Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
12462
Total
832
Critical
3555
High
3875
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-5379 | LOW | 3.0 | An issue that allowed MCP agents to access certificate information from outside of their authorized organization scope has been resolved. This is an instance of … | Apr 07, 2026 |
| CVE-2026-5378 | MEDIUM | 5.8 | An issue that allowed administrators to create and update users outside of their authorized organization scope has been resolved. This is an instance of CWE-863: … | Apr 07, 2026 |
| CVE-2026-5376 | MEDIUM | 5.9 | An issue that could prevent session inactivity timeouts from triggering due to automatic page reloading has been resolved. This is an instance of CWE-613: Insufficient … | Apr 07, 2026 |
| CVE-2026-5375 | LOW | 2.7 | An issue that could allow a user with access to a credential to view sensitive fields through an API response has been resolved. This is … | Apr 07, 2026 |
| CVE-2026-5374 | MEDIUM | 5.8 | An issue that allowed MCP agents to access remediation and asset information from outside of the authorized organization scope has been resolved. This is an … | Apr 07, 2026 |
| CVE-2026-5373 | HIGH | 8.1 | An issue that allowed all-organization administrators to promote accounts to superuser status has been resolved. This is an instance of CWE-269: Improper Privilege Management, and … | Apr 07, 2026 |
| CVE-2026-5372 | MEDIUM | 6.4 | An issue that allowed a SQL injection attack vector related to saved queries (introduced in version 4.0.260123.0). This is an instance of CWE-89: Improper Neutralization … | Apr 07, 2026 |
| CVE-2026-4740 | HIGH | 8.2 | A flaw was found in Open Cluster Management (OCM), the technology underlying Red Hat Advanced Cluster Management (ACM). Improper validation of Kubernetes client certificate renewal … | Apr 07, 2026 |
| CVE-2026-4292 | LOW | 2.7 | An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Admin changelist forms using `ModelAdmin.list_editable` incorrectly allowed new instances to … | Apr 07, 2026 |
| CVE-2026-4277 | UNKNOWN | — | An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Add permissions on inline model instances were not validated on … | Apr 07, 2026 |
| CVE-2026-3902 | HIGH | 7.5 | An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. `ASGIRequest` allows a remote attacker to spoof headers by exploiting … | Apr 07, 2026 |
| CVE-2026-35485 | HIGH | 7.5 | text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, an unauthenticated path traversal vulnerability in load_grammar() allows reading any file … | Apr 07, 2026 |
| CVE-2026-35484 | MEDIUM | 5.3 | text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, an unauthenticated path traversal vulnerability in load_preset() allows reading any .yaml … | Apr 07, 2026 |
| CVE-2026-35483 | MEDIUM | 5.3 | text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, an unauthenticated path traversal vulnerability in load_template() allows reading files with … | Apr 07, 2026 |
| CVE-2026-35481 | UNKNOWN | — | Rejected reason: Further research determined the issue does not satisfy the assignment rules. | Apr 07, 2026 |
| CVE-2026-35480 | MEDIUM | 6.2 | go-ipld-prime is an implementation of the InterPlanetary Linked Data (IPLD) spec interfaces, a batteries-included codec implementations of IPLD for CBOR and JSON, and tooling for … | Apr 07, 2026 |
| CVE-2026-35464 | HIGH | 7.5 | pyLoad is a free and open-source download manager written in Python. The fix for CVE-2026-33509 added an ADMIN_ONLY_OPTIONS set to block non-admin users from modifying … | Apr 07, 2026 |
| CVE-2026-35463 | HIGH | 8.8 | pyLoad is a free and open-source download manager written in Python. In 0.5.0b3.dev96 and earlier, the ADMIN_ONLY_OPTIONS protection mechanism restricts security-critical configuration values (reconnect scripts, … | Apr 07, 2026 |
| CVE-2026-35462 | MEDIUM | 4.3 | Papra is a minimalistic document management and archiving platform. Prior to 26.4.0, API keys with an expiresAt date are never validated against the current time … | Apr 07, 2026 |
| CVE-2026-35461 | MEDIUM | 5.0 | Papra is a minimalistic document management and archiving platform. Prior to 26.4.0, the Papra webhook system allows authenticated users to register arbitrary URLs as webhook … | Apr 07, 2026 |
| CVE-2026-35460 | MEDIUM | 4.3 | Papra is a minimalistic document management and archiving platform. Prior to 26.4.0, transactional email templates in Papra interpolate user.name directly into HTML without escaping or … | Apr 07, 2026 |
| CVE-2026-35458 | UNKNOWN | — | Gotenberg is an API for converting document formats. In 8.29.1 and earlier, Gotenberg uses dlclark/regexp2 to compile user-supplied scope patterns without setting a proper timeout. … | Apr 07, 2026 |
| CVE-2026-35457 | HIGH | 8.2 | libp2p-rust is the official rust language Implementation of the libp2p networking stack. Prior to 0.17.1, the rendezvous server stores pagination cookies without bounds. An unauthenticated … | Apr 07, 2026 |
| CVE-2026-35405 | HIGH | 7.5 | libp2p-rust is the official rust language Implementation of the libp2p networking stack. Prior to 0.17.1, libp2p-rendezvous server has no limit on how many namespaces a … | Apr 07, 2026 |
| CVE-2026-33034 | HIGH | 7.5 | An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. ASGI requests with a missing or understated `Content-Length` header could … | Apr 07, 2026 |