Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-4365 | CRITICAL | 9.1 | The LearnPress plugin for WordPress is vulnerable to unauthorized data deletion due to a missing capability check on the `delete_question_answer()` function in all versions up … | Apr 14, 2026 |
| CVE-2026-4352 | HIGH | 7.5 | The JetEngine plugin for WordPress is vulnerable to SQL Injection via the Custom Content Type (CCT) REST API search endpoint in all versions up to, … | Apr 14, 2026 |
| CVE-2026-39426 | UNKNOWN | — | MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain a Stored Cross-Site Scripting (XSS) vulnerability where the frontend's MdRenderer.vue component parses … | Apr 14, 2026 |
| CVE-2026-39425 | UNKNOWN | — | MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain a Stored Cross-Site Scripting (XSS) vulnerability that allows authenticated users to inject … | Apr 14, 2026 |
| CVE-2026-39419 | LOW | 3.1 | MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, an authenticated user can bypass sandbox result validation and spoof tool execution … | Apr 14, 2026 |
| CVE-2026-34225 | MEDIUM | 4.3 | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Versions 0.7.2 and below contain a Blind Server Side Request Forgery in … | Apr 14, 2026 |
| CVE-2026-39424 | UNKNOWN | — | MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, the chat export feature is vulnerable to Improper Neutralization of Formula Elements … | Apr 14, 2026 |
| CVE-2026-39423 | UNKNOWN | — | MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain an Eval Injection vulnerability in the Markdown rendering engine that allows any … | Apr 14, 2026 |
| CVE-2026-39422 | UNKNOWN | — | MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain a Stored Cross-Site Scripting (XSS) vulnerability through the application name or icon … | Apr 14, 2026 |
| CVE-2026-39421 | MEDIUM | 6.3 | MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain a sandbox escape vulnerability in the ToolExecutor component. By leveraging Python's ctypes … | Apr 14, 2026 |
| CVE-2026-39420 | MEDIUM | 6.3 | MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, an incomplete sandbox protection mechanism allows an authenticated user with tool execution … | Apr 14, 2026 |
| CVE-2026-39418 | MEDIUM | 5.0 | MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, sandbox network protection can be bypassed by using socket.sendto() with the MSG_FASTOPEN … | Apr 14, 2026 |
| CVE-2026-34264 | MEDIUM | 6.5 | During authorization checks in SAP Human Capital Management for SAP S/4HANA, the system returns specific messages. Due to this, an authenticated user with low privileges … | Apr 14, 2026 |
| CVE-2026-34262 | MEDIUM | 5.0 | Information Disclosure Vulnerability in SAP HANA Cockpit and HANA Database Explorer | Apr 14, 2026 |
| CVE-2026-34261 | MEDIUM | 6.5 | Due to a missing authorization check in SAP Business Analytics and SAP Content Management, an authenticated user could make unauthorized calls to certain remote function … | Apr 14, 2026 |
| CVE-2026-34257 | MEDIUM | 6.1 | Due to an Open Redirect vulnerability in SAP NetWeaver Application Server ABAP, an unauthenticated attacker could craft malicious URL that, if accessed by a victim, … | Apr 14, 2026 |
| CVE-2026-34256 | HIGH | 7.1 | Due to a missing authorization check in SAP ERP and SAP S/4HANA (Private Cloud and On-Premise), an authenticated attacker could execute a particular ABAP report … | Apr 14, 2026 |
| CVE-2026-40164 | HIGH | 7.5 | jq is a command-line JSON processor. Before commit 0c7d133c3c7e37c00b6d46b658a02244fdd3c784, jq used MurmurHash3 with a hardcoded, publicly visible seed (0x432A9843) for all JSON object hash table … | Apr 14, 2026 |
| CVE-2026-39417 | MEDIUM | 4.6 | MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain an incomplete fix for CVE-2025-53928, where a Remote Code Execution vulnerability still … | Apr 14, 2026 |
| CVE-2026-34069 | MEDIUM | 5.3 | nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. In versions 1.2.2 and below, an unauthenticated p2p peer … | Apr 14, 2026 |
| CVE-2026-33948 | UNKNOWN | — | jq is a command-line JSON processor. Commits before 6374ae0bcdfe33a18eb0ae6db28493b1f34a0a5b contain a vulnerability where CLI input parsing allows validation bypass via embedded NUL bytes. When reading … | Apr 14, 2026 |
| CVE-2026-27683 | MEDIUM | 4.1 | SAP BusinessObjects Business Intelligence application allows an authenticated attacker to inject malicious JavaScript payloads through crafted URLs. When a victim accesses the URL, the script … | Apr 14, 2026 |
| CVE-2026-27681 | CRITICAL | 9.9 | Due to insufficient authorization checks in SAP Business Planning and Consolidation and SAP Business Warehouse, an authenticated user can execute crafted SQL statements to read, … | Apr 14, 2026 |
| CVE-2026-27679 | MEDIUM | 6.5 | Due to missing authorization checks in the SAP S/4HANA frontend OData Service (Manage Reference Structures), an attacker could update and delete child entities via exposed … | Apr 14, 2026 |
| CVE-2026-27678 | MEDIUM | 6.5 | Due to missing authorization checks in the SAP S/4HANA backend OData Service (Manage Reference Structures), an attacker could update and delete child entities via exposed … | Apr 14, 2026 |