Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
11567
Total
772
Critical
3269
High
3678
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2023-46945 | UNKNOWN | — | QD 20230821 is vulnerable to Server-side request forgery (SSRF) via a crafted request | Apr 08, 2026 |
| CVE-2026-33753 | MEDIUM | 6.2 | rfc3161-client is a Python library implementing the Time-Stamp Protocol (TSP) described in RFC 3161. Prior to 1.0.6, an Authorization Bypass vulnerability in rfc3161-client's signature verification … | Apr 08, 2026 |
| CVE-2026-33229 | UNKNOWN | — | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Prior to 17.4.8 and 17.10.1, an improperly protected … | Apr 08, 2026 |
| CVE-2026-31040 | UNKNOWN | — | A vulnerability was identified in stata-mcp prior to v1.13.0 where insufficient validation of user-supplied Stata do-file content can lead to command execution. | Apr 08, 2026 |
| CVE-2026-39865 | MEDIUM | 5.9 | Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.13.2, Axios HTTP/2 session cleanup logic contains a state corruption bug … | Apr 08, 2026 |
| CVE-2026-39410 | MEDIUM | 4.8 | Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.12, a discrepancy between browser cookie parsing and parse() handling … | Apr 08, 2026 |
| CVE-2026-39409 | UNKNOWN | — | Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.12, ipRestriction() does not canonicalize IPv4-mapped IPv6 client addresses (e.g. … | Apr 08, 2026 |
| CVE-2026-39408 | UNKNOWN | — | Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.12, a path traversal issue in toSSG() allows files to … | Apr 08, 2026 |
| CVE-2026-39407 | MEDIUM | 5.3 | Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.12, a path handling inconsistency in serveStatic allows protected static … | Apr 08, 2026 |
| CVE-2026-39406 | MEDIUM | 5.3 | @hono/node-server allows running the Hono application on Node.js. Prior to 1.19.13, a path handling inconsistency in serveStatic allows protected static files to be accessed by … | Apr 08, 2026 |
| CVE-2026-39394 | HIGH | 8.1 | CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 0.31.4.0, the Install::index() controller … | Apr 08, 2026 |
| CVE-2026-39393 | HIGH | 8.1 | CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 0.31.4.0, the install route … | Apr 08, 2026 |
| CVE-2026-39392 | MEDIUM | 5.5 | CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 0.31.4.0, the Pages module … | Apr 08, 2026 |
| CVE-2026-39391 | MEDIUM | 4.8 | CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 0.31.4.0, the blacklist (ban) … | Apr 08, 2026 |
| CVE-2026-39390 | MEDIUM | 5.5 | CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 0.31.4.0, the Google Maps … | Apr 08, 2026 |
| CVE-2026-39389 | MEDIUM | 6.7 | CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 0.31.4.0, This vulnerability is … | Apr 08, 2026 |
| CVE-2026-5795 | HIGH | 7.4 | In Eclipse Jetty, the class JASPIAuthenticator initiates the authentication checks, which set two ThreadLocal variable. Upon returning from the initial checks, there are conditions that … | Apr 08, 2026 |
| CVE-2026-35023 | UNKNOWN | — | Wimi Teamwork On-Premises versions prior to 8.2.0 contain an insecure direct object reference vulnerability in the preview.php endpoint where the item_id parameter lacks proper authorization … | Apr 08, 2026 |
| CVE-2026-31411 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: net: atm: fix crash due to unvalidated vcc pointer in sigd_send() Reproducer available at [1]. … | Apr 08, 2026 |
| CVE-2026-2509 | MEDIUM | 6.4 | The Page Builder: Pagelayer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Button widget's Custom Attributes field in all versions up to, … | Apr 08, 2026 |
| CVE-2025-58713 | MEDIUM | 6.4 | A container privilege escalation flaw was found in certain Red Hat Process Automation Manager images. This issue stems from the /etc/passwd file being created with … | Apr 08, 2026 |
| CVE-2025-57854 | MEDIUM | 6.4 | A container privilege escalation flaw was found in certain OpenShift Update Service (OSUS) images. This issue stems from the /etc/passwd file being created with group-writable … | Apr 08, 2026 |
| CVE-2025-57853 | MEDIUM | 6.4 | A container privilege escalation flaw was found in certain Web Terminal images. This issue stems from the /etc/passwd file being created with group-writable permissions during … | Apr 08, 2026 |
| CVE-2025-57851 | MEDIUM | 6.4 | A container privilege escalation flaw was found in certain Multicluster Engine for Kubernetes images. This issue stems from the /etc/passwd file being created with group-writable … | Apr 08, 2026 |
| CVE-2025-57847 | MEDIUM | 6.4 | A container privilege escalation flaw was found in certain Ansible Automation Platform images. This issue arises from the /etc/passwd file being created with group-writable permissions … | Apr 08, 2026 |