Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
11702
Total
781
Critical
3315
High
3732
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-39356 | HIGH | 7.5 | Drizzle is a modern TypeScript ORM. Prior to 0.45.2 and 1.0.0-beta.20, Drizzle ORM improperly escaped quoted SQL identifiers in its dialect-specific escapeName() implementations. In affected … | Apr 07, 2026 |
| CVE-2026-39322 | UNKNOWN | — | PolarLearn is a free and open-source learning program. In 0-PRERELEASE-15 and earlier, POST /api/v1/auth/sign-in creates a valid session for banned accounts before verifying the supplied … | Apr 07, 2026 |
| CVE-2026-32864 | HIGH | 7.8 | There is a memory corruption vulnerability due to an out-of-bounds read in mgcore_SH_25_3!aligned_free() in NI LabVIEW. This vulnerability may result in information disclosure or arbitrary … | Apr 07, 2026 |
| CVE-2026-32863 | HIGH | 7.8 | There is a memory corruption vulnerability due to an out-of-bounds read in sentry_transaction_context_set_operation() in NI LabVIEW. This vulnerability may result in information disclosure or arbitrary … | Apr 07, 2026 |
| CVE-2026-32862 | HIGH | 7.8 | There is a memory corruption vulnerability due to an out-of-bounds write in ResFileFactory::InitResourceMgr() in NI LabVIEW. This vulnerability may result in information disclosure or arbitrary … | Apr 07, 2026 |
| CVE-2026-32861 | HIGH | 7.8 | There is a memory corruption vulnerability due to an out-of-bounds write when loading a corrupted LVCLASS file in NI LabVIEW. This vulnerability may result in … | Apr 07, 2026 |
| CVE-2026-32860 | HIGH | 7.8 | There is a memory corruption vulnerability due to an out-of-bounds write when loading a corrupted LVLIB file in NI LabVIEW. This vulnerability may result in … | Apr 07, 2026 |
| CVE-2025-69515 | UNKNOWN | — | An issue in JXL 9 Inch Car Android Double Din Player Android v12.0 allows attackers to force the infotainment system into accepting falsified GPS signals … | Apr 07, 2026 |
| CVE-2025-56015 | UNKNOWN | — | In GenieACS 1.2.13, an unauthenticated access vulnerability exists in the NBI API endpoint. | Apr 07, 2026 |
| CVE-2025-14859 | UNKNOWN | — | The Semtech LR11xx LoRa transceivers implement secure boot functionality using digital signatures to authenticate firmware. However, the implementation uses a non-standard cryptographic hashing algorithm that … | Apr 07, 2026 |
| CVE-2025-14858 | UNKNOWN | — | The Semtech LR11xx LoRa transceivers running early versions of firmware contains an information disclosure vulnerability in its firmware validation functionality. When a host issues a … | Apr 07, 2026 |
| CVE-2025-14857 | UNKNOWN | — | An improper access control vulnerability exists in Semtech LoRa LR11xxx transceivers running early versions of firmware where the memory write command accessible via the physical … | Apr 07, 2026 |
| CVE-2026-5762 | UNKNOWN | — | Allocation of resources without limits or throttling vulnerability in Wikimedia Foundation MediaWiki - ReportIncident Extension allows HTTP DoS.This issue affects MediaWiki - ReportIncident Extension: 1.43.7, … | Apr 07, 2026 |
| CVE-2026-5736 | HIGH | 7.3 | A vulnerability was identified in PowerJob 5.1.0/5.1.1/5.1.2. Impacted is an unknown function of the file powerjob-server/powerjob-server-starter/src/main/java/tech/powerjob/server/web/controller/InstanceController.java of the component detailPlus Endpoint. The manipulation of the … | Apr 07, 2026 |
| CVE-2026-39360 | UNKNOWN | — | RustFS is a distributed object storage system built in Rust. Prior to alpha.90, RustFS contains a missing authorization check in the multipart copy path (UploadPartCopy). … | Apr 07, 2026 |
| CVE-2026-39355 | CRITICAL | 9.9 | Genealogy is a family tree PHP application. Prior to 5.9.1, a critical broken access control vulnerability in the genealogy application allows any authenticated user to … | Apr 07, 2026 |
| CVE-2026-39354 | MEDIUM | 6.5 | Scoold is a Q&A and a knowledge sharing platform for teams. Prior to 1.66.2, an authenticated authorization flaw in Scoold allows any logged-in, low-privilege user … | Apr 07, 2026 |
| CVE-2026-39351 | UNKNOWN | — | Frappe is a full-stack web application framework. Prior to 16.14.0 and 15.104.0, Frappe allows unrestricted Doctype access via API exploit. | Apr 07, 2026 |
| CVE-2026-39349 | UNKNOWN | — | OrangeHRM is a comprehensive human resource management (HRM) system. From 5.0 to 5.8, OrangeHRM Open Source encrypts certain sensitive fields with AES in ECB mode, … | Apr 07, 2026 |
| CVE-2026-39348 | UNKNOWN | — | OrangeHRM is a comprehensive human resource management (HRM) system. From 5.0 to 5.8, OrangeHRM Open Source omits authorization on job specification and vacancy attachment download … | Apr 07, 2026 |
| CVE-2026-39347 | UNKNOWN | — | OrangeHRM is a comprehensive human resource management (HRM) system. From 5.0 to 5.8, OrangeHRM Open Source accepts changes to self-appraisal submissions for administrator users after … | Apr 07, 2026 |
| CVE-2026-39346 | UNKNOWN | — | OrangeHRM is a comprehensive human resource management (HRM) system. From 5.0 to 5.8, OrangeHRM Open Source allowed authenticated users to bypass disabled-module access controls via … | Apr 07, 2026 |
| CVE-2026-39345 | UNKNOWN | — | OrangeHRM is a comprehensive human resource management (HRM) system. From 5.0 to 5.8, OrangeHRM Open Source fails to restrict email template file resolution to the … | Apr 07, 2026 |
| CVE-2026-22711 | UNKNOWN | — | Improper neutralization of alternate XSS syntax vulnerability in The Wikimedia Foundation Mediawiki - Wikilove Extension allows Cross-Site Scripting (XSS).This issue affects Mediawiki - Wikilove Extension: … | Apr 07, 2026 |
| CVE-2025-71058 | UNKNOWN | — | Dual DHCP DNS Server 8.01 improperly accepts and caches UDP DNS responses without validating that the response originates from a legitimate configured upstream DNS server. … | Apr 07, 2026 |