Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
12556
Total
848
Critical
3598
High
3935
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-20889 | CRITICAL | 9.8 | A heap-based buffer overflow vulnerability exists in the x3f_thumb_loader functionality of LibRaw Commit d20315b. A specially crafted malicious file can lead to a heap buffer … | Apr 07, 2026 |
| CVE-2026-20884 | HIGH | 8.1 | An integer overflow vulnerability exists in the deflate_dng_load_raw functionality of LibRaw Commit 8dc68e2. A specially crafted malicious file can lead to a heap buffer overflow. … | Apr 07, 2026 |
| CVE-2025-62818 | UNKNOWN | — | An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, … | Apr 07, 2026 |
| CVE-2025-52909 | UNKNOWN | — | An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1280, 1330, 1380, 1480, 1580, W920, W930, … | Apr 07, 2026 |
| CVE-2026-5627 | CRITICAL | 9.1 | A path traversal vulnerability exists in mintplex-labs/anything-llm versions up to and including 1.9.1, within the `AgentFlows` component. The vulnerability arises from improper handling of user … | Apr 07, 2026 |
| CVE-2026-35554 | HIGH | 8.7 | A race condition in the Apache Kafka Java producer client’s buffer pool management can cause messages to be silently delivered to incorrect topics. When a … | Apr 07, 2026 |
| CVE-2026-5735 | CRITICAL | 9.8 | Memory safety bugs present in Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough … | Apr 07, 2026 |
| CVE-2026-5734 | CRITICAL | 9.8 | Memory safety bugs present in Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption … | Apr 07, 2026 |
| CVE-2026-5733 | HIGH | 8.8 | Incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability affects Firefox < 149.0.2 and Thunderbird < 149.0.2. | Apr 07, 2026 |
| CVE-2026-5732 | HIGH | 8.8 | Incorrect boundary conditions, integer overflow in the Graphics: Text component. This vulnerability affects Firefox < 149.0.2, Firefox ESR < 140.9.1, Thunderbird < 149.0.2, and Thunderbird … | Apr 07, 2026 |
| CVE-2026-5731 | CRITICAL | 9.8 | Memory safety bugs present in Firefox ESR 115.34.0, Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence … | Apr 07, 2026 |
| CVE-2026-3466 | UNKNOWN | — | Insufficient sanitization of dashboard dashlet title links in Checkmk 2.2.0 (EOL), Checkmk 2.3.0 before 2.3.0p46, Checkmk 2.4.0 before 2.4.0p25, and Checkmk 2.5.0 (beta) before 2.5.0b3 … | Apr 07, 2026 |
| CVE-2026-33866 | UNKNOWN | — | MLflow is vulnerable to an authorization bypass affecting the AJAX endpoint used to download saved model artifacts. Due to missing access‑control validation, a user without … | Apr 07, 2026 |
| CVE-2026-33865 | UNKNOWN | — | MLflow is vulnerable to Stored Cross-Site Scripting (XSS) caused by unsafe parsing of YAML-based MLmodel artifacts in its web interface. An authenticated attacker can upload … | Apr 07, 2026 |
| CVE-2026-32144 | UNKNOWN | — | Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_ocsp module) allows OCSP designated-responder authorization bypass via missing signature verification. The OCSP response validation in public_key:pkix_ocsp_validate/5 … | Apr 07, 2026 |
| CVE-2026-28808 | UNKNOWN | — | Incorrect Authorization vulnerability in Erlang OTP (inets modules) allows unauthenticated access to CGI scripts protected by directory rules when served via script_alias. When script_alias maps … | Apr 07, 2026 |
| CVE-2026-23818 | HIGH | 8.8 | A vulnerability has been identified in the graphical user interface (GUI) of HPE Aruba Networking Private 5G Core On-Prem that could allow an attacker to … | Apr 07, 2026 |
| CVE-2026-22679 | CRITICAL | 9.8 | Weaver (Fanwei) E-cology 10.0 versions prior to 20260312 contain an unauthenticated remote code execution vulnerability in the /papi/esearch/data/devops/dubboApi/debug/method endpoint that allows attackers to execute arbitrary … | Apr 07, 2026 |
| CVE-2026-22666 | HIGH | 7.2 | Dolibarr ERP/CRM versions prior to 23.0.2 contain an authenticated remote code execution vulnerability in the dol_eval_standard() function that fails to apply forbidden string checks in … | Apr 07, 2026 |
| CVE-2025-39666 | UNKNOWN | — | Local privilege escalation in Checkmk 2.2.0 (EOL), Checkmk 2.3.0 before 2.3.0p46, Checkmk 2.4.0 before 2.4.0p25, and Checkmk 2.5.0 (beta) before 2.5.0b3 allows a site user … | Apr 07, 2026 |
| CVE-2021-4473 | CRITICAL | 9.8 | Tianxin Internet Behavior Management System contains a command injection vulnerability in the Reporter component endpoint that allows unauthenticated attackers to execute arbitrary commands by supplying … | Apr 07, 2026 |
| CVE-2026-31842 | HIGH | 7.5 | Tinyproxy through 1.11.3 is vulnerable to HTTP request parsing desynchronization due to a case-sensitive comparison of the Transfer-Encoding header in src/reqs.c. The is_chunked_transfer() function uses … | Apr 07, 2026 |
| CVE-2026-4420 | UNKNOWN | — | Bludit is vulnerable to Stored Cross-Site Scripting (XSS) in its page creating functionality. An authenticated attacker with page creation privileges (such as Author, Editor, or … | Apr 07, 2026 |
| CVE-2026-34904 | HIGH | 7.5 | Cross-Site Request Forgery (CSRF) vulnerability in Analytify Simple Social Media Share Buttons allows Cross Site Request Forgery.This issue affects Simple Social Media Share Buttons: from … | Apr 07, 2026 |
| CVE-2026-34903 | MEDIUM | 5.4 | Missing Authorization vulnerability in OceanWP Ocean Extra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ocean Extra: from n/a through 2.5.3. | Apr 07, 2026 |