Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
12556
Total
848
Critical
3598
High
3935
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-35489 | HIGH | 7.3 | Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.4, the POST /api/food/{id}/shopping/ endpoint reads amount and unit … | Apr 07, 2026 |
| CVE-2026-35488 | HIGH | 8.1 | Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.4, RecipeBookViewSet and RecipeBookEntryViewSet use CustomIsShared as an alternative … | Apr 07, 2026 |
| CVE-2026-35487 | MEDIUM | 5.3 | text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, an unauthenticated path traversal vulnerability in load_prompt() allows reading any .txt … | Apr 07, 2026 |
| CVE-2026-35486 | HIGH | 7.5 | text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, he superbooga and superboogav2 RAG extensions fetch user-supplied URLs via requests.get() … | Apr 07, 2026 |
| CVE-2026-33816 | UNKNOWN | — | Memory-safety vulnerability in github.com/jackc/pgx/v5. | Apr 07, 2026 |
| CVE-2026-33815 | UNKNOWN | — | Memory-safety vulnerability in github.com/jackc/pgx/v5. | Apr 07, 2026 |
| CVE-2026-30460 | UNKNOWN | — | Daylight Studio FuelCMS v1.5.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability in the Blocks module. | Apr 07, 2026 |
| CVE-2026-1079 | UNKNOWN | — | A native messaging host vulnerability in Pega Browser Extension (PBE) affects users of all versions of Pega Robotic Automation who have installed Pega Browser Extension. … | Apr 07, 2026 |
| CVE-2026-1078 | UNKNOWN | — | An arbitrary file-write vulnerability in Pega Browser Extension (PBE) affects Pega Robotic Automation version 22.1 or R25 users who are running automations that work with … | Apr 07, 2026 |
| CVE-2025-52908 | UNKNOWN | — | An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1280, 1330, 1380, 1480, 1580, W920, W930, … | Apr 07, 2026 |
| CVE-2025-24819 | MEDIUM | 5.7 | Nokia MantaRay NM is vulnerable to a Relative Path Traversal vulnerability due to improper validation of input parameter on the file system in Software Manager … | Apr 07, 2026 |
| CVE-2025-24818 | HIGH | 8.0 | Nokia MantaRay NM is vulnerable to an OS command injection vulnerability due to improper neutralization of special elements used in an OS command in Log … | Apr 07, 2026 |
| CVE-2025-24817 | UNKNOWN | — | Nokia MantaRay NM is vulnerable to an OS command injection vulnerability due to improper neutralization of special elements used in an OS command in Symptom … | Apr 07, 2026 |
| CVE-2024-36057 | UNKNOWN | — | Koha Library before 23.05.10 fails to sanitize user-controllable filenames prior to unzipping, leading to remote code execution. The line "qx/unzip $filename -d $dirname/;" in upload-cover-image.pl … | Apr 07, 2026 |
| CVE-2026-5384 | MEDIUM | 5.8 | An issue that could allow a credential to be updated and used for a task from outside of the authorized organization scope has been resolved. … | Apr 07, 2026 |
| CVE-2026-5383 | MEDIUM | 4.4 | An issue that could allow access to Explorer groups from outside of the authorized organization scope has been resolved. This is an instance of CWE-863: … | Apr 07, 2026 |
| CVE-2026-5382 | LOW | 3.0 | An issue that could expose records outside of the authorized organization scope through the MCP endpoints has been resolved. This is an instance of CWE-863: … | Apr 07, 2026 |
| CVE-2026-5381 | LOW | 2.2 | An issue that could expose task information outside of the authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization, and … | Apr 07, 2026 |
| CVE-2026-5380 | MEDIUM | 5.3 | An issue that could allow an authorized user to view the clear-text secrets for a subset of credential types and fields has been resolved. This … | Apr 07, 2026 |
| CVE-2026-5379 | LOW | 3.0 | An issue that allowed MCP agents to access certificate information from outside of their authorized organization scope has been resolved. This is an instance of … | Apr 07, 2026 |
| CVE-2026-5378 | MEDIUM | 5.8 | An issue that allowed administrators to create and update users outside of their authorized organization scope has been resolved. This is an instance of CWE-863: … | Apr 07, 2026 |
| CVE-2026-5376 | MEDIUM | 5.9 | An issue that could prevent session inactivity timeouts from triggering due to automatic page reloading has been resolved. This is an instance of CWE-613: Insufficient … | Apr 07, 2026 |
| CVE-2026-5375 | LOW | 2.7 | An issue that could allow a user with access to a credential to view sensitive fields through an API response has been resolved. This is … | Apr 07, 2026 |
| CVE-2026-5374 | MEDIUM | 5.8 | An issue that allowed MCP agents to access remediation and asset information from outside of the authorized organization scope has been resolved. This is an … | Apr 07, 2026 |
| CVE-2026-5373 | HIGH | 8.1 | An issue that allowed all-organization administrators to promote accounts to superuser status has been resolved. This is an instance of CWE-269: Improper Privilege Management, and … | Apr 07, 2026 |