Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
220
Total
14
Critical
71
High
65
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-33045 | UNKNOWN | — | Home Assistant is open source home automation software that puts local control and privacy first. Starting in version 2025.02 and prior to version 2026.01 the … | Mar 27, 2026 |
| CVE-2026-33044 | UNKNOWN | — | Home Assistant is open source home automation software that puts local control and privacy first. Starting in version 2020.02 and prior to version 2026.01, an … | Mar 27, 2026 |
| CVE-2026-32241 | HIGH | 7.5 | Flannel is a network fabric for containers, designed for Kubernetes. The Flannel project includes an experimental Extension backend that allows users to easily prototype new … | Mar 27, 2026 |
| CVE-2026-31951 | MEDIUM | 6.8 | LibreChat is a ChatGPT clone with additional features. In versions 0.8.2-rc1 through 0.8.3-rc1, user-created MCP (Model Context Protocol) servers can include arbitrary HTTP headers that … | Mar 27, 2026 |
| CVE-2026-31950 | MEDIUM | 5.3 | LibreChat is a ChatGPT clone with additional features. In versions 0.8.2-rc2 through 0.8.2-rc3, the SSE streaming endpoint `/api/agents/chat/stream/:streamId` does not verify that the requesting user … | Mar 27, 2026 |
| CVE-2026-31945 | HIGH | 7.7 | LibreChat is a ChatGPT clone with additional features. Versions 0.8.2-rc2 through 0.8.2 are vulnerable to a server-side request forgery (SSRF) attack when using agent actions … | Mar 27, 2026 |
| CVE-2026-31943 | HIGH | 8.5 | LibreChat is a ChatGPT clone with additional features. Prior to version 0.8.3, `isPrivateIP()` in `packages/api/src/auth/domain.ts` fails to detect IPv4-mapped IPv6 addresses in their hex-normalized form, … | Mar 27, 2026 |
| CVE-2026-4970 | MEDIUM | 6.3 | A security flaw has been discovered in code-projects Social Networking Site 1.0. This affects an unknown function of the file delete_photos.php of the component Endpoint. … | Mar 27, 2026 |
| CVE-2026-4969 | LOW | 3.5 | A vulnerability was identified in code-projects Social Networking Site 1.0. The impacted element is an unknown function of the file /home.php of the component Alert … | Mar 27, 2026 |
| CVE-2026-34387 | UNKNOWN | — | Fleet is open source device management software. Prior to 4.81.1, a command injection vulnerability in Fleet's software installer pipeline allows an attacker to achieve arbitrary … | Mar 27, 2026 |
| CVE-2026-34386 | UNKNOWN | — | Fleet is open source device management software. Prior to 4.81.0, a SQL injection vulnerability in Fleet's MDM bootstrap package configuration allows an authenticated user with … | Mar 27, 2026 |
| CVE-2026-34385 | UNKNOWN | — | Fleet is open source device management software. Prior to 4.81.0, a second-order SQL injection vulnerability in Fleet's Apple MDM profile delivery pipeline could allow an … | Mar 27, 2026 |
| CVE-2026-34375 | HIGH | 8.2 | WWBN AVideo is an open source video platform. In versions up to and including 26.0, the YPTWallet Stripe payment confirmation page directly echoes the `$_REQUEST['plugin']` … | Mar 27, 2026 |
| CVE-2026-34374 | CRITICAL | 9.1 | WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `Live_schedule::keyExists()` method constructs a SQL query by interpolating a … | Mar 27, 2026 |
| CVE-2026-34369 | MEDIUM | 5.3 | WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `get_api_video_file` and `get_api_video` API endpoints in AVideo return full … | Mar 27, 2026 |
| CVE-2026-29180 | UNKNOWN | — | Fleet is open source device management software. Prior to 4.81.1, a broken access control vulnerability in Fleet's host transfer API allows a team maintainer to … | Mar 27, 2026 |
| CVE-2026-26061 | UNKNOWN | — | Fleet is open source device management software. Prior to 4.81.0, Fleet contained multiple unauthenticated HTTP endpoints that read request bodies without enforcing a size limit. … | Mar 27, 2026 |
| CVE-2026-26060 | UNKNOWN | — | Fleet is open source device management software. Prior to 4.81.0, a vulnerability in Fleet’s password management logic could allow previously issued password reset tokens to … | Mar 27, 2026 |
| CVE-2025-15612 | MEDIUM | 4.8 | Wazuh provisioning scripts and Dockerfiles contain an insecure transport vulnerability where curl is invoked with the -k/--insecure flag, disabling SSL/TLS certificate validation. Attackers with network … | Mar 27, 2026 |
| CVE-2026-4968 | MEDIUM | 4.3 | A vulnerability was determined in SourceCodester Diary App 1.0. The affected element is an unknown function of the file diary.php. Executing a manipulation can lead … | Mar 27, 2026 |
| CVE-2026-4966 | MEDIUM | 6.3 | A flaw has been found in itsourcecode Free Hotel Reservation System 1.0. Impacted is an unknown function of the file /admin/mod_room/index.php?view=edit. Executing a manipulation of … | Mar 27, 2026 |
| CVE-2026-4965 | HIGH | 7.3 | A vulnerability was detected in letta-ai letta 0.16.4. This issue affects the function resolve_type of the file letta/functions/ast_parsers.py of the component Incomplete Fix CVE-2025-6101. Performing … | Mar 27, 2026 |
| CVE-2026-34368 | MEDIUM | 5.3 | WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `transferBalance()` method in `plugin/YPTWallet/YPTWallet.php` contains a Time-of-Check-Time-of-Use (TOCTOU) race … | Mar 27, 2026 |
| CVE-2026-34364 | MEDIUM | 5.3 | WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `categories.json.php` endpoint, which serves the category listing API, fails … | Mar 27, 2026 |
| CVE-2026-30568 | MEDIUM | 4.8 | A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Inventory System 1.0 in in the view_purchase.php file via the "limit" parameter. The application fails to … | Mar 27, 2026 |