Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
11037
Total
752
Critical
3191
High
3530
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-6108 | MEDIUM | 6.3 | A vulnerability was found in 1Panel-dev MaxKB up to 2.6.1. The affected element is the function execute of the file apps/application/flow/step_node/mcp_node/impl/base_mcp_node.py of the component Model … | Apr 12, 2026 |
| CVE-2026-6107 | LOW | 3.5 | A flaw has been found in 1Panel-dev MaxKB up to 2.6.1. This issue affects some unknown processing of the file apps/common/middleware/chat_headers_middleware.py of the component ChatHeadersMiddleware. … | Apr 12, 2026 |
| CVE-2026-6106 | LOW | 3.5 | A vulnerability was detected in 1Panel-dev MaxKB up to 2.2.1. This vulnerability affects the function StaticHeadersMiddleware of the file apps/common/middleware/static_headers_middleware.py of the component Public Chat … | Apr 11, 2026 |
| CVE-2026-6105 | HIGH | 7.3 | A security vulnerability has been detected in perfree go-fastdfs-web up to 1.3.7. This affects an unknown part of the file src/main/java/com/perfree/controller/InstallController.java of the component doInstall … | Apr 11, 2026 |
| CVE-2026-31845 | CRITICAL | 9.3 | A reflected cross-site scripting (XSS) vulnerability exists in Rukovoditel CRM version 3.6.4 and earlier in the Zadarma telephony API endpoint (/api/tel/zadarma.php). The application directly reflects … | Apr 11, 2026 |
| CVE-2026-32146 | UNKNOWN | — | Improper path validation vulnerability in the Gleam compiler's handling of git dependencies allows arbitrary file system modification during dependency download. Dependency names from gleam.toml and … | Apr 11, 2026 |
| CVE-2026-23900 | UNKNOWN | — | Various stored XSS vulnerabilities in the maps- and icon rendering logic in Phoca Maps component 5.0.0-6.0.2 have been discovered. | Apr 11, 2026 |
| CVE-2026-5809 | HIGH | 7.1 | The wpForo Forum plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to and including 3.0.2. This is due to a two-step … | Apr 11, 2026 |
| CVE-2026-34621 | CRITICAL | 9.6 | Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability that could result in … | Apr 11, 2026 |
| CVE-2026-5226 | MEDIUM | 6.1 | The Optimole – Optimize Images in Real Time plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URL paths in versions up to, and … | Apr 11, 2026 |
| CVE-2026-5217 | HIGH | 7.2 | The Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization plugin for WordPress is vulnerable to Stored … | Apr 11, 2026 |
| CVE-2026-5207 | MEDIUM | 6.5 | The LifterLMS plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter in all versions up to, and including, 9.2.1. This is due … | Apr 11, 2026 |
| CVE-2026-5144 | HIGH | 8.8 | The BuddyPress Groupblog plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.9.3. This is due to the group … | Apr 11, 2026 |
| CVE-2026-4979 | MEDIUM | 5.0 | The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP plugin for WordPress is vulnerable to blind Server-Side Request … | Apr 11, 2026 |
| CVE-2026-4895 | MEDIUM | 6.4 | The GreenShift - Animation and Page Builder Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 12.8.9 This … | Apr 11, 2026 |
| CVE-2026-3498 | MEDIUM | 6.4 | The BlockArt Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'clientId' block attribute in all versions up to, and including, 2.2.15. … | Apr 11, 2026 |
| CVE-2026-3371 | MEDIUM | 4.3 | The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and … | Apr 11, 2026 |
| CVE-2026-3358 | MEDIUM | 5.4 | The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized private course enrollment in all versions up to, and … | Apr 11, 2026 |
| CVE-2026-5496 | HIGH | 7.8 | Labcenter Electronics Proteus PDSPRJ File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of … | Apr 11, 2026 |
| CVE-2026-5495 | HIGH | 7.8 | Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of … | Apr 11, 2026 |
| CVE-2026-5494 | HIGH | 7.8 | Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of … | Apr 11, 2026 |
| CVE-2026-5493 | HIGH | 7.8 | Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of … | Apr 11, 2026 |
| CVE-2026-5059 | CRITICAL | 9.8 | aws-mcp-server AWS CLI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of aws-mcp-server. Authentication is … | Apr 11, 2026 |
| CVE-2026-5058 | CRITICAL | 9.8 | aws-mcp-server Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of aws-mcp-server. Authentication is not required … | Apr 11, 2026 |
| CVE-2026-5055 | HIGH | 7.8 | NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. An attacker must … | Apr 11, 2026 |