Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
220
Total
14
Critical
71
High
65
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-33882 | MEDIUM | 6.5 | Statamic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.16 and 6.7.2, the markdown preview endpoint could be manipulated to … | Mar 27, 2026 |
| CVE-2026-33881 | UNKNOWN | — | Windmill is an open-source developer platform for internal code: APIs, background jobs, workflows and UIs. Workspace environment variable values are interpolated into JavaScript string literals … | Mar 27, 2026 |
| CVE-2026-33879 | UNKNOWN | — | Federated Learning and Interoperability Platform (FLIP) is an open-source platform for federated training and evaluation of medical imaging AI models across healthcare institutions. The FLIP … | Mar 27, 2026 |
| CVE-2026-33875 | CRITICAL | 9.3 | Gematik Authenticator securely authenticates users for login to digital health applications. Versions prior to 4.16.0 are vulnerable to authentication flow hijacking, potentially allowing attackers to … | Mar 27, 2026 |
| CVE-2026-33874 | HIGH | 7.8 | Gematik Authenticator securely authenticates users for login to digital health applications. Starting in version 4.12.0 and prior to version 4.16.0, the Mac OS version of … | Mar 27, 2026 |
| CVE-2026-33873 | UNKNOWN | — | Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.9.0, the Agentic Assistant feature in Langflow executes LLM-generated Python … | Mar 27, 2026 |
| CVE-2026-32187 | MEDIUM | 4.2 | Microsoft Edge (Chromium-based) Defense in Depth Vulnerability | Mar 27, 2026 |
| CVE-2026-4975 | HIGH | 8.8 | A vulnerability has been found in Tenda AC15 15.03.05.19. This affects the function formSetCfm of the file /goform/setcfm of the component POST Request Handler. The … | Mar 27, 2026 |
| CVE-2026-4974 | HIGH | 8.8 | A flaw has been found in Tenda AC7 15.03.06.44. Affected by this issue is the function fromSetSysTime of the file /goform/SetSysTimeCfg of the component POST … | Mar 27, 2026 |
| CVE-2026-4973 | LOW | 3.5 | A vulnerability was detected in SourceCodester Online Quiz System up to 1.0. Affected by this vulnerability is an unknown functionality of the file endpoint/add-question.php. Performing … | Mar 27, 2026 |
| CVE-2026-4972 | LOW | 2.4 | A security vulnerability has been detected in code-projects Online Reviewer System up to 1.0. Affected is an unknown function of the file /system/system/students/assessments/databank/btn_functions.php. Such manipulation … | Mar 27, 2026 |
| CVE-2026-4971 | MEDIUM | 4.3 | A weakness has been identified in SourceCodester Note Taking App up to 1.0. This impacts an unknown function. This manipulation causes cross-site request forgery. The … | Mar 27, 2026 |
| CVE-2026-34475 | MEDIUM | 5.4 | Varnish Cache before 8.0.1 and Varnish Enterprise before 6.0.16r12, in certain unchecked req.url scenarios, mishandle URLs with a path of / for HTTP/1.1, potentially leading … | Mar 27, 2026 |
| CVE-2026-34391 | UNKNOWN | — | Fleet is open source device management software. Prior to 4.81.1, a vulnerability in Fleet's Windows MDM command processing allows a malicious enrolled device to access … | Mar 27, 2026 |
| CVE-2026-34389 | UNKNOWN | — | Fleet is open source device management software. Prior to 4.81.0, Fleet contained an issue in the user invitation flow where the email address provided during … | Mar 27, 2026 |
| CVE-2026-34388 | UNKNOWN | — | Fleet is open source device management software. Prior to 4.81.0, a denial-of-service vulnerability in Fleet's gRPC Launcher endpoint allows an authenticated host to crash the … | Mar 27, 2026 |
| CVE-2026-34205 | CRITICAL | 9.6 | Home Assistant is open source home automation software that puts local control and privacy first. Home Assistant apps (formerly add-ons) configured with host network mode … | Mar 27, 2026 |
| CVE-2026-33872 | UNKNOWN | — | elixir-nodejs provides an Elixir API for calling Node.js functions. A vulnerability in versions prior to 3.1.4 results in Cross-User Data Leakage or Information Disclosure due … | Mar 27, 2026 |
| CVE-2026-33871 | UNKNOWN | — | Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, a remote user can trigger a Denial of Service (DoS) … | Mar 27, 2026 |
| CVE-2026-33870 | HIGH | 7.5 | Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, Netty incorrectly parses quoted strings in HTTP/1.1 chunked transfer encoding … | Mar 27, 2026 |
| CVE-2026-33869 | MEDIUM | 4.8 | Mastodon is a free, open-source social network server based on ActivityPub. In versions on the 4.5.x branch prior to 4.5.8 and on the 4.4.x branch … | Mar 27, 2026 |
| CVE-2026-33868 | MEDIUM | 4.3 | Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 4.5.8, 4.4.15, and 4.3.21, an unauthenticated Open Redirect vulnerability (CWE-601) exists … | Mar 27, 2026 |
| CVE-2026-33765 | UNKNOWN | — | Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. Versions prior to 6.0 have a critical … | Mar 27, 2026 |
| CVE-2026-33739 | MEDIUM | 5.7 | FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Prior to 1.5.10.1812, the listing tables on multiple management pages (Host, Storage, Group, Image, Printer, Snapin) … | Mar 27, 2026 |
| CVE-2026-33654 | UNKNOWN | — | nanobot is a personal AI assistant. Prior to version 0.1.6, an indirect prompt injection vulnerability exists in the email channel processing module (`nanobot/channels/email.py`), allowing a … | Mar 27, 2026 |