Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-6749 | HIGH | 7.5 | Information disclosure due to uninitialized memory in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird … | Apr 21, 2026 |
| CVE-2026-6748 | CRITICAL | 9.8 | Uninitialized memory in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | Apr 21, 2026 |
| CVE-2026-6747 | HIGH | 7.5 | Use-after-free in the WebRTC component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | Apr 21, 2026 |
| CVE-2026-6746 | HIGH | 7.5 | Use-after-free in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird … | Apr 21, 2026 |
| CVE-2026-40520 | HIGH | 7.2 | FreePBX api module version 17.0.8 and prior contain a command injection vulnerability in the initiateGqlAPIProcess() function where GraphQL mutation input fields are passed directly to … | Apr 21, 2026 |
| CVE-2026-32147 | UNKNOWN | — | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP ssh (ssh_sftpd module) allows an authenticated SFTP user to modify … | Apr 21, 2026 |
| CVE-2026-41039 | UNKNOWN | — | This vulnerability exists in Quantum Networks router due to improper access control and insecure default configuration in the web-based management interface. An unauthenticated attacker could … | Apr 21, 2026 |
| CVE-2026-41038 | UNKNOWN | — | This vulnerability exists in Quantum Networks router due to lack of enforcement of strong password policies in the web-based management interface. An attacker on the … | Apr 21, 2026 |
| CVE-2026-6553 | UNKNOWN | — | Changing backend users' passwords via the user settings module results in storing the cleartext password in the uc and user_settings fields of the be_users database … | Apr 21, 2026 |
| CVE-2026-41037 | UNKNOWN | — | This vulnerability exists in Quantum Networks router due to missing rate limiting and CAPTCHA protection for failed login attempts in the web-based management interface. An … | Apr 21, 2026 |
| CVE-2026-41036 | UNKNOWN | — | This vulnerability exists in Quantum Networks router due to inadequate sanitization of user-supplied input in the management CLI interface. An authenticated remote attacker could exploit … | Apr 21, 2026 |
| CVE-2026-3317 | UNKNOWN | — | Reflected Cross-Site Scripting (XSS) vulnerability in Navigate Content Management System. The vulnerability is present in the '/blog' endpoint because user input is not properly sanitized … | Apr 21, 2026 |
| CVE-2026-39467 | HIGH | 7.2 | Deserialization of Untrusted Data vulnerability in MetaSlider Responsive Slider by MetaSlider allows Object Injection.This issue affects Responsive Slider by MetaSlider: from n/a through 3.106.0. | Apr 21, 2026 |
| CVE-2025-13826 | UNKNOWN | — | Zervit's portable HTTP/web server is vulnerable to remote DoS attacks when a configuration reset request is made. The vulnerability is caused by inadequate validation of … | Apr 21, 2026 |
| CVE-2026-6712 | MEDIUM | 4.4 | The Website LLMs.txt plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 8.2.6 due to … | Apr 21, 2026 |
| CVE-2026-6711 | MEDIUM | 6.1 | The Website LLMs.txt plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 8.2.6. This … | Apr 21, 2026 |
| CVE-2026-6703 | MEDIUM | 4.3 | The Responsive Blocks – Page Builder for Blocks & Patterns plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, … | Apr 21, 2026 |
| CVE-2026-31370 | MEDIUM | 6.3 | Honor E APP is affected by information leak vulnerability, successful exploitation of this vulnerability may affect service confidentiality. | Apr 21, 2026 |
| CVE-2026-31369 | LOW | 3.2 | PcManager is affected by type privilege bypass, successful exploitation of this vulnerability may affect service availability | Apr 21, 2026 |
| CVE-2026-31368 | HIGH | 7.8 | AiAssistant is affected by type privilege bypass, successful exploitation of this vulnerability may affect service availability. | Apr 21, 2026 |
| CVE-2026-5965 | CRITICAL | 9.8 | NewSoftOA developed by NewSoft has an OS Command Injection vulnerability, allowing unauthenticated local attackers to inject arbitrary OS commands and execute them on the server. | Apr 21, 2026 |
| CVE-2026-6675 | MEDIUM | 5.3 | The Responsive Blocks – Page Builder for Blocks & Patterns plugin for WordPress is vulnerable to Unauthenticated Open Email Relay in all versions up to, … | Apr 21, 2026 |
| CVE-2026-6674 | MEDIUM | 6.5 | The Plugin: CMS für Motorrad Werkstätten plugin for WordPress is vulnerable to SQL Injection via the 'arttype' parameter in all versions up to, and including, … | Apr 21, 2026 |
| CVE-2026-40497 | HIGH | 8.1 | FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, FreeScout's `Helper::stripDangerousTags()` removes `<script>`, `<form>`, `<iframe>`, `<object>` but does NOT strip … | Apr 21, 2026 |
| CVE-2026-6058 | MEDIUM | 4.5 | ** UNSUPPORTED WHEN ASSIGNED ** An improper encoding or escaping vulnerability in the CGI program of Zyxel WRE6505 v2 firmware version V1.00(ABDV.3)C0 could allow an … | Apr 21, 2026 |