Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-39845 | MEDIUM | 4.1 | Weblate is a web based localization tool. In versions prior to 5.17, the webhook add-on did not utilize existing SSRF protections. This issue has been … | Apr 15, 2026 |
| CVE-2026-34632 | HIGH | 8.2 | Adobe Photoshop Installer was affected by an Uncontrolled Search Path Element vulnerability that could have resulted in arbitrary code execution in the context of the … | Apr 15, 2026 |
| CVE-2026-34393 | HIGH | 8.8 | Weblate is a web based localization tool. In versions prior to 5.17, the user patching API endpoint didn't properly limit the scope of edits. This … | Apr 15, 2026 |
| CVE-2026-34244 | MEDIUM | 5.0 | Weblate is a web based localization tool. In versions prior to 5.17, a user with the project.edit permission (granted by the per-project "Administration" role) can … | Apr 15, 2026 |
| CVE-2026-34242 | HIGH | 7.7 | Weblate is a web based localization tool. In versions prior to 5.17, the ZIP download feature didn't verify downloaded files, potentially following symlinks outside the … | Apr 15, 2026 |
| CVE-2026-33667 | HIGH | 7.4 | OpenProject is an open-source project management application. In versions prior to 17.3.0, 2FA OTP verification in the confirm_otp action of the two_factor_authentication module has no … | Apr 15, 2026 |
| CVE-2026-33440 | MEDIUM | 5.0 | Weblate is a web based localization tool. In versions prior to 5.17, the ALLOWED_ASSET_DOMAINS setting applied only to the first issued requests and didn't restrict … | Apr 15, 2026 |
| CVE-2026-33435 | HIGH | 8.0 | Weblate is a web based localization tool. In versions prior to 5.17, the project backup didn't filter Git and Mercurial configuration files which could lead … | Apr 15, 2026 |
| CVE-2026-33220 | MEDIUM | 6.8 | Weblate is a web based localization tool. In versions prior to 5.17, the translation memory API exposed unintended endpoints, which in turn didn't perform proper … | Apr 15, 2026 |
| CVE-2026-6290 | HIGH | 8.0 | Velociraptor versions prior to 0.76.3 contain a vulnerability in the query() plugin which allows access to all orgs with the user's current ACL token. This … | Apr 15, 2026 |
| CVE-2026-5758 | MEDIUM | 6.5 | JavaScript is vulnerable to prototype pollution in Mafintosh's protocol-buffers-schema Version 3.6.0, where an attacker may alter the application logic, bypass security checks, cause a DoS … | Apr 15, 2026 |
| CVE-2026-33214 | MEDIUM | 4.3 | Weblate is a web based localization tool. In versions prior to 5.17, the translation memory API exposed unintended endpoints, which in turn didn't enforce proper … | Apr 15, 2026 |
| CVE-2026-33212 | LOW | 3.1 | Weblate is a web based localization tool. In versions prior to 5.17, the tasks API didn't verify user access for pending tasks. This could expose … | Apr 15, 2026 |
| CVE-2026-32631 | HIGH | 7.4 | Git for Windows is the Windows port of Git. Versions prior to 2.53.0.windows.3 do not have protections that prevent attackers from obtaining a user's NTLM … | Apr 15, 2026 |
| CVE-2026-30993 | CRITICAL | 9.8 | Slah CMS v1.5.0 and below was discovered to contain a remote code execution (RCE) vulnerability in the session() function at config.php. This vulnerability is exploitable … | Apr 15, 2026 |
| CVE-2026-6372 | HIGH | 7.5 | Missing Authorization vulnerability in Plisio Accept Cryptocurrencies with Plisio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accept Cryptocurrencies with Plisio: from n/a … | Apr 15, 2026 |
| CVE-2026-6370 | MEDIUM | 5.9 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HashThemes Mini Ajax Cart for WooCommerce allows Stored XSS.This issue affects Mini Ajax … | Apr 15, 2026 |
| CVE-2026-30996 | HIGH | 7.5 | An issue in the file handling logic of the component download.php of SAC-NFe v2.0.02 allows attackers to execute a directory traversal and read arbitrary files … | Apr 15, 2026 |
| CVE-2026-30995 | HIGH | 8.6 | Slah CMS v1.5.0 and below was discovered to contain a SQL injection vulnerability via the id parameter in the vereador_ver.php endpoint. | Apr 15, 2026 |
| CVE-2026-30994 | HIGH | 7.5 | Incorrect access control in the config.php component of Slah v1.5.0 and below allows unauthenticated attackers to access sensitive information, including active session credentials. | Apr 15, 2026 |
| CVE-2026-20186 | CRITICAL | 9.9 | A vulnerability in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an … | Apr 15, 2026 |
| CVE-2026-20184 | CRITICAL | 9.8 | A vulnerability in the integration of single sign-on (SSO) with Control Hub in Cisco Webex Services could have allowed an unauthenticated, remote attacker to impersonate … | Apr 15, 2026 |
| CVE-2026-20180 | CRITICAL | 9.9 | A vulnerability in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an … | Apr 15, 2026 |
| CVE-2026-20170 | MEDIUM | 6.1 | A vulnerability in the Desktop Agent functionality of Cisco Webex Contact Center could have allowed an unauthenticated, remote attacker to conduct cross-site scripting attacks. Cisco … | Apr 15, 2026 |
| CVE-2026-20161 | MEDIUM | 5.5 | A vulnerability in the CLI of Cisco ThousandEyes Enterprise Agent could allow an authenticated, local attacker with low privileges to overwrite arbitrary files on the … | Apr 15, 2026 |