Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-41317 | UNKNOWN | — | Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service (SaaS).`press.api.account.create_api_secret` is prone to CSRF-like exploits. This endpoint writes to … | Apr 24, 2026 |
| CVE-2026-41316 | HIGH | 8.1 | ERB is a templating system for Ruby. Ruby 2.7.0 (before ERB 2.2.0 was published on rubygems.org) introduced an `@_init` instance variable guard in `ERB#result` and … | Apr 24, 2026 |
| CVE-2026-41309 | HIGH | 8.2 | Open Source Social Network (OSSN) is open-source social networking software developed in PHP. Versions prior to 9.0 are vulnerable to resource exhaustion. An attacker can … | Apr 24, 2026 |
| CVE-2026-41305 | MEDIUM | 6.1 | PostCSS takes a CSS file and provides an API to analyze and modify its rules by transforming the rules into an Abstract Syntax Tree. Versions … | Apr 24, 2026 |
| CVE-2026-40254 | MEDIUM | 4.2 | FreeRDP is a free implementation of the Remote Desktop Protocol. Versions prior to 3.25.0 have an off-by-one in the path traversal filter in `channels/drive/client/drive_file.c`. The … | Apr 24, 2026 |
| CVE-2026-33318 | HIGH | 8.8 | Actual is a local-first personal finance tool. Prior to version 26.4.0, any authenticated user (including `BASIC` role) can escalate to `ADMIN` on servers migrated from … | Apr 24, 2026 |
| CVE-2026-33317 | HIGH | 8.7 | OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. In … | Apr 24, 2026 |
| CVE-2026-33208 | UNKNOWN | — | Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.4, the /config/ < service > /find-in-config endpoint in … | Apr 24, 2026 |
| CVE-2026-33078 | UNKNOWN | — | Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Versions prior to 8.2.6.4 have a SQL injection vulnerability in the haproxy_section_save … | Apr 24, 2026 |
| CVE-2026-33077 | UNKNOWN | — | Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.4, the oldconfig parameter in the haproxy_section_save interface has … | Apr 24, 2026 |
| CVE-2026-33076 | UNKNOWN | — | Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.4, the haproxy_section_save interface presents a vulnerability that could … | Apr 24, 2026 |
| CVE-2026-32952 | MEDIUM | 5.3 | go-ntlmssp is a Go package that provides NTLM/Negotiate authentication over HTTP. Prior to version 0.1.1, a malicious NTLM challenge message can causes an slice out … | Apr 24, 2026 |
| CVE-2026-41325 | UNKNOWN | — | Kirby is an open-source content management system. Kirby's user permissions control which user role is allowed to perform specific actions to content models in the … | Apr 24, 2026 |
| CVE-2026-40099 | UNKNOWN | — | Kirby is an open-source content management system. Kirby's user permissions control which user role is allowed to perform specific actions to content models in the … | Apr 24, 2026 |
| CVE-2026-34587 | UNKNOWN | — | Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, Kirby's user permissions control which user role is allowed to perform specific … | Apr 24, 2026 |
| CVE-2026-32870 | UNKNOWN | — | Kirby is an open-source content management system. Kirby's `Xml::value()` method has special handling for `<![CDATA[ ]]>` blocks. If the input value is already valid `CDATA`, … | Apr 24, 2026 |
| CVE-2026-31956 | MEDIUM | 4.3 | Xibo is an open source digital signage platform with a web content management system and Windows display player software. Prior to version 4.4.1, any authenticated … | Apr 24, 2026 |
| CVE-2026-31955 | MEDIUM | 4.9 | Xibo is an open source digital signage platform with a web content management system and Windows display player software. An authenticated Server-Side Request Forgery (SSRF) … | Apr 24, 2026 |
| CVE-2026-31953 | MEDIUM | 6.4 | Xibo is an open source digital signage platform with a web content management system and Windows display player software. A stored Cross-Site Scripting (XSS) vulnerability … | Apr 24, 2026 |
| CVE-2026-40630 | CRITICAL | 9.8 | A vulnerability in SenseLive X3050’s web management interface allows unauthorized access to certain configuration endpoints due to improper access control enforcement. An attacker with network … | Apr 24, 2026 |
| CVE-2026-40623 | HIGH | 8.1 | A vulnerability in SenseLive X3050's web management interface allows critical system and network configuration parameters to be modified without sufficient validation and safety controls. Due … | Apr 24, 2026 |
| CVE-2026-40620 | CRITICAL | 9.8 | A vulnerability in SenseLive X3050’s embedded management service allows full administrative control to be established without any form of authentication or authorization on the SenseLive … | Apr 24, 2026 |
| CVE-2026-40431 | MEDIUM | 5.3 | A vulnerability exists in SenseLive X3050’s web management interface due to its reliance on unencrypted HTTP for all administrative communication. Because management traffic, including authentication … | Apr 24, 2026 |
| CVE-2026-39462 | HIGH | 8.1 | A vulnerability exists in SenseLive X3050’s web management interface in which password updates are not reliably applied due to improper handling of credential changes on … | Apr 24, 2026 |
| CVE-2026-35503 | CRITICAL | 9.8 | A vulnerability in SenseLive X3050’s web management interface allows authentication logic to be performed entirely on the client side, relying on hardcoded values within browser-executed … | Apr 24, 2026 |