Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-40602 | MEDIUM | 5.6 | The Home Assistant Command-line interface (hass-cli) is a command-line tool for Home Assistant. Up to 1.0.0 of home-assitant-cli an unrestricted environment was used to handle … | Apr 21, 2026 |
| CVE-2026-40599 | UNKNOWN | — | ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to 5.0.5, ClearanceKit incorrectly treats a process with an empty Team ID … | Apr 21, 2026 |
| CVE-2026-40594 | MEDIUM | 4.8 | pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev98, the set_session_cookie_secure before_request handler in src/pyload/webui/app/__init__.py reads the X-Forwarded-Proto header from … | Apr 21, 2026 |
| CVE-2026-40588 | HIGH | 8.1 | blueprintUE is a tool to help Unreal Engine developers. Prior to 4.2.0, the password change form at /profile/{slug}/edit/ does not include a current_password field and … | Apr 21, 2026 |
| CVE-2026-40587 | MEDIUM | 6.5 | blueprintUE is a tool to help Unreal Engine developers. Prior to 4.2.0, when a user changes their password via the profile edit page, or when … | Apr 21, 2026 |
| CVE-2026-6743 | LOW | 3.5 | A vulnerability has been found in WebSystems WebTOTUM 2026. This impacts an unknown function of the component Calendar. The manipulation leads to cross site scripting. … | Apr 21, 2026 |
| CVE-2026-5652 | CRITICAL | 9.0 | An insecure direct object reference vulnerability in the Users API component of Crafty Controller allows a remote, authenticated attacker to perform user modification actions via … | Apr 21, 2026 |
| CVE-2026-41191 | HIGH | 7.1 | FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, `MailboxesController::updateSave()` persists `chat_start_new` outside the allowed-field filter. A user with only … | Apr 21, 2026 |
| CVE-2026-41190 | HIGH | 7.1 | FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, when `APP_SHOW_ONLY_ASSIGNED_CONVERSATIONS` is enabled, direct conversation view correctly blocks users who … | Apr 21, 2026 |
| CVE-2026-41189 | HIGH | 7.1 | FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, customer-thread editing is authorized through `ThreadPolicy::edit()`, which checks mailbox access but … | Apr 21, 2026 |
| CVE-2026-41183 | MEDIUM | 4.3 | FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, the assigned-only restriction is applied to direct conversation view and folder … | Apr 21, 2026 |
| CVE-2026-40592 | MEDIUM | 5.9 | FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.214, the undo-send route `GET /conversation/undo-reply/{thread_id}` checks only whether the current user … | Apr 21, 2026 |
| CVE-2026-40591 | HIGH | 7.1 | FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.214, the phone-conversation creation flow accepts attacker-controlled `customer_id`, `name`, `to_email`, and `phone` … | Apr 21, 2026 |
| CVE-2026-40590 | MEDIUM | 4.3 | FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.214, the Change Customer modal exposes a “Create a new customer” flow … | Apr 21, 2026 |
| CVE-2026-40589 | HIGH | 7.6 | FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.214, a low-privileged agent can edit a visible customer and add an … | Apr 21, 2026 |
| CVE-2026-40586 | HIGH | 7.5 | blueprintUE is a tool to help Unreal Engine developers. Prior to 4.2.0, the login form handler performs no throttling of any kind. Failed authentication attempts … | Apr 21, 2026 |
| CVE-2026-40585 | HIGH | 7.4 | blueprintUE is a tool to help Unreal Engine developers. Prior to 4.2.0, when a password reset is initiated, a 128-character CSPRNG token is generated and … | Apr 21, 2026 |
| CVE-2026-40584 | UNKNOWN | — | RansomLook is a tool to monitor Ransomware groups and markets and extract their victims. Prior to 1.9.0, the API in the affected application improperly filters … | Apr 21, 2026 |
| CVE-2026-40583 | UNKNOWN | — | UltraDAG is a minimal DAG-BFT blockchain in Rust. In version 0.1, a non-council attacker can submit a signed SmartOp::Vote transaction that passes signature, nonce, and … | Apr 21, 2026 |
| CVE-2026-40576 | CRITICAL | 9.4 | excel-mcp-server is a Model Context Protocol server for Excel file manipulation. A path traversal vulnerability exists in excel-mcp-server versions up to and including 0.1.7. When … | Apr 21, 2026 |
| CVE-2026-40574 | MEDIUM | 6.8 | OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Prior to 7.15.2, an authorization bypass exists in OAuth2 Proxy as part of … | Apr 21, 2026 |
| CVE-2026-40570 | UNKNOWN | — | FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, the `load_customer_info` action in `POST /conversation/ajax` returns complete customer profile data … | Apr 21, 2026 |
| CVE-2026-40569 | CRITICAL | 9.0 | FreeScout is a free self-hosted help desk and shared mailbox. Versions prior to 1.8.213 have a mass assignment vulnerability in the mailbox connection settings endpoints … | Apr 21, 2026 |
| CVE-2026-40568 | HIGH | 8.5 | FreeScout is a free self-hosted help desk and shared mailbox. Versions prior to 1.8.213 have a stored cross-site scripting (XSS) vulnerability in the mailbox signature … | Apr 21, 2026 |
| CVE-2026-40567 | MEDIUM | 5.8 | FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, an unauthenticated attacker can inject arbitrary HTML into outgoing emails generated … | Apr 21, 2026 |