Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
11537
Total
770
Critical
3263
High
3665
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-39410 | MEDIUM | 4.8 | Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.12, a discrepancy between browser cookie parsing and parse() handling … | Apr 08, 2026 |
| CVE-2026-39409 | UNKNOWN | — | Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.12, ipRestriction() does not canonicalize IPv4-mapped IPv6 client addresses (e.g. … | Apr 08, 2026 |
| CVE-2026-39408 | UNKNOWN | — | Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.12, a path traversal issue in toSSG() allows files to … | Apr 08, 2026 |
| CVE-2026-39407 | MEDIUM | 5.3 | Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.12, a path handling inconsistency in serveStatic allows protected static … | Apr 08, 2026 |
| CVE-2026-39406 | MEDIUM | 5.3 | @hono/node-server allows running the Hono application on Node.js. Prior to 1.19.13, a path handling inconsistency in serveStatic allows protected static files to be accessed by … | Apr 08, 2026 |
| CVE-2026-39394 | HIGH | 8.1 | CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 0.31.4.0, the Install::index() controller … | Apr 08, 2026 |
| CVE-2026-39393 | HIGH | 8.1 | CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 0.31.4.0, the install route … | Apr 08, 2026 |
| CVE-2026-39392 | MEDIUM | 5.5 | CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 0.31.4.0, the Pages module … | Apr 08, 2026 |
| CVE-2026-39391 | MEDIUM | 4.8 | CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 0.31.4.0, the blacklist (ban) … | Apr 08, 2026 |
| CVE-2026-39390 | MEDIUM | 5.5 | CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 0.31.4.0, the Google Maps … | Apr 08, 2026 |
| CVE-2026-39389 | MEDIUM | 6.7 | CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 0.31.4.0, This vulnerability is … | Apr 08, 2026 |
| CVE-2026-5795 | HIGH | 7.4 | In Eclipse Jetty, the class JASPIAuthenticator initiates the authentication checks, which set two ThreadLocal variable. Upon returning from the initial checks, there are conditions that … | Apr 08, 2026 |
| CVE-2026-35023 | UNKNOWN | — | Wimi Teamwork On-Premises versions prior to 8.2.0 contain an insecure direct object reference vulnerability in the preview.php endpoint where the item_id parameter lacks proper authorization … | Apr 08, 2026 |
| CVE-2026-31411 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: net: atm: fix crash due to unvalidated vcc pointer in sigd_send() Reproducer available at [1]. … | Apr 08, 2026 |
| CVE-2026-2509 | MEDIUM | 6.4 | The Page Builder: Pagelayer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Button widget's Custom Attributes field in all versions up to, … | Apr 08, 2026 |
| CVE-2025-58713 | MEDIUM | 6.4 | A container privilege escalation flaw was found in certain Red Hat Process Automation Manager images. This issue stems from the /etc/passwd file being created with … | Apr 08, 2026 |
| CVE-2025-57854 | MEDIUM | 6.4 | A container privilege escalation flaw was found in certain OpenShift Update Service (OSUS) images. This issue stems from the /etc/passwd file being created with group-writable … | Apr 08, 2026 |
| CVE-2025-57853 | MEDIUM | 6.4 | A container privilege escalation flaw was found in certain Web Terminal images. This issue stems from the /etc/passwd file being created with group-writable permissions during … | Apr 08, 2026 |
| CVE-2025-57851 | MEDIUM | 6.4 | A container privilege escalation flaw was found in certain Multicluster Engine for Kubernetes images. This issue stems from the /etc/passwd file being created with group-writable … | Apr 08, 2026 |
| CVE-2025-57847 | MEDIUM | 6.4 | A container privilege escalation flaw was found in certain Ansible Automation Platform images. This issue arises from the /etc/passwd file being created with group-writable permissions … | Apr 08, 2026 |
| CVE-2025-14816 | UNKNOWN | — | Cleartext Storage of Sensitive Information in GUI vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi … | Apr 08, 2026 |
| CVE-2025-14815 | UNKNOWN | — | Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric MobileHMI … | Apr 08, 2026 |
| CVE-2026-5600 | UNKNOWN | — | A new API endpoint introduced in pretix 2025 that is supposed to return all check-in events of a specific event in fact returns all check-in … | Apr 08, 2026 |
| CVE-2026-5302 | MEDIUM | 6.3 | CORS misconfiguration in CoolerControl/coolercontrold <4.0.0 allows unauthenticated remote attackers to read data and send commands to the service via malicious websites | Apr 08, 2026 |
| CVE-2026-5301 | HIGH | 7.6 | Stored XSS in log viewer in CoolerControl/coolercontrol-ui <4.0.0 allows unauthenticated attackers to take over the service via malicious JavaScript in poisoned log entries | Apr 08, 2026 |