Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-7133 | MEDIUM | 4.7 | A vulnerability was determined in code-projects Online Lot Reservation System 1.0. This impacts an unknown function of the file /activity.php. This manipulation of the argument … | Apr 27, 2026 |
| CVE-2026-7132 | MEDIUM | 5.3 | A vulnerability was found in code-projects Online Lot Reservation System up to 1.0. This affects the function readfile of the file /download.php. The manipulation of … | Apr 27, 2026 |
| CVE-2026-7131 | HIGH | 7.3 | A vulnerability has been found in code-projects Online Lot Reservation System up to 1.0. The impacted element is an unknown function of the file /loginuser.php. … | Apr 27, 2026 |
| CVE-2026-6357 | UNKNOWN | — | pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were … | Apr 27, 2026 |
| CVE-2026-6337 | UNKNOWN | — | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this … | Apr 27, 2026 |
| CVE-2026-40514 | MEDIUM | 5.9 | SmarterTools SmarterMail builds prior to 9610 contain a cryptographic weakness in the file and email sharing endpoints that use DES-CBC encryption with keys and initialization … | Apr 27, 2026 |
| CVE-2026-30350 | HIGH | 7.5 | An issue in the /store/items/search endpoint of Agent Protocol server commit e9a89f allows attackers to cause a Denial of Service (DoS) via a crafted POST … | Apr 27, 2026 |
| CVE-2026-7130 | HIGH | 7.3 | A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. The affected element is an unknown function of the file /ajax.php?action=delete_category. Executing … | Apr 27, 2026 |
| CVE-2026-7129 | MEDIUM | 4.3 | A vulnerability was detected in SourceCodester Pharmacy Sales and Inventory System 1.0. Impacted is an unknown function of the file /index.php?page=categories. Performing a manipulation of … | Apr 27, 2026 |
| CVE-2026-7128 | HIGH | 7.3 | A security vulnerability has been detected in SourceCodester Pharmacy Sales and Inventory System 1.0. This issue affects some unknown processing of the file /ajax.php?action=save_type. Such … | Apr 27, 2026 |
| CVE-2026-7127 | HIGH | 7.3 | A weakness has been identified in SourceCodester Pharmacy Sales and Inventory System 1.0. This vulnerability affects unknown code of the file /ajax.php?action=delete_receiving. This manipulation of … | Apr 27, 2026 |
| CVE-2026-7126 | HIGH | 7.3 | A security flaw has been discovered in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects an unknown part of the file /ajax.php?action=save_category. The manipulation … | Apr 27, 2026 |
| CVE-2026-6265 | UNKNOWN | — | Insecure preserved inherited permissions vulnerability in Cerberus FTP Server on Windows allows Privilege Escalation.This issue has been resolved in Cerberus FTP Server: 2026.1 | Apr 27, 2026 |
| CVE-2026-41081 | MEDIUM | 6.5 | Improper Handling of TLS Client Authentication Failure Leading to Anonymous Principal Assignment in Apache Storm Versions Affected: up to 2.8.7 Description: When TLS transport is … | Apr 27, 2026 |
| CVE-2026-40557 | UNKNOWN | — | Improper Certificate Validation via Global SSL Context Downgrade in Apache Storm Prometheus Reporter Versions Affected: from 2.6.3 to 2.8.6 Description: In production deployments where an … | Apr 27, 2026 |
| CVE-2026-32688 | UNKNOWN | — | Allocation of Resources Without Limits or Throttling vulnerability in elixir-plug plug_cowboy allows unauthenticated remote denial of service via atom table exhaustion. Plug.Cowboy.Conn.conn/1 in lib/plug/cowboy/conn.ex calls … | Apr 27, 2026 |
| CVE-2025-15626 | UNKNOWN | — | Authenticated user can bypass authorization in Ribblr - Crochet & Knitting iOS application | Apr 27, 2026 |
| CVE-2026-7125 | CRITICAL | 9.8 | A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. Affected by this issue is the function setWiFiEasyCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. … | Apr 27, 2026 |
| CVE-2026-7124 | CRITICAL | 9.8 | A vulnerability was determined in Totolink A8000RU 7.1cu.643_b20200521. Affected by this vulnerability is the function setIpv6LanCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. … | Apr 27, 2026 |
| CVE-2026-7123 | CRITICAL | 9.8 | A vulnerability was found in Totolink A8000RU 7.1cu.643_b20200521. Affected is the function setIptvCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation … | Apr 27, 2026 |
| CVE-2026-7040 | HIGH | 7.5 | Text::Minify::XS versions from v0.3.0 before v0.7.8 for Perl have a heap overflow when processing some malformed UTF-8 characters. The minify functions mishandled some malformed UTF-8 … | Apr 27, 2026 |
| CVE-2026-7122 | CRITICAL | 9.8 | A vulnerability has been found in Totolink A8000RU 7.1cu.643_b20200521. This impacts the function setUPnPCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation … | Apr 27, 2026 |
| CVE-2026-7121 | CRITICAL | 9.8 | A flaw has been found in Totolink A8000RU 7.1cu.643_b20200521. This affects the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation … | Apr 27, 2026 |
| CVE-2026-7119 | HIGH | 8.8 | A vulnerability was detected in Tenda HG3 2.0. The impacted element is an unknown function of the file /boaform/formCountrystr. The manipulation of the argument countrystr … | Apr 27, 2026 |
| CVE-2026-7118 | MEDIUM | 6.3 | A security vulnerability has been detected in code-projects Employee Management System 1.0. The affected element is an unknown function of the file 370project/cancel.php. The manipulation … | Apr 27, 2026 |