Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
12462
Total
832
Critical
3555
High
3875
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-35517 | HIGH | 8.8 | FTLDNS (pihole-FTL) provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6, the Pi-hole FTL engine contains a … | Apr 07, 2026 |
| CVE-2026-35516 | MEDIUM | 5.0 | LinkAce is a self-hosted archive to collect website links. Prior to 2.5.4, LinkRepository::update and CheckLinksCommand::checkLink do not check for private IPs. An authenticated user can … | Apr 07, 2026 |
| CVE-2026-35515 | UNKNOWN | — | Nest is a framework for building scalable Node.js server-side applications. Prior to 11.1.18, SseStream._transform() interpolates message.type and message.id directly into Server-Sent Events text protocol output … | Apr 07, 2026 |
| CVE-2026-35492 | MEDIUM | 6.5 | Kedro-Datasets is a Kendo plugin providing data connectors. Prior to 9.3.0, PartitionedDataset in kedro-datasets was vulnerable to path traversal. Partition IDs were concatenated directly with … | Apr 07, 2026 |
| CVE-2026-35491 | MEDIUM | 6.1 | FTLDNS (pihole-FTL) provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6, Pi-hole FTL supports a CLI password … | Apr 07, 2026 |
| CVE-2026-35490 | CRITICAL | 9.8 | changedetection.io is a free open source web page change detection tool. Prior to 0.54.8, the @login_optionally_required decorator is placed before (outer to) @blueprint.route() instead of … | Apr 07, 2026 |
| CVE-2026-35489 | HIGH | 7.3 | Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.4, the POST /api/food/{id}/shopping/ endpoint reads amount and unit … | Apr 07, 2026 |
| CVE-2026-35488 | HIGH | 8.1 | Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.4, RecipeBookViewSet and RecipeBookEntryViewSet use CustomIsShared as an alternative … | Apr 07, 2026 |
| CVE-2026-35487 | MEDIUM | 5.3 | text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, an unauthenticated path traversal vulnerability in load_prompt() allows reading any .txt … | Apr 07, 2026 |
| CVE-2026-35486 | HIGH | 7.5 | text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, he superbooga and superboogav2 RAG extensions fetch user-supplied URLs via requests.get() … | Apr 07, 2026 |
| CVE-2026-33816 | UNKNOWN | — | Memory-safety vulnerability in github.com/jackc/pgx/v5. | Apr 07, 2026 |
| CVE-2026-33815 | UNKNOWN | — | Memory-safety vulnerability in github.com/jackc/pgx/v5. | Apr 07, 2026 |
| CVE-2026-30460 | UNKNOWN | — | Daylight Studio FuelCMS v1.5.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability in the Blocks module. | Apr 07, 2026 |
| CVE-2026-1079 | UNKNOWN | — | A native messaging host vulnerability in Pega Browser Extension (PBE) affects users of all versions of Pega Robotic Automation who have installed Pega Browser Extension. … | Apr 07, 2026 |
| CVE-2026-1078 | UNKNOWN | — | An arbitrary file-write vulnerability in Pega Browser Extension (PBE) affects Pega Robotic Automation version 22.1 or R25 users who are running automations that work with … | Apr 07, 2026 |
| CVE-2025-52908 | UNKNOWN | — | An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1280, 1330, 1380, 1480, 1580, W920, W930, … | Apr 07, 2026 |
| CVE-2025-24819 | MEDIUM | 5.7 | Nokia MantaRay NM is vulnerable to a Relative Path Traversal vulnerability due to improper validation of input parameter on the file system in Software Manager … | Apr 07, 2026 |
| CVE-2025-24818 | HIGH | 8.0 | Nokia MantaRay NM is vulnerable to an OS command injection vulnerability due to improper neutralization of special elements used in an OS command in Log … | Apr 07, 2026 |
| CVE-2025-24817 | UNKNOWN | — | Nokia MantaRay NM is vulnerable to an OS command injection vulnerability due to improper neutralization of special elements used in an OS command in Symptom … | Apr 07, 2026 |
| CVE-2024-36057 | UNKNOWN | — | Koha Library before 23.05.10 fails to sanitize user-controllable filenames prior to unzipping, leading to remote code execution. The line "qx/unzip $filename -d $dirname/;" in upload-cover-image.pl … | Apr 07, 2026 |
| CVE-2026-5384 | MEDIUM | 5.8 | An issue that could allow a credential to be updated and used for a task from outside of the authorized organization scope has been resolved. … | Apr 07, 2026 |
| CVE-2026-5383 | MEDIUM | 4.4 | An issue that could allow access to Explorer groups from outside of the authorized organization scope has been resolved. This is an instance of CWE-863: … | Apr 07, 2026 |
| CVE-2026-5382 | LOW | 3.0 | An issue that could expose records outside of the authorized organization scope through the MCP endpoints has been resolved. This is an instance of CWE-863: … | Apr 07, 2026 |
| CVE-2026-5381 | LOW | 2.2 | An issue that could expose task information outside of the authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization, and … | Apr 07, 2026 |
| CVE-2026-5380 | MEDIUM | 5.3 | An issue that could allow an authorized user to view the clear-text secrets for a subset of credential types and fields has been resolved. This … | Apr 07, 2026 |