Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-27677 | MEDIUM | 6.5 | Due to missing authorization checks in the SAP S/4HANA OData Service (Manage Reference Equipment), an attacker could update and delete child entities via OData services … | Apr 14, 2026 |
| CVE-2026-27676 | MEDIUM | 4.3 | Due to missing authorization checks in the SAP S/4HANA OData Service (Manage Technical Object Structures), an attacker could update and delete child entities via exposed … | Apr 14, 2026 |
| CVE-2026-27675 | LOW | 2.0 | SAP Landscape Transformation contains a vulnerability in an RFC-exposed function module that could allow a high privileged adversary to inject arbitrary ABAP code and operating … | Apr 14, 2026 |
| CVE-2026-27674 | MEDIUM | 6.1 | Due to a Code Injection vulnerability in SAP NetWeaver Application Server Java (Web Dynpro Java), an unauthenticated attacker could supply crafted input that is interpreted … | Apr 14, 2026 |
| CVE-2026-27673 | MEDIUM | 4.9 | Due to a missing authorization check, SAP S/4HANA (Private Cloud and On-Premise) allows an authenticated user to delete files on the operating system and gain … | Apr 14, 2026 |
| CVE-2026-27672 | MEDIUM | 4.3 | The Material Master application does not enforce authorization checks for authenticated users when executing reports, resulting in the disclosure of sensitive information. This vulnerability has … | Apr 14, 2026 |
| CVE-2026-24318 | MEDIUM | 4.2 | Due to an Insecure session management vulnerability in SAP Business Objects Business Intelligence Platform, an unauthenticated attacker could obtain valid session tokens and reuse them … | Apr 14, 2026 |
| CVE-2026-0512 | MEDIUM | 6.1 | Due to a Cross-Site Scripting (XSS) vulnerability in the SAP Supplier Relationship Management (SICF Handler in SRM Catalog), an unauthenticated attacker could craft a malicious … | Apr 14, 2026 |
| CVE-2026-6203 | MEDIUM | 6.1 | The User Registration & Membership plugin for WordPress is vulnerable to Open Redirect in versions up to and including 5.1.4. This is due to insufficient … | Apr 13, 2026 |
| CVE-2026-5086 | UNKNOWN | — | Crypt::SecretBuffer versions before 0.019 for Perl is suseceptible to timing attacks. For example, if Crypt::SecretBuffer was used to store and compare plaintext passwords, then discrepencies … | Apr 13, 2026 |
| CVE-2026-39979 | UNKNOWN | — | jq is a command-line JSON processor. In commits before 2f09060afab23fe9390cce7cb860b10416e1bf5f, the jv_parse_sized() API in libjq accepts a counted buffer with an explicit length parameter, but … | Apr 13, 2026 |
| CVE-2026-39956 | MEDIUM | 6.1 | jq is a command-line JSON processor. In commits after 69785bf77f86e2ea1b4a20ca86775916889e91c9, the _strindices builtin in jq's src/builtin.c passes its arguments directly to jv_string_indexes() without verifying they … | Apr 13, 2026 |
| CVE-2026-6224 | HIGH | 7.3 | A security flaw has been discovered in nocobase plugin-workflow-javascript up to 2.0.23. This issue affects the function createSafeConsole of the file packages/plugins/@nocobase/plugin-workflow-javascript/src/server/Vm.js. Performing a manipulation … | Apr 13, 2026 |
| CVE-2026-6220 | MEDIUM | 4.7 | A vulnerability was identified in HummerRisk up to 1.5.0. This vulnerability affects the function ServerService.addServer of the file ServerService.java of the component Video File Download … | Apr 13, 2026 |
| CVE-2026-4786 | UNKNOWN | — | Mitgation of CVE-2026-4519 was incomplete. If the URL contained "%action" the mitigation could be bypassed for certain browser types the "webbrowser.open()" API could have commands … | Apr 13, 2026 |
| CVE-2026-40312 | MEDIUM | 6.2 | ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-19, an off by one error in the MSL … | Apr 13, 2026 |
| CVE-2026-40311 | MEDIUM | 5.5 | ImageMagick is free and open-source software used for editing and manipulating digital images. Versions below 7.1.2-19 and 6.9.13-44 contain a heap use-after-free vulnerability that can … | Apr 13, 2026 |
| CVE-2026-40310 | MEDIUM | 5.5 | ImageMagick is free and open-source software used for editing and manipulating digital images. Versions below both 7.1.2-19 and 6.9.13-44, contain a heap out-of-bounds write in … | Apr 13, 2026 |
| CVE-2026-40183 | MEDIUM | 5.5 | ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-19, the JXL encoder has an heap write overflow … | Apr 13, 2026 |
| CVE-2026-40169 | MEDIUM | 6.2 | ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-19, a crafted image could result in an out … | Apr 13, 2026 |
| CVE-2026-34238 | MEDIUM | 5.1 | ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, an integer overflow in the … | Apr 13, 2026 |
| CVE-2026-33947 | MEDIUM | 6.2 | jq is a command-line JSON processor. In versions 1.8.1 and below, functions jv_setpath(), jv_getpath(), and delpaths_sorted() in jq's src/jv_aux.c use unbounded recursion whose depth is … | Apr 13, 2026 |
| CVE-2026-33908 | HIGH | 7.5 | ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, Magick frees the memory of … | Apr 13, 2026 |
| CVE-2026-33905 | MEDIUM | 5.5 | ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, the -sample operation has an … | Apr 13, 2026 |
| CVE-2026-33902 | MEDIUM | 5.5 | ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, a stack overflow vulnerability in … | Apr 13, 2026 |