Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
11037
Total
752
Critical
3191
High
3530
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-5054 | HIGH | 7.8 | NoMachine External Control of File Path Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. An attacker … | Apr 11, 2026 |
| CVE-2026-5053 | HIGH | 7.1 | NoMachine External Control of File Path Arbitrary File Deletion Vulnerability. This vulnerability allows local attackers to delete arbitrary files on affected installations of NoMachine. An … | Apr 11, 2026 |
| CVE-2026-4158 | HIGH | 7.3 | KeePassXC OpenSSL Configuration Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of KeePassXC. An … | Apr 11, 2026 |
| CVE-2026-4157 | HIGH | 7.5 | ChargePoint Home Flex revssh Service Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint … | Apr 11, 2026 |
| CVE-2026-4156 | HIGH | 7.5 | ChargePoint Home Flex OCPP getpreq Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of … | Apr 11, 2026 |
| CVE-2026-4155 | HIGH | 7.5 | ChargePoint Home Flex Inclusion of Sensitive Information in Source Code Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations … | Apr 11, 2026 |
| CVE-2026-4154 | HIGH | 7.8 | GIMP XPM File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User … | Apr 11, 2026 |
| CVE-2026-4153 | HIGH | 7.8 | GIMP PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. … | Apr 11, 2026 |
| CVE-2026-4152 | HIGH | 7.8 | GIMP JP2 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. … | Apr 11, 2026 |
| CVE-2026-4151 | HIGH | 7.8 | GIMP ANI File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User … | Apr 11, 2026 |
| CVE-2026-4150 | HIGH | 7.8 | GIMP PSD File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User … | Apr 11, 2026 |
| CVE-2026-4149 | CRITICAL | 10.0 | Sonos Era 300 SMB Response Out-Of-Bounds Access Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sonos … | Apr 11, 2026 |
| CVE-2026-40354 | LOW | 2.9 | Flatpak xdg-desktop-portal before 1.20.4 and 1.21.x before 1.21.1 allows any Flatpak app to trash any file in the host context via a symlink attack on … | Apr 11, 2026 |
| CVE-2026-3691 | MEDIUM | 5.3 | OpenClaw Client PKCE Verifier Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose stored credentials on affected installations of OpenClaw. User interaction is required … | Apr 11, 2026 |
| CVE-2026-3690 | HIGH | 7.4 | OpenClaw Canvas Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of OpenClaw. Authentication is not required to exploit this … | Apr 11, 2026 |
| CVE-2026-3689 | MEDIUM | 6.5 | OpenClaw Canvas Path Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of OpenClaw. Authentication is required to … | Apr 11, 2026 |
| CVE-2026-40199 | UNKNOWN | — | Net::CIDR::Lite versions before 0.23 for Perl mishandles IPv4 mapped IPv6 addresses, which may allow IP ACL bypass. _pack_ipv6() includes the sentinel byte from _pack_ipv4() when … | Apr 10, 2026 |
| CVE-2026-40198 | UNKNOWN | — | Net::CIDR::Lite versions before 0.23 for Perl does not validate IPv6 group count, which may allow IP ACL bypass. _pack_ipv6() does not check that uncompressed IPv6 … | Apr 10, 2026 |
| CVE-2026-33119 | MEDIUM | 5.4 | User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. | Apr 10, 2026 |
| CVE-2026-33118 | MEDIUM | 4.3 | Microsoft Edge (Chromium-based) Spoofing Vulnerability | Apr 10, 2026 |
| CVE-2026-5724 | UNKNOWN | — | The frontend gRPC server's streaming interceptor chain did not include the authorization interceptor. When a ClaimMapper and Authorizer are configured, unary RPCs enforce authentication and … | Apr 10, 2026 |
| CVE-2026-40252 | UNKNOWN | — | FastGPT is an AI Agent building platform. Prior to 4.14.10.4, Broken Access Control vulnerability (IDOR/BOLA) allows any authenticated team to access and execute applications belonging … | Apr 10, 2026 |
| CVE-2026-40242 | HIGH | 7.2 | Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.17.3, the /api/templates/fetch endpoint accepts a caller-supplied url parameter and performs … | Apr 10, 2026 |
| CVE-2026-40194 | LOW | 3.7 | phpseclib is a PHP secure communications library. Prior to 3.0.51, 2.0.53, and 1.0.28, phpseclib\Net\SSH2::get_binary_packet() uses PHP's != operator to compare a received SSH packet HMAC … | Apr 10, 2026 |
| CVE-2026-40191 | UNKNOWN | — | ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to 5.0.4-beta-1f46165, ClearanceKit's Endpoint Security event handler only checked the source path … | Apr 10, 2026 |