Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-34063 | HIGH | 7.5 | Nimiq's network-libp2p is a Nimiq network implementation based on libp2p. Prior to version 1.3.0, `network-libp2p` discovery uses a libp2p `ConnectionHandler` state machine. the handler assumes … | Apr 22, 2026 |
| CVE-2026-34062 | MEDIUM | 5.3 | nimiq-libp2p is a Nimiq network implementation based on libp2p. Prior to version 1.3.0, `MessageCodec::read_request` and `read_response` call `read_to_end()` on inbound substreams, so a remote peer … | Apr 22, 2026 |
| CVE-2026-33471 | CRITICAL | 9.6 | nimiq-block contains block primitives to be used in Nimiq's Rust implementation. `SkipBlockProof::verify` computes its quorum check using `BitSet.len()`, then iterates `BitSet` indices and casts each … | Apr 22, 2026 |
| CVE-2026-41469 | MEDIUM | 5.2 | Beghelli Sicuro24 SicuroWeb does not enforce a Content Security Policy, allowing unrestricted loading of external JavaScript resources from attacker-controlled origins. When chained with the template … | Apr 22, 2026 |
| CVE-2026-41468 | HIGH | 8.7 | Beghelli Sicuro24 SicuroWeb embeds AngularJS 1.5.2, an end-of-life component containing known sandbox escape primitives. When combined with template injection present in the same application, these … | Apr 22, 2026 |
| CVE-2026-41459 | MEDIUM | 5.3 | Xerte Online Toolkits versions 3.15 and earlier contain an information disclosure vulnerability that allows unauthenticated attackers to retrieve the full server-side filesystem path of the … | Apr 22, 2026 |
| CVE-2026-34415 | CRITICAL | 9.8 | Xerte Online Toolkits versions 3.15 and earlier contain an incomplete input validation vulnerability in the elFinder connector endpoint that fails to block PHP-executable extensions .php4 … | Apr 22, 2026 |
| CVE-2026-34414 | HIGH | 7.1 | Xerte Online Toolkits versions 3.15 and earlier contain a relative path traversal vulnerability in the elFinder connector endpoint at /editor/elfinder/php/connector.php where the name parameter in … | Apr 22, 2026 |
| CVE-2026-34413 | HIGH | 8.6 | Xerte Online Toolkits versions 3.15 and earlier contain a missing authentication vulnerability in the elFinder connector endpoint at /editor/elfinder/php/connector.php where an HTTP redirect to unauthenticated … | Apr 22, 2026 |
| CVE-2026-28950 | UNKNOWN | — | A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.7.8 and iPadOS 18.7.8, iOS 26.4.2 and iPadOS 26.4.2. Notifications … | Apr 22, 2026 |
| CVE-2026-26354 | HIGH | 8.1 | Dell PowerProtect Data Domain with Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.10, LTS2024 release … | Apr 22, 2026 |
| CVE-2026-6515 | MEDIUM | 5.4 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that could have … | Apr 22, 2026 |
| CVE-2026-5816 | HIGH | 8.0 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.10 before 18.10.4 and 18.11 before 18.11.1 that could have allowed an unauthenticated … | Apr 22, 2026 |
| CVE-2026-5377 | MEDIUM | 4.3 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.11 before 18.11.1 that could have allowed an authenticated user to access titles … | Apr 22, 2026 |
| CVE-2026-5262 | HIGH | 8.0 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.1.0 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that under certain … | Apr 22, 2026 |
| CVE-2026-4922 | HIGH | 8.1 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.0 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that could have … | Apr 22, 2026 |
| CVE-2026-3254 | LOW | 3.5 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.11 before 18.11.1 that under certain conditions could have allowed an authenticated user … | Apr 22, 2026 |
| CVE-2026-35382 | UNKNOWN | — | Rejected reason: Voluntarily withdrawn | Apr 22, 2026 |
| CVE-2026-35381 | LOW | 3.3 | A logic error in the cut utility of uutils coreutils causes the utility to ignore the -s (only-delimited) flag when using the -z (null-terminated) and … | Apr 22, 2026 |
| CVE-2026-35380 | MEDIUM | 5.5 | A logic error in the cut utility of uutils coreutils causes the program to incorrectly interpret the literal two-byte string '' (two single quotes) as … | Apr 22, 2026 |
| CVE-2026-35379 | LOW | 3.3 | A logic error in the tr utility of uutils coreutils causes the program to incorrectly define the [:graph:] and [:print:] character classes. The implementation mistakenly … | Apr 22, 2026 |
| CVE-2026-35378 | LOW | 3.3 | A logic error in the expr utility of uutils coreutils causes the program to evaluate parenthesized subexpressions during the parsing phase rather than at the … | Apr 22, 2026 |
| CVE-2026-35377 | LOW | 3.3 | A logic error in the env utility of uutils coreutils causes a failure to correctly parse command-line arguments when utilizing the -S (split-string) option. In … | Apr 22, 2026 |
| CVE-2026-35376 | MEDIUM | 4.5 | A Time-of-Check to Time-of-Use (TOCTOU) vulnerability exists in the chcon utility of uutils coreutils during recursive operations. The implementation resolves recursive targets using a fresh … | Apr 22, 2026 |
| CVE-2026-35375 | LOW | 3.3 | A logic error in the split utility of uutils coreutils causes the corruption of output filenames when provided with non-UTF-8 prefix or suffix inputs. The … | Apr 22, 2026 |