Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-20152 | MEDIUM | 5.3 | A vulnerability in the authentication service feature of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass authentication … | Apr 15, 2026 |
| CVE-2026-20148 | MEDIUM | 4.9 | A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to perform path traversal attacks on the underlying operating system and … | Apr 15, 2026 |
| CVE-2026-20147 | CRITICAL | 9.9 | A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an … | Apr 15, 2026 |
| CVE-2026-20136 | MEDIUM | 6.0 | A vulnerability in the CLI of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, local attacker with administrative … | Apr 15, 2026 |
| CVE-2026-20132 | MEDIUM | 4.8 | Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker with administrative write privileges to conduct a … | Apr 15, 2026 |
| CVE-2026-20081 | MEDIUM | 6.5 | Multiple vulnerabilities in Cisco Unity Connection could allow an authenticated, remote attacker to download arbitrary files from an affected system. To exploit these vulnerabilities, the attacker … | Apr 15, 2026 |
| CVE-2026-20078 | MEDIUM | 6.5 | Multiple vulnerabilities in Cisco Unity Connection could allow an authenticated, remote attacker to download arbitrary files from an affected system. To exploit these vulnerabilities, the attacker … | Apr 15, 2026 |
| CVE-2026-20061 | MEDIUM | 4.3 | A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authenticated, remote attacker to perform an SQL injection attack against an … | Apr 15, 2026 |
| CVE-2026-20060 | MEDIUM | 4.7 | A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to redirect a user to a malicious web … | Apr 15, 2026 |
| CVE-2026-20059 | MEDIUM | 6.1 | A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a reflected XSS attack against a … | Apr 15, 2026 |
| CVE-2025-63029 | HIGH | 7.6 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WC Lovers WCFM Marketplace allows SQL Injection.This issue affects WCFM Marketplace: … | Apr 15, 2026 |
| CVE-2025-15636 | MEDIUM | 6.5 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Emarket-design YouTube Showcase allows Stored XSS.This issue affects YouTube Showcase: from n/a through … | Apr 15, 2026 |
| CVE-2025-15635 | MEDIUM | 4.3 | Cross-Site Request Forgery (CSRF) vulnerability in Zaytech Smart Online Order for Clover allows Cross Site Request Forgery.This issue affects Smart Online Order for Clover: from … | Apr 15, 2026 |
| CVE-2025-15610 | UNKNOWN | — | Deserialization of untrusted data vulnerability in OpenText, Inc RightFax on Windows, 64 bit, 32 bit allows Object Injection.This issue affects RightFax: through 25.4. | Apr 15, 2026 |
| CVE-2026-5387 | UNKNOWN | — | The vulnerability, if exploited, could allow an unauthenticated miscreant to perform operations intended only for Simulator Instructor or Simulator Developer (Administrator) roles, resulting in privilege … | Apr 15, 2026 |
| CVE-2026-30625 | UNKNOWN | — | Upsonic 0.71.6 contains a remote code execution vulnerability in its MCP server/task creation functionality. The application allows users to define MCP tasks with arbitrary command … | Apr 15, 2026 |
| CVE-2026-30624 | HIGH | 8.6 | Agent Zero 0.9.8 contains a remote code execution vulnerability in its External MCP Servers configuration feature. The application allows users to define MCP servers using … | Apr 15, 2026 |
| CVE-2026-30617 | HIGH | 8.6 | LangChain-ChatChat 0.3.1 contains a remote code execution vulnerability in its MCP STDIO server configuration and execution handling. A remote attacker can access the publicly exposed … | Apr 15, 2026 |
| CVE-2026-30616 | HIGH | 7.3 | Jaaz 1.0.30 contains a remote code execution vulnerability in its MCP STDIO command execution handling. A remote attacker can send crafted network requests to the … | Apr 15, 2026 |
| CVE-2026-30615 | HIGH | 8.0 | A prompt injection vulnerability in Windsurf 1.9544.26 allows remote attackers to execute arbitrary commands on a victim system. When Windsurf processes attacker-controlled HTML content, malicious … | Apr 15, 2026 |
| CVE-2026-30461 | UNKNOWN | — | Daylight Studio FuelCMS v1.5.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the /controllers/Installer.php and the function add_git_submodule. | Apr 15, 2026 |
| CVE-2026-20205 | HIGH | 7.2 | In Splunk MCP Server app versions below 1.0.3 , a user who holds a role with access to the Splunk `_internal` index or possesses the … | Apr 15, 2026 |
| CVE-2026-20204 | HIGH | 7.1 | In Splunk Enterprise versions below 10.2.1, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform versions below 10.4.2603.0, 10.3.2512.5, 10.2.2510.9, 10.1.2507.19, 10.0.2503.13, and 9.3.2411.127, a low-privileged … | Apr 15, 2026 |
| CVE-2026-20203 | MEDIUM | 4.3 | In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform versions below 10.4.2603.0, 10.3.2512.6, 10.2.2510.10, 10.1.2507.19, 10.0.2503.13, and 9.3.2411.127, a low-privileged … | Apr 15, 2026 |
| CVE-2026-20202 | MEDIUM | 6.6 | In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform versions below 10.4.2603.0, 10.3.2512.6, 10.2.2510.10, 10.1.2507.20, 10.0.2503.13, and 9.3.2411.127, a user … | Apr 15, 2026 |