Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
11989
Total
791
Critical
3366
High
3787
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-28387 | UNKNOWN | — | Issue summary: An uncommon configuration of clients performing DANE TLSA-based server authentication, when paired with uncommon server DANE TLSA records, may result in a use-after-free … | Apr 07, 2026 |
| CVE-2026-28386 | UNKNOWN | — | Issue summary: Applications using AES-CFB128 encryption or decryption on systems with AVX-512 and VAES support can trigger an out-of-bounds read of up to 15 bytes … | Apr 07, 2026 |
| CVE-2026-39401 | UNKNOWN | — | Cronicle is a multi-server task scheduler and runner, with a web based front-end UI. Prior to 0.9.111, jb child processes can include an update_event key … | Apr 07, 2026 |
| CVE-2026-39400 | UNKNOWN | — | Cronicle is a multi-server task scheduler and runner, with a web based front-end UI. Prior to 0.9.111, a non-admin user with create_events and run_events privileges … | Apr 07, 2026 |
| CVE-2026-39397 | CRITICAL | 9.4 | @delmaredigital/payload-puck is a PayloadCMS plugin for integrating Puck visual page builder. Prior to 0.6.23, all /api/puck/* CRUD endpoint handlers registered by createPuckPlugin() called Payload's local … | Apr 07, 2026 |
| CVE-2026-35533 | HIGH | 7.7 | mise manages dev tools like node, python, cmake, and terraform. From 2026.2.18 through 2026.4.5, mise loads trust-control settings from a local project .mise.toml before the … | Apr 07, 2026 |
| CVE-2026-34080 | UNKNOWN | — | xdg-dbus-proxy is a filtering proxy for D-Bus connections. Prior to 0.1.7, a policy parser vulnerability allows bypassing eavesdrop restrictions. The proxy checks for eavesdrop=true in … | Apr 07, 2026 |
| CVE-2026-34045 | HIGH | 8.2 | Podman Desktop is a graphical tool for developing on containers and Kubernetes. Prior to 1.26.2, an unauthenticated HTTP server exposed by Podman Desktop allows any … | Apr 07, 2026 |
| CVE-2026-33439 | UNKNOWN | — | Open Access Management (OpenAM) is an access management solution. Prior to 16.0.6, OpenIdentityPlatform OpenAM is vulnerable to pre-authentication Remote Code Execution (RCE) via unsafe Java … | Apr 07, 2026 |
| CVE-2026-32712 | MEDIUM | 5.4 | Open Source Point of Sale is a web based point-of-sale application written in PHP using CodeIgniter framework. Prior to 3.4.3, a Stored Cross-Site Scripting (XSS) … | Apr 07, 2026 |
| CVE-2026-29181 | HIGH | 7.5 | OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.36.0 to 1.40.0, multi-value baggage: header extraction parses each header field-value independently and aggregates members across values. … | Apr 07, 2026 |
| CVE-2026-27949 | LOW | 2.0 | Plane is an an open-source project management tool. Prior to 1.3.0, a vulnerability was identified in Plane's authentication flow where a user's email address is … | Apr 07, 2026 |
| CVE-2026-5741 | HIGH | 7.3 | A weakness has been identified in suvarchal docker-mcp-server up to 0.1.0. The impacted element is the function stop_container/remove_container/pull_image of the file src/index.ts of the component … | Apr 07, 2026 |
| CVE-2026-5739 | HIGH | 7.3 | A security flaw has been discovered in PowerJob 5.1.0/5.1.1/5.1.2. The affected element is the function GroovyEvaluator.evaluate of the file /openApi/addWorkflowNode of the component OpenAPI Endpoint. … | Apr 07, 2026 |
| CVE-2026-3566 | UNKNOWN | — | Rejected reason: After further discussion, the issue was determined to not meet the criteria for CVE assignment. | Apr 07, 2026 |
| CVE-2026-39841 | UNKNOWN | — | Improper neutralization of Script-Related HTML tags in a web page (basic XSS) vulnerability in Wikimedia Foundation Mediawiki - Cargo Extension allows Stored XSS.This issue affects … | Apr 07, 2026 |
| CVE-2026-39840 | UNKNOWN | — | Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Wikimedia Foundation Mediawiki - Cargo Extension allows XSS Targeting Non-Script Elements.This issue affects … | Apr 07, 2026 |
| CVE-2026-39839 | UNKNOWN | — | Improper neutralization of Script-Related HTML tags in a web page (basic XSS) vulnerability in Wikimedia Foundation Mediawiki - Cargo Extension allows Stored XSS.This issue affects … | Apr 07, 2026 |
| CVE-2026-39838 | UNKNOWN | — | Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Wikimedia Foundation MediaWiki - ProofreadPage Extension allows XSS Targeting Non-Script Elements.This issue affects … | Apr 07, 2026 |
| CVE-2026-39837 | UNKNOWN | — | Improper neutralization of Script-Related HTML tags in a web page (basic XSS) vulnerability in WikiWorks Mediawiki - Cargo Extension allows Stored XSS.This issue affects Mediawiki … | Apr 07, 2026 |
| CVE-2026-39395 | MEDIUM | 4.3 | Cosign provides code signing and transparency for containers and binaries. Prior to 3.0.6 and 2.6.3, cosign verify-blob-attestation may erroneously report a "Verified OK" result for … | Apr 07, 2026 |
| CVE-2026-39382 | UNKNOWN | — | dbt enables data analysts and engineers to transform their data using the same practices that software engineers use to build applications. Inside the reusable workflow … | Apr 07, 2026 |
| CVE-2026-39381 | UNKNOWN | — | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.8.0-alpha.7 and 8.6.75, the GET … | Apr 07, 2026 |
| CVE-2026-39380 | MEDIUM | 5.4 | Open Source Point of Sale is a web based point-of-sale application written in PHP using CodeIgniter framework. Prior to 3.4.3, a Stored Cross-Site Scripting (XSS) … | Apr 07, 2026 |
| CVE-2026-39376 | HIGH | 7.5 | FastFeedParser is a high performance RSS, Atom and RDF parser. Prior to 0.5.10, when parse() fetches a URL that returns an HTML page containing a … | Apr 07, 2026 |