Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-7067 | HIGH | 7.3 | A vulnerability was determined in D-Link DIR-822 A_101. The impacted element is the function system of the file /udhcpcd/dhcpd.c of the component udhcpd DHCP Service. … | Apr 27, 2026 |
| CVE-2026-7066 | HIGH | 7.3 | A vulnerability was found in choieastsea simple-openstack-mcp up to 767b2f4a8154cca344344b9725537a58399e6036. The affected element is the function exec_openstack of the file server.py. The manipulation results in … | Apr 27, 2026 |
| CVE-2026-7065 | HIGH | 7.3 | A vulnerability has been found in BidingCC BuildingAI up to 26.0.1. Impacted is the function uploadRemoteFile of the file packages/core/src/modules/upload/services/file-storage.service.ts of the component Remote Upload … | Apr 27, 2026 |
| CVE-2026-42363 | CRITICAL | 9.3 | An insufficient encryption vulnerability exists in the Device Authentication functionality of GeoVision GV-IP Device Utility 9.0.5. Listening to broadcast packets can lead to credentials leak. … | Apr 27, 2026 |
| CVE-2026-33566 | MEDIUM | 4.3 | There is a cypher injection issue in LogonTracer prior to v2.0.0. If specially crafted Windows event log data is loaded, the contents of the database … | Apr 27, 2026 |
| CVE-2026-33277 | HIGH | 8.8 | An OS command Injection issue exists in LogonTracer prior to v2.0.0. An arbitrary OS command may be executed by a logged-in user. | Apr 27, 2026 |
| CVE-2026-7064 | HIGH | 7.3 | A flaw has been found in AgentDeskAI browser-tools-mcp up to 1.2.0. This issue affects some unknown processing of the file browser-tools-server/browser-connector.ts. Executing a manipulation can … | Apr 26, 2026 |
| CVE-2026-7063 | HIGH | 7.3 | A vulnerability was detected in code-projects Employee Management System 1.0. This vulnerability affects unknown code of the file /370project/process/eprocess.php of the component Endpoint. Performing a … | Apr 26, 2026 |
| CVE-2026-7062 | HIGH | 7.3 | A security vulnerability has been detected in Intina47 context-sync up to 2.0.0. This affects an unknown part of the file src/git-integration.ts of the component Git … | Apr 26, 2026 |
| CVE-2026-7061 | HIGH | 7.3 | A weakness has been identified in Toowiredd chatgpt-mcp-server up to 0.1.0. Affected by this issue is some unknown functionality of the file src/services/docker.service.ts of the … | Apr 26, 2026 |
| CVE-2026-7060 | HIGH | 7.3 | A vulnerability was determined in liyupi yu-picture up to a053632c41340152bf75b66b3c543d129123d8ec. This impacts the function PageRequest of the file yu-picture-backend/src/main/java/com/yupi/yupicturebackend/service/impl/PictureServiceImpl.java of the component MyBatis-Plus. Executing a … | Apr 26, 2026 |
| CVE-2026-7059 | MEDIUM | 5.3 | A vulnerability was found in 666ghj MiroFish up to 0.1.2. This affects the function get_simulation_posts of the file backend/app/api/simulation.py of the component Query Parameter Handler. … | Apr 26, 2026 |
| CVE-2026-7058 | HIGH | 7.3 | A vulnerability has been found in 666ghj MiroFish up to 0.1.2. The impacted element is the function SimulationIPCClient.send_command of the file backend/app/services/simulation_ipc.py of the component … | Apr 26, 2026 |
| CVE-2026-7057 | HIGH | 8.8 | A flaw has been found in Tenda F456 1.0.0.5. The affected element is an unknown function of the file /goform/setcfm of the component httpd. This … | Apr 26, 2026 |
| CVE-2026-7056 | HIGH | 8.8 | A vulnerability was detected in Tenda F456 1.0.0.5. Impacted is the function fromSafeUrlFilter of the file /goform/SafeUrlFilter of the component httpd. The manipulation of the … | Apr 26, 2026 |
| CVE-2026-7055 | HIGH | 8.8 | A security vulnerability has been detected in Tenda F456 1.0.0.5. This issue affects the function fromVirtualSer of the file /goform/VirtualSer of the component httpd. The … | Apr 26, 2026 |
| CVE-2026-7054 | HIGH | 8.8 | A weakness has been identified in Tenda F456 1.0.0.5. This vulnerability affects the function fromPptpUserAdd of the file /goform/PPTPDClient of the component httpd. Executing a … | Apr 26, 2026 |
| CVE-2026-7053 | HIGH | 8.8 | A security flaw has been discovered in Tenda F456 1.0.0.5. This affects the function frmL7ProtForm of the file /goform/L7Prot of the component httpd. Performing a … | Apr 26, 2026 |
| CVE-2026-7045 | MEDIUM | 6.3 | A vulnerability was determined in baomidou dynamic-datasource 2.5.0. Affected by this vulnerability is the function DsSpelExpressionProcessor#doDetermineDatasource of the file dynamic-datasource-spring/src/main/java/com/baomidou/dynamic/datasource/processor/DsSpelExpressionProcessor.java of the component StandardEvaluationContext/SpelExpressionParser. This … | Apr 26, 2026 |
| CVE-2026-7044 | MEDIUM | 6.3 | A vulnerability was found in GreenCMS up to 2.3. Affected is the function themeadd of the file /index.php?m=admin&c=custom&a=themeadd. The manipulation results in unrestricted upload. The … | Apr 26, 2026 |
| CVE-2026-7043 | MEDIUM | 6.3 | A vulnerability has been found in GreenCMS up to 2.3. This impacts the function pluginAddLocal of the file /index.php?m=admin&c=custom&a=pluginadd. The manipulation leads to unrestricted upload. … | Apr 26, 2026 |
| CVE-2026-7042 | HIGH | 7.3 | A flaw has been found in 666ghj MiroFish up to 0.1.2. This affects the function create_app of the file backend/app/__init__.py of the component REST API … | Apr 26, 2026 |
| CVE-2018-25297 | MEDIUM | 6.2 | Wansview 1.0.2 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying oversized input strings. Attackers can inject 2000-byte payloads … | Apr 26, 2026 |
| CVE-2018-25296 | MEDIUM | 5.5 | P10 Central Management Software 1.4.13 contains a buffer overflow vulnerability in the login password field that allows local attackers to crash the application by submitting … | Apr 26, 2026 |
| CVE-2018-25295 | MEDIUM | 6.2 | ObserverIP Scan Tool 1.4.0.1 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string in … | Apr 26, 2026 |