Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-6189 | HIGH | 7.3 | A vulnerability has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. The affected element is an unknown function of the file /ajax.php?action=login. Such … | Apr 13, 2026 |
| CVE-2026-39940 | UNKNOWN | — | ChurchCRM is an open-source church management system. Prior to 7.0.0, it was possible in many places across the ChurchCRM application to create a link that, … | Apr 13, 2026 |
| CVE-2026-36952 | LOW | 2.7 | Sourcecodester Online Thesis Archiving System v1.0 is vulnerable to SQL injection in the file /otas/admin/curriculum/manage_curriculum.php. | Apr 13, 2026 |
| CVE-2026-36950 | LOW | 2.7 | Sourcecodester Online Thesis Archiving System v1.0 is vulnerable to SQL injection in /otas/projects_per_department.php. | Apr 13, 2026 |
| CVE-2026-36948 | HIGH | 7.3 | Sourcecodester Online Thesis Archiving System v1.0 is vulnerale to SQL injection in the file /otas/view_archive.php. | Apr 13, 2026 |
| CVE-2026-33555 | MEDIUM | 4.0 | An issue was discovered in HAProxy before 3.3.6. The HTTP/3 parser does not check that the received body length matches a previously announced content-length when … | Apr 13, 2026 |
| CVE-2026-23891 | UNKNOWN | — | Decidim is a participatory democracy framework. In versions below 0.30.5 and 0.31.0.rc1 through 0.31.0, a stored code execution vulnerability in the user name field allows … | Apr 13, 2026 |
| CVE-2026-6231 | MEDIUM | 4.3 | The bson_validate function may return early on specific inputs and incorrectly report success. This behavior could result in skipping validation for BSON data, allowing malformed … | Apr 13, 2026 |
| CVE-2026-6188 | HIGH | 7.3 | A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. Impacted is an unknown function of the file /ajax.php?action=delete_sales. This manipulation of … | Apr 13, 2026 |
| CVE-2026-6187 | HIGH | 7.3 | A vulnerability was detected in SourceCodester Pharmacy Sales and Inventory System 1.0. This issue affects some unknown processing of the file /ajax.php?action=chk_prod_availability. The manipulation of … | Apr 13, 2026 |
| CVE-2026-6186 | HIGH | 8.8 | A security vulnerability has been detected in UTT HiPER 1200GW up to 2.5.3-170306. This vulnerability affects the function strcpy of the file /goform/formNatStaticMap. The manipulation … | Apr 13, 2026 |
| CVE-2026-6184 | LOW | 2.4 | A weakness has been identified in code-projects Simple Content Management System 1.0. This affects an unknown part of the file /web/admin/welcome.php. Executing a manipulation of … | Apr 13, 2026 |
| CVE-2026-36938 | LOW | 2.7 | Sourcecodester Online Resort Management System v1.0 is vulnerable to SQL injection in /orms/admin/rooms/view_room.php. | Apr 13, 2026 |
| CVE-2026-36937 | LOW | 2.7 | Sourcecodester Online Resort Management System v1.0 is vulnerable to SQL injection in /orms/admin/reservations/view_details.php. | Apr 13, 2026 |
| CVE-2026-34188 | UNKNOWN | — | Improper Neutralization of Special Elements used in an OS Command vulnerability allows OS Command Injection via Event Response execution. This issue affects Pandora FMS: from … | Apr 13, 2026 |
| CVE-2026-34186 | UNKNOWN | — | Improper Neutralization of Special Elements used in an SQL Command vulnerability allows SQL Injection via custom fields. This issue affects Pandora FMS: from 777 through … | Apr 13, 2026 |
| CVE-2026-30813 | UNKNOWN | — | Improper Neutralization of Special Elements used in an SQL Command vulnerability allows SQL Injection via module search. This issue affects Pandora FMS: from 777 through … | Apr 13, 2026 |
| CVE-2026-30812 | UNKNOWN | — | Improper Neutralization of Input During Web Page Generation vulnerability allows Stored Cross-Site Scripting via event comments. This issue affects Pandora FMS: from 777 through 800 | Apr 13, 2026 |
| CVE-2026-30811 | UNKNOWN | — | Missing Authorization vulnerability allows Exposure of Sensitive Information via configuration endpoint. This issue affects Pandora FMS: from 777 through 800 | Apr 13, 2026 |
| CVE-2026-30809 | UNKNOWN | — | Improper Neutralization of Special Elements used in an OS Command vulnerability allows OS Command Injection via WebServerModuleDebug. This issue affects Pandora FMS: from 777 through … | Apr 13, 2026 |
| CVE-2026-30806 | UNKNOWN | — | Improper Neutralization of Special Elements used in an OS Command vulnerability allows OS Command Injection via Network Report. This issue affects Pandora FMS: from 777 … | Apr 13, 2026 |
| CVE-2026-30804 | UNKNOWN | — | Unrestricted Upload of File with Dangerous Type vulnerability allows Remote Code Execution via file upload. This issue affects Pandora FMS: from 777 through 800 | Apr 13, 2026 |
| CVE-2025-69627 | UNKNOWN | — | Nitro PDF Pro for Windows 14.41.1.4 contains a heap use-after-free vulnerability in the implementation of the JavaScript method this.mailDoc(). During execution, an internal XID object … | Apr 13, 2026 |
| CVE-2025-69624 | HIGH | 7.5 | Nitro PDF Pro for Windows 14.41.1.4 contains a NULL pointer dereference vulnerability in the JavaScript implementation of app.alert(). When app.alert() is called with more than … | Apr 13, 2026 |
| CVE-2025-66769 | HIGH | 7.5 | A NULL pointer dereference in Nitro PDF Pro for Windows v14.41.1.4 allows attackers to cause a Denial of Service (DoS) via a crafted XFA packet. | Apr 13, 2026 |