Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
11537
Total
770
Critical
3263
High
3665
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-33459 | MEDIUM | 6.5 | Uncontrolled Resource Consumption (CWE-400) in Kibana can lead to denial of service via Excessive Allocation (CAPEC-130). An authenticated user with access to the automatic import … | Apr 08, 2026 |
| CVE-2026-33458 | MEDIUM | 6.3 | Server-Side Request Forgery (CWE-918) in Kibana One Workflow can lead to information disclosure. An authenticated user with workflow creation and execution privileges can bypass host … | Apr 08, 2026 |
| CVE-2026-32591 | MEDIUM | 5.2 | A flaw was found in Red Hat Quay's Proxy Cache configuration feature. When an organization administrator configures an upstream registry for proxy caching, Quay makes … | Apr 08, 2026 |
| CVE-2026-32590 | HIGH | 7.1 | A flaw was found in Red Hat Quay's handling of resumable container image layer uploads. The upload process stores intermediate data in the database using … | Apr 08, 2026 |
| CVE-2026-32589 | HIGH | 7.1 | A flaw was found in Red Hat Quay's container image upload process. An authenticated user with push access to any repository on the registry can … | Apr 08, 2026 |
| CVE-2025-52222 | UNKNOWN | — | D-Link DI-8003 v16.07.26A1, DI-8500 v16.07.26A1; DI-8003G v17.12.21A1, DI-8200G v17.12.20A1, DI-8200 v16.07.26A1, DI-8400 v16.07.26A1, DI-8004w v16.07.26A1, DI-8100 v16.07.26A1, and DI-8100G v17.12.20A1 were discovered to contain a … | Apr 08, 2026 |
| CVE-2025-52221 | UNKNOWN | — | Tenda AC6 15.03.05.16_multi is vulnerable to Buffer Overflow in the formSetCfm function via the funcname, funcpara1, and funcpara2 parameters. | Apr 08, 2026 |
| CVE-2025-45059 | UNKNOWN | — | D-Link DI-8300 v16.07.26A1 was discovered to contain a buffer overflow via the fn parameter in the tgfile_htm function. This vulnerability allows attackers to cause a … | Apr 08, 2026 |
| CVE-2025-45058 | UNKNOWN | — | D-Link DI-8300 v16.07.26A1 was discovered to contain a buffer overflow via the fx parameter in the jingx_asp function. This vulnerability allows attackers to cause a … | Apr 08, 2026 |
| CVE-2025-45057 | UNKNOWN | — | D-Link DI-8300 v16.07.26A1 was discovered to contain a buffer overflow via the ip parameter in the ip_position_asp function. This vulnerability allows attackers to cause a … | Apr 08, 2026 |
| CVE-2026-4837 | MEDIUM | 6.6 | An eval() injection vulnerability in the Rapid7 Insight Agent beaconing logic for Linux versions could theoretically allow an attacker to achieve remote code execution as … | Apr 08, 2026 |
| CVE-2026-4498 | HIGH | 7.7 | Execution with Unnecessary Privileges (CWE-250) in Kibana’s Fleet plugin debug route handlers can lead reading index data beyond their direct Elasticsearch RBAC scope via Privilege … | Apr 08, 2026 |
| CVE-2026-33461 | HIGH | 7.7 | Incorrect Authorization (CWE-863) in Kibana can lead to information disclosure via Privilege Abuse (CAPEC-122). A user with limited Fleet privileges can exploit an internal API … | Apr 08, 2026 |
| CVE-2026-33460 | MEDIUM | 4.3 | Incorrect Authorization (CWE-863) in Kibana can lead to cross-space information disclosure via Privilege Abuse (CAPEC-122). A user with Fleet agent management privileges in one Kibana … | Apr 08, 2026 |
| CVE-2026-31017 | UNKNOWN | — | A Server-Side Request Forgery (SSRF) vulnerability exists in the Print Format functionality of ERPNext v16.0.1 and Frappe Framework v16.1.1, where user-supplied HTML is insufficiently sanitized … | Apr 08, 2026 |
| CVE-2026-30080 | UNKNOWN | — | OpenAirInterface v2.2.0 accepts Security Mode Complete without any integrity protection. Configuration has supported integrity NIA1 and NIA2. But if an UE sends initial registration request … | Apr 08, 2026 |
| CVE-2026-30075 | UNKNOWN | — | OpenAirInterface Version 2.2.0 has a Buffer Overflow vulnerability in processing UplinkNASTransport containing Authentication Response containing a NAS PDU with oversize response (For example 100 byte). … | Apr 08, 2026 |
| CVE-2026-2377 | MEDIUM | 6.5 | A flaw was found in mirror-registry. Authenticated users can exploit the log export feature by providing a specially crafted web address (URL). This allows the … | Apr 08, 2026 |
| CVE-2025-57175 | MEDIUM | 6.4 | Siklu EtherHaul 8010 siklu-uimage-nxp-enc-10_6_2-18707-ea552dc00b devices have a static root password. | Apr 08, 2026 |
| CVE-2025-14243 | MEDIUM | 5.3 | A flaw was found in the OpenShift Mirror Registry. This vulnerability allows an unauthenticated, remote attacker to enumerate valid usernames and email addresses via different … | Apr 08, 2026 |
| CVE-2023-46945 | UNKNOWN | — | QD 20230821 is vulnerable to Server-side request forgery (SSRF) via a crafted request | Apr 08, 2026 |
| CVE-2026-33753 | MEDIUM | 6.2 | rfc3161-client is a Python library implementing the Time-Stamp Protocol (TSP) described in RFC 3161. Prior to 1.0.6, an Authorization Bypass vulnerability in rfc3161-client's signature verification … | Apr 08, 2026 |
| CVE-2026-33229 | UNKNOWN | — | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Prior to 17.4.8 and 17.10.1, an improperly protected … | Apr 08, 2026 |
| CVE-2026-31040 | UNKNOWN | — | A vulnerability was identified in stata-mcp prior to v1.13.0 where insufficient validation of user-supplied Stata do-file content can lead to command execution. | Apr 08, 2026 |
| CVE-2026-39865 | MEDIUM | 5.9 | Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.13.2, Axios HTTP/2 session cleanup logic contains a state corruption bug … | Apr 08, 2026 |