Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-22566 | HIGH | 7.5 | An Improper Access Control vulnerability could allow a malicious actor with access to the UniFi Play network to obtain UniFi Play WiFi credentials. Affected Products: … | Apr 13, 2026 |
| CVE-2026-22565 | UNKNOWN | — | An Improper Input Validation vulnerability could allow a malicious actor with access to the UniFi Play network to cause the device to stop responding. Affected … | Apr 13, 2026 |
| CVE-2026-22564 | CRITICAL | 9.8 | An Improper Access Control vulnerability could allow a malicious actor with access to the UniFi Play network to enable SSH to make unauthorized changes to … | Apr 13, 2026 |
| CVE-2026-22563 | CRITICAL | 9.8 | A series of Improper Input Validation vulnerabilities could allow a Command Injection by a malicious actor with access to the UniFi Play network. Affected Products: … | Apr 13, 2026 |
| CVE-2026-22562 | CRITICAL | 9.8 | A malicious actor with access to the UniFi Play network could exploit a Path Traversal vulnerability found in the device firmware to write files on … | Apr 13, 2026 |
| CVE-2026-6219 | MEDIUM | 5.3 | A vulnerability was determined in aandrew-me ytDownloader up to 3.20.2. This affects the function child_process.exec of the file src/compressor.js of the component Compressor Feature. This … | Apr 13, 2026 |
| CVE-2026-6218 | MEDIUM | 4.3 | A vulnerability was found in aandrew-me ytDownloader up to 3.20.2. Affected by this issue is the function createTextNode of the component Error Details Panel. The … | Apr 13, 2026 |
| CVE-2026-6216 | LOW | 3.5 | A security vulnerability has been detected in DbGate up to 7.1.4. This affects an unknown function of the file packages/web/src/icons/FontIcon.svelte of the component SVG Icon … | Apr 13, 2026 |
| CVE-2026-33901 | HIGH | 7.5 | ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, a heap buffer overflow occurs … | Apr 13, 2026 |
| CVE-2026-33900 | MEDIUM | 5.9 | ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, the viff encoder contains an … | Apr 13, 2026 |
| CVE-2026-33899 | MEDIUM | 5.3 | ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-189 and 6.9.13-44, when `Magick` parses an XML file … | Apr 13, 2026 |
| CVE-2026-33740 | MEDIUM | 5.4 | EspoCRM is an open source customer relationship management application. In versions 9.3.3 and below, the POST /api/v1/Email/importEml endpoint contains an Insecure Direct Object Reference (IDOR) … | Apr 13, 2026 |
| CVE-2026-33659 | LOW | 3.5 | EspoCRM is an open source customer relationship management application. In versions 9.3.3 and below, the POST /api/v1/Attachment/fromImageUrl endpoint is vulnerable to Server-Side Request Forgery (SSRF) … | Apr 13, 2026 |
| CVE-2026-32272 | UNKNOWN | — | Craft Commerce is an ecommerce platform for Craft CMS. In versions 5.0.0 through 5.5.4, an SQL injection vulnerability exists where the ProductQuery::hasVariant and VariantQuery::hasProduct properties … | Apr 13, 2026 |
| CVE-2026-32271 | UNKNOWN | — | Craft Commerce is an ecommerce platform for Craft CMS. In versions 4.0.0 through 4.10.2 and 5.0.0 through 5.5.4, there is an SQL injection vulnerability in … | Apr 13, 2026 |
| CVE-2026-31280 | UNKNOWN | — | An issue in the Bluetooth RFCOMM service of Parani M10 Motorcycle Intercom v2.1.3 allows unauthorized attackers to cause a Denial of Service (DoS) via supplying … | Apr 13, 2026 |
| CVE-2026-26460 | UNKNOWN | — | A HTML Injection vulnerability exists in the Dashboard module of Vtiger CRM 8.4.0. The application fails to properly neutralize user-supplied input in the tabid parameter … | Apr 13, 2026 |
| CVE-2025-70936 | MEDIUM | 5.4 | Vtiger CRM 8.4.0 contains a reflected cross-site scripting (XSS) vulnerability in the MailManager module. Improper handling of user-controlled input in the _folder parameter allows a … | Apr 13, 2026 |
| CVE-2025-51414 | UNKNOWN | — | In Phpgurukul Online Course Registration v3.1, an arbitrary file upload vulnerability was discovered within the profile picture upload functionality on the /my-profile.php page. | Apr 13, 2026 |
| CVE-2026-6215 | MEDIUM | 6.3 | A weakness has been identified in DbGate up to 7.1.4. The impacted element is the function apiServerUrl1 of the file packages/rest/src/openApiDriver.ts of the component REST/GraphQL. … | Apr 13, 2026 |
| CVE-2026-6202 | MEDIUM | 6.3 | A security flaw has been discovered in code-projects Easy Blog Site 1.0. This affects an unknown function of the file post.php. Performing a manipulation of … | Apr 13, 2026 |
| CVE-2026-6201 | MEDIUM | 5.4 | A vulnerability was identified in CodeAstro Online Job Portal 1.0. The impacted element is an unknown function of the file /jobs/job-delete.php of the component Delete … | Apr 13, 2026 |
| CVE-2026-33657 | MEDIUM | 4.6 | EspoCRM is an open source customer relationship management application. Versions 9.3.3 and below have a stored HTML injection vulnerability that allows any authenticated user with … | Apr 13, 2026 |
| CVE-2026-33534 | MEDIUM | 4.3 | EspoCRM is an open source customer relationship management application. Versions 9.3.3 and below have an authenticated Server-Side Request Forgery (SSRF) vulnerability that allows bypassing the … | Apr 13, 2026 |
| CVE-2026-32605 | HIGH | 7.5 | nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.3.0, an untrusted peer could crash … | Apr 13, 2026 |