Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2025-63743 | UNKNOWN | — | Cross-Site Scripting vulnerability in the Snipe-IT web-based asset management system v8.3.0 to up and including v8.3.1 allows authenticated attacker with lowest privileges sufficient only to … | Apr 13, 2026 |
| CVE-2025-31991 | MEDIUM | 6.8 | Rate Limiting for attempting a user login is not being properly enforced, making HCL DevOps Velocity susceptible to brute-force attacks past the unsuccessful login attempt … | Apr 13, 2026 |
| CVE-2026-6183 | HIGH | 7.3 | A security flaw has been discovered in code-projects Simple Content Management System 1.0. Affected by this issue is some unknown functionality of the file /web/index.php. … | Apr 13, 2026 |
| CVE-2026-6182 | HIGH | 7.3 | A vulnerability was identified in code-projects Simple Content Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /web/admin/login.php. Such manipulation … | Apr 13, 2026 |
| CVE-2026-36945 | LOW | 2.7 | Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL injection in the file /rsms/admin/clients/manage_client.php | Apr 13, 2026 |
| CVE-2026-36944 | LOW | 2.7 | Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerale to SQL injection in the file/rsms/admin/repairs/view_details.php. | Apr 13, 2026 |
| CVE-2026-36943 | LOW | 2.7 | Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL injection in the file /rsms/admin/repairs/manage_repair.php. | Apr 13, 2026 |
| CVE-2026-36942 | LOW | 2.7 | Sourcecodester Online Resort Management System v1.0 is vulnerable to SQL injection in the file /orms/admin/activities/manage_activity.php. | Apr 13, 2026 |
| CVE-2026-36941 | LOW | 2.7 | Sourcecodester Online Resort Management System v1.0 is vulnerable to SQL Injection in the file /orms/admin/rooms/manage_room.php. | Apr 13, 2026 |
| CVE-2026-33858 | HIGH | 8.8 | Dag Authors, who normally should not be able to execute code in the webserver context could craft XCom payload causing the webserver to execute arbitrary … | Apr 13, 2026 |
| CVE-2026-31283 | UNKNOWN | — | In Totara LMS v19.1.5 and before, the forgot password API does not implement rate limiting for the target email address. which can be used for … | Apr 13, 2026 |
| CVE-2026-31282 | UNKNOWN | — | Totara LMS v19.1.5 and before is vulnerable to Incorrect Access Control. The login page code can be manipulated to reveal the login form. An attacker … | Apr 13, 2026 |
| CVE-2026-31281 | UNKNOWN | — | Totara LMS v19.1.5 and before is vulnerable to HTLM Injection. An attacker can inject malicious HTLM code in a message and send it to all … | Apr 13, 2026 |
| CVE-2026-30999 | HIGH | 7.5 | A heap buffer overflow in the av_bprint_finalize() function of FFmpeg v8.0.1 allows attackers to cause a Denial of Service (DoS) via a crafted input. | Apr 13, 2026 |
| CVE-2026-30998 | HIGH | 7.5 | An improper resource deallocation and closure vulnerability in the tools/zmqsend.c component of FFmpeg v8.0.1 allows attackers to cause a Denial of Service (DoS) via supplying … | Apr 13, 2026 |
| CVE-2026-30997 | HIGH | 7.5 | An out-of-bounds read in the read_global_param() function (libavcodec/av1dec.c) of FFmpeg v8.0.1 allows attackers to cause a Denial of Service (DoS) via a crafted input. | Apr 13, 2026 |
| CVE-2026-29628 | MEDIUM | 6.2 | A stack overflow in the experimental/tinyobj_loader_opt.h file of tinyobjloader commit d56555b allows attackers to cause a Denial of Service (DoS) via supplying a crafted .mtl … | Apr 13, 2026 |
| CVE-2026-1462 | HIGH | 8.8 | A vulnerability in the `TFSMLayer` class of the `keras` package, version 3.13.0, allows attacker-controlled TensorFlow SavedModels to be loaded during deserialization of `.keras` models, even … | Apr 13, 2026 |
| CVE-2025-66236 | UNKNOWN | — | Before Airflow 3.2.0, it was unclear that secure Airflow deployments require the Deployment Manager to take appropriate actions and pay attention to security details and … | Apr 13, 2026 |
| CVE-2026-36947 | LOW | 2.7 | Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL Injection in the file /rsms/admin/services/view_service.php. | Apr 13, 2026 |
| CVE-2026-36946 | LOW | 2.7 | Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL injection in the file /rsms/admin/inquiries/view_details.php. | Apr 13, 2026 |
| CVE-2026-31428 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlink_log: fix uninitialized padding leak in NFULA_PAYLOAD __build_packet_message() manually constructs the NFULA_PAYLOAD netlink attribute … | Apr 13, 2026 |
| CVE-2026-31427 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conntrack_sip: fix use of uninitialized rtp_addr in process_sdp process_sdp() declares union nf_inet_addr rtp_addr on … | Apr 13, 2026 |
| CVE-2026-31426 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: ACPI: EC: clean up handlers on probe failure in acpi_ec_setup() When ec_install_handlers() returns -EPROBE_DEFER on … | Apr 13, 2026 |
| CVE-2026-31425 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: rds: ib: reject FRMR registration before IB connection is established rds_ib_get_mr() extracts the rds_ib_connection from … | Apr 13, 2026 |