Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-40980 | MEDIUM | 6.5 | In Spring AI, a malicious PDF file can be crafted that triggers the allocation of unreasonable amounts of memory when handled by `ForkPDFLayoutTextStripper`. Affected versions: … | Apr 28, 2026 |
| CVE-2026-40979 | MEDIUM | 6.1 | In Spring AI, having access to a shared environment can expose the ONNX model used by the application. Affected versions: Spring AI: 1.0.0 - 1.0.5 … | Apr 28, 2026 |
| CVE-2026-40978 | HIGH | 8.8 | SQL injection vulnerability in Spring AI's `CosmosDBVectorStore` allows attackers to execute arbitrary SQL queries via crafted document IDs. Affected versions: Spring AI: 1.0.0 - 1.0.5 … | Apr 28, 2026 |
| CVE-2025-10539 | MEDIUM | 4.8 | Due to improper TLS certificate validation in the DeskTime Time Tracking App before version 1.3.674, attackers who can position themselves in the network path between … | Apr 28, 2026 |
| CVE-2026-7240 | CRITICAL | 9.8 | A vulnerability has been found in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the function setVpnAccountCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such … | Apr 28, 2026 |
| CVE-2026-7238 | MEDIUM | 4.7 | A flaw has been found in code-projects Online Music Site 1.0. This affects an unknown part of the file /Administrator/PHP/AdminUpdateAlbum.php. This manipulation of the argument … | Apr 28, 2026 |
| CVE-2026-7237 | HIGH | 7.3 | A vulnerability was detected in AgiFlow scaffold-mcp up to 1.0.27. Affected by this issue is some unknown functionality of the file packages/scaffold-mcp/src/server/index.ts of the component … | Apr 28, 2026 |
| CVE-2026-7235 | MEDIUM | 5.3 | A security vulnerability has been detected in ErlichLiu claude-agent-sdk-master up to b185aa7ff0d864581257008077b4010fca1747bf. Affected by this vulnerability is an unknown functionality of the file app/api/agent-output/route.ts. The … | Apr 28, 2026 |
| CVE-2026-4911 | MEDIUM | 5.3 | The Booking Package plugin for WordPress is vulnerable to Price Manipulation in versions up to, and including, 1.7.06 This is due to the intentForStripe() function … | Apr 28, 2026 |
| CVE-2026-4805 | MEDIUM | 6.4 | The Woostify plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.5.0 This is due to insufficient input sanitization … | Apr 28, 2026 |
| CVE-2026-41526 | MEDIUM | 6.5 | In KDE KCoreAddons before 6.25, KShell::quoteArgs is intended to safely quote arguments so that they can be passed to a shell command. This parsing does … | Apr 28, 2026 |
| CVE-2026-41525 | MEDIUM | 6.5 | KDE Dolphin before 25.12.3 allows applications in a Flatpak (or with AppArmor confinement) to open folders outside of the application sandbox without additional scrutiny. Dolphin's … | Apr 28, 2026 |
| CVE-2026-40966 | MEDIUM | 5.9 | In Spring AI, an attacker can bypass conversation isolation and exfiltrate sensitive memory from other users’ chat histories, including secrets and credentials, by injecting filter … | Apr 28, 2026 |
| CVE-2024-54013 | UNKNOWN | — | Penetration Testing engineers at Amazon have identified a security flaw related to request handling in the web server component that could, under certain conditions, lead … | Apr 28, 2026 |
| CVE-2024-54012 | UNKNOWN | — | Penetration Testing engineers at Amazon discovered a vulnerability where the camera system failed to properly validate input, allowing specially crafted requests containing malicious commands to … | Apr 28, 2026 |
| CVE-2024-54011 | UNKNOWN | — | Penetration Testing engineers at Amazon have discovered a flaw where the camera system fails to properly handle data supplied in certain requests, causing a service … | Apr 28, 2026 |
| CVE-2026-7234 | HIGH | 7.3 | A weakness has been identified in BrowserOperator browser-operator-core up to 0.6.0. Affected is the function startsWith of the file scripts/component_server/server.js. Executing a manipulation of the … | Apr 28, 2026 |
| CVE-2026-7233 | LOW | 3.3 | A vulnerability was determined in Artifex MuPDF up to 1.28.0. The impacted element is the function fz_subset_cff_for_gids of the file subset-cff.c of the component CFF … | Apr 28, 2026 |
| CVE-2026-7230 | MEDIUM | 4.3 | A vulnerability was found in SourceCodester Safety Anger Pad 1.0. The affected element is an unknown function. The manipulation of the argument angerDisplay results in … | Apr 28, 2026 |
| CVE-2026-7229 | MEDIUM | 6.3 | A vulnerability was found in code-projects Coaching Management System 1.0. This affects an unknown function of the file /cims/modules/admin/reply.php of the component POST Handler. Performing … | Apr 28, 2026 |
| CVE-2026-5306 | MEDIUM | 5.4 | The Check & Log Email WordPress plugin before 2.0.13 does not properly handle email replacement, which could allow unauthenticated users to perform Stored XSS attacks … | Apr 28, 2026 |
| CVE-2026-40967 | HIGH | 8.6 | In Spring AI, various FilterExpressionConverter implementations accept a filter expression object and translate them to specific vector store query languages. In several cases, keys and … | Apr 28, 2026 |
| CVE-2026-40356 | MEDIUM | 5.9 | In MIT Kerberos 5 (aka krb5) before 1.22.3, there is an integer underflow and resultant out-of-bounds read if an application calls gss_accept_sec_context() on a system … | Apr 28, 2026 |
| CVE-2026-7228 | HIGH | 7.3 | A flaw has been found in SourceCodester Pizzafy Ecommerce System 1.0. The affected element is the function get_cart_count of the file /admin/ajax.php?action=get_cart_count. This manipulation of … | Apr 28, 2026 |
| CVE-2026-7227 | HIGH | 7.3 | A vulnerability was detected in SourceCodester Pizzafy Ecommerce System 1.0. Impacted is the function Login of the file /admin/ajax.php?action=login. The manipulation of the argument e-mail … | Apr 28, 2026 |