Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-5394 | UNKNOWN | — | An authenticated administrative user who can import or save DataObject class definitions can inject attacker-controlled composite index metadata and trigger unintended SQL execution in the … | Apr 27, 2026 |
| CVE-2026-7150 | MEDIUM | 6.3 | A vulnerability was found in dh1011 auto-favicon up to f189116a9259950c2393f114dbcb94dde0ad864b. This issue affects the function generate_favicon_from_url of the file src/auto_favicon/server.py of the component MCP Tool. … | Apr 27, 2026 |
| CVE-2026-7149 | HIGH | 7.3 | A vulnerability has been found in dexhunter kaggle-mcp up to 406127ffcb2b91b8c10e20e6c2ca787fbc1dc92d. This vulnerability affects the function prepare_kaggle_dataset of the file src/kaggle_mcp/server.py. The manipulation of the … | Apr 27, 2026 |
| CVE-2026-7148 | MEDIUM | 6.3 | A flaw has been found in CodeAstro Online Classroom 1.0. This affects an unknown part of the file /addnewfaculty. Executing a manipulation of the argument … | Apr 27, 2026 |
| CVE-2026-7147 | HIGH | 7.3 | A vulnerability was detected in JoeCastrom mcp-chat-studio up to 1.5.0. Affected by this issue is some unknown functionality of the file server/routes/llm.js of the component … | Apr 27, 2026 |
| CVE-2026-40970 | MEDIUM | 5.0 | When configured to use an SSL bundle, Spring Boot's Elasticsearch auto-configuration does not perform hostname verification when connecting to the Elasticsearch server. Affected: Spring Boot … | Apr 27, 2026 |
| CVE-2026-35903 | CRITICAL | 9.8 | MERCURY MIPC252W IP camera 1.0.5 Build 230306 Rel.79931n contains an improper authentication vulnerability in the RTSP service. After successful Digest authentication in an initial DESCRIBE … | Apr 27, 2026 |
| CVE-2026-35902 | MEDIUM | 6.2 | The RTSP service of MERCURY IP camera MIPC252W 1.0.5 Build 230306 has an issue handling failed Digest authentication attempts. By repeatedly sending RTSP requests with … | Apr 27, 2026 |
| CVE-2026-35901 | MEDIUM | 4.4 | A handling issue in the RTSP service of the Mercury MIPC252W 1.0.5 Build 230306 Rel.79931n allows an authenticated attacker to trigger session termination by repeatedly … | Apr 27, 2026 |
| CVE-2026-32655 | MEDIUM | 5.3 | Dell Alienware Command Center (AWCC), versions prior to 6.13.8.0, contain a Least Privilege Violation vulnerability. A low privileged attacker with local access could potentially exploit … | Apr 27, 2026 |
| CVE-2026-31256 | HIGH | 7.5 | A null pointer dereference vulnerability exists in the RTSP service of the MERCURY MIPC252W 1.0.5 Build 230306 Rel.79931n. During the processing of a SETUP request … | Apr 27, 2026 |
| CVE-2026-31255 | CRITICAL | 9.8 | A command injection vulnerability exists in Tenda AC18 V15.03.05.05_multi. The vulnerability is located in the /goform/SetSambaCfg interface, where improper handling of the guestuser parameter allows … | Apr 27, 2026 |
| CVE-2025-69428 | HIGH | 7.5 | An issue in Pro-Bit before v1.77.4 allows unauthenticated attackers to directly access sensitive directory and its subdirectories. | Apr 27, 2026 |
| CVE-2021-36438 | MEDIUM | 6.5 | SQL Injection vulnerability exists in Sourcecodester Online Job Portal phppdo 1.0 ivia the category parameter in /jobportal/index.php. | Apr 27, 2026 |
| CVE-2026-7146 | HIGH | 7.3 | A security vulnerability has been detected in AlejandroArciniegas mcp-data-vis up to de5a51525a69822290eaee569a1ab447b490746d. Affected by this vulnerability is the function axios of the file src/servers/web-scraper/server.js of … | Apr 27, 2026 |
| CVE-2026-7145 | MEDIUM | 5.4 | A weakness has been identified in mettle sendportal up to 3.0.1. Affected is the function destroy of the file app/Http/Controllers/Workspaces/WorkspaceInvitationsController.php of the component Invitation Handler. … | Apr 27, 2026 |
| CVE-2026-7144 | MEDIUM | 4.3 | A security flaw has been discovered in 1000 Projects Portfolio Management System MCA 1.0. This impacts an unknown function of the file update_passwd_process.php. The manipulation … | Apr 27, 2026 |
| CVE-2026-7143 | MEDIUM | 6.3 | A vulnerability was identified in 1000 Projects Portfolio Management System MCA up to 1.0. This affects an unknown function of the file /admin/block_status.php. The manipulation … | Apr 27, 2026 |
| CVE-2026-31691 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: igb: remove napi_synchronize() in igb_down() When an AF_XDP zero-copy application terminates abruptly (e.g., kill -9), … | Apr 27, 2026 |
| CVE-2026-31690 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: firmware: thead: Fix buffer overflow and use standard endian macros Addresses two issues in the … | Apr 27, 2026 |
| CVE-2026-31689 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: EDAC/mc: Fix error path ordering in edac_mc_alloc() When the mci->pvt_info allocation in edac_mc_alloc() fails, the … | Apr 27, 2026 |
| CVE-2026-31688 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: driver core: enforce device_lock for driver_match_device() Currently, driver_match_device() is called from three sites. One site … | Apr 27, 2026 |
| CVE-2026-31687 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: gpio: omap: do not register driver in probe() Commit 11a78b794496 ("ARM: OMAP: MPUIO wake updates") … | Apr 27, 2026 |
| CVE-2026-31686 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: mm/kasan: fix double free for kasan pXds kasan_free_pxd() assumes the page table is always struct … | Apr 27, 2026 |
| CVE-2026-25908 | MEDIUM | 6.7 | Dell Alienware Command Center (AWCC), versions prior to 6.13.8.0, contain an Execution with Unnecessary Privileges vulnerability in the AWCC. A low privileged attacker with local … | Apr 27, 2026 |