Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
11067
Total
752
Critical
3202
High
3546
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-35207 | MEDIUM | 5.4 | dde-control-center is the control panel of DDE, the Deepin Desktop Environment. plugin-deepinid is a plugin in dde-control-center, which provides the deepinid cloud service. Prior to … | Apr 09, 2026 |
| CVE-2026-30478 | HIGH | 8.8 | A Dynamic-link Library Injection vulnerability in GatewayGeo MapServer for Windows version 5 allows attackers to escalate privileges via a crafted executable. | Apr 09, 2026 |
| CVE-2026-1584 | HIGH | 7.5 | A flaw was found in gnutls. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted ClientHello message with an invalid Pre-Shared … | Apr 09, 2026 |
| CVE-2025-70797 | MEDIUM | 6.1 | Cross Site Scripting vulnerability in Limesurvey v.6.15.20+251021 allows a remote attacker to execute arbitrary code via the Box[title] and box[url] parameters. | Apr 09, 2026 |
| CVE-2025-63238 | UNKNOWN | — | A Reflected Cross-Site Scripting (XSS) affects LimeSurvey versions prior to 6.15.11+250909, due to the lack of validation of gid parameter in getInstance() function in application/models/QuestionCreate.php. … | Apr 09, 2026 |
| CVE-2026-5962 | HIGH | 7.3 | A vulnerability was detected in Tenda CH22 1.0.0.6(468). This issue affects the function R7WebsSecurityHandlerfunction of the component httpd. The manipulation results in path traversal. The … | Apr 09, 2026 |
| CVE-2026-5961 | HIGH | 7.3 | A security vulnerability has been detected in code-projects Simple IT Discussion Forum 1.0. This vulnerability affects unknown code of the file /topic-details.php. The manipulation of … | Apr 09, 2026 |
| CVE-2026-40046 | UNKNOWN | — | Integer Overflow or Wraparound vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ MQTT. The fix for "CVE-2025-66168: MQTT control packet remaining length field is … | Apr 09, 2026 |
| CVE-2026-39976 | HIGH | 7.1 | Laravel Passport provides OAuth2 server support to Laravel. From 13.0.0 to before 13.7.1, there is an Authentication Bypass for client_credentials tokens. the league/oauth2-server library sets … | Apr 09, 2026 |
| CVE-2026-39974 | HIGH | 8.5 | n8n-MCP is a Model Context Protocol (MCP) server that provides AI assistants with comprehensive access to n8n node documentation, properties, and operations. Prior to 2.47.4, … | Apr 09, 2026 |
| CVE-2026-39972 | UNKNOWN | — | Mercure is a protocol for pushing data updates to web browsers and other HTTP clients in a battery-efficient way. Prior to 0.22.0, a cache key … | Apr 09, 2026 |
| CVE-2026-39962 | UNKNOWN | — | MISP is an open source threat intelligence and sharing platform. Prior to 2.5.36, improper neutralization of special elements in an LDAP query in ApacheAuthenticate.php allows … | Apr 09, 2026 |
| CVE-2026-39959 | HIGH | 7.1 | Tmds.DBus provides .NET libraries for working with D-Bus from .NET. Tmds.DBus and Tmds.DBus.Protocol are vulnerable to malicious D-Bus peers. A peer on the same bus … | Apr 09, 2026 |
| CVE-2026-39958 | UNKNOWN | — | oma is a package manager for AOSC OS. Prior to 1.25.2, oma-topics is responsible for fetching metadata for testing repositories (topics) named "Topic Manifests" ({mirror}/debs/manifest/topics.json) … | Apr 09, 2026 |
| CVE-2026-39957 | UNKNOWN | — | Lychee is a free, open-source photo-management tool. Prior to 7.5.4, a SQL operator-precedence bug in SharingController::listAll() causes the orWhereNotNull('user_group_id') clause to escape the ownership filter … | Apr 09, 2026 |
| CVE-2026-39943 | MEDIUM | 6.5 | Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, Directus stores revision records (in directus_revisions) whenever items are … | Apr 09, 2026 |
| CVE-2026-39942 | HIGH | 8.5 | Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, the PATCH /files/{id} endpoint accepts a user-controlled filename_disk parameter. … | Apr 09, 2026 |
| CVE-2026-39856 | MEDIUM | 5.5 | osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.13, an out-of-bounds read vulnerability exists in osslsigncode version 2.12 and earlier in … | Apr 09, 2026 |
| CVE-2026-39855 | MEDIUM | 5.5 | osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.13, an integer underflow vulnerability exists in osslsigncode version 2.12 and earlier in … | Apr 09, 2026 |
| CVE-2026-30479 | UNKNOWN | — | A Dynamic-link Library Injection vulnerability in OSGeo Project MapServer before v8.0 allows attackers to execute arbitrary code via a crafted executable. | Apr 09, 2026 |
| CVE-2026-5960 | MEDIUM | 4.3 | A weakness has been identified in code-projects Patient Record Management System 1.0. This affects an unknown part of the file /db/hcpms.sql of the component SQL … | Apr 09, 2026 |
| CVE-2026-4878 | MEDIUM | 6.7 | A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the `cap_set_file()` function. This allows an attacker … | Apr 09, 2026 |
| CVE-2026-39941 | UNKNOWN | — | ChurchCRM is an open-source church management system. Prior to 7.1.0, an XSS vulnerability allows attacker-supplied input sent via a the EName and EDesc parameters in … | Apr 09, 2026 |
| CVE-2026-39853 | HIGH | 7.8 | osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.12, A stack buffer overflow vulnerability exists in osslsigncode in several signature verification … | Apr 09, 2026 |
| CVE-2026-39843 | HIGH | 7.7 | Plane is an an open-source project management tool. From 0.28.0 to before 1.3.0, the remediation of GHSA-jcc6-f9v6-f7jw is incomplete which could lead to the same … | Apr 09, 2026 |