Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-41527 | MEDIUM | 6.9 | KDE Kleopatra before 26.08.0 on Windows allows local users to obtain the privileges of a Kleopatra user, because there is an error in the mechanism … | Apr 21, 2026 |
| CVE-2026-40946 | UNKNOWN | — | Oxia is a metadata store and coordination system. Prior to 0.16.2, the OIDC authentication provider unconditionally sets SkipClientIDCheck: true in the go-oidc verifier configuration, disabling … | Apr 21, 2026 |
| CVE-2026-40945 | UNKNOWN | — | Oxia is a metadata store and coordination system. Prior to 0.16.2, when OIDC authentication fails, the full bearer token is logged at DEBUG level in … | Apr 21, 2026 |
| CVE-2026-40944 | UNKNOWN | — | Oxia is a metadata store and coordination system. Prior to 0.16.2, the trustedCertPool() function in the TLS configuration only parses the first PEM block from … | Apr 21, 2026 |
| CVE-2026-40943 | UNKNOWN | — | Oxia is a metadata store and coordination system. Prior to 0.16.2, a race condition between session heartbeat processing and session closure can cause the server … | Apr 21, 2026 |
| CVE-2026-40942 | UNKNOWN | — | The Data Sharing Framework (DSF) implements a distributed process engine based on the BPMN 2.0 and FHIR R4 standards. Prior to 2.1.0, The OIDC JWKS … | Apr 21, 2026 |
| CVE-2026-40939 | UNKNOWN | — | The Data Sharing Framework (DSF) implements a distributed process engine based on the BPMN 2.0 and FHIR R4 standards. Prior to 2.1.0, OIDC-authenticated sessions had … | Apr 21, 2026 |
| CVE-2026-40933 | CRITICAL | 9.9 | Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, due to unsafe serialization of stdio … | Apr 21, 2026 |
| CVE-2026-40931 | HIGH | 8.4 | Compressing is a compressing and uncompressing lib for node. Prior to 2.1.1 and 1.10.5, the patch for CVE-2026-24884 relies on a purely logical string validation … | Apr 21, 2026 |
| CVE-2026-40706 | HIGH | 8.4 | In NTFS-3G 2022.10.3 before 2026.2.25, a heap buffer overflow exists in ntfs_build_permissions_posix() in acls.c that allows an attacker to corrupt heap memory in the SUID-root … | Apr 21, 2026 |
| CVE-2026-1354 | MEDIUM | 6.4 | Zero Motorcycles firmware versions 44 and prior enable an attacker to forcibly pair a device with the motorcycle via Bluetooth. Once paired, an attacker can … | Apr 21, 2026 |
| CVE-2026-6823 | HIGH | 8.2 | HKUDS OpenHarness prior to PR #147 remediation contains an insecure default configuration vulnerability where remote channels inherit allow_from = ["*"] permitting arbitrary remote senders to … | Apr 21, 2026 |
| CVE-2026-6797 | MEDIUM | 4.3 | A vulnerability was identified in Sanluan PublicCMS up to 6.202506.d. Affected by this vulnerability is the function ZipSecureFile.setMinflateRatio of the file common/src/main/java/com/publiccms/common/tools/DocToHtmlUtils.java. Such manipulation leads … | Apr 21, 2026 |
| CVE-2026-6796 | MEDIUM | 4.3 | A vulnerability was determined in Sanluan PublicCMS up to 6.202506.d. Affected is the function log_login of the file core/src/main/java/com/publiccms/controller/admin/LoginAdminController.java of the component Failed Login Handler. … | Apr 21, 2026 |
| CVE-2026-40938 | HIGH | 7.5 | Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. From 1.0.0 to before 1.11.0, the git resolver's revision parameter is passed directly as a … | Apr 21, 2026 |
| CVE-2026-40927 | MEDIUM | 5.4 | Docmost is open-source collaborative wiki and documentation software. Prior to 0.80.0, when leaving a comment on a page, it is possible to include a JavaScript … | Apr 21, 2026 |
| CVE-2026-40925 | HIGH | 8.3 | WWBN AVideo is an open source video platform. In versions 29.0 and prior, `objects/configurationUpdate.json.php` (also routed via `/updateConfig`) persists dozens of global site settings from … | Apr 21, 2026 |
| CVE-2026-40924 | MEDIUM | 6.5 | Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Prior to 1.11.1, the HTTP resolver's FetchHttpResource function calls io.ReadAll(resp.Body) with no response body size … | Apr 21, 2026 |
| CVE-2026-40923 | MEDIUM | 5.4 | Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Prior to 1.11.1, a validation bypass in the VolumeMount path restriction allows mounting volumes under … | Apr 21, 2026 |
| CVE-2026-40911 | CRITICAL | 10.0 | WWBN AVideo is an open source video platform. In versions 29.0 and prior, the YPTSocket plugin's WebSocket server relays attacker-supplied JSON message bodies to every … | Apr 21, 2026 |
| CVE-2026-40910 | MEDIUM | 6.5 | frp is a fast reverse proxy. From 0.43.0 to 0.68.0, frp contains an authentication bypass in the HTTP vhost routing path when routeByHTTPUser is used … | Apr 21, 2026 |
| CVE-2026-40906 | CRITICAL | 9.9 | Electric is a Postgres sync engine. From 1.1.12 to before 1.5.0, the order_by parameter in the ElectricSQL /v1/shape API is vulnerable to error-based SQL injection, … | Apr 21, 2026 |
| CVE-2026-40905 | HIGH | 8.1 | LinkAce is a self-hosted archive to collect website links. Prior to 2.5.4, a password reset poisoning vulnerability was identified in the application due to improper … | Apr 21, 2026 |
| CVE-2026-40895 | UNKNOWN | — | follow-redirects is an open source, drop-in replacement for Node's `http` and `https` modules that automatically follows redirects. Prior to 1.16.0, when an HTTP request follows … | Apr 21, 2026 |
| CVE-2026-40892 | UNKNOWN | — | PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, a stack buffer overflow exists in pjsip_auth_create_digest2() in … | Apr 21, 2026 |