Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
220
Total
14
Critical
71
High
65
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-33943 | HIGH | 8.8 | Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. In versions 15.10.0 through 20.8.7, a code injection vulnerability in … | Mar 27, 2026 |
| CVE-2026-33941 | HIGH | 8.2 | Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, the Handlebars CLI precompiler (`bin/handlebars` / `lib/precompiler.js`) concatenates user-controlled … | Mar 27, 2026 |
| CVE-2026-33940 | HIGH | 8.1 | Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, a crafted object placed in the template context can … | Mar 27, 2026 |
| CVE-2026-33939 | HIGH | 7.5 | Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, when a Handlebars template contains decorator syntax referencing an … | Mar 27, 2026 |
| CVE-2026-27309 | HIGH | 7.8 | Substance3D - Stager versions 3.1.7 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context … | Mar 27, 2026 |
| CVE-2019-25652 | HIGH | 7.5 | UniFi Network Controller before version 5.10.22 and 5.11.x before 5.11.18 contains an improper certificate verification vulnerability that allows adjacent network attackers to conduct man-in-the-middle attacks … | Mar 27, 2026 |
| CVE-2019-25651 | HIGH | 8.3 | Ubiquiti UniFi Network Controller prior to 5.10.12 (excluding 5.6.42), UAP FW prior to 4.0.6, UAP-AC, UAP-AC v2, and UAP-AC Outdoor FW prior to 3.8.17, USW … | Mar 27, 2026 |
| CVE-2026-4976 | HIGH | 8.8 | A vulnerability was found in Totolink LR350 9.3.5u.6369_B20220309. This vulnerability affects the function setWiFiGuestCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ssid results … | Mar 27, 2026 |
| CVE-2026-34046 | UNKNOWN | — | Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.5.1, the `_read_flow` helper in `src/backend/base/langflow/api/v1/flows.py` branched on the `AUTO_LOGIN` … | Mar 27, 2026 |
| CVE-2026-33938 | HIGH | 8.1 | Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, the `@partial-block` special variable is stored in the template … | Mar 27, 2026 |
| CVE-2026-33937 | CRITICAL | 9.8 | Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, `Handlebars.compile()` accepts a pre-parsed AST object in addition to … | Mar 27, 2026 |
| CVE-2026-33916 | MEDIUM | 4.7 | Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, `resolvePartial()` in the Handlebars runtime resolves partial names via … | Mar 27, 2026 |
| CVE-2026-33907 | MEDIUM | 6.5 | Ella Core is a 5G core designed for private networks. Versions prior to 1.7.0 panic when processing Authentication Response and Authentication Failure NAS message missing … | Mar 27, 2026 |
| CVE-2026-33906 | HIGH | 7.2 | Ella Core is a 5G core designed for private networks. Prior to version 1.7.0, the NetworkManager role was granted backup and restore permission. The restore … | Mar 27, 2026 |
| CVE-2026-33904 | MEDIUM | 6.5 | Ella Core is a 5G core designed for private networks. Prior to version 1.7.0, a deadlock in the AMF's SCTP notification handler causes the entire … | Mar 27, 2026 |
| CVE-2026-33903 | MEDIUM | 6.5 | Ella Core is a 5G core designed for private networks. Versions prior to 1.7.0 panic when processing a specially crafted NGAP LocationReport message. An attacker … | Mar 27, 2026 |
| CVE-2026-33896 | HIGH | 7.4 | Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, `pki.verifyCertificateChain()` does not enforce RFC 5280 basicConstraints … | Mar 27, 2026 |
| CVE-2026-33895 | HIGH | 7.5 | Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, Ed25519 signature verification accepts forged non-canonical signatures … | Mar 27, 2026 |
| CVE-2026-33894 | HIGH | 7.5 | Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, RSASSA PKCS#1 v1.5 signature verification accepts forged … | Mar 27, 2026 |
| CVE-2026-33891 | HIGH | 7.5 | Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, a Denial of Service (DoS) vulnerability exists … | Mar 27, 2026 |
| CVE-2026-33887 | MEDIUM | 5.4 | Statamic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.16 and 6.7.2, authenticated Control Panel users could view entry revisions … | Mar 27, 2026 |
| CVE-2026-33886 | MEDIUM | 6.5 | Statamic is a Laravel and Git powered content management system (CMS). Starting in version 5.7.12 and prior to versions 5.73.16 and 6.7.2, a control panel … | Mar 27, 2026 |
| CVE-2026-33885 | MEDIUM | 6.1 | Statamic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.16 and 6.7.2, the external URL detection used for redirect validation … | Mar 27, 2026 |
| CVE-2026-33884 | MEDIUM | 4.3 | Statamic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.16 and 6.7.2, an authenticated Control Panel user with access to … | Mar 27, 2026 |
| CVE-2026-33883 | MEDIUM | 6.1 | Statamic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.16 and 6.7.2, the `user:reset_password_form` tag could render user-input directly into … | Mar 27, 2026 |