Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-23753 | MEDIUM | 4.8 | GFI HelpDesk before 4.99.9 contains a stored cross-site scripting vulnerability in the language management functionality where the charset POST parameter is passed directly to SWIFT_Language::Create() … | Apr 20, 2026 |
| CVE-2026-23752 | MEDIUM | 4.8 | GFI HelpDesk before 4.99.9 contains a stored cross-site scripting vulnerability in the template group creation and editing functionality that allows authenticated administrators to inject arbitrary … | Apr 20, 2026 |
| CVE-2026-6662 | HIGH | 7.3 | A vulnerability was found in ericc-ch copilot-api up to 0.7.0. The impacted element is the function cors of the file src/server.ts of the component Token … | Apr 20, 2026 |
| CVE-2026-41445 | HIGH | 8.8 | KissFFT before commit 8a8e66e contains an integer overflow vulnerability in the kiss_fftndr_alloc() function in kiss_fftndr.c where the allocation size calculation dimOther*(dimReal+2)*sizeof(kiss_fft_scalar) overflows signed 32-bit integer … | Apr 20, 2026 |
| CVE-2026-40488 | UNKNOWN | — | Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of … | Apr 20, 2026 |
| CVE-2026-40098 | UNKNOWN | — | Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of … | Apr 20, 2026 |
| CVE-2026-35154 | MEDIUM | 6.3 | Dell PowerProtect Data Domain appliances, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper privilege … | Apr 20, 2026 |
| CVE-2026-30269 | CRITICAL | 9.9 | Improper access control in Doorman v0.1.0 and v1.0.2 allows any authenticated user to update their own account role to a non-admin privileged role via /platform/user/{username}. … | Apr 20, 2026 |
| CVE-2026-30266 | HIGH | 7.8 | Insecure Permissions vulnerability in DeepCool DeepCreative v.1.2.7 and before allows a local attacker to execute arbitrary code via a crafted file | Apr 20, 2026 |
| CVE-2026-28684 | MEDIUM | 6.6 | python-dotenv reads key-value pairs from a .env file and can set them as environment variables. Prior to version 1.2.2, `set_key()` and `unset_key()` in python-dotenv follow … | Apr 20, 2026 |
| CVE-2026-26951 | MEDIUM | 6.7 | Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain a stack-based buffer overflow … | Apr 20, 2026 |
| CVE-2026-26943 | HIGH | 7.2 | Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an OS command injection … | Apr 20, 2026 |
| CVE-2026-26942 | MEDIUM | 6.7 | Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS command injection vulnerability. A … | Apr 20, 2026 |
| CVE-2026-25525 | MEDIUM | 4.9 | Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of … | Apr 20, 2026 |
| CVE-2026-25524 | HIGH | 8.1 | Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of … | Apr 20, 2026 |
| CVE-2026-24506 | HIGH | 7.2 | Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an OS command injection … | Apr 20, 2026 |
| CVE-2026-24505 | HIGH | 7.2 | Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain an improper input validation vulnerability. A high privileged attacker with remote access could potentially exploit this … | Apr 20, 2026 |
| CVE-2026-24504 | HIGH | 7.2 | Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper input validation … | Apr 20, 2026 |
| CVE-2026-22761 | MEDIUM | 6.7 | Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain a command injection vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, … | Apr 20, 2026 |
| CVE-2025-66954 | MEDIUM | 6.5 | A vulnerability exists in the Buffalo Link Station version 1.85-0.01 that allows unauthenticated or guest-level users to enumerate valid usernames and their associated privilege roles. … | Apr 20, 2026 |
| CVE-2026-6652 | MEDIUM | 4.7 | A weakness has been identified in Pagekit CMS up to 1.0.18. This issue affects the function evaluate of the file app/modules/view/src/PhpEngine.php of the component StringStorage … | Apr 20, 2026 |
| CVE-2026-6651 | LOW | 2.4 | A security flaw has been discovered in erponline.xyz ERP Online up to 4.0.0. This vulnerability affects unknown code of the component Inventory Edit Item Page. … | Apr 20, 2026 |
| CVE-2026-6650 | MEDIUM | 4.7 | A vulnerability was identified in Z-BlogPHP 1.7.5. This affects the function App::UnPack of the file /zb_users/plugin/AppCentre/app_upload.php of the component ZBA File Handler. The manipulation leads … | Apr 20, 2026 |
| CVE-2026-6066 | HIGH | 7.1 | ConnectWise has released a security update for ConnectWise Automate™ that addresses a behavior in the ConnectWise Automate Solution Center where certain client-to-server communications could occur … | Apr 20, 2026 |
| CVE-2026-41245 | MEDIUM | 5.9 | Junrar is an open source java RAR archive library. Prior to version 7.5.10, a path traversal vulnerability in `LocalFolderExtractor` allows an attacker to write arbitrary … | Apr 20, 2026 |