Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-7107 | MEDIUM | 6.3 | A weakness has been identified in code-projects Invoice System in Laravel 1.0. The impacted element is an unknown function of the file /company. This manipulation … | Apr 27, 2026 |
| CVE-2026-7103 | LOW | 3.7 | A vulnerability was determined in code-projects Chat System 1.0. Affected is an unknown function of the file update_user.php of the component MD5 Hash Handler. This … | Apr 27, 2026 |
| CVE-2026-7102 | MEDIUM | 6.3 | A vulnerability was found in Tenda F456 1.0.0.5. This impacts the function FromWriteFacMac of the file /goform/WriteFacMac of the component httpd. The manipulation of the … | Apr 27, 2026 |
| CVE-2026-7101 | HIGH | 8.8 | A vulnerability has been found in Tenda F456 1.0.0.5. This affects the function fromWrlclientSet of the file /goform/WrlclientSet of the component httpd. The manipulation leads … | Apr 27, 2026 |
| CVE-2026-7100 | HIGH | 8.8 | A flaw has been found in Tenda F456 1.0.0.5. The impacted element is the function fromNatlimitof of the file /goform/Natlimit of the component httpd. Executing … | Apr 27, 2026 |
| CVE-2026-7099 | HIGH | 8.8 | A vulnerability was detected in Tenda F456 1.0.0.5. The affected element is the function formQuickIndex of the file /goform/QuickIndex of the component httpd. Performing a … | Apr 27, 2026 |
| CVE-2026-7098 | HIGH | 8.8 | A security vulnerability has been detected in Tenda F456 1.0.0.5. Impacted is the function fromDhcpListClient of the file /goform/DhcpListClient of the component httpd. Such manipulation … | Apr 27, 2026 |
| CVE-2026-42379 | HIGH | 7.7 | Insertion of Sensitive Information Into Sent Data vulnerability in WPDeveloper Templately allows Retrieve Embedded Sensitive Data.This issue affects Templately: from n/a through 3.6.1. | Apr 27, 2026 |
| CVE-2026-41635 | CRITICAL | 9.8 | Apache MINA's AbstractIoBuffer.resolveClass() contains two branches, one of them (for static classes or primitive types) does not check the class at all, bypassing the classname … | Apr 27, 2026 |
| CVE-2026-40860 | CRITICAL | 9.8 | JmsBinding.extractBodyFromJms() in camel-jms, and the equivalent JmsBinding class in camel-sjms, deserialized the payload of incoming JMS ObjectMessage values via javax.jms.ObjectMessage.getObject() without applying any ObjectInputFilter, class … | Apr 27, 2026 |
| CVE-2026-40473 | HIGH | 8.8 | The camel-mina component's MinaConverter.toObjectInput(IoBuffer) type converter wraps an IoBuffer in a java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. When a Camel route uses camel-mina … | Apr 27, 2026 |
| CVE-2026-40453 | CRITICAL | 9.9 | The fix for CVE-2025-27636 added setLowerCase(true) to HttpHeaderFilterStrategy so that case-variant header names such as 'CAmelExecCommandExecutable' are filtered out alongside 'CamelExecCommandExecutable'. The same setLowerCase(true) call … | Apr 27, 2026 |
| CVE-2026-40048 | HIGH | 7.8 | The Camel-PQC FileBasedKeyLifecycleManager class deserializes the contents of `<keyId>.key` files in the configured key directory using java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. The … | Apr 27, 2026 |
| CVE-2026-7097 | HIGH | 8.8 | A weakness has been identified in Tenda F456 1.0.0.5. This issue affects the function fromwebExcptypemanFilter of the file /goform/webExcptypemanFilter of the component httpd. This manipulation … | Apr 27, 2026 |
| CVE-2026-7096 | HIGH | 8.8 | A security flaw has been discovered in Tenda HG3 2.0 300003070. This vulnerability affects the function formgponConf of the file /boaform/admin/formgponConf. The manipulation of the … | Apr 27, 2026 |
| CVE-2026-7095 | MEDIUM | 4.3 | A vulnerability was identified in code-projects Employee Management System 1.0. This affects an unknown part of the file 370project/edit.php. The manipulation of the argument ID … | Apr 27, 2026 |
| CVE-2026-22077 | UNKNOWN | — | OPPO Wallet APP contains a trusted domain validation flaw that allows attackers to bypass protected interface access restrictions, which may lead to account token hijacking … | Apr 27, 2026 |
| CVE-2026-7094 | HIGH | 7.3 | A vulnerability was determined in ShadowCloneLabs GlutamateMCPServers up to e2de73280b01e5d943593dd1aa2c01c5b9112f78. Affected by this issue is some unknown functionality of the file src/puppeteer/index.ts of the component … | Apr 27, 2026 |
| CVE-2026-7093 | MEDIUM | 6.3 | A vulnerability was found in code-projects Invoice System in Laravel 1.0. Affected by this vulnerability is an unknown functionality of the file /invoice/ of the … | Apr 27, 2026 |
| CVE-2026-7092 | MEDIUM | 6.3 | A vulnerability has been found in code-projects Invoice System in Laravel 1.0. Affected is an unknown function of the file /profile/ of the component Profile … | Apr 27, 2026 |
| CVE-2026-7091 | MEDIUM | 6.3 | A flaw has been found in code-projects Invoice System in Laravel 1.0. This impacts an unknown function of the file /user of the component User … | Apr 27, 2026 |
| CVE-2026-42371 | MEDIUM | 5.1 | uriparser before 1.0.1 has numeric truncation in text range comparison, if an application accepts URIs with a length in gigabytes. | Apr 27, 2026 |
| CVE-2026-3008 | MEDIUM | 6.6 | Successful exploitation of the string injection vulnerability could allow an attacker to obtain memory address information or crash the application. | Apr 27, 2026 |
| CVE-2026-7090 | LOW | 2.4 | A vulnerability was detected in code-projects Chat System 1.0. This affects an unknown function of the file /admin/send_message.php of the component Chat Interface. The manipulation … | Apr 27, 2026 |
| CVE-2026-7089 | MEDIUM | 4.3 | A security vulnerability has been detected in code-projects Home Service System 1.0. The impacted element is an unknown function of the file /booking.php of the … | Apr 27, 2026 |