Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2025-69689 | HIGH | 8.8 | The Fan Control application V251 contains an improper privilege handling vulnerability in its Open File Dialog. The dialog processes user-supplied paths with elevated permissions, which … | Apr 27, 2026 |
| CVE-2026-7142 | MEDIUM | 6.3 | A vulnerability was determined in Wooey up to 0.13.2. The impacted element is the function add_or_update_script of the file wooey/api/scripts.py of the component API Endpoint. … | Apr 27, 2026 |
| CVE-2026-7141 | MEDIUM | 5.6 | A vulnerability was found in vllm up to 0.19.0. The affected element is the function has_mamba_layers of the file vllm/v1/kv_cache_interface.py of the component KV Block … | Apr 27, 2026 |
| CVE-2026-7140 | CRITICAL | 9.8 | A vulnerability has been found in Totolink A8000RU 7.1cu.643_b20200521. Impacted is the function CsteSystem of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation … | Apr 27, 2026 |
| CVE-2026-7139 | CRITICAL | 9.8 | A flaw has been found in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function setWiFiAclRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This … | Apr 27, 2026 |
| CVE-2026-38936 | MEDIUM | 6.1 | A reflected cross-site scripting (XSS) vulnerability exists in diskover-community <= 2.3.5 in public/selectindices.php via the namecontains parameter | Apr 27, 2026 |
| CVE-2026-38935 | MEDIUM | 6.1 | A reflected cross-site scripting (XSS) vulnerability exists in diskover-community <= 2.3.5 in public/view.php via the doctype parameter | Apr 27, 2026 |
| CVE-2026-38934 | HIGH | 8.8 | Cross Site Request Forgery vulnerability in diskoverdata diskover-community v.2.3.5. and before allows a remote attacker to escalate privileges and obtain sensitive information via the public/settings_process.php | Apr 27, 2026 |
| CVE-2026-30462 | MEDIUM | 4.3 | A path traversal vulnerability in the Blocks module of Daylight Studio FuelCMS v1.5.2 allows attackers to execute a directory traversal. | Apr 27, 2026 |
| CVE-2026-30346 | MEDIUM | 4.3 | An open redirect in the /api/google/authorize endpoint of hunvreus DevPush v0.3.2 allows attackers to redirect users to malicious sites via supplying a crafted URL. | Apr 27, 2026 |
| CVE-2026-7138 | CRITICAL | 9.8 | A vulnerability was detected in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the function setNtpCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation … | Apr 27, 2026 |
| CVE-2026-7137 | CRITICAL | 9.8 | A security vulnerability has been detected in Totolink A8000RU 7.1cu.643_b20200521. This affects the function setStorageCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The … | Apr 27, 2026 |
| CVE-2026-7136 | CRITICAL | 9.8 | A weakness has been identified in Totolink A8000RU 7.1cu.643_b20200521. Affected by this issue is the function setDmzCfg of the file /cgi-bin/cstecgi.cgi of the component CGI … | Apr 27, 2026 |
| CVE-2026-7135 | MEDIUM | 5.3 | A security flaw has been discovered in GPAC up to 26.03-DEV-rev105-g8f39a1eb3-master. Affected by this vulnerability is the function elng_box_read of the file src/isomedia/box_code_base.c of the … | Apr 27, 2026 |
| CVE-2026-7134 | MEDIUM | 4.7 | A vulnerability was identified in code-projects Online Lot Reservation System 1.0. Affected is an unknown function of the file /edithousepic.php. Such manipulation of the argument … | Apr 27, 2026 |
| CVE-2026-6970 | UNKNOWN | — | authd prior to version 0.6.4 contains a logic error in primary group ID assignment that can lead to local privilege escalation. When a user's primary … | Apr 27, 2026 |
| CVE-2026-41467 | MEDIUM | 5.4 | ProjeQtor versions 7.0 through 12.4.3 contain a stored cross-site scripting vulnerability in the file upload functionality where the checkValidFileName() function fails to restrict HTML and … | Apr 27, 2026 |
| CVE-2026-41466 | MEDIUM | 5.4 | ProjeQtor versions 7.0 through 12.4.3 contain a stored cross-site scripting vulnerability in the checkValidHtmlText() function within Security.php that fails to properly sanitize user input by … | Apr 27, 2026 |
| CVE-2026-41465 | MEDIUM | 6.5 | ProjeQtor versions 7.0 through 12.4.3 contains a path traversal vulnerability in the log file viewer at dynamicDialog.php where the logname parameter is not validated against … | Apr 27, 2026 |
| CVE-2026-41464 | MEDIUM | 6.5 | ProjeQtor versions 7.0 through 12.4.3 contain a missing authorization vulnerability in the objectDetail.php endpoint that allows authenticated users with guest-level privileges to retrieve sensitive data … | Apr 27, 2026 |
| CVE-2026-41463 | HIGH | 8.8 | ProjeQtor versions 7.0 through 12.4.3 contain a ZipSlip path traversal vulnerability in the plugin upload functionality that allows authenticated attackers with upload permissions to write … | Apr 27, 2026 |
| CVE-2026-41462 | CRITICAL | 9.8 | ProjeQtor versions 7.0 through 12.4.3 contain an unauthenticated SQL injection vulnerability in the login functionality where the login variable is directly concatenated into a SQL … | Apr 27, 2026 |
| CVE-2026-30352 | CRITICAL | 9.8 | A remote code execution (RCE) vulnerability in the /devserver/start endpoint of leonvanzyl autocoder commit 79d02a allows attackers to execute arbitrary code via providing a crafted … | Apr 27, 2026 |
| CVE-2026-30351 | HIGH | 7.5 | A path traversal vulnerability in the UI/static component of leonvanzyl autocoder commit 79d02a allows attackers to read arbitrary files via sending crafted URL path containing … | Apr 27, 2026 |
| CVE-2025-54505 | UNKNOWN | — | A transient execution vulnerability within AMD CPUs may allow a local user-privileged attacker to leak data via the floating point divisor unit, potentially resulting in … | Apr 27, 2026 |