Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
11067
Total
752
Critical
3202
High
3546
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2025-44560 | UNKNOWN | — | owntone-server 2ca10d9 is vulnerable to Buffer Overflow due to lack of recursive checking. | Apr 10, 2026 |
| CVE-2026-6069 | HIGH | 7.5 | NASM’s disasm() function contains a stack based buffer overflow when formatting disassembly output, allowing an attacker triggered out-of-bounds write when `slen` exceeds the buffer capacity. | Apr 10, 2026 |
| CVE-2026-6068 | MEDIUM | 6.5 | NASM contains a heap use after free vulnerability in response file (-@) processing where a dangling pointer to freed memory is stored in the global … | Apr 10, 2026 |
| CVE-2026-6067 | HIGH | 7.5 | A heap buffer overflow vulnerability exists in the Netwide Assembler (NASM) due to a lack of bounds checking in the obj_directive() function. This vulnerability can … | Apr 10, 2026 |
| CVE-2026-40217 | HIGH | 8.8 | LiteLLM through 2026-04-08 allows remote attackers to execute arbitrary code via bytecode rewriting at the /guardrails/test_custom_code URI. | Apr 10, 2026 |
| CVE-2026-33092 | HIGH | 7.8 | Local privilege escalation due to improper handling of environment variables. The following products are affected: Acronis True Image OEM (macOS) before build 42571, Acronis True … | Apr 10, 2026 |
| CVE-2025-5804 | HIGH | 7.5 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Case Themes Case Theme User allows PHP Local File … | Apr 10, 2026 |
| CVE-2025-58920 | HIGH | 7.1 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zootemplate Cerato allows Reflected XSS.This issue affects Cerato: from n/a through 2.2.18. | Apr 10, 2026 |
| CVE-2025-58913 | HIGH | 8.1 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CactusThemes VideoPro allows PHP Local File Inclusion.This issue affects … | Apr 10, 2026 |
| CVE-2026-5774 | UNKNOWN | — | Improper synchronization of the userTokens map in the API server in Canonical Juju 4.0.5, 3.6.20, and 2.9.56 may allow an authenticated user to possibly cause … | Apr 10, 2026 |
| CVE-2026-5412 | CRITICAL | 9.9 | In Juju versions prior to 2.9.57 and 3.6.21, an authorization issue exists in the Controller facade. An authenticated user can call the CloudSpec API method … | Apr 10, 2026 |
| CVE-2026-5777 | UNKNOWN | — | This vulnerability exists in the Atom 3x Projector due to improper exposure of the Android Debug Bridge (ADB) service over the local network without authentication … | Apr 10, 2026 |
| CVE-2026-39304 | HIGH | 7.5 | Denial of Service via Out of Memory vulnerability in Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ. ActiveMQ NIO SSL transports do not correctly handle … | Apr 10, 2026 |
| CVE-2026-31412 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_mass_storage: Fix potential integer overflow in check_command_size_in_blocks() The `check_command_size_in_blocks()` function calculates the data … | Apr 10, 2026 |
| CVE-2026-6057 | CRITICAL | 9.8 | FalkorDB Browser 1.9.3 contains an unauthenticated path traversal vulnerability in the file upload API that allows remote attackers to write arbitrary files and achieve remote … | Apr 10, 2026 |
| CVE-2026-4162 | HIGH | 7.1 | The Gravity SMTP plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.1.4. This is due to the plugin not … | Apr 10, 2026 |
| CVE-2021-47961 | HIGH | 8.1 | A plaintext storage of a password vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows remote attackers to access or influence the user's PIN code … | Apr 10, 2026 |
| CVE-2021-47960 | MEDIUM | 6.5 | A files or directories accessible to external parties vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows remote attackers to access files within the installation … | Apr 10, 2026 |
| CVE-2026-6042 | LOW | 3.3 | A security flaw has been discovered in musl libc up to 1.2.6. Affected is the function iconv of the file src/locale/iconv.c of the component GB18030 … | Apr 10, 2026 |
| CVE-2026-6038 | HIGH | 7.3 | A vulnerability was identified in code-projects Vehicle Showroom Management System 1.0. This impacts an unknown function of the file /util/RegisterCustomerFunction.php. Such manipulation of the argument … | Apr 10, 2026 |
| CVE-2026-6037 | HIGH | 7.3 | A vulnerability was determined in code-projects Vehicle Showroom Management System 1.0. This affects an unknown function of the file /util/AddVehicleFunction.php. This manipulation of the argument … | Apr 10, 2026 |
| CVE-2026-6036 | HIGH | 7.3 | A vulnerability was found in code-projects Vehicle Showroom Management System 1.0. The impacted element is an unknown function of the file /util/VehicleDetailsFunction.php. The manipulation of … | Apr 10, 2026 |
| CVE-2026-33457 | UNKNOWN | — | Livestatus injection in the prediction graph page in Checkmk <2.5.0b4, <2.4.0p26, and <2.3.0p47 allows an authenticated user to inject arbitrary Livestatus commands via a crafted … | Apr 10, 2026 |
| CVE-2026-33456 | UNKNOWN | — | Livestatus injection in the notification test mode in Checkmk <2.5.0b4 and <2.4.0p26 allows an authenticated user with access to the notification test page to inject … | Apr 10, 2026 |
| CVE-2026-33455 | UNKNOWN | — | Livestatus injection in the monitoring quicksearch in Checkmk <2.5.0b4 allows an authenticated attacker to inject livestatus commands via the search query due to insufficient input … | Apr 10, 2026 |