Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
11702
Total
781
Critical
3315
High
3732
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-39317 | HIGH | 8.8 | ChurchCRM is an open-source church management system. Prior to 7.1.0, a SQL injection vulnerability exists in ChurchCRM's SettingsIndividual.php where user-controlled array keys from the type … | Apr 07, 2026 |
| CVE-2026-35576 | HIGH | 8.7 | ChurchCRM is an open-source church management system. Prior to 7.0.0, a stored cross-site scripting (XSS) vulnerability exists in ChurchCRM within the Person Property Management subsystem. … | Apr 07, 2026 |
| CVE-2026-35575 | HIGH | 8.0 | ChurchCRM is an open-source church management system. Prior to 6.5.3, a Stored Cross-Site Scripting (Stored XSS) vulnerability in the admin panel’s group-creation feature allows any … | Apr 07, 2026 |
| CVE-2026-35573 | CRITICAL | 9.1 | ChurchCRM is an open-source church management system. Prior to 6.5.3, a path traversal vulnerability in ChurchCRM's backup restore functionality allows authenticated administrators to upload arbitrary … | Apr 07, 2026 |
| CVE-2026-35572 | UNKNOWN | — | ChurchCRM is an open-source church management system. Prior to 6.5.3, it is possible to trigger server-side HTTP/HTTPS requests to arbitrary hosts (SSRF) by supplying a … | Apr 07, 2026 |
| CVE-2026-31272 | UNKNOWN | — | MRCMS 3.1.2 contains an access control vulnerability. The save() method in src/main/java/org/marker/mushroom/controller/UserController.java lacks proper authorization validation, enabling direct addition of super administrator accounts without authentication. | Apr 07, 2026 |
| CVE-2026-31271 | UNKNOWN | — | megagao production_ssm v1.0 contains an authorization bypass vulnerability in the user addition functionality. The insert() method in UserController.java lacks authentication checks, allowing unauthenticated attackers to … | Apr 07, 2026 |
| CVE-2026-24175 | HIGH | 7.5 | NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a server crash by sending a malformed request header to the server. A … | Apr 07, 2026 |
| CVE-2026-24174 | HIGH | 7.5 | NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a server crash by sending a malformed request to the server. A successful … | Apr 07, 2026 |
| CVE-2026-24173 | HIGH | 7.5 | NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a server crash by sending a malformed request to the server. A successful … | Apr 07, 2026 |
| CVE-2026-24156 | HIGH | 7.3 | NVIDIA DALI contains a vulnerability where an attacker could cause a deserialization of untrusted data. A successful exploit of this vulnerability might lead to arbitrary … | Apr 07, 2026 |
| CVE-2026-24147 | MEDIUM | 4.8 | NVIDIA Triton Inference Server contains a vulnerability in triton server where an attacker may cause an information disclosure by uploading a model configuration. A successful … | Apr 07, 2026 |
| CVE-2026-24146 | HIGH | 7.5 | NVIDIA Triton Inference Server contains a vulnerability where insufficient input validation and a large number of outputs could cause a server crash. A successful exploit … | Apr 07, 2026 |
| CVE-2026-22682 | HIGH | 7.1 | OpenHarness prior to commit 166fcfe contains an improper access control vulnerability in built-in file tools due to inconsistent parameter handling in permission enforcement, allowing attackers … | Apr 07, 2026 |
| CVE-2026-22680 | MEDIUM | 5.3 | OpenViking versions prior to 0.3.3 contain a missing authorization vulnerability in the task polling endpoints that allows unauthorized attackers to enumerate or retrieve background task … | Apr 07, 2026 |
| CVE-2026-4631 | CRITICAL | 9.8 | Cockpit's remote login feature passes user-supplied hostnames and usernames from the web interface to the SSH client without validation or sanitization. An attacker with network … | Apr 07, 2026 |
| CVE-2026-39384 | HIGH | 7.6 | FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.212, FreeScout does not take the limit_user_customer_visibility parameter into … | Apr 07, 2026 |
| CVE-2026-39316 | MEDIUM | 4.0 | OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, a use-after-free vulnerability exists in … | Apr 07, 2026 |
| CVE-2026-39314 | MEDIUM | 4.0 | OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, an integer underflow vulnerability in … | Apr 07, 2026 |
| CVE-2026-39312 | HIGH | 7.5 | SoftEtherVPN is a an open-source cross-platform multi-protocol VPN Program. In 5.2.5188 and earlier, a pre-authentication denial-of-service vulnerability exists in SoftEther VPN Developer Edition 5.2.5188 (and … | Apr 07, 2026 |
| CVE-2026-39308 | HIGH | 7.1 | PraisonAI is a multi-agent teams system. Prior to 1.5.113, PraisonAI's recipe registry publish endpoint writes uploaded recipe bundles to a filesystem path derived from the … | Apr 07, 2026 |
| CVE-2026-39307 | HIGH | 8.1 | PraisonAI is a multi-agent teams system. Prior to 1.5.113, The PraisonAI templates installation feature is vulnerable to a "Zip Slip" Arbitrary File Write attack. When … | Apr 07, 2026 |
| CVE-2026-39306 | HIGH | 7.3 | PraisonAI is a multi-agent teams system. Prior to 1.5.113, PraisonAI's recipe registry pull flow extracts attacker-controlled .praison tar archives with tar.extractall() and does not validate … | Apr 07, 2026 |
| CVE-2026-39305 | CRITICAL | 9.0 | PraisonAI is a multi-agent teams system. Prior to 1.5.113, the Action Orchestrator feature contains a Path Traversal vulnerability that allows an attacker (or compromised agent) … | Apr 07, 2026 |
| CVE-2026-35615 | UNKNOWN | — | PraisonAI is a multi-agent teams system. Prior to 1.5.113, _validate_path() calls os.path.normpath() first, which collapses .. sequences, then checks for '..' in normalized. Since .. … | Apr 07, 2026 |