Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
12261
Total
813
Critical
3409
High
3831
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-39384 | HIGH | 7.6 | FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.212, FreeScout does not take the limit_user_customer_visibility parameter into … | Apr 07, 2026 |
| CVE-2026-39316 | MEDIUM | 4.0 | OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, a use-after-free vulnerability exists in … | Apr 07, 2026 |
| CVE-2026-39314 | MEDIUM | 4.0 | OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, an integer underflow vulnerability in … | Apr 07, 2026 |
| CVE-2026-39312 | HIGH | 7.5 | SoftEtherVPN is a an open-source cross-platform multi-protocol VPN Program. In 5.2.5188 and earlier, a pre-authentication denial-of-service vulnerability exists in SoftEther VPN Developer Edition 5.2.5188 (and … | Apr 07, 2026 |
| CVE-2026-39308 | HIGH | 7.1 | PraisonAI is a multi-agent teams system. Prior to 1.5.113, PraisonAI's recipe registry publish endpoint writes uploaded recipe bundles to a filesystem path derived from the … | Apr 07, 2026 |
| CVE-2026-39307 | HIGH | 8.1 | PraisonAI is a multi-agent teams system. Prior to 1.5.113, The PraisonAI templates installation feature is vulnerable to a "Zip Slip" Arbitrary File Write attack. When … | Apr 07, 2026 |
| CVE-2026-39306 | HIGH | 7.3 | PraisonAI is a multi-agent teams system. Prior to 1.5.113, PraisonAI's recipe registry pull flow extracts attacker-controlled .praison tar archives with tar.extractall() and does not validate … | Apr 07, 2026 |
| CVE-2026-39305 | CRITICAL | 9.0 | PraisonAI is a multi-agent teams system. Prior to 1.5.113, the Action Orchestrator feature contains a Path Traversal vulnerability that allows an attacker (or compromised agent) … | Apr 07, 2026 |
| CVE-2026-35615 | UNKNOWN | — | PraisonAI is a multi-agent teams system. Prior to 1.5.113, _validate_path() calls os.path.normpath() first, which collapses .. sequences, then checks for '..' in normalized. Since .. … | Apr 07, 2026 |
| CVE-2026-35614 | UNKNOWN | — | Frappe is a full-stack web application framework. Prior to 16.14.0 and 15.104.0, Frappe has a SQL injection in bulk_update. This vulnerability is fixed in 16.14.0 … | Apr 07, 2026 |
| CVE-2026-35613 | MEDIUM | 5.1 | coursevault-preview is a utility for previewing course material files from a configured directory. coursevault-preview versions prior to 0.1.1 contain a path traversal vulnerability in the … | Apr 07, 2026 |
| CVE-2026-35611 | HIGH | 7.5 | Addressable is an alternative implementation to the URI implementation that is part of Ruby's standard library. From 2.3.0 to before 2.9.0, within the URI template … | Apr 07, 2026 |
| CVE-2026-35610 | HIGH | 8.8 | PolarLearn is a free and open-source learning program. In 0-PRERELEASE-14 and earlier, setCustomPassword(userId, password) and deleteUser(userId) in the account-management module used an inverted admin check. … | Apr 07, 2026 |
| CVE-2026-35608 | UNKNOWN | — | QuickDrop is an easy-to-use file sharing application. Prior to 1.5.3, a stored XSS vulnerability exists in the file preview endpoint. The application allows SVG files … | Apr 07, 2026 |
| CVE-2026-35607 | HIGH | 8.1 | File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.1, the fix in … | Apr 07, 2026 |
| CVE-2026-35606 | UNKNOWN | — | File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.1, the resourceGetHandler in … | Apr 07, 2026 |
| CVE-2026-35605 | UNKNOWN | — | File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.1, the Matches() function … | Apr 07, 2026 |
| CVE-2026-35604 | UNKNOWN | — | File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.1, when an admin … | Apr 07, 2026 |
| CVE-2026-35592 | MEDIUM | 5.3 | pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev97, the _safe_extractall() function in src/pyload/plugins/extractors/UnTar.py uses os.path.commonprefix() for its path traversal … | Apr 07, 2026 |
| CVE-2026-35586 | MEDIUM | 6.8 | pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev97, the ADMIN_ONLY_CORE_OPTIONS authorization set in set_config_value() uses incorrect option names ssl_cert … | Apr 07, 2026 |
| CVE-2026-35585 | UNKNOWN | — | File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. From 2.0.0 through 2.63.1, the hook … | Apr 07, 2026 |
| CVE-2026-35584 | UNKNOWN | — | FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.212, the endpoint GET /thread/read/{conversation_id}/{thread_id} does not require authentication … | Apr 07, 2026 |
| CVE-2026-35583 | MEDIUM | 5.3 | Emissary is a P2P based data-driven workflow engine. Prior to 8.39.0, the configuration API endpoint (/api/configuration/{name}) validated configuration names using a blacklist approach that checked … | Apr 07, 2026 |
| CVE-2026-35581 | HIGH | 7.2 | Emissary is a P2P based data-driven workflow engine. Prior to 8.39.0, the Executrix utility class constructed shell commands by concatenating configuration-derived values — including the … | Apr 07, 2026 |
| CVE-2026-35580 | CRITICAL | 9.1 | Emissary is a P2P based data-driven workflow engine. Prior to 8.39.0, GitHub Actions workflow files contained shell injection points where user-controlled workflow_dispatch inputs were interpolated … | Apr 07, 2026 |