Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-3464 | HIGH | 8.8 | The WP Customer Area plugin for WordPress is vulnerable to arbitrary file read and deletion due to insufficient file path validation in the 'ajax_attach_file' function … | Apr 17, 2026 |
| CVE-2026-21733 | HIGH | 7.3 | Software installed and run as a non-privileged user may conduct improper GPU system calls to gain write permission to read-only wrapped user-mode memory and files. … | Apr 17, 2026 |
| CVE-2026-6497 | MEDIUM | 6.3 | A vulnerability was determined in prasathmani TinyFileManager up to 2.6. Affected by this vulnerability is an unknown functionality of the file /filemanager.php?p= ajax=true&type=upload of the … | Apr 17, 2026 |
| CVE-2026-6284 | CRITICAL | 9.1 | An attacker with network access to the PLC is able to brute force discover passwords to gain unauthorized access to systems and services. The limited … | Apr 17, 2026 |
| CVE-2026-21709 | UNKNOWN | — | A vulnerability allowing a local attacker with administrator privileges to bypass Windows Driver Signature Enforcement. | Apr 17, 2026 |
| CVE-2026-6496 | MEDIUM | 5.4 | A vulnerability was found in prasathmani TinyFileManager up to 2.6. Affected is an unknown function of the file /filemanager.php of the component POST Parameter Handler. … | Apr 17, 2026 |
| CVE-2026-6493 | LOW | 3.5 | A flaw has been found in lukevella rallly up to 4.7.4. This affects an unknown function of the file apps/web/src/app/[locale]/(auth)/reset-password/components/reset-password-form.tsx of the component Reset Password … | Apr 17, 2026 |
| CVE-2026-41153 | MEDIUM | 5.8 | In JetBrains Junie before 252.549.29 command execution was possible via malicious project file | Apr 17, 2026 |
| CVE-2026-37749 | CRITICAL | 9.8 | A SQL injection vulnerability in CodeAstro Simple Attendance Management System v1.0 allows remote unauthenticated attackers to bypass authentication via the username parameter in index.php. | Apr 17, 2026 |
| CVE-2026-6492 | MEDIUM | 5.3 | A vulnerability was detected in arnobt78 Hotel Booking Management System up to f8922d0e0f6ac1cc761974c7616f44c2bbc04bea. The impacted element is an unknown function of the file /api/health/detailed of … | Apr 17, 2026 |
| CVE-2026-6491 | MEDIUM | 5.3 | A security vulnerability has been detected in libvips up to 8.18.2. The affected element is the function im_minpos_vec of the file libvips/deprecated/vips7compat.c of the component … | Apr 17, 2026 |
| CVE-2026-6490 | HIGH | 7.3 | A weakness has been identified in QueryMine sms up to 7ab5a9ea196209611134525ffc18de25c57d9593. Impacted is an unknown function of the file admin/deletecourse.php of the component GET Request … | Apr 17, 2026 |
| CVE-2026-40459 | UNKNOWN | — | PAC4J is vulnerable to LDAP Injection in multiple methods. A low-privileged remote attacker can inject crafted LDAP syntax into ID-based search parameters, potentially resulting in … | Apr 17, 2026 |
| CVE-2026-40458 | UNKNOWN | — | PAC4J is vulnerable to Cross-Site Request Forgery (CSRF). A malicious attacker can craft a specially designed website which, when visited by a user, will automatically … | Apr 17, 2026 |
| CVE-2026-31317 | UNKNOWN | — | Craftql v1.3.7 and before is vulnerable to Server-Side Request Forgery (SSRF) which allows an attacker to execute arbitrary code via the vendor/markhuot/craftql/src/Listeners/GetAssetsFieldSchema.php file | Apr 17, 2026 |
| CVE-2025-70795 | MEDIUM | 5.5 | STProcessMonitor 11.11.4.0, part of the Safetica Application suite, allows an admin-privileged user to send crafted IOCTL requests to terminate processes that are protected through a … | Apr 17, 2026 |
| CVE-2026-6507 | HIGH | 7.5 | A flaw was found in dnsmasq. A remote attacker could exploit an out-of-bounds write vulnerability by sending a specially crafted BOOTREPLY (Bootstrap Protocol Reply) packet … | Apr 17, 2026 |
| CVE-2026-6489 | MEDIUM | 6.3 | A security flaw has been discovered in QueryMine sms up to 7ab5a9ea196209611134525ffc18de25c57d9593. This issue affects some unknown processing of the file admin/addteacher.php of the component … | Apr 17, 2026 |
| CVE-2026-6488 | MEDIUM | 6.3 | A vulnerability was identified in QueryMine sms up to 7ab5a9ea196209611134525ffc18de25c57d9593. This vulnerability affects unknown code of the file admin/editcourse.php of the component GET Request Parameter … | Apr 17, 2026 |
| CVE-2026-6487 | MEDIUM | 4.3 | A flaw has been found in Qihui jtbc5 CMS 5.0.3.6. Affected is an unknown function of the file /dev/code/common/diplomat/manage.php of the component Code Endpoint. This … | Apr 17, 2026 |
| CVE-2026-6486 | LOW | 3.5 | A vulnerability was detected in classroombookings up to 2.17.0. This impacts the function read of the file crbs-core/application/views/layout.php of the component User Display Name Handler. … | Apr 17, 2026 |
| CVE-2026-28263 | MEDIUM | 5.9 | Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 … | Apr 17, 2026 |
| CVE-2026-23777 | MEDIUM | 4.3 | Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 … | Apr 17, 2026 |
| CVE-2025-46641 | MEDIUM | 6.6 | Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 8.4 through 8.5 contain an improper authentication vulnerability. A high … | Apr 17, 2026 |
| CVE-2025-46607 | MEDIUM | 6.6 | Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 8.4 through 8.5 contain an improper authentication vulnerability. A high … | Apr 17, 2026 |