Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10846
Total
736
Critical
3127
High
3471
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-35565 | MEDIUM | 5.4 | Stored Cross-Site Scripting (XSS) via Unsanitized Topology Metadata in Apache Storm UI Versions Affected: before 2.8.6 Description: The Storm UI visualization component interpolates topology metadata … | Apr 13, 2026 |
| CVE-2026-35337 | HIGH | 8.8 | Deserialization of Untrusted Data vulnerability in Apache Storm. Versions Affected: before 2.8.6. Description: When processing topology credentials submitted via the Nimbus Thrift API, Storm deserializes … | Apr 13, 2026 |
| CVE-2025-15632 | LOW | 3.5 | A vulnerability has been found in 1Panel-dev MaxKB up to 2.4.2. Impacted is an unknown function of the file ui/src/chat.ts of the component MdPreview. Such … | Apr 13, 2026 |
| CVE-2026-4810 | UNKNOWN | — | A Code Injection and Missing Authentication vulnerability in Google Agent Development Kit (ADK) versions 1.7.0 (and 2.0.0a1) through 1.28.1 (and 2.0.0a2) on Python (OSS), Cloud … | Apr 13, 2026 |
| CVE-2026-0234 | UNKNOWN | — | An improper verification of cryptographic signature vulnerability exists in Cortex XSOAR and Cortex XSIAM platforms during integration of Microsoft Teams that enables an unauthenticated user … | Apr 13, 2026 |
| CVE-2026-0233 | UNKNOWN | — | A certificate validation vulnerability in Palo Alto Networks Autonomous Digital Experience Manager on Windows allows an unauthenticated attacker with adjacent network access to execute arbitrary … | Apr 13, 2026 |
| CVE-2026-0232 | UNKNOWN | — | A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows allows a local Windows administrator to disable the agent. … | Apr 13, 2026 |
| CVE-2026-6168 | HIGH | 8.8 | A flaw has been found in TOTOLINK A7000R up to 9.1.0u.6115. The affected element is the function setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi. This manipulation of … | Apr 13, 2026 |
| CVE-2026-6167 | HIGH | 7.3 | A vulnerability was detected in code-projects Faculty Management System 1.0. Impacted is an unknown function of the file /subject-print.php. The manipulation of the argument ID … | Apr 13, 2026 |
| CVE-2026-6166 | HIGH | 7.3 | A security vulnerability has been detected in code-projects Vehicle Showroom Management System 1.0. This issue affects some unknown processing of the file /util/UpdateVehicleFunction.php. The manipulation … | Apr 13, 2026 |
| CVE-2026-5936 | HIGH | 8.5 | An attacker can control a server-side HTTP request by supplying a crafted URL, causing the server to initiate requests to arbitrary destinations. This behavior may … | Apr 13, 2026 |
| CVE-2026-5085 | CRITICAL | 9.1 | Solstice::Session versions through 1440 for Perl generates session ids insecurely. The _generateSessionID method returns an MD5 digest seeded by the epoch time, a random hash … | Apr 13, 2026 |
| CVE-2026-40436 | HIGH | 7.1 | The ZTE ZXEDM iEMS product has a password reset vulnerability for any user.Because the management of the cloud EMS portal does not properly control access … | Apr 13, 2026 |
| CVE-2026-3830 | HIGH | 8.6 | The Product Filter for WooCommerce by WBW WordPress plugin before 3.1.3 does not sanitize and escape a parameter before using it in a SQL statement, … | Apr 13, 2026 |
| CVE-2026-34866 | MEDIUM | 5.1 | Out-of-bounds write vulnerability in the WEB module.Impact: Successful exploitation of this vulnerability will affect availability and confidentiality. | Apr 13, 2026 |
| CVE-2026-34865 | UNKNOWN | — | Out-of-bounds write vulnerability in the WEB module.Impact: Successful exploitation of this vulnerability will affect availability and confidentiality. | Apr 13, 2026 |
| CVE-2025-15441 | MEDIUM | 6.8 | The Form Maker by 10Web WordPress plugin before 1.15.38 does not properly prepare SQL queries when the "MySQL Mapping" feature is in use, which could … | Apr 13, 2026 |
| CVE-2026-6165 | HIGH | 7.3 | A weakness has been identified in code-projects Vehicle Showroom Management System 1.0. This vulnerability affects unknown code of the file /util/Login_check.php. Executing a manipulation of … | Apr 13, 2026 |
| CVE-2026-6164 | HIGH | 7.3 | A security flaw has been discovered in code-projects Lost and Found Thing Management 1.0. This affects an unknown part of the file /addcat.php. Performing a … | Apr 13, 2026 |
| CVE-2026-6163 | HIGH | 7.3 | A vulnerability was identified in code-projects Lost and Found Thing Management 1.0. Affected by this issue is some unknown functionality of the file /catageory.php. Such … | Apr 13, 2026 |
| CVE-2026-40447 | MEDIUM | 5.1 | Integer overflow or wraparound vulnerability in Samsung Open Source Escargot allows undefined behavior.This issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a71520d335. | Apr 13, 2026 |
| CVE-2026-21014 | UNKNOWN | — | Improper access control in Samsung Camera prior to version 16.5.00.28 allows local attacker to access location data. User interaction is required for triggering this vulnerability. | Apr 13, 2026 |
| CVE-2026-21013 | UNKNOWN | — | Incorrect default permission in Galaxy Wearable prior to version 2.2.68.26 allows local attackers to access sensitive information. | Apr 13, 2026 |
| CVE-2026-21012 | LOW | 3.3 | External control of file name in AODManager prior to SMR Apr-2026 Release 1 allows privileged local attacker to create file with system privilege. | Apr 13, 2026 |
| CVE-2026-21011 | MEDIUM | 6.8 | Incorrect privilege assignment in Bluetooth in Maintenance mode prior to SMR Apr-2026 Release 1 allows physical attackers to bypass Extend Unlock. | Apr 13, 2026 |