Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-32270 | UNKNOWN | — | Craft Commerce is an ecommerce platform for Craft CMS. In versions 4.0.0 through 4.10.2 and 5.0.0 through 5.5.4, the PaymentsController::actionPay discloses some order data to … | Apr 13, 2026 |
| CVE-2026-31048 | UNKNOWN | — | An issue in the <code>pickle</code> protocol of Pyro v3.x allows attackers to execute arbitrary code via supplying a crafted pickled string message. | Apr 13, 2026 |
| CVE-2026-6200 | HIGH | 8.8 | A vulnerability was determined in Tenda F456 1.0.0.5. The affected element is the function formwebtypelibrary of the file /goform/webtypelibrary. This manipulation of the argument menufacturer/Go … | Apr 13, 2026 |
| CVE-2026-6199 | HIGH | 8.8 | A vulnerability was found in Tenda F456 1.0.0.5. Impacted is the function fromqossetting of the file /goform/qossetting. The manipulation of the argument page results in … | Apr 13, 2026 |
| CVE-2026-6198 | HIGH | 8.8 | A vulnerability has been found in Tenda F456 1.0.0.5. This issue affects the function fromNatStaticSetting of the file /goform/NatStaticSetting. The manipulation of the argument page … | Apr 13, 2026 |
| CVE-2026-6197 | HIGH | 8.8 | A flaw has been found in Tenda F456 1.0.0.5. This vulnerability affects the function formWrlsafeset of the file /goform/AdvSetWrlsafeset. Executing a manipulation of the argument … | Apr 13, 2026 |
| CVE-2026-40044 | CRITICAL | 9.8 | Pachno 1.0.6 contains a deserialization vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting malicious serialized objects into cache files. Attackers can write … | Apr 13, 2026 |
| CVE-2026-40043 | MEDIUM | 6.5 | Pachno 1.0.6 contains an authentication bypass vulnerability in the runSwitchUser() action that allows authenticated low-privilege users to escalate privileges by manipulating the original_username cookie. Attackers … | Apr 13, 2026 |
| CVE-2026-40042 | CRITICAL | 9.8 | Pachno 1.0.6 contains an XML external entity injection vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting unsafe XML parsing in the TextParser … | Apr 13, 2026 |
| CVE-2026-40041 | MEDIUM | 4.3 | Pachno 1.0.6 contains a cross-site request forgery vulnerability that allows attackers to perform arbitrary actions in authenticated user context by exploiting missing CSRF protections on … | Apr 13, 2026 |
| CVE-2026-40040 | HIGH | 8.8 | Pachno 1.0.6 contains an unrestricted file upload vulnerability that allows authenticated users to upload arbitrary file types by bypassing ineffective extension filtering to the /uploadfile … | Apr 13, 2026 |
| CVE-2026-40039 | MEDIUM | 6.5 | Pachno 1.0.6 contains an open redirection vulnerability that allows attackers to redirect users to arbitrary external websites by manipulating the return_to parameter. Attackers can craft … | Apr 13, 2026 |
| CVE-2026-40038 | HIGH | 7.2 | Pachno 1.0.6 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious payloads into POST parameters. … | Apr 13, 2026 |
| CVE-2026-29955 | UNKNOWN | — | The `/registercrd` endpoint in KubePlus 4.14 in the kubeconfiggenerator component is vulnerable to command injection. The component uses `subprocess.Popen()` with `shell=True` parameter to execute shell … | Apr 13, 2026 |
| CVE-2026-6196 | HIGH | 8.8 | A vulnerability was detected in Tenda F456 1.0.0.5. This affects the function fromexeCommand of the file /goform/exeCommand. Performing a manipulation of the argument cmdinput results … | Apr 13, 2026 |
| CVE-2026-6195 | CRITICAL | 9.8 | A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this issue is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component … | Apr 13, 2026 |
| CVE-2026-6194 | HIGH | 8.8 | A weakness has been identified in Totolink A3002MU B20211125.1046. Affected by this vulnerability is the function sub_410188 of the file /boafrm/formWlanSetup of the component HTTP … | Apr 13, 2026 |
| CVE-2026-6100 | UNKNOWN | — | Use-after-free (UAF) was possible in the `lzma.LZMADecompressor`, `bz2.BZ2Decompressor`, and `gzip.GzipFile` when a memory allocation fails with a `MemoryError` and the decompression instance is re-used. This … | Apr 13, 2026 |
| CVE-2026-32316 | HIGH | 8.2 | jq is a command-line JSON processor. An integer overflow vulnerability exists through version 1.8.1 within the jvp_string_append() and jvp_string_copy_replace_bad functions, where concatenating strings with a … | Apr 13, 2026 |
| CVE-2026-28291 | HIGH | 8.1 | simple-git enables running native Git commands from JavaScript. Versions up to and including 3.31.1 allow execution of arbitrary commands through Git option manipulation, bypassing safety … | Apr 13, 2026 |
| CVE-2025-3756 | MEDIUM | 6.5 | A vulnerability exists in the command handling of the IEC 61850 communication stack included in the product revisions listed as affected in this CVE. An … | Apr 13, 2026 |
| CVE-2026-6193 | HIGH | 7.3 | A security flaw has been discovered in PHPGurukul Daily Expense Tracking System 1.1. Affected is an unknown function of the file /register.php. The manipulation of … | Apr 13, 2026 |
| CVE-2026-6192 | LOW | 3.3 | A vulnerability was identified in uclouvain openjpeg up to 2.5.4. This impacts the function opj_pi_initialise_encode in the library src/lib/openjp2/pi.c. The manipulation leads to integer overflow. … | Apr 13, 2026 |
| CVE-2026-6191 | MEDIUM | 6.3 | A vulnerability was determined in itsourcecode Construction Management System 1.0. This affects an unknown function of the file /equipments.php. Executing a manipulation of the argument … | Apr 13, 2026 |
| CVE-2026-6190 | MEDIUM | 6.3 | A vulnerability was found in itsourcecode Construction Management System 1.0. The impacted element is an unknown function of the file /employees.php. Performing a manipulation of … | Apr 13, 2026 |