Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
12556
Total
848
Critical
3598
High
3935
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-5372 | MEDIUM | 6.4 | An issue that allowed a SQL injection attack vector related to saved queries (introduced in version 4.0.260123.0). This is an instance of CWE-89: Improper Neutralization … | Apr 07, 2026 |
| CVE-2026-4740 | HIGH | 8.2 | A flaw was found in Open Cluster Management (OCM), the technology underlying Red Hat Advanced Cluster Management (ACM). Improper validation of Kubernetes client certificate renewal … | Apr 07, 2026 |
| CVE-2026-4292 | LOW | 2.7 | An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Admin changelist forms using `ModelAdmin.list_editable` incorrectly allowed new instances to … | Apr 07, 2026 |
| CVE-2026-4277 | UNKNOWN | — | An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Add permissions on inline model instances were not validated on … | Apr 07, 2026 |
| CVE-2026-3902 | HIGH | 7.5 | An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. `ASGIRequest` allows a remote attacker to spoof headers by exploiting … | Apr 07, 2026 |
| CVE-2026-35485 | HIGH | 7.5 | text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, an unauthenticated path traversal vulnerability in load_grammar() allows reading any file … | Apr 07, 2026 |
| CVE-2026-35484 | MEDIUM | 5.3 | text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, an unauthenticated path traversal vulnerability in load_preset() allows reading any .yaml … | Apr 07, 2026 |
| CVE-2026-35483 | MEDIUM | 5.3 | text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, an unauthenticated path traversal vulnerability in load_template() allows reading files with … | Apr 07, 2026 |
| CVE-2026-35481 | UNKNOWN | — | Rejected reason: Further research determined the issue does not satisfy the assignment rules. | Apr 07, 2026 |
| CVE-2026-35480 | MEDIUM | 6.2 | go-ipld-prime is an implementation of the InterPlanetary Linked Data (IPLD) spec interfaces, a batteries-included codec implementations of IPLD for CBOR and JSON, and tooling for … | Apr 07, 2026 |
| CVE-2026-35464 | HIGH | 7.5 | pyLoad is a free and open-source download manager written in Python. The fix for CVE-2026-33509 added an ADMIN_ONLY_OPTIONS set to block non-admin users from modifying … | Apr 07, 2026 |
| CVE-2026-35463 | HIGH | 8.8 | pyLoad is a free and open-source download manager written in Python. In 0.5.0b3.dev96 and earlier, the ADMIN_ONLY_OPTIONS protection mechanism restricts security-critical configuration values (reconnect scripts, … | Apr 07, 2026 |
| CVE-2026-35462 | MEDIUM | 4.3 | Papra is a minimalistic document management and archiving platform. Prior to 26.4.0, API keys with an expiresAt date are never validated against the current time … | Apr 07, 2026 |
| CVE-2026-35461 | MEDIUM | 5.0 | Papra is a minimalistic document management and archiving platform. Prior to 26.4.0, the Papra webhook system allows authenticated users to register arbitrary URLs as webhook … | Apr 07, 2026 |
| CVE-2026-35460 | MEDIUM | 4.3 | Papra is a minimalistic document management and archiving platform. Prior to 26.4.0, transactional email templates in Papra interpolate user.name directly into HTML without escaping or … | Apr 07, 2026 |
| CVE-2026-35458 | UNKNOWN | — | Gotenberg is an API for converting document formats. In 8.29.1 and earlier, Gotenberg uses dlclark/regexp2 to compile user-supplied scope patterns without setting a proper timeout. … | Apr 07, 2026 |
| CVE-2026-35457 | HIGH | 8.2 | libp2p-rust is the official rust language Implementation of the libp2p networking stack. Prior to 0.17.1, the rendezvous server stores pagination cookies without bounds. An unauthenticated … | Apr 07, 2026 |
| CVE-2026-35405 | HIGH | 7.5 | libp2p-rust is the official rust language Implementation of the libp2p networking stack. Prior to 0.17.1, libp2p-rendezvous server has no limit on how many namespaces a … | Apr 07, 2026 |
| CVE-2026-33034 | HIGH | 7.5 | An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. ASGI requests with a missing or understated `Content-Length` header could … | Apr 07, 2026 |
| CVE-2026-33033 | MEDIUM | 6.5 | An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. `MultiPartParser` allows remote attackers to degrade performance by submitting multipart … | Apr 07, 2026 |
| CVE-2026-30079 | UNKNOWN | — | In OpenAirInterface V2.2.0 AMF, Out of sequence messages causes incorrect state transition during UE registration procedure. This allows authentication to be bypassed completely. If a … | Apr 07, 2026 |
| CVE-2026-24660 | HIGH | 8.1 | A heap-based buffer overflow vulnerability exists in the x3f_load_huffman functionality of LibRaw Commit d20315b. A specially crafted malicious file can lead to a heap buffer … | Apr 07, 2026 |
| CVE-2026-24450 | HIGH | 8.1 | An integer overflow vulnerability exists in the uncompressed_fp_dng_load_raw functionality of LibRaw Commit 8dc68e2. A specially crafted malicious file can lead to a heap buffer overflow. … | Apr 07, 2026 |
| CVE-2026-21413 | CRITICAL | 9.8 | A heap-based buffer overflow vulnerability exists in the lossless_jpeg_load_raw functionality of LibRaw Commit 0b56545 and Commit d20315b. A specially crafted malicious file can lead to … | Apr 07, 2026 |
| CVE-2026-20911 | CRITICAL | 9.8 | A heap-based buffer overflow vulnerability exists in the HuffTable::initval functionality of LibRaw Commit 0b56545 and Commit d20315b. A specially crafted malicious file can lead to … | Apr 07, 2026 |