Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-7117 | MEDIUM | 6.3 | A weakness has been identified in code-projects Employee Management System 1.0. Impacted is an unknown function of the file 370project/approve.php. Executing a manipulation of the … | Apr 27, 2026 |
| CVE-2026-7116 | MEDIUM | 4.3 | A security flaw has been discovered in code-projects Employee Management System 1.0. This issue affects some unknown processing of the file 370project/mark.php. Performing a manipulation … | Apr 27, 2026 |
| CVE-2026-5943 | HIGH | 7.8 | Document structural anomalies caused inconsistencies between page element relationships and internal index states. When scripts triggered document modifications, object reference validity was not properly maintained, … | Apr 27, 2026 |
| CVE-2026-5942 | MEDIUM | 5.5 | Flaws in page lifecycle management allow document structure changes to desynchronize internal component states, causing subsequent operations to access invalidated objects and crash the program. | Apr 27, 2026 |
| CVE-2026-5941 | HIGH | 7.8 | Parsing logic flaws cause non-signature data to be misidentified as valid signatures when processing malformed form field hierarchies, leading to invalid memory writes and program … | Apr 27, 2026 |
| CVE-2026-5940 | HIGH | 7.8 | Calling a function that triggers a UI refresh after removing comments via a script may access an invalidated object, leading to program crashes. | Apr 27, 2026 |
| CVE-2026-5939 | MEDIUM | 5.5 | A crafted XFA PDF can trigger a use-after-free condition during calculate event processing, causing the application to crash and resulting in an arbitrary code execution. | Apr 27, 2026 |
| CVE-2026-5938 | MEDIUM | 5.5 | Improper control flow management allows a crafted document action chain to cause modal dialog reentry on the main thread, resulting in UI freeze and denial … | Apr 27, 2026 |
| CVE-2026-5937 | MEDIUM | 5.5 | Insufficient parameter verification leads to the occurrence of format errors in files, which will trigger an unhandled "std::invalid_argument" exception, ultimately causing the program to terminate. | Apr 27, 2026 |
| CVE-2026-42410 | MEDIUM | 6.5 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodexThemes TheGem Theme Elements (for Elementor) allows DOM-Based XSS.This issue affects TheGem Theme … | Apr 27, 2026 |
| CVE-2026-7115 | MEDIUM | 6.3 | A vulnerability was identified in code-projects Employee Management System 1.0. This vulnerability affects unknown code of the file 370project/delete.php. Such manipulation of the argument ID … | Apr 27, 2026 |
| CVE-2026-7114 | MEDIUM | 6.3 | A vulnerability was determined in code-projects Employee Management System 1.0. This affects an unknown part of the file 370project/edit.php. This manipulation of the argument ID … | Apr 27, 2026 |
| CVE-2026-7113 | MEDIUM | 5.6 | A vulnerability was found in NousResearch hermes-agent 0.8.0. Affected by this issue is some unknown functionality of the file gateway/platforms/webhook.py of the component Webhooks Endpoint. … | Apr 27, 2026 |
| CVE-2026-33453 | CRITICAL | 10.0 | Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Apache Camel Camel-Coap component. Apache Camel's camel-coap component is vulnerable to Camel message header injection, leading … | Apr 27, 2026 |
| CVE-2026-27172 | MEDIUM | 6.3 | The ConsulRegistry in the camel-consul component (class org.apache.camel.component.consul.ConsulRegistry and its inner ConsulRegistryUtils.deserialize method) read Java-serialized values from the Consul KV store and passed them to … | Apr 27, 2026 |
| CVE-2026-22337 | CRITICAL | 9.8 | Incorrect Privilege Assignment vulnerability in Directorist Directorist Social Login allows Privilege Escalation.This issue affects Directorist Social Login: from n/a before 2.1.4. | Apr 27, 2026 |
| CVE-2026-22336 | CRITICAL | 9.3 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Directorist Booking allows SQL Injection.This issue affects Directorist Booking: from n/a … | Apr 27, 2026 |
| CVE-2026-7112 | MEDIUM | 5.6 | A vulnerability has been found in NousResearch hermes-agent 0.8.0. Affected by this vulnerability is the function _check_auth of the file gateway/platforms/api_server.py of the component API_SERVER_KEY … | Apr 27, 2026 |
| CVE-2026-7110 | LOW | 3.5 | A flaw has been found in code-projects Invoice System in Laravel 1.0. Affected is an unknown function of the file /item. Executing a manipulation of … | Apr 27, 2026 |
| CVE-2026-7109 | MEDIUM | 5.3 | A vulnerability was detected in code-projects Invoice System in Laravel 1.0. This impacts an unknown function of the file /item of the component API Endpoint. … | Apr 27, 2026 |
| CVE-2026-41409 | CRITICAL | 9.8 | The fix for CVE-2024-52046 in Apache MINA AbstractIoBuffer.getObject() was incomplete. The classname allowlist of classes allowed to be deserialized was applied too late after a … | Apr 27, 2026 |
| CVE-2026-40858 | HIGH | 8.8 | The camel-infinispan component's ProtoStream-based remote aggregation repository deserializes data read from a remote Infinispan cache using java.io.ObjectInputStream without applying any ObjectInputFilter. An attacker who can … | Apr 27, 2026 |
| CVE-2026-40022 | HIGH | 8.2 | When authentication is enabled on the Apache Camel embedded HTTP server or embedded management server (camel-platform-http-main) and a non-root context path such as /api or … | Apr 27, 2026 |
| CVE-2026-33454 | CRITICAL | 9.4 | The Camel-Mail component is vulnerable to Camel message header injection. The custom header filter strategy used by the component (MailHeaderFilterStrategy) only filters the 'out' direction … | Apr 27, 2026 |
| CVE-2026-7108 | MEDIUM | 4.3 | A security vulnerability has been detected in code-projects Invoice System in Laravel 1.0. This affects an unknown function. Such manipulation leads to cross-site request forgery. … | Apr 27, 2026 |