Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
11202
Total
755
Critical
3234
High
3640
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-39943 | MEDIUM | 6.5 | Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, Directus stores revision records (in directus_revisions) whenever items are … | Apr 09, 2026 |
| CVE-2026-39942 | HIGH | 8.5 | Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, the PATCH /files/{id} endpoint accepts a user-controlled filename_disk parameter. … | Apr 09, 2026 |
| CVE-2026-39856 | MEDIUM | 5.5 | osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.13, an out-of-bounds read vulnerability exists in osslsigncode version 2.12 and earlier in … | Apr 09, 2026 |
| CVE-2026-39855 | MEDIUM | 5.5 | osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.13, an integer underflow vulnerability exists in osslsigncode version 2.12 and earlier in … | Apr 09, 2026 |
| CVE-2026-30479 | UNKNOWN | — | A Dynamic-link Library Injection vulnerability in OSGeo Project MapServer before v8.0 allows attackers to execute arbitrary code via a crafted executable. | Apr 09, 2026 |
| CVE-2026-5960 | MEDIUM | 4.3 | A weakness has been identified in code-projects Patient Record Management System 1.0. This affects an unknown part of the file /db/hcpms.sql of the component SQL … | Apr 09, 2026 |
| CVE-2026-4878 | MEDIUM | 6.7 | A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the `cap_set_file()` function. This allows an attacker … | Apr 09, 2026 |
| CVE-2026-39941 | UNKNOWN | — | ChurchCRM is an open-source church management system. Prior to 7.1.0, an XSS vulnerability allows attacker-supplied input sent via a the EName and EDesc parameters in … | Apr 09, 2026 |
| CVE-2026-39853 | HIGH | 7.8 | osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.12, A stack buffer overflow vulnerability exists in osslsigncode in several signature verification … | Apr 09, 2026 |
| CVE-2026-39843 | HIGH | 7.7 | Plane is an an open-source project management tool. From 0.28.0 to before 1.3.0, the remediation of GHSA-jcc6-f9v6-f7jw is incomplete which could lead to the same … | Apr 09, 2026 |
| CVE-2026-39398 | UNKNOWN | — | Rejected reason: The affected product and advisory are not public. | Apr 09, 2026 |
| CVE-2026-35205 | UNKNOWN | — | Helm is a package manager for Charts for Kubernetes. From 4.0.0 to 4.1.3, Helm will install plugins missing provenance (.prov file) when signature verification is … | Apr 09, 2026 |
| CVE-2026-35204 | UNKNOWN | — | Helm is a package manager for Charts for Kubernetes. From 4.0.0 to 4.1.3, a specially crafted Helm plugin, when installed or updated, will cause Helm … | Apr 09, 2026 |
| CVE-2026-35041 | MEDIUM | 4.2 | fast-jwt provides fast JSON Web Token (JWT) implementation. From 5.0.0 to 6.2.0, a denial-of-service condition exists in fast-jwt when the allowedAud verification option is configured … | Apr 09, 2026 |
| CVE-2026-35040 | MEDIUM | 5.3 | fast-jwt provides fast JSON Web Token (JWT) implementation. Prior to 6.2.1, using certain modifiers on RegExp objects in the allowedAud, allowedIss, allowedSub, allowedJti, or allowedNonce … | Apr 09, 2026 |
| CVE-2026-34020 | UNKNOWN | — | Use of GET Request Method With Sensitive Query Strings vulnerability in Apache OpenMeetings. The REST login endpoint uses HTTP GET method with username and password … | Apr 09, 2026 |
| CVE-2026-33266 | UNKNOWN | — | Use of Hard-coded Cryptographic Key vulnerability in Apache OpenMeetings. The remember-me cookie encryption key is set to default value in openmeetings.properties and not being auto-rotated. … | Apr 09, 2026 |
| CVE-2026-33005 | UNKNOWN | — | Improper Handling of Insufficient Privileges vulnerability in Apache OpenMeetings. Any registered user can query web service with their credentials and get files/sub-folders of any folder … | Apr 09, 2026 |
| CVE-2025-70365 | UNKNOWN | — | A stored cross-site scripting (XSS) vulnerability exists in Kiamo before 8.4 due to improper output encoding of user-supplied input in administrative interfaces. An authenticated administrative … | Apr 09, 2026 |
| CVE-2025-70364 | UNKNOWN | — | An issue was discovered in Kiamo before 8.4 allowing authenticated administrative attackers to execute arbitrary PHP code on the server. | Apr 09, 2026 |
| CVE-2025-15480 | UNKNOWN | — | In Ubuntu, ubuntu-desktop-provision version 24.04.4 could leak sensitive user credentials during crash reporting. Upon installation failure, if a user submitted a bug report to Launchpad, … | Apr 09, 2026 |
| CVE-2025-14551 | UNKNOWN | — | In Ubuntu, Subiquity version 24.04.4 could leak sensitive user credentials during crash reporting. Upon installation failure, if a user submitted a bug report to Launchpad, … | Apr 09, 2026 |
| CVE-2026-5959 | MEDIUM | 6.6 | A security flaw has been discovered in GL.iNet GL-RM1, GL-RM10, GL-RM10RC and GL-RM1PE 1.8.1. Affected by this issue is some unknown functionality of the component … | Apr 09, 2026 |
| CVE-2026-5445 | UNKNOWN | — | An out-of-bounds read vulnerability exists in the `DecodeLookupTable` function within `DicomImageDecoder.cpp`. The lookup-table decoding logic used for `PALETTE COLOR` images does not validate pixel indices … | Apr 09, 2026 |
| CVE-2026-5444 | UNKNOWN | — | A heap buffer overflow vulnerability exists in the PAM image parsing logic. When Orthanc processes a crafted PAM image embedded in a DICOM file, image … | Apr 09, 2026 |