Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
11537
Total
770
Critical
3263
High
3665
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-34723 | UNKNOWN | — | Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, unauthenticated remote attackers were able to access the getting started … | Apr 08, 2026 |
| CVE-2026-34722 | UNKNOWN | — | Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the used endpoint for ticket creation was missing authorization if … | Apr 08, 2026 |
| CVE-2026-34721 | UNKNOWN | — | Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the OAuth callback endpoints for Microsoft, Google, and Facebook external … | Apr 08, 2026 |
| CVE-2026-34720 | UNKNOWN | — | Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the SSO mechanism in Zammad was not verifying the header … | Apr 08, 2026 |
| CVE-2026-34719 | UNKNOWN | — | Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the webhook model was missing a proper validation for loop … | Apr 08, 2026 |
| CVE-2026-34718 | UNKNOWN | — | Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the HTML sanitizer for ticket articles was missing proper sanitization … | Apr 08, 2026 |
| CVE-2026-34392 | HIGH | 7.5 | LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provides data- and project-management for neuroimaging research. From 20.0.0 to before 27.0.3 … | Apr 08, 2026 |
| CVE-2026-34248 | UNKNOWN | — | Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1, customers in shared organizations (means they can see each other's tickets) could … | Apr 08, 2026 |
| CVE-2026-34166 | LOW | 3.7 | LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.25.3, the replace filter in LiquidJS incorrectly accounts for memory … | Apr 08, 2026 |
| CVE-2026-33350 | HIGH | 7.5 | LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provides data- and project-management for neuroimaging research. Prior to 27.0.3 and 28.0.1, … | Apr 08, 2026 |
| CVE-2026-30818 | UNKNOWN | — | An OS command injection vulnerability in the dnsmasq module of TP-Link Archer AX53 v1.0 allows an authenticated adjacent attacker to execute arbitrary code when a … | Apr 08, 2026 |
| CVE-2026-30817 | UNKNOWN | — | An external configuration control vulnerability in the OpenVPN module of TP-Link AX53 v1.0 allows an authenticated adjacent attacker to read arbitrary files when a malicious … | Apr 08, 2026 |
| CVE-2026-30816 | UNKNOWN | — | An external control of configuration vulnerability in the OpenVPN module of TP-Link AX53 v1.0 allows an authenticated adjacent attacker to read arbitrary file when a … | Apr 08, 2026 |
| CVE-2026-30815 | UNKNOWN | — | An OS command injection vulnerability in the OpenVPN module of TP-Link Archer AX53 v1.0 allows an authenticated adjacent attacker to execute system commands when a … | Apr 08, 2026 |
| CVE-2026-30814 | UNKNOWN | — | A stack-based buffer overflow in the tmpServer module of TP-Link Archer AX53 v1.0 allows an authenticated adjacent attacker to trigger a segmentation fault and potentially … | Apr 08, 2026 |
| CVE-2026-2942 | CRITICAL | 9.8 | The ProSolution WP Client plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'proSol_fileUploadProcess' function in all … | Apr 08, 2026 |
| CVE-2026-27806 | HIGH | 7.8 | Fleet is open source device management software. Prior to 4.81.1, the Orbit agent's FileVault disk encryption key rotation flow on collects a local user's password … | Apr 08, 2026 |
| CVE-2026-20709 | MEDIUM | 6.6 | Use of Default Cryptographic Key in the hardware for some Intel(R) Pentium(R) Processor Silver Series, Intel(R) Celeron(R) Processor J Series, Intel(R) Celeron(R) Processor N Series … | Apr 08, 2026 |
| CVE-2026-0814 | MEDIUM | 4.3 | The Advanced Contact form 7 DB plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'vsz_cf7_export_to_excel' … | Apr 08, 2026 |
| CVE-2026-0811 | MEDIUM | 5.4 | The Advanced Contact form 7 DB plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.9. This is … | Apr 08, 2026 |
| CVE-2025-50673 | UNKNOWN | — | A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the http_lanport parameter in the /webgl.asp endpoint. | Apr 08, 2026 |
| CVE-2025-50672 | UNKNOWN | — | A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of parameters in the /yyxz_dlink.asp endpoint. | Apr 08, 2026 |
| CVE-2025-50671 | UNKNOWN | — | A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of parameters in the /xwgl_ref.asp endpoint. An attacker can exploit this vulnerability … | Apr 08, 2026 |
| CVE-2025-50670 | UNKNOWN | — | A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of parameters in the /xwgl_bwr.asp endpoint. An attacker can exploit this vulnerability … | Apr 08, 2026 |
| CVE-2025-50669 | UNKNOWN | — | A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 and DI-8003G 19.12.10A1 due to improper handling of the wan_ping parameter in the /wan_ping.asp endpoint. | Apr 08, 2026 |