Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-40960 | HIGH | 8.1 | Luanti 5 before 5.15.2 sometimes allows unintended access to an insecure environment. If at least one mod is listed as secure.trusted_mods or secure.http_mods, then a … | Apr 16, 2026 |
| CVE-2026-40959 | CRITICAL | 9.3 | Luanti 5 before 5.15.2, when LuaJIT is used, allows a Lua sandbox escape via a crafted mod. | Apr 16, 2026 |
| CVE-2026-40503 | MEDIUM | 6.5 | OpenHarness prior to commit dd1d235 contains a path traversal vulnerability that allows remote gateway users with chat access to read arbitrary files by supplying path … | Apr 16, 2026 |
| CVE-2026-40502 | HIGH | 8.8 | OpenHarness prior to commit dd1d235 contains a command injection vulnerability that allows remote gateway users with chat access to invoke sensitive administrative commands by exploiting … | Apr 16, 2026 |
| CVE-2026-5363 | UNKNOWN | — | Inadequate Encryption Strength vulnerability in TP-Link Archer C7 v5 and v5.8 (uhttpd modules) allows Password Recovery Exploitation. The web interface encrypts the admin password client-side … | Apr 16, 2026 |
| CVE-2026-4880 | CRITICAL | 9.8 | The Barcode Scanner (+Mobile App) – Inventory manager, Order fulfillment system, POS (Point of Sale) plugin for WordPress is vulnerable to privilege escalation via insecure … | Apr 16, 2026 |
| CVE-2026-40947 | LOW | 2.9 | Yubico libfido2 before 1.17.0, python-fido2 before 2.2.0, and yubikey-manager before 5.9.1 have an unintended DLL search path. | Apr 16, 2026 |
| CVE-2026-40245 | HIGH | 7.5 | Free5GC is an open-source Linux Foundation project for 5th generation (5G) mobile core networks. Versions 4.2.1 and below contain an information disclosure vulnerability in the … | Apr 16, 2026 |
| CVE-2026-40193 | HIGH | 8.2 | maddy is a composable, all-in-one mail server. Versions prior to 0.9.3 contain an LDAP injection vulnerability in the auth.ldap module where user-supplied usernames are interpolated … | Apr 16, 2026 |
| CVE-2026-4949 | MEDIUM | 4.3 | The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Missing Authorization … | Apr 15, 2026 |
| CVE-2026-40316 | HIGH | 8.8 | OWASP BLT is a QA testing and vulnerability disclosure platform that encompasses websites, apps, git repositories, and more. Versions prior to 2.1.1 contain an RCE … | Apr 15, 2026 |
| CVE-2026-40192 | UNKNOWN | — | Pillow is a Python imaging library. Versions 10.3.0 through 12.1.1 did not limit the amount of GZIP-compressed data read when decoding a FITS image, making … | Apr 15, 2026 |
| CVE-2026-40179 | UNKNOWN | — | Prometheus is an open-source monitoring system and time series database. Versions 3.0 through 3.5.1 and 3.6.0 through 3.11.1 have stored cross-site scripting vulnerabilities in multiple … | Apr 15, 2026 |
| CVE-2026-39350 | MEDIUM | 5.4 | Istio is an open platform to connect, manage, and secure microservices. In versions 1.25.0 through 1.27.8, 1.28.0 through 1.28.5, 1.29.0, and 1.29.1, the serviceAccounts and … | Apr 15, 2026 |
| CVE-2026-6388 | CRITICAL | 9.1 | A flaw was found in ArgoCD Image Updater. This vulnerability allows an attacker, with permissions to create or modify an ImageUpdater resource in a multi-tenant … | Apr 15, 2026 |
| CVE-2026-40500 | MEDIUM | 6.8 | ProcessWire CMS version 3.0.255 and prior contain a server-side request forgery vulnerability in the admin panel's 'Add Module From URL' feature that allows authenticated administrators … | Apr 15, 2026 |
| CVE-2026-1711 | UNKNOWN | — | Pega Platform versions 8.1.0 through 25.1.1 are affected by a Stored Cross-Site Scripting vulnerability in a user interface component. Requires a high privileged user with … | Apr 15, 2026 |
| CVE-2026-1564 | UNKNOWN | — | Pega Platform versions 8.1.0 through 25.1.1 are affected by an HTML Injection vulnerability in a user interface component. Requires a high privileged user with a … | Apr 15, 2026 |
| CVE-2026-6398 | UNKNOWN | — | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this … | Apr 15, 2026 |
| CVE-2026-40261 | HIGH | 8.8 | Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::syncCodeBase() method, which … | Apr 15, 2026 |
| CVE-2026-40186 | MEDIUM | 6.1 | ApostropheCMS is an open-source Node.js content management system. A regression introduced in commit 49d0bb7, included in versions 2.17.1 of the ApostropheCMS-maintained sanitize-html package bypasses allowedTags … | Apr 15, 2026 |
| CVE-2026-40176 | HIGH | 7.8 | Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::generateP4Command() method, which … | Apr 15, 2026 |
| CVE-2026-40173 | CRITICAL | 9.4 | Dgraph is an open source distributed GraphQL database. Versions 25.3.1 and prior contain an unauthenticated credential disclosure vulnerability where the /debug/pprof/cmdline endpoint is registered on … | Apr 15, 2026 |
| CVE-2026-22676 | HIGH | 7.8 | Barracuda RMM versions prior to 2025.2.2 contain a privilege escalation vulnerability that allows local attackers to gain SYSTEM-level privileges by exploiting overly permissive filesystem ACLs … | Apr 15, 2026 |
| CVE-2026-6385 | MEDIUM | 6.5 | A flaw was found in FFmpeg. A remote attacker could exploit this vulnerability by providing a specially crafted MPEG-PS/VOB media file containing a malicious DVD … | Apr 15, 2026 |