Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
11989
Total
791
Critical
3366
High
3787
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-22682 | HIGH | 7.1 | OpenHarness prior to commit 166fcfe contains an improper access control vulnerability in built-in file tools due to inconsistent parameter handling in permission enforcement, allowing attackers … | Apr 07, 2026 |
| CVE-2026-22680 | MEDIUM | 5.3 | OpenViking versions prior to 0.3.3 contain a missing authorization vulnerability in the task polling endpoints that allows unauthorized attackers to enumerate or retrieve background task … | Apr 07, 2026 |
| CVE-2026-4631 | CRITICAL | 9.8 | Cockpit's remote login feature passes user-supplied hostnames and usernames from the web interface to the SSH client without validation or sanitization. An attacker with network … | Apr 07, 2026 |
| CVE-2026-39384 | HIGH | 7.6 | FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.212, FreeScout does not take the limit_user_customer_visibility parameter into … | Apr 07, 2026 |
| CVE-2026-39316 | MEDIUM | 4.0 | OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, a use-after-free vulnerability exists in … | Apr 07, 2026 |
| CVE-2026-39314 | MEDIUM | 4.0 | OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, an integer underflow vulnerability in … | Apr 07, 2026 |
| CVE-2026-39312 | HIGH | 7.5 | SoftEtherVPN is a an open-source cross-platform multi-protocol VPN Program. In 5.2.5188 and earlier, a pre-authentication denial-of-service vulnerability exists in SoftEther VPN Developer Edition 5.2.5188 (and … | Apr 07, 2026 |
| CVE-2026-39308 | HIGH | 7.1 | PraisonAI is a multi-agent teams system. Prior to 1.5.113, PraisonAI's recipe registry publish endpoint writes uploaded recipe bundles to a filesystem path derived from the … | Apr 07, 2026 |
| CVE-2026-39307 | HIGH | 8.1 | PraisonAI is a multi-agent teams system. Prior to 1.5.113, The PraisonAI templates installation feature is vulnerable to a "Zip Slip" Arbitrary File Write attack. When … | Apr 07, 2026 |
| CVE-2026-39306 | HIGH | 7.3 | PraisonAI is a multi-agent teams system. Prior to 1.5.113, PraisonAI's recipe registry pull flow extracts attacker-controlled .praison tar archives with tar.extractall() and does not validate … | Apr 07, 2026 |
| CVE-2026-39305 | CRITICAL | 9.0 | PraisonAI is a multi-agent teams system. Prior to 1.5.113, the Action Orchestrator feature contains a Path Traversal vulnerability that allows an attacker (or compromised agent) … | Apr 07, 2026 |
| CVE-2026-35615 | UNKNOWN | — | PraisonAI is a multi-agent teams system. Prior to 1.5.113, _validate_path() calls os.path.normpath() first, which collapses .. sequences, then checks for '..' in normalized. Since .. … | Apr 07, 2026 |
| CVE-2026-35614 | UNKNOWN | — | Frappe is a full-stack web application framework. Prior to 16.14.0 and 15.104.0, Frappe has a SQL injection in bulk_update. This vulnerability is fixed in 16.14.0 … | Apr 07, 2026 |
| CVE-2026-35613 | MEDIUM | 5.1 | coursevault-preview is a utility for previewing course material files from a configured directory. coursevault-preview versions prior to 0.1.1 contain a path traversal vulnerability in the … | Apr 07, 2026 |
| CVE-2026-35611 | HIGH | 7.5 | Addressable is an alternative implementation to the URI implementation that is part of Ruby's standard library. From 2.3.0 to before 2.9.0, within the URI template … | Apr 07, 2026 |
| CVE-2026-35610 | HIGH | 8.8 | PolarLearn is a free and open-source learning program. In 0-PRERELEASE-14 and earlier, setCustomPassword(userId, password) and deleteUser(userId) in the account-management module used an inverted admin check. … | Apr 07, 2026 |
| CVE-2026-35608 | UNKNOWN | — | QuickDrop is an easy-to-use file sharing application. Prior to 1.5.3, a stored XSS vulnerability exists in the file preview endpoint. The application allows SVG files … | Apr 07, 2026 |
| CVE-2026-35607 | HIGH | 8.1 | File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.1, the fix in … | Apr 07, 2026 |
| CVE-2026-35606 | UNKNOWN | — | File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.1, the resourceGetHandler in … | Apr 07, 2026 |
| CVE-2026-35605 | UNKNOWN | — | File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.1, the Matches() function … | Apr 07, 2026 |
| CVE-2026-35604 | UNKNOWN | — | File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.1, when an admin … | Apr 07, 2026 |
| CVE-2026-35592 | MEDIUM | 5.3 | pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev97, the _safe_extractall() function in src/pyload/plugins/extractors/UnTar.py uses os.path.commonprefix() for its path traversal … | Apr 07, 2026 |
| CVE-2026-35586 | MEDIUM | 6.8 | pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev97, the ADMIN_ONLY_CORE_OPTIONS authorization set in set_config_value() uses incorrect option names ssl_cert … | Apr 07, 2026 |
| CVE-2026-35585 | UNKNOWN | — | File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. From 2.0.0 through 2.63.1, the hook … | Apr 07, 2026 |
| CVE-2026-35584 | UNKNOWN | — | FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.212, the endpoint GET /thread/read/{conversation_id}/{thread_id} does not require authentication … | Apr 07, 2026 |