Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-5789 | UNKNOWN | — | Vulnerability related to an unquoted search path in CivetWeb v1.16. This vulnerability allows a local attacker to execute arbitrary code with elevated privileges by placing … | Apr 21, 2026 |
| CVE-2026-3298 | UNKNOWN | — | The method "sock_recvfrom_into()" of "asyncio.ProacterEventLoop" (Windows only) was missing a boundary check for the data buffer when using nbytes parameter. This allowed for an out-of-bounds … | Apr 21, 2026 |
| CVE-2026-31019 | HIGH | 8.8 | In the Website module of Dolibarr ERP & CRM 22.0.4 and below, the application uses blacklist-based filtering to restrict dangerous PHP functions related to system … | Apr 21, 2026 |
| CVE-2026-31018 | HIGH | 8.8 | In Dolibarr ERP & CRM <= 22.0.4, PHP code detection and editing permission enforcement in the Website module is not applied consistently to all input … | Apr 21, 2026 |
| CVE-2026-31014 | MEDIUM | 6.3 | Dovestones Softwares AD Self Update <4.0.0.5 is vulnerable to Cross Site Request Forgery (CSRF). The affected endpoint processes state-changing requests without requiring a CSRF token … | Apr 21, 2026 |
| CVE-2026-31013 | MEDIUM | 6.1 | Dovestones Softwares ADPhonebook <4.0.1.1 has a reflected cross-site scripting (XSS) vulnerability in the search parameter of the /ADPhonebook?Department=HR endpoint. User-supplied input is reflected in the … | Apr 21, 2026 |
| CVE-2026-29644 | MEDIUM | 5.3 | XiangShan (open-source high-performance RISC-V processor) commit edb1dfaf7d290ae99724594507dc46c2c2125384 (2024-11-28) has improper gating of its distributed CSR write-enable path, allowing illegal CSR write attempts to alter custom … | Apr 21, 2026 |
| CVE-2026-1089 | MEDIUM | 6.5 | User‑Controlled HTTP Header in Fortra's GoAnywhere MFT prior to version 7.10.0 allows attackers to trigger a DNS lookup, as well as DNS Rebinding and Information … | Apr 21, 2026 |
| CVE-2026-0972 | HIGH | 7.3 | The login limit is not enforced on the SFTP service of Fortra's GoAnywhere MFT prior to 7.10.0 if the Web User attempting to be logged … | Apr 21, 2026 |
| CVE-2026-0971 | MEDIUM | 4.3 | An improper session timeout issue in Fortra's GoAnywhere MFT prior to version 7.10.0 results in SAML configured Web Users being redirected to the regular login … | Apr 21, 2026 |
| CVE-2025-31981 | MEDIUM | 5.3 | HCL BigFix Service Management (SM) Discovery is vulnerable to unenforced encryption due to port 80 (HTTP) being open, allowing unencrypted access. An attacker with access … | Apr 21, 2026 |
| CVE-2025-31958 | LOW | 3.7 | HCL BigFix Service Management is susceptible to HTTP Request Smuggling. HTTP request smuggling vulnerabilities arise when websites route HTTP requests through web servers with inconsistent … | Apr 21, 2026 |
| CVE-2025-1241 | MEDIUM | 5.8 | Encrypted values in Fortra's GoAnywhere MFT prior to version 7.10.0 and GoAnywhere Agents prior to version 2.2.0 utilize a static IV which allows admin users … | Apr 21, 2026 |
| CVE-2025-14362 | HIGH | 7.3 | The login limit is not enforced on the SFTP service of Fortra's GoAnywhere MFT prior to 7.10.0 if the Web User attempting to be logged … | Apr 21, 2026 |
| CVE-2025-10354 | UNKNOWN | — | Cross-Site Scripting (XSS) vulnerability reflected in Semantic MediaWiki. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a … | Apr 21, 2026 |
| CVE-2026-6784 | HIGH | 7.5 | Memory safety bugs present in Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume that with enough … | Apr 21, 2026 |
| CVE-2026-6783 | MEDIUM | 5.3 | Incorrect boundary conditions, integer overflow in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150 and Thunderbird 150. | Apr 21, 2026 |
| CVE-2026-6782 | HIGH | 7.5 | Information disclosure in the IP Protection component. This vulnerability was fixed in Firefox 150 and Thunderbird 150. | Apr 21, 2026 |
| CVE-2026-6781 | HIGH | 7.5 | Denial-of-service in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150 and Thunderbird 150. | Apr 21, 2026 |
| CVE-2026-6780 | HIGH | 7.5 | Denial-of-service in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150 and Thunderbird 150. | Apr 21, 2026 |
| CVE-2026-6779 | MEDIUM | 5.3 | Other issue in the JavaScript Engine component. This vulnerability was fixed in Firefox 150 and Thunderbird 150. | Apr 21, 2026 |
| CVE-2026-6778 | MEDIUM | 5.3 | Invalid pointer in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150 and Thunderbird 150. | Apr 21, 2026 |
| CVE-2026-6777 | MEDIUM | 5.3 | Other issue in the Networking: DNS component. This vulnerability was fixed in Firefox 150 and Thunderbird 150. | Apr 21, 2026 |
| CVE-2026-6776 | HIGH | 7.8 | Incorrect boundary conditions in the WebRTC: Networking component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | Apr 21, 2026 |
| CVE-2026-6775 | MEDIUM | 5.3 | Incorrect boundary conditions in the WebRTC component. This vulnerability was fixed in Firefox 150 and Thunderbird 150. | Apr 21, 2026 |