Apr 28, 2026 |
| CVE-2026-41606 | MEDIUM | 5.3 | Uncontrolled Recursion vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue. | Apr 28, 2026 |
| CVE-2026-41605 | HIGH | 7.3 | Integer Overflow or Wraparound vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes … | Apr 28, 2026 |
| CVE-2026-41604 | HIGH | 8.2 | Out-of-bounds Read vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue. | Apr 28, 2026 |
| CVE-2026-41603 | HIGH | 7.4 | Improper Validation of Certificate with Host Mismatch vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version … | Apr 28, 2026 |
| CVE-2026-41602 | HIGH | 7.5 | Integer Overflow or Wraparound vulnerability in Apache Thrift TFramedTransport Go language implementation This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to … | Apr 28, 2026 |
| CVE-2025-48431 | HIGH | 7.5 | Mismatched Memory Management Routines vulnerability in Apache Thrift c_glib language bindings. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version … | Apr 28, 2026 |
| CVE-2026-7248 | CRITICAL | 9.8 | A vulnerability was found in D-Link DI-8100 16.07.26A1. This affects the function tgfile_htm of the file tgfile.htm of the component CGI Endpoint. The manipulation of … | Apr 28, 2026 |
| CVE-2026-7247 | HIGH | 7.2 | A vulnerability has been found in D-Link DI-8100 16.07.26A1. Affected by this issue is the function file_exten_asp of the file file_exten.asp of the component File … | Apr 28, 2026 |
| CVE-2026-7244 | CRITICAL | 9.8 | A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. The impacted element is the function setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi of the component CGI … | Apr 28, 2026 |
| CVE-2026-7243 | CRITICAL | 9.8 | A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. The affected element is the function setRadvdCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The … | Apr 28, 2026 |
| CVE-2026-7242 | CRITICAL | 9.8 | A vulnerability was determined in Totolink A8000RU 7.1cu.643_b20200521. Impacted is the function setOpenVpnClientCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation … | Apr 28, 2026 |
| CVE-2026-7241 | CRITICAL | 9.8 | A vulnerability was found in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function setWiFiBasicCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a … | Apr 28, 2026 |