Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
11989
Total
791
Critical
3366
High
3787
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-1342 | HIGH | 8.5 | IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 … | Apr 08, 2026 |
| CVE-2026-4656 | UNKNOWN | — | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | Apr 07, 2026 |
| CVE-2026-39936 | UNKNOWN | — | Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in The Wikimedia Foundation Mediawiki - Score Extension allows Cross-Site Scripting (XSS).This issue affects … | Apr 07, 2026 |
| CVE-2026-39935 | UNKNOWN | — | Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in The Wikimedia Foundation Mediawiki - CampaignEvents Extension allows Cross-Site Scripting (XSS).This issue affects … | Apr 07, 2026 |
| CVE-2025-20628 | UNKNOWN | — | An insufficient granularity of access control vulnerability exists in PingIDM (formerly ForgeRock Identity Management) where administrators cannot properly configure access rules for Remote Connector Servers … | Apr 07, 2026 |
| CVE-2026-4065 | MEDIUM | 5.4 | The Smart Slider 3 plugin for WordPress is vulnerable to unauthorized access and modification of data due to missing capability checks on multiple wp_ajax_smart-slider3 controller … | Apr 07, 2026 |
| CVE-2026-39937 | UNKNOWN | — | Improper removal of sensitive information before storage or transfer vulnerability in The Wikimedia Foundation Mediawiki - CentralAuth Extension allows Resource Leak Exposure.This issue affects non … | Apr 07, 2026 |
| CVE-2026-39934 | UNKNOWN | — | Loop with unreachable exit condition ('infinite loop') vulnerability in The Wikimedia Foundation Mediawiki - GrowthExperiments Extension allows Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions.This issue … | Apr 07, 2026 |
| CVE-2026-39933 | UNKNOWN | — | Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in The Wikimedia Foundation Mediawiki - GlobalWatchlist Extension allows Cross-Site Scripting (XSS).This issue affects … | Apr 07, 2026 |
| CVE-2026-39847 | CRITICAL | 9.1 | Emmett is a full-stack Python web framework designed with simplicity. From 2.5.0 to before 2.8.1, the RSGI static handler for Emmett's internal assets (/__emmett__ paths) … | Apr 07, 2026 |
| CVE-2026-39846 | CRITICAL | 9.0 | SiYuan is a personal knowledge management system. Prior to 3.6.4, a malicious note synced to another user can trigger remote code execution in the SiYuan … | Apr 07, 2026 |
| CVE-2026-35568 | UNKNOWN | — | MCP Java SDK is the official Java SDK for Model Context Protocol servers and clients. Prior to 1.0.0, the java-sdk contains a DNS rebinding vulnerability. … | Apr 07, 2026 |
| CVE-2026-35406 | MEDIUM | 6.2 | Aardvark-dns is an authoritative dns server for A/AAAA container records. From 1.16.0 to 1.17.0, a truncated TCP DNS query followed by a connection reset causes … | Apr 07, 2026 |
| CVE-2026-34781 | LOW | 2.8 | Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to 39.8.5, 40.8.5, 41.1.0, and 42.0.0-alpha.5, apps that call clipboard.readImage() … | Apr 07, 2026 |
| CVE-2026-34765 | MEDIUM | 6.0 | Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to 39.8.5, 40.8.5, 41.1.0, and 42.0.0-alpha.5, when a renderer calls … | Apr 07, 2026 |
| CVE-2026-34582 | UNKNOWN | — | Botan is a C++ cryptography library. Prior to version 3.11.1, the TLS 1.3 implementation allowed ApplicationData records to be processed prior to the Finished message … | Apr 07, 2026 |
| CVE-2026-34580 | UNKNOWN | — | Botan is a C++ cryptography library. In 3.11.0, the function Certificate_Store::certificate_known had a misleading name; it would return true if any certificate in the store … | Apr 07, 2026 |
| CVE-2026-34371 | MEDIUM | 6.3 | LibreChat is a ChatGPT clone with additional features. Prior to 0.8.4, LibreChat trusts the name field returned by the execute_code sandbox when persisting code-generated artifacts. … | Apr 07, 2026 |
| CVE-2026-34079 | UNKNOWN | — | Flatpak is a Linux application sandboxing and distribution framework. Prior to 1.16.4, the caching for ld.so removes outdated cache files without properly checking that the … | Apr 07, 2026 |
| CVE-2026-34078 | UNKNOWN | — | Flatpak is a Linux application sandboxing and distribution framework. Prior to 1.16.4, the Flatpak portal accepts paths in the sandbox-expose options which can be app-controlled … | Apr 07, 2026 |
| CVE-2026-31790 | HIGH | 7.5 | Issue summary: Applications using RSASVE key encapsulation to establish a secret encryption key can send contents of an uninitialized memory buffer to a malicious peer. … | Apr 07, 2026 |
| CVE-2026-31789 | UNKNOWN | — | Issue summary: Converting an excessively large OCTET STRING value to a hexadecimal string leads to a heap buffer overflow on 32 bit platforms. Impact summary: … | Apr 07, 2026 |
| CVE-2026-28390 | UNKNOWN | — | Issue summary: During processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that process attacker-controlled CMS … | Apr 07, 2026 |
| CVE-2026-28389 | UNKNOWN | — | Issue summary: During processing of a crafted CMS EnvelopedData message with KeyAgreeRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that process attacker-controlled CMS … | Apr 07, 2026 |
| CVE-2026-28388 | UNKNOWN | — | Issue summary: When a delta CRL that contains a Delta CRL Indicator extension is processed a NULL pointer dereference might happen if the required CRL … | Apr 07, 2026 |