Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10846
Total
736
Critical
3127
High
3471
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-3371 | MEDIUM | 4.3 | The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and … | Apr 11, 2026 |
| CVE-2026-3358 | MEDIUM | 5.4 | The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized private course enrollment in all versions up to, and … | Apr 11, 2026 |
| CVE-2026-5496 | HIGH | 7.8 | Labcenter Electronics Proteus PDSPRJ File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of … | Apr 11, 2026 |
| CVE-2026-5495 | HIGH | 7.8 | Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of … | Apr 11, 2026 |
| CVE-2026-5494 | HIGH | 7.8 | Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of … | Apr 11, 2026 |
| CVE-2026-5493 | HIGH | 7.8 | Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of … | Apr 11, 2026 |
| CVE-2026-5059 | CRITICAL | 9.8 | aws-mcp-server AWS CLI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of aws-mcp-server. Authentication is … | Apr 11, 2026 |
| CVE-2026-5058 | CRITICAL | 9.8 | aws-mcp-server Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of aws-mcp-server. Authentication is not required … | Apr 11, 2026 |
| CVE-2026-5055 | HIGH | 7.8 | NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. An attacker must … | Apr 11, 2026 |
| CVE-2026-5054 | HIGH | 7.8 | NoMachine External Control of File Path Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. An attacker … | Apr 11, 2026 |
| CVE-2026-5053 | HIGH | 7.1 | NoMachine External Control of File Path Arbitrary File Deletion Vulnerability. This vulnerability allows local attackers to delete arbitrary files on affected installations of NoMachine. An … | Apr 11, 2026 |
| CVE-2026-4158 | HIGH | 7.3 | KeePassXC OpenSSL Configuration Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of KeePassXC. An … | Apr 11, 2026 |
| CVE-2026-4157 | HIGH | 7.5 | ChargePoint Home Flex revssh Service Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint … | Apr 11, 2026 |
| CVE-2026-4156 | HIGH | 7.5 | ChargePoint Home Flex OCPP getpreq Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of … | Apr 11, 2026 |
| CVE-2026-4155 | HIGH | 7.5 | ChargePoint Home Flex Inclusion of Sensitive Information in Source Code Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations … | Apr 11, 2026 |
| CVE-2026-4154 | HIGH | 7.8 | GIMP XPM File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User … | Apr 11, 2026 |
| CVE-2026-4153 | HIGH | 7.8 | GIMP PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. … | Apr 11, 2026 |
| CVE-2026-4152 | HIGH | 7.8 | GIMP JP2 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. … | Apr 11, 2026 |
| CVE-2026-4151 | HIGH | 7.8 | GIMP ANI File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User … | Apr 11, 2026 |
| CVE-2026-4150 | HIGH | 7.8 | GIMP PSD File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User … | Apr 11, 2026 |
| CVE-2026-4149 | CRITICAL | 10.0 | Sonos Era 300 SMB Response Out-Of-Bounds Access Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sonos … | Apr 11, 2026 |
| CVE-2026-40354 | LOW | 2.9 | Flatpak xdg-desktop-portal before 1.20.4 and 1.21.x before 1.21.1 allows any Flatpak app to trash any file in the host context via a symlink attack on … | Apr 11, 2026 |
| CVE-2026-3691 | MEDIUM | 5.3 | OpenClaw Client PKCE Verifier Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose stored credentials on affected installations of OpenClaw. User interaction is required … | Apr 11, 2026 |
| CVE-2026-3690 | HIGH | 7.4 | OpenClaw Canvas Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of OpenClaw. Authentication is not required to exploit this … | Apr 11, 2026 |
| CVE-2026-3689 | MEDIUM | 6.5 | OpenClaw Canvas Path Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of OpenClaw. Authentication is required to … | Apr 11, 2026 |