Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-33516 | UNKNOWN | — | xrdp is an open source RDP server. Versions through 0.10.5 contain an out-of-bounds read vulnerability during the RDP capability exchange phase. The issue occurs when … | Apr 17, 2026 |
| CVE-2026-33093 | MEDIUM | 5.3 | Anviz CX7 Firmware is vulnerable to an unauthenticated POST to the device that captures a photo with the front facing camera, exposing visual information about … | Apr 17, 2026 |
| CVE-2026-32650 | HIGH | 7.5 | Anviz CrossChex Standard is vulnerable when an attacker manipulates the TDS7 PreLogin to disable encryption, causing database credentials to be sent in plaintext and enabling … | Apr 17, 2026 |
| CVE-2026-32648 | MEDIUM | 5.3 | Anviz CX2 Lite and CX7 are vulnerable to unauthenticated access that discloses debug configuration details (e.g., SSH/RTTY status), assisting attackers in reconnaissance against the device. | Apr 17, 2026 |
| CVE-2026-32624 | UNKNOWN | — | xrdp is an open source RDP server. Versions through 0.10.5 contain a heap-based buffer overflow vulnerability in its logon processing. In environments where domain_user_separator is … | Apr 17, 2026 |
| CVE-2026-32623 | UNKNOWN | — | xrdp is an open source RDP server. Versions through 0.10.5 contain a heap-based buffer overflow vulnerability in the NeutrinoRDP module. When proxying RDP sessions from … | Apr 17, 2026 |
| CVE-2026-32324 | HIGH | 7.7 | Anviz CX7 Firmware is vulnerable because the application embeds reusable certificate/key material, enabling decryption of MQTT traffic and potential interaction with device messaging channels at … | Apr 17, 2026 |
| CVE-2026-32107 | HIGH | 8.8 | xrdp is an open source RDP server. In versions through 0.10.5, the session execution component did not properly handle an error during the privilege drop … | Apr 17, 2026 |
| CVE-2026-32105 | UNKNOWN | — | xrdp is an open source RDP server. In versions through 0.10.5, xrdp does not implement verification for the Message Authentication Code (MAC) signature of encrypted … | Apr 17, 2026 |
| CVE-2026-31927 | MEDIUM | 4.9 | Anviz CX7 Firmware is vulnerable to an authenticated CSV upload which allows path traversal to overwrite arbitrary files (e.g., /etc/shadow), enabling unauthorized SSH access when … | Apr 17, 2026 |
| CVE-2026-6437 | MEDIUM | 6.5 | Improper neutralization of argument delimiters in the volume handling component in AWS EFS CSI Driver (aws-efs-csi-driver) before v3.0.1 allows remote authenticated users with PersistentVolume creation … | Apr 17, 2026 |
| CVE-2026-40525 | CRITICAL | 9.1 | OpenViking prior to commit c7bb167 contains an authentication bypass vulnerability in the VikingBot OpenAPI HTTP route surface where the authentication check fails open when the … | Apr 17, 2026 |
| CVE-2026-33337 | HIGH | 7.5 | Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when deserializing a slice packet, the xdr_datum() function does … | Apr 17, 2026 |
| CVE-2026-28224 | HIGH | 8.2 | Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when the server receives an op_crypt_key_callback packet without prior … | Apr 17, 2026 |
| CVE-2026-28214 | UNKNOWN | — | Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the ClumpletReader::getClumpletSize() function can overflow the totalLength value when … | Apr 17, 2026 |
| CVE-2026-28212 | HIGH | 7.5 | Firebird is an open-source relational database management system. In versions prior to 6.0.0, 5.0.4, 4.0.7 and 3.0.14, when processing an op_slice network packet, the server … | Apr 17, 2026 |
| CVE-2026-27890 | HIGH | 8.2 | Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when processing CNCT_specific_data segments during authentication, the server assumes … | Apr 17, 2026 |
| CVE-2026-5718 | HIGH | 8.1 | The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file upload in versions up to, and … | Apr 17, 2026 |
| CVE-2026-5710 | HIGH | 7.5 | The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to Path Traversal leading to Arbitrary File Read in … | Apr 17, 2026 |
| CVE-2026-40320 | UNKNOWN | — | Giskard is an open-source testing framework for AI models. In versions prior to 1.0.2b1, the ConformityCheck class rendered the rule parameter through Jinja2's default Template() … | Apr 17, 2026 |
| CVE-2026-40319 | UNKNOWN | — | Giskard is an open-source testing framework for AI models. In versions prior to 1.0.2b1, the RegexMatching check passes a user-supplied regular expression pattern directly to … | Apr 17, 2026 |
| CVE-2025-65104 | HIGH | 7.9 | Firebird is an open-source relational database management system. In versions FB3 of the client library placed incorrect data length values into XSQLDA fields when communicating … | Apr 17, 2026 |
| CVE-2026-40518 | HIGH | 7.1 | ByteDance DeerFlow before commit 2176b2b contains a path traversal and arbitrary file write vulnerability in bootstrap-mode custom-agent creation where the agent name validation is bypassed. … | Apr 17, 2026 |
| CVE-2026-40516 | HIGH | 8.3 | OpenHarness before commit bd4df81 contains a server-side request forgery vulnerability in the web_fetch and web_search tools that allows attackers to access private and localhost HTTP … | Apr 17, 2026 |
| CVE-2026-40515 | HIGH | 7.5 | OpenHarness before commit bd4df81 contains a permission bypass vulnerability that allows attackers to read sensitive files by exploiting incomplete path normalization in the permission checker. … | Apr 17, 2026 |