Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-35349 | MEDIUM | 6.7 | A vulnerability in the rm utility of uutils coreutils allows a bypass of the --preserve-root protection. The implementation uses a path-string check rather than comparing … | Apr 22, 2026 |
| CVE-2026-35348 | MEDIUM | 5.5 | The sort utility in uutils coreutils is vulnerable to a process panic when using the --files0-from option with inputs containing non-UTF-8 filenames. The implementation enforces … | Apr 22, 2026 |
| CVE-2026-35347 | MEDIUM | 4.4 | The comm utility in uutils coreutils incorrectly consumes data from non-regular file inputs before performing comparison operations. The are_files_identical function opens and reads from both … | Apr 22, 2026 |
| CVE-2026-35346 | LOW | 3.3 | The comm utility in uutils coreutils silently corrupts data by performing lossy UTF-8 conversion on all output lines. The implementation uses String::from_utf8_lossy(), which replaces invalid … | Apr 22, 2026 |
| CVE-2026-35345 | MEDIUM | 5.3 | A vulnerability in the tail utility of uutils coreutils allows for the exfiltration of sensitive file contents when using the --follow=name option. Unlike GNU tail, … | Apr 22, 2026 |
| CVE-2026-35344 | LOW | 3.3 | The dd utility in uutils coreutils suppresses errors during file truncation operations by unconditionally calling Result::ok() on truncation attempts. While intended to mimic GNU behavior … | Apr 22, 2026 |
| CVE-2026-35343 | LOW | 3.3 | The cut utility in uutils coreutils incorrectly handles the -s (only-delimited) option when a newline character is specified as the delimiter. The implementation fails to … | Apr 22, 2026 |
| CVE-2026-35342 | LOW | 3.3 | The mktemp utility in uutils coreutils fails to properly handle an empty TMPDIR environment variable. Unlike GNU mktemp, which falls back to /tmp when TMPDIR … | Apr 22, 2026 |
| CVE-2026-35341 | HIGH | 7.1 | A vulnerability in uutils coreutils mkfifo allows for the unauthorized modification of permissions on existing files. When mkfifo fails to create a FIFO because a … | Apr 22, 2026 |
| CVE-2026-35340 | MEDIUM | 5.5 | A flaw in the ChownExecutor used by uutils coreutils chown and chgrp causes the utilities to return an incorrect exit code during recursive operations. The … | Apr 22, 2026 |
| CVE-2026-35339 | MEDIUM | 5.5 | The recursive mode (-R) of the chmod utility in uutils coreutils incorrectly handles exit codes when processing multiple files. The final return value is determined … | Apr 22, 2026 |
| CVE-2026-35338 | HIGH | 7.3 | A vulnerability in the chmod utility of uutils coreutils allows users to bypass the --preserve-root safety mechanism. The implementation only validates if the target path … | Apr 22, 2026 |
| CVE-2026-32885 | MEDIUM | 6.5 | DDEV is an open-source tool for running local web development environments for PHP and Node.js. Versions prior to 1.25.2 have unsanitized extraction in both `Untar()` … | Apr 22, 2026 |
| CVE-2026-1660 | MEDIUM | 6.5 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.3 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that under certain … | Apr 22, 2026 |
| CVE-2025-9957 | LOW | 2.7 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.2 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that under certain … | Apr 22, 2026 |
| CVE-2025-6016 | MEDIUM | 6.5 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.2 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that could have … | Apr 22, 2026 |
| CVE-2025-3922 | MEDIUM | 6.5 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.4 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that could have … | Apr 22, 2026 |
| CVE-2025-0186 | MEDIUM | 6.5 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.6 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that could have … | Apr 22, 2026 |
| CVE-2026-30139 | MEDIUM | 6.1 | A reflected cross-site scripting (XSS) vulnerability in the AdvancedSearch functionality of Silverpeas Core before version 6.4.6 allows attackers to execute arbitrary JavaScript in the context … | Apr 22, 2026 |
| CVE-2025-58922 | MEDIUM | 4.3 | Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Avada allows Cross Site Request Forgery.This issue affects Avada: from n/a before 7.13.2. | Apr 22, 2026 |
| CVE-2024-58344 | MEDIUM | 6.4 | Carbon Forum 5.9.0 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious JavaScript code through the Forum Name field in dashboard … | Apr 22, 2026 |
| CVE-2018-25272 | CRITICAL | 9.8 | ELBA5 5.8.0 contains a remote code execution vulnerability that allows attackers to obtain database credentials and execute arbitrary commands with SYSTEM level permissions. Attackers can … | Apr 22, 2026 |
| CVE-2018-25271 | MEDIUM | 6.2 | Textpad 8.1.2 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long buffer string through the … | Apr 22, 2026 |
| CVE-2018-25270 | CRITICAL | 9.8 | ThinkPHP 5.0.23 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by invoking functions through the routing parameter. Attackers … | Apr 22, 2026 |
| CVE-2018-25269 | MEDIUM | 6.1 | ICEWARP 11.0.0.0 contains a cross-site scripting vulnerability that allows attackers to inject malicious HTML elements into emails by embedding base64-encoded payloads in object and embed … | Apr 22, 2026 |