Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-6834 | MEDIUM | 6.5 | The a+HRD developed by aEnrich has a Missing Authorization vulnerability, allowing authenticated remote attackers to arbitrarily read database contents through a specific API method. | Apr 22, 2026 |
| CVE-2026-6833 | MEDIUM | 6.5 | The a+HRD developed by aEnrich has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents. | Apr 22, 2026 |
| CVE-2026-6416 | LOW | 2.7 | Tanium addressed an uncontrolled resource consumption vulnerability in Interact. | Apr 22, 2026 |
| CVE-2026-6408 | LOW | 2.7 | Tanium addressed an information disclosure vulnerability in Tanium Server. | Apr 22, 2026 |
| CVE-2026-6392 | LOW | 2.7 | Tanium addressed an information disclosure vulnerability in Threat Response. | Apr 22, 2026 |
| CVE-2026-6386 | MEDIUM | 6.2 | In order to apply a particular protection key to an address range, the kernel must update the corresponding page table entries. The subroutine which handled … | Apr 22, 2026 |
| CVE-2026-5398 | HIGH | 8.4 | The implementation of TIOCNOTTY failed to clear a back-pointer from the structure representing the controlling terminal to the calling process' session. If the invoking process … | Apr 22, 2026 |
| CVE-2026-41458 | UNKNOWN | — | OwnTone Server versions 28.4 through 29.0 contain a race condition vulnerability in the DAAP login handler that allows unauthenticated attackers to crash the server by … | Apr 22, 2026 |
| CVE-2026-41457 | UNKNOWN | — | OwnTone Server versions 28.4 through 29.0 contain a SQL injection vulnerability in DAAP query and filter handling that allows attackers to inject arbitrary SQL expressions … | Apr 22, 2026 |
| CVE-2026-41146 | UNKNOWN | — | facil.io is a C micro-framework for web applications. Prior to commit 5128747363055201d3ecf0e29bf0a961703c9fa0, `fio_json_parse` can enter an infinite loop when it encounters a nested JSON value … | Apr 22, 2026 |
| CVE-2026-41145 | UNKNOWN | — | MinIO is a high-performance object storage system. Starting in RELEASE.2023-05-18T00-05-36Z and prior to RELEASE.2026-04-11T03-20-12Z, an authentication bypass vulnerability in MinIO's `STREAMING-UNSIGNED-PAYLOAD-TRAILER` code path allows any … | Apr 22, 2026 |
| CVE-2026-40344 | UNKNOWN | — | MinIO is a high-performance object storage system. Starting in RELEASE.2023-05-18T00-05-36Z and prior to RELEASE.2026-04-11T03-20-12Z, an authentication bypass vulnerability in MinIO's Snowball auto-extract handler (`PutObjectExtractHandler`) allows … | Apr 22, 2026 |
| CVE-2026-41304 | UNKNOWN | — | WWBN AVideo is an open source video platform. In versions 29.0 and below, the `cloneServer.json.php` endpoint in the CloneSite plugin constructs shell commands using user-controlled … | Apr 22, 2026 |
| CVE-2026-41144 | NONE | — | F´ (F Prime) is a framework that enables development and deployment of spaceflight and other embedded software applications. Prior to version 4.2.0, the bounds check … | Apr 22, 2026 |
| CVE-2026-41136 | UNKNOWN | — | free5GC AMF provides Access & Mobility Management Function (AMF) for free5GC, an an open-source project for 5th generation (5G) mobile core networks. Prior to version … | Apr 22, 2026 |
| CVE-2026-41135 | HIGH | 7.5 | free5GC UDR is the Policy Control Function (PCF) for free5GC, an an open-source project for 5th generation (5G) mobile core networks. A memory leak vulnerability … | Apr 22, 2026 |
| CVE-2026-41133 | HIGH | 8.8 | pyLoad is a free and open-source download manager written in Python. Versions up to and including 0.5.0b3.dev97 cache `role` and `permission` in the session at … | Apr 22, 2026 |
| CVE-2026-41131 | MEDIUM | 5.0 | OpenFGA is an authorization/permission engine built for developers. Prior to version 1.14.1, in specific scenarios, models using conditions with caching enabled can result in two … | Apr 22, 2026 |
| CVE-2026-41130 | UNKNOWN | — | Craft CMS is a content management system (CMS). In versions on the 4.x branch through 4.17.8 and the 5.x branch through 5.9.14, the `resource-js` endpoint … | Apr 22, 2026 |
| CVE-2026-41129 | UNKNOWN | — | Craft CMS is a content management system (CMS). Versions on the 4.x branch through 4.17.8 and the 5.x branch through 5.9.14 are vulnerable to Server-Side … | Apr 22, 2026 |
| CVE-2026-41128 | UNKNOWN | — | Craft CMS is a content management system (CMS). In versions 5.6.0 through 5.9.14, the `actionSavePermissions()` endpoint allows a user with only `viewUsers` permission to remove … | Apr 22, 2026 |
| CVE-2026-41127 | MEDIUM | 6.5 | BigBlueButton is an open-source virtual classroom. Versions prior to 3.0.24 have a missing authorization that allows viewers to inject/overwrite captions Version 3.0.24 tightened the permissions … | Apr 22, 2026 |
| CVE-2026-41126 | MEDIUM | 4.3 | BigBlueButton is an open-source virtual classroom. Versions prior to 3.0.24 have an Open Redirect through bigbluebutton/api/join via get-parameter "logoutURL." Version 3.0.24 has adjusted the handling … | Apr 22, 2026 |
| CVE-2026-41064 | CRITICAL | 9.3 | WWBN AVideo is an open source video platform. In versions up to and including 29.0, an incomplete fix for AVideo's `test.php` adds `escapeshellarg` for wget … | Apr 22, 2026 |
| CVE-2026-41059 | HIGH | 8.2 | OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions 7.5.0 through 7.15.1 have a configuration-dependent authentication bypass. Deployments are affected when … | Apr 22, 2026 |