Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2025-54502 | UNKNOWN | — | Incorrect use of boot service in the AMD Platform Configuration Blob (APCB) SMM driver could allow a privileged attacker with local access (Ring 0) to … | Apr 16, 2026 |
| CVE-2026-6442 | HIGH | 8.3 | Improper validation of bash commands in Snowflake Cortex Code CLI versions prior to 1.0.25 allowed subsequent commands to execute outside the sandbox. An attacker could … | Apr 16, 2026 |
| CVE-2026-33121 | UNKNOWN | — | DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the API datasource saving process. The … | Apr 16, 2026 |
| CVE-2026-33084 | UNKNOWN | — | DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the sort parameter of the /de2api/datasetData/enumValueObj … | Apr 16, 2026 |
| CVE-2025-54510 | UNKNOWN | — | A missing lock verification in AMD Secure Processor (ASP) firmware may permit a locally authenticated attacker with administrative privileges to alter MMIO routing on some … | Apr 16, 2026 |
| CVE-2025-43937 | MEDIUM | 6.6 | Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an insertion of sensitive information into log file vulnerability. A low privileged attacker with local access could … | Apr 16, 2026 |
| CVE-2025-43935 | MEDIUM | 4.4 | Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an improper resource shutdown or release vulnerability. A high privileged attacker with local access could potentially exploit … | Apr 16, 2026 |
| CVE-2023-20585 | UNKNOWN | — | Insufficient checks of the RMP on host buffer access in IOMMU may allow an attacker with privileges and a compromised hypervisor to trigger an out … | Apr 16, 2026 |
| CVE-2026-41082 | HIGH | 7.3 | In OCaml opam before 2.5.1, a .install field containing a destination filepath can use ../ to reach a parent directory. | Apr 16, 2026 |
| CVE-2026-33083 | UNKNOWN | — | DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the orderDirection parameter used in dataset-related … | Apr 16, 2026 |
| CVE-2026-33082 | UNKNOWN | — | DataEase is an open source data visualization analysis tool. Versions 2.10.20 and below contain a SQL injection vulnerability in the dataset export functionality. The expressionTree … | Apr 16, 2026 |
| CVE-2026-2336 | UNKNOWN | — | A privilege escalation vulnerability in Microchip IStaX allows an authenticated low-privileged user to recover a shared per-device cookie secret from their own webstax_auth session cookie … | Apr 16, 2026 |
| CVE-2026-27820 | UNKNOWN | — | zlib is a Ruby interface for the zlib compression/decompression library. Versions 3.0.0 and below, 3.1.0, 3.1.1, 3.2.0 and 3.2.1 contain a buffer overflow vulnerability in … | Apr 16, 2026 |
| CVE-2026-24749 | MEDIUM | 5.3 | The Silverstripe Assets Module is a required component of Silverstripe Framework. In versions prior to 2.4.5 and 3.0.0-rc1 through 3.1.2, images rendered in templates or … | Apr 16, 2026 |
| CVE-2025-43883 | MEDIUM | 4.1 | Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an improper check for unusual or exceptional conditions vulnerability. A high privileged attacker with local access could … | Apr 16, 2026 |
| CVE-2026-41080 | LOW | 2.9 | libexpat before 2.7.6 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document. | Apr 16, 2026 |
| CVE-2025-36579 | MEDIUM | 5.1 | Dell Client Platform BIOS contains a Weak Password Recovery Mechanism vulnerability. An unauthenticated attacker with physical access to the system could potentially exploit this vulnerability, … | Apr 16, 2026 |
| CVE-2026-5426 | UNKNOWN | — | Hard-coded ASP.NET/IIS machineKey value in Digital Knowledge KnowledgeDeliver deployments prior to February 24, 2026 allows adversaries to circumvent ViewState validation mechanisms and achieve remote code … | Apr 16, 2026 |
| CVE-2026-37100 | UNKNOWN | — | An issue in the Bluetooth Low Energy (BLE) control interface of the Yamaha SR-B30A sound bar firmware 2.40 (Mobile App: Sound Bar Remote / version: … | Apr 16, 2026 |
| CVE-2026-6409 | UNKNOWN | — | A Denial of Service (DoS) vulnerability exists in the Protobuf PHP library during the parsing of untrusted input. Maliciously structured messages—specifically those containing negative varints … | Apr 16, 2026 |
| CVE-2026-3324 | HIGH | 8.2 | Zohocorp ManageEngine Log360 versions 13000 through 13013 are vulnerable to authentication bypass on certain actions due to improper filter configuration. | Apr 16, 2026 |
| CVE-2026-37347 | CRITICAL | 9.1 | SourceCodester Payroll Management and Information System v1.0 is vulnerable to SQL Injection in the file /payroll/view_employee.php. | Apr 16, 2026 |
| CVE-2026-37346 | MEDIUM | 4.7 | SourceCodester Payroll Management and Information System v1.0 is vulnerable to SQL Injection in the file /payroll/view_account.php?emp_id=. | Apr 16, 2026 |
| CVE-2026-37345 | CRITICAL | 9.8 | SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the file /parking/manage_park.php. | Apr 16, 2026 |
| CVE-2026-37344 | UNKNOWN | — | SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the file /parking/manage_location.php. | Apr 16, 2026 |