Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
11202
Total
755
Critical
3234
High
3640
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-40070 | HIGH | 8.1 | BSV Ruby SDK is the Ruby SDK for the BSV blockchain. From 0.3.1 to before 0.8.2, BSV::Wallet::WalletClient#acquire_certificate persists certificate records to storage without verifying the … | Apr 09, 2026 |
| CVE-2026-40069 | HIGH | 7.5 | BSV Ruby SDK is the Ruby SDK for the BSV blockchain. From 0.1.0 to before 0.8.2, BSV::Network::ARC's failure detection only recognises REJECTED and DOUBLE_SPEND_ATTEMPTED. ARC … | Apr 09, 2026 |
| CVE-2026-39987 | UNKNOWN | — | marimo is a reactive Python notebook. Prior to 0.23.0, Marimo has a Pre-Auth RCE vulnerability. The terminal WebSocket endpoint /terminal/ws lacks authentication validation, allowing an … | Apr 09, 2026 |
| CVE-2026-39985 | MEDIUM | 4.3 | LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provides data- and project-management for neuroimaging research. Prior to 27.0.3 and 28.0.1, … | Apr 09, 2026 |
| CVE-2026-39983 | HIGH | 8.6 | basic-ftp is an FTP client for Node.js. Prior to 5.2.1, basic-ftp allows FTP command injection via CRLF sequences (\r\n) in file path parameters passed to … | Apr 09, 2026 |
| CVE-2026-39981 | HIGH | 8.8 | AGiXT is a dynamic AI Agent Automation Platform. Prior to 1.9.2, the safe_join() function in the essential_abilities extension fails to validate that resolved file paths … | Apr 09, 2026 |
| CVE-2026-39980 | CRITICAL | 9.1 | OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 6.9.5, the safeEjs.ts file does not properly sanitize EJS … | Apr 09, 2026 |
| CVE-2026-39961 | MEDIUM | 6.8 | Aiven Operator allows you to provision and manage Aiven Services from your Kubernetes cluster. From 0.31.0 to before 0.37.0, a developer with create permission on … | Apr 09, 2026 |
| CVE-2026-39911 | HIGH | 8.8 | Hashgraph Guardian through version 3.5.0 contains an unsandboxed JavaScript execution vulnerability in the Custom Logic policy block worker that allows authenticated Standard Registry users to … | Apr 09, 2026 |
| CVE-2026-39315 | MEDIUM | 6.1 | Unhead is a document head and template manager. Prior to 2.1.13, useHeadSafe() is the composable that Nuxt's own documentation explicitly recommends for rendering user-supplied content … | Apr 09, 2026 |
| CVE-2026-35207 | MEDIUM | 5.4 | dde-control-center is the control panel of DDE, the Deepin Desktop Environment. plugin-deepinid is a plugin in dde-control-center, which provides the deepinid cloud service. Prior to … | Apr 09, 2026 |
| CVE-2026-30478 | HIGH | 8.8 | A Dynamic-link Library Injection vulnerability in GatewayGeo MapServer for Windows version 5 allows attackers to escalate privileges via a crafted executable. | Apr 09, 2026 |
| CVE-2026-1584 | HIGH | 7.5 | A flaw was found in gnutls. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted ClientHello message with an invalid Pre-Shared … | Apr 09, 2026 |
| CVE-2025-70797 | MEDIUM | 6.1 | Cross Site Scripting vulnerability in Limesurvey v.6.15.20+251021 allows a remote attacker to execute arbitrary code via the Box[title] and box[url] parameters. | Apr 09, 2026 |
| CVE-2025-63238 | UNKNOWN | — | A Reflected Cross-Site Scripting (XSS) affects LimeSurvey versions prior to 6.15.11+250909, due to the lack of validation of gid parameter in getInstance() function in application/models/QuestionCreate.php. … | Apr 09, 2026 |
| CVE-2026-5962 | HIGH | 7.3 | A vulnerability was detected in Tenda CH22 1.0.0.6(468). This issue affects the function R7WebsSecurityHandlerfunction of the component httpd. The manipulation results in path traversal. The … | Apr 09, 2026 |
| CVE-2026-5961 | HIGH | 7.3 | A security vulnerability has been detected in code-projects Simple IT Discussion Forum 1.0. This vulnerability affects unknown code of the file /topic-details.php. The manipulation of … | Apr 09, 2026 |
| CVE-2026-40046 | UNKNOWN | — | Integer Overflow or Wraparound vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ MQTT. The fix for "CVE-2025-66168: MQTT control packet remaining length field is … | Apr 09, 2026 |
| CVE-2026-39976 | HIGH | 7.1 | Laravel Passport provides OAuth2 server support to Laravel. From 13.0.0 to before 13.7.1, there is an Authentication Bypass for client_credentials tokens. the league/oauth2-server library sets … | Apr 09, 2026 |
| CVE-2026-39974 | HIGH | 8.5 | n8n-MCP is a Model Context Protocol (MCP) server that provides AI assistants with comprehensive access to n8n node documentation, properties, and operations. Prior to 2.47.4, … | Apr 09, 2026 |
| CVE-2026-39972 | UNKNOWN | — | Mercure is a protocol for pushing data updates to web browsers and other HTTP clients in a battery-efficient way. Prior to 0.22.0, a cache key … | Apr 09, 2026 |
| CVE-2026-39962 | UNKNOWN | — | MISP is an open source threat intelligence and sharing platform. Prior to 2.5.36, improper neutralization of special elements in an LDAP query in ApacheAuthenticate.php allows … | Apr 09, 2026 |
| CVE-2026-39959 | HIGH | 7.1 | Tmds.DBus provides .NET libraries for working with D-Bus from .NET. Tmds.DBus and Tmds.DBus.Protocol are vulnerable to malicious D-Bus peers. A peer on the same bus … | Apr 09, 2026 |
| CVE-2026-39958 | UNKNOWN | — | oma is a package manager for AOSC OS. Prior to 1.25.2, oma-topics is responsible for fetching metadata for testing repositories (topics) named "Topic Manifests" ({mirror}/debs/manifest/topics.json) … | Apr 09, 2026 |
| CVE-2026-39957 | UNKNOWN | — | Lychee is a free, open-source photo-management tool. Prior to 7.5.4, a SQL operator-precedence bug in SharingController::listAll() causes the orWhereNotNull('user_group_id') clause to escape the ownership filter … | Apr 09, 2026 |