Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
11989
Total
791
Critical
3366
High
3787
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-39374 | MEDIUM | 6.5 | Plane is an an open-source project management tool. Prior to 1.3.0, the IssueBulkUpdateDateEndpoint allows a project member (ADMIN or MEMBER) to modify the start_date and … | Apr 07, 2026 |
| CVE-2026-39373 | MEDIUM | 5.3 | JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to 1.5.7, an unauthenticated attacker can exhaust server memory by sending crafted JWE tokens with … | Apr 07, 2026 |
| CVE-2026-39371 | HIGH | 8.1 | RedwoodSDK is a server-first React framework. From 1.0.0-beta.50 to 1.0.5, erver functions exported from "use server" files could be invoked via GET requests, bypassing their … | Apr 07, 2026 |
| CVE-2026-39370 | HIGH | 7.1 | WWBN AVideo is an open source video platform. In versions 26.0 and prior, objects/aVideoEncoder.json.php still allows attacker-controlled downloadURL values with common media or archive extensions … | Apr 07, 2026 |
| CVE-2026-39369 | HIGH | 7.6 | WWBN AVideo is an open source video platform. In versions 26.0 and prior, objects/aVideoEncoderReceiveImage.json.php allowed an authenticated uploader to fetch attacker-controlled same-origin /videos/... URLs, bypass … | Apr 07, 2026 |
| CVE-2026-39368 | MEDIUM | 6.5 | WWBN AVideo is an open source video platform. In versions 26.0 and prior, the Live restream log callback flow accepted an attacker-controlled restreamerURL and later … | Apr 07, 2026 |
| CVE-2026-39367 | MEDIUM | 5.4 | WWBN AVideo is an open source video platform. In versions 26.0 and prior, AVideo's EPG (Electronic Program Guide) feature parses XML from user-controlled URLs and … | Apr 07, 2026 |
| CVE-2026-39366 | MEDIUM | 6.5 | WWBN AVideo is an open source video platform. In versions 26.0 and prior, the PayPal IPN v1 handler at plugin/PayPalYPT/ipn.php lacks transaction deduplication, allowing an … | Apr 07, 2026 |
| CVE-2026-39365 | UNKNOWN | — | Vite is a frontend tooling framework for JavaScript. From 6.0.0 to before 6.4.2, 7.3.2, and 8.0.5, the dev server’s handling of .map requests for optimized … | Apr 07, 2026 |
| CVE-2026-39364 | UNKNOWN | — | Vite is a frontend tooling framework for JavaScript. From 7.1.0 to before 7.3.2 and 8.0.5, on the Vite dev server, files that should be blocked … | Apr 07, 2026 |
| CVE-2026-39363 | UNKNOWN | — | Vite is a frontend tooling framework for JavaScript. From 6.0.0 to before 6.4.2, 7.3.2, and 8.0.5, if it is possible to connect to the Vite … | Apr 07, 2026 |
| CVE-2026-39361 | HIGH | 7.7 | OpenObserve is a cloud-native observability platform. In 0.70.3 and earlier, the validate_enrichment_url function in src/handler/http/request/enrichment_table/mod.rs fails to block IPv6 addresses because Rust's url crate returns … | Apr 07, 2026 |
| CVE-2026-39356 | HIGH | 7.5 | Drizzle is a modern TypeScript ORM. Prior to 0.45.2 and 1.0.0-beta.20, Drizzle ORM improperly escaped quoted SQL identifiers in its dialect-specific escapeName() implementations. In affected … | Apr 07, 2026 |
| CVE-2026-39322 | UNKNOWN | — | PolarLearn is a free and open-source learning program. In 0-PRERELEASE-15 and earlier, POST /api/v1/auth/sign-in creates a valid session for banned accounts before verifying the supplied … | Apr 07, 2026 |
| CVE-2026-32864 | HIGH | 7.8 | There is a memory corruption vulnerability due to an out-of-bounds read in mgcore_SH_25_3!aligned_free() in NI LabVIEW. This vulnerability may result in information disclosure or arbitrary … | Apr 07, 2026 |
| CVE-2026-32863 | HIGH | 7.8 | There is a memory corruption vulnerability due to an out-of-bounds read in sentry_transaction_context_set_operation() in NI LabVIEW. This vulnerability may result in information disclosure or arbitrary … | Apr 07, 2026 |
| CVE-2026-32862 | HIGH | 7.8 | There is a memory corruption vulnerability due to an out-of-bounds write in ResFileFactory::InitResourceMgr() in NI LabVIEW. This vulnerability may result in information disclosure or arbitrary … | Apr 07, 2026 |
| CVE-2026-32861 | HIGH | 7.8 | There is a memory corruption vulnerability due to an out-of-bounds write when loading a corrupted LVCLASS file in NI LabVIEW. This vulnerability may result in … | Apr 07, 2026 |
| CVE-2026-32860 | HIGH | 7.8 | There is a memory corruption vulnerability due to an out-of-bounds write when loading a corrupted LVLIB file in NI LabVIEW. This vulnerability may result in … | Apr 07, 2026 |
| CVE-2025-69515 | UNKNOWN | — | An issue in JXL 9 Inch Car Android Double Din Player Android v12.0 allows attackers to force the infotainment system into accepting falsified GPS signals … | Apr 07, 2026 |
| CVE-2025-56015 | UNKNOWN | — | In GenieACS 1.2.13, an unauthenticated access vulnerability exists in the NBI API endpoint. | Apr 07, 2026 |
| CVE-2025-14859 | UNKNOWN | — | The Semtech LR11xx LoRa transceivers implement secure boot functionality using digital signatures to authenticate firmware. However, the implementation uses a non-standard cryptographic hashing algorithm that … | Apr 07, 2026 |
| CVE-2025-14858 | UNKNOWN | — | The Semtech LR11xx LoRa transceivers running early versions of firmware contains an information disclosure vulnerability in its firmware validation functionality. When a host issues a … | Apr 07, 2026 |
| CVE-2025-14857 | UNKNOWN | — | An improper access control vulnerability exists in Semtech LoRa LR11xxx transceivers running early versions of firmware where the memory write command accessible via the physical … | Apr 07, 2026 |
| CVE-2026-5762 | UNKNOWN | — | Allocation of resources without limits or throttling vulnerability in Wikimedia Foundation MediaWiki - ReportIncident Extension allows HTTP DoS.This issue affects MediaWiki - ReportIncident Extension: 1.43.7, … | Apr 07, 2026 |