Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-40972 | HIGH | 7.5 | An attacker on the same network as the remote application may be able to utilize a timing attack to discover information about the remote secret. … | Apr 28, 2026 |
| CVE-2026-27785 | HIGH | 8.8 | Specific firmware versions of Milesight AIOT camera firmware contain hard-coded credentials. | Apr 28, 2026 |
| CVE-2026-7194 | HIGH | 7.3 | A weakness has been identified in SourceCodester Pharmacy Sales and Inventory System 1.0. This impacts an unknown function of the file /ajax.php?action=save_product. This manipulation of … | Apr 27, 2026 |
| CVE-2026-7183 | MEDIUM | 5.3 | A vulnerability has been found in aligungr UERANSIM up to 3.2.7. The affected element is the function rls::DecodeRlsMessage in the library src/lib/rls/rls_pdu.cpp of the component … | Apr 27, 2026 |
| CVE-2026-7179 | MEDIUM | 5.3 | A security vulnerability has been detected in OSPG binwalk up to 2.4.3. This vulnerability affects the function read_null_terminated_string of the file src/binwalk/plugins/winceextract.py of the component … | Apr 27, 2026 |
| CVE-2026-40971 | MEDIUM | 5.0 | When configured to use an SSL bundle, Spring Boot's RabbitMQ auto-configuration does not perform hostname verification when connecting to the RabbitMQ broker. Affected: Spring Boot … | Apr 27, 2026 |
| CVE-2026-28747 | HIGH | 7.1 | A weak key generation vulnerability exists in specific firmware versions of Milesight AIOT cameras allows authorization to be bypassed. | Apr 27, 2026 |
| CVE-2026-7178 | HIGH | 7.3 | A weakness has been identified in ChatGPTNextWeb NextChat up to 2.16.1. This affects the function storeUrl of the file app/api/artifacts/route.ts of the component Artifacts Endpoint. … | Apr 27, 2026 |
| CVE-2026-7177 | HIGH | 7.3 | A security flaw has been discovered in ChatGPTNextWeb NextChat up to 2.16.1. Affected by this issue is the function proxyHandler of the file app/api/[provider]/[...path]/route.ts. The … | Apr 27, 2026 |
| CVE-2026-7160 | HIGH | 8.8 | A vulnerability was determined in Tenda HG3 2.0. This vulnerability affects the function formTracert of the file /boaform/formTracert. Executing a manipulation of the argument datasize … | Apr 27, 2026 |
| CVE-2026-7159 | HIGH | 7.3 | A vulnerability was found in douinc mkdocs-mcp-plugin up to 0.4.1. This affects the function read_document/list_documents of the file server.py. Performing a manipulation of the argument … | Apr 27, 2026 |
| CVE-2026-7191 | HIGH | 7.2 | Improper use of the static-eval npm package in the open source solution qnabot-on-aws versions 7.2.4 and earlier may allow an authenticated administrator to execute arbitrary … | Apr 27, 2026 |
| CVE-2026-7158 | HIGH | 7.3 | A vulnerability has been found in dmitryglhf mcp-url-downloader up to 4b8cf2de55f6e8864a77d108e8a94a5b8e4394c6. Affected by this issue is the function _validate_url_safe of the file src/mcp_url_downloader/server.py. Such manipulation … | Apr 27, 2026 |
| CVE-2026-7157 | HIGH | 7.3 | A flaw has been found in disler aider-mcp-server up to b2516fa466d0d851932da92ee6d0e66946db9efc. Affected by this vulnerability is an unknown functionality of the file src/aider_mcp_server/server.py of the … | Apr 27, 2026 |
| CVE-2026-7156 | CRITICAL | 9.8 | A vulnerability was detected in Totolink A8000RU 7.1cu.643_b20200521. Affected is the function CsteSystem of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of … | Apr 27, 2026 |
| CVE-2026-7155 | CRITICAL | 9.8 | A security vulnerability has been detected in Totolink A8000RU 7.1cu.643_b20200521. This impacts the function setLoginPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The … | Apr 27, 2026 |
| CVE-2026-7154 | CRITICAL | 9.8 | A weakness has been identified in Totolink A8000RU 7.1cu.643_b20200521. This affects the function setAdvancedInfoShow of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a … | Apr 27, 2026 |
| CVE-2026-5362 | UNKNOWN | — | An authenticated attacker with permission to edit document content can store crafted HTML/JavaScript in a Document embed editable and cause script execution when the published … | Apr 27, 2026 |
| CVE-2026-3087 | UNKNOWN | — | If `shutil.unpack_archive()` is given a ZIP archive with an absolute Windows path containing a drive (`C:\\...`) then the archive will be extracted outside the target … | Apr 27, 2026 |
| CVE-2026-29971 | MEDIUM | 6.1 | A reflected cross-site scripting (XSS) vulnerability exists in WebFileSys version before 2.32.0 and fixed in v.2.32.0. User-controlled input is reflected into HTML and JavaScript contexts … | Apr 27, 2026 |
| CVE-2024-46636 | CRITICAL | 9.4 | NASA Earth Observing System Data and Information System (EOSDIS) MODAPS v8.1 was discovered to contain a SQL injection vulnerability in the category parameter | Apr 27, 2026 |
| CVE-2026-7153 | CRITICAL | 9.8 | A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. The impacted element is the function setMiniuiHomeInfoShow of the file /cgi-bin/cstecgi.cgi of the component CGI … | Apr 27, 2026 |
| CVE-2026-7152 | CRITICAL | 9.8 | A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. The affected element is the function setTelnetCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such … | Apr 27, 2026 |
| CVE-2026-7151 | HIGH | 8.8 | A vulnerability was determined in Tenda HG3 2.0. Impacted is the function formUploadConfig of the file /boaform/formIPv6Routing. This manipulation of the argument destNet causes stack-based … | Apr 27, 2026 |
| CVE-2026-6741 | HIGH | 8.8 | The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 5.4.1. … | Apr 27, 2026 |