Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-41196 | UNKNOWN | — | Luanti (formerly Minetest) is an open source voxel game-creation platform. Starting in version 5.0.0 and prior to version 5.15.2, a malicious mod can trivially escape … | Apr 23, 2026 |
| CVE-2026-41182 | MEDIUM | 5.3 | LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to version 0.5.19 of the JavaScript SDK and version 0.7.31 of the Python … | Apr 23, 2026 |
| CVE-2026-41180 | HIGH | 7.5 | PsiTransfer is an open source, self-hosted file sharing solution. Prior to version 2.4.3, the upload PATCH flow under `/files/:uploadId` validates the mounted request path using … | Apr 23, 2026 |
| CVE-2026-1923 | MEDIUM | 6.4 | The Social Rocket – Social Sharing Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, … | Apr 23, 2026 |
| CVE-2026-6878 | MEDIUM | 5.6 | A vulnerability was identified in ByteDance verl up to 0.7.0. Affected is the function math_equal of the file prime_math/grader.py. The manipulation leads to sandbox issue. … | Apr 23, 2026 |
| CVE-2026-6874 | MEDIUM | 4.3 | A vulnerability was determined in ericc-ch copilot-api up to 0.7.0. This impacts an unknown function of the file /token of the component Header Handler. Executing … | Apr 23, 2026 |
| CVE-2026-5935 | HIGH | 7.3 | IBM Total Storage Service Console (TSSC) / TS4500 IMC 9.2, 9.3, 9.4, 9.5, 9.6 TSSC/IMC could allow an unauthenticated user to execute arbitrary commands with … | Apr 23, 2026 |
| CVE-2026-5926 | MEDIUM | 6.5 | IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 … | Apr 23, 2026 |
| CVE-2026-4919 | MEDIUM | 4.8 | IBM Guardium Data Protection 12.1 is vulnerable to cross-site scripting. This vulnerability allows an administrative user to embed arbitrary JavaScript code in the Web UI … | Apr 23, 2026 |
| CVE-2026-4918 | MEDIUM | 5.5 | IBM Guardium Data Protection 12.1 is vulnerable to stored cross-site scripting. This vulnerability allows an administrative user to embed arbitrary JavaScript code in the Web … | Apr 23, 2026 |
| CVE-2026-4917 | MEDIUM | 4.9 | IBM Guardium Data Protection 12.1 could allow an administrative user to traverse directories on the system. An attacker could send a specially crafted URL request … | Apr 23, 2026 |
| CVE-2026-41179 | UNKNOWN | — | Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Starting in version 1.48.0 and prior to version … | Apr 23, 2026 |
| CVE-2026-41176 | UNKNOWN | — | Rclone is a command-line program to sync files and directories to and from different cloud storage providers. The RC endpoint `options/set` is exposed without `AuthRequired: … | Apr 23, 2026 |
| CVE-2026-40062 | HIGH | 7.5 | A path Traversal vulnerability exists in Ziostation2 v2.9.8.7 and earlier. A remote unauthenticated attacker may get sensitive information on the operating system. | Apr 23, 2026 |
| CVE-2026-3621 | HIGH | 7.5 | IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.4 IBM WebSphere Application Server Liberty is vulnerable to identity spoofing under limited conditions when an application … | Apr 23, 2026 |
| CVE-2026-32679 | HIGH | 7.8 | The installers of LiveOn Meet Client for Windows (Downloader5Installer.exe and Downloader5InstallerForAdmin.exe) and the installers of Canon Network Camera Plugin (CanonNWCamPlugin.exe and CanonNWCamPluginForAdmin.exe) insecurely load Dynamic … | Apr 23, 2026 |
| CVE-2026-29198 | CRITICAL | 9.8 | In Rocket.Chat <8.3.0, <8.2.1, <8.1.2, <8.0.3, <7.13.5, <7.12.6, <7.11.6, and <7.10.9, a NoSQL injection vulnerability can lead to account takeover of the first user with … | Apr 23, 2026 |
| CVE-2026-1726 | MEDIUM | 4.8 | IBM Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2, 4.2.1, 5.0, and 5.1 | Apr 23, 2026 |
| CVE-2026-1352 | MEDIUM | 6.5 | IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause … | Apr 23, 2026 |
| CVE-2026-1274 | MEDIUM | 4.9 | IBM Guardium Data Protection 12.0, 12.1, and 12.2 is vulnerable to a Bypass Business Logic vulnerability in the access management control panel. | Apr 23, 2026 |
| CVE-2026-1272 | LOW | 2.7 | IBM Guardium Data Protection 12.0, 12.1, and 12.2 is vulnerable to Security Misconfiguration vulnerability in the user access control panel. | Apr 23, 2026 |
| CVE-2025-36074 | MEDIUM | 5.5 | IBM Security Verify Directory (Container) 10.0.0 through 10.0.0.3 IBM Security Verify Directory could be vulnerable to malicious file upload by not validating file type. A … | Apr 23, 2026 |
| CVE-2026-4049 | UNKNOWN | — | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | Apr 22, 2026 |
| CVE-2026-41455 | HIGH | 8.5 | WeKan before 8.35 contains a server-side request forgery vulnerability in webhook integration URL handling where the url schema field accepts any string without protocol restriction … | Apr 22, 2026 |
| CVE-2026-41454 | HIGH | 8.3 | WeKan before 8.35 contains a missing authorization vulnerability in the Integration REST API endpoints that allows authenticated board members to perform administrative actions without proper … | Apr 22, 2026 |