Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
11067
Total
752
Critical
3202
High
3546
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-5979 | HIGH | 8.8 | A vulnerability was detected in D-Link DIR-605L 2.13B01. Affected by this vulnerability is the function formVirtualServ of the file /goform/formVirtualServ of the component POST Request … | Apr 09, 2026 |
| CVE-2026-5978 | CRITICAL | 9.8 | A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected is the function setWiFiAclRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The … | Apr 09, 2026 |
| CVE-2026-5977 | CRITICAL | 9.8 | A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. This impacts the function setWiFiBasicCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a … | Apr 09, 2026 |
| CVE-2026-5447 | UNKNOWN | — | Heap buffer overflow in CertFromX509 via AuthorityKeyIdentifier size confusion. A heap buffer overflow occurs when converting an X.509 certificate internally due to incorrect size handling … | Apr 09, 2026 |
| CVE-2026-5446 | UNKNOWN | — | In wolfSSL, ARIA-GCM cipher suites used in TLS 1.2 and DTLS 1.2 reuse an identical 12-byte GCM nonce for every application-data record. Because wc_AriaEncrypt is … | Apr 09, 2026 |
| CVE-2026-40109 | LOW | 3.1 | Flux notification-controller is the event forwarder and notification dispatcher for the GitOps Toolkit controllers. Prior to 1.8.3, the gcr Receiver type in Flux notification-controller does … | Apr 09, 2026 |
| CVE-2026-40107 | UNKNOWN | — | SiYuan is a personal knowledge management system. Prior to 3.6.4, SiYuan configures Mermaid.js with securityLevel: "loose" and htmlLabels: true. In this mode, <img> tags with … | Apr 09, 2026 |
| CVE-2026-40093 | HIGH | 8.1 | nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. In 1.3.0 and earlier, block timestamp validation enforces that timestamp >= parent.timestamp for non-skip blocks and … | Apr 09, 2026 |
| CVE-2026-35206 | UNKNOWN | — | Helm is a package manager for Charts for Kubernetes. In Helm versions <=3.20.1 and <=4.1.3, a specially crafted Chart will cause helm pull --untar [chart … | Apr 09, 2026 |
| CVE-2023-54364 | MEDIUM | 6.1 | Joomla HikaShop 4.7.4 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating GET parameters in the product filter … | Apr 09, 2026 |
| CVE-2023-54363 | MEDIUM | 6.1 | Joomla Solidres 2.13.3 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating multiple GET parameters including show, reviews, … | Apr 09, 2026 |
| CVE-2023-54362 | MEDIUM | 6.1 | Joomla VirtueMart Shopping-Cart 4.0.12 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the keyword parameter. Attackers can craft … | Apr 09, 2026 |
| CVE-2023-54361 | MEDIUM | 6.1 | Joomla iProperty Real Estate 4.1.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the filter_keyword parameter. Attackers can … | Apr 09, 2026 |
| CVE-2023-54360 | MEDIUM | 6.1 | Joomla JLex Review 6.0.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the review_id URL parameter. Attackers can … | Apr 09, 2026 |
| CVE-2023-54359 | HIGH | 8.2 | WordPress adivaha Travel Plugin 2.3 contains a time-based blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through … | Apr 09, 2026 |
| CVE-2023-54358 | MEDIUM | 6.1 | WordPress adivaha Travel Plugin 2.3 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the isMobile parameter. Attackers … | Apr 09, 2026 |
| CVE-2026-5976 | CRITICAL | 9.8 | A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setStorageCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing … | Apr 09, 2026 |
| CVE-2026-5975 | CRITICAL | 9.8 | A vulnerability was identified in Totolink A7100RU 7.4cu.2313_b20191024. The impacted element is the function setDmzCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such … | Apr 09, 2026 |
| CVE-2026-5974 | HIGH | 7.3 | A vulnerability was determined in FoundationAgents MetaGPT up to 0.8.1. The affected element is the function Bash.run in the library metagpt/tools/libs/terminal.py. This manipulation causes os … | Apr 09, 2026 |
| CVE-2026-5973 | HIGH | 7.3 | A vulnerability was found in FoundationAgents MetaGPT up to 0.8.1. Impacted is the function get_mime_type of the file metagpt/utils/common.py. The manipulation results in os command … | Apr 09, 2026 |
| CVE-2026-5972 | HIGH | 7.3 | A vulnerability has been found in FoundationAgents MetaGPT up to 0.8.1. This issue affects the function Terminal.run_command in the library metagpt/tools/libs/terminal.py. The manipulation leads to … | Apr 09, 2026 |
| CVE-2026-5194 | UNKNOWN | — | Missing hash/digest size and OID checks allow digests smaller than allowed when verifying ECDSA certificates, or smaller than is appropriate for the relevant key type, … | Apr 09, 2026 |
| CVE-2026-5187 | UNKNOWN | — | Two potential heap out-of-bounds write locations existed in DecodeObjectId() in wolfcrypt/src/asn.c. First, a bounds check only validates one available slot before writing two OID arc … | Apr 09, 2026 |
| CVE-2026-4436 | HIGH | 8.6 | A low-privileged remote attacker can send Modbus packets to manipulate register values that are inputs to the odorant injection logic such that too much or … | Apr 09, 2026 |
| CVE-2026-40089 | CRITICAL | 9.9 | Sonicverse is a Self-hosted Docker Compose stack for live radio streaming. The Sonicverse Radio Audio Streaming Stack dashboard contains a Server-Side Request Forgery (SSRF) vulnerability … | Apr 09, 2026 |