Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
12556
Total
848
Critical
3598
High
3935
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-5689 | HIGH | 7.3 | A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. The affected element is the function setNtpCfg of the file /cgi-bin/cstecgi.cgi. Performing a manipulation of the argument … | Apr 06, 2026 |
| CVE-2026-5688 | HIGH | 7.3 | A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Impacted is the function setDdnsCfg of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument provider … | Apr 06, 2026 |
| CVE-2026-5709 | HIGH | 8.8 | Unsanitized input in the FileBrowser API in AWS Research and Engineering Studio (RES) version 2024.10 through 2025.12.01 might allow a remote authenticated actor to execute … | Apr 06, 2026 |
| CVE-2026-5708 | HIGH | 8.8 | Unsanitized control of user-modifiable attributes in the session creation component in AWS Research and Engineering Studio (RES) prior to version 2026.03 could allow an authenticated … | Apr 06, 2026 |
| CVE-2026-5707 | HIGH | 8.8 | Unsanitized input in an OS command in the virtual desktop session name handling in AWS Research and Engineering Studio (RES) version 2025.03 through 2025.12.01 might … | Apr 06, 2026 |
| CVE-2026-5687 | HIGH | 8.8 | A weakness has been identified in Tenda CX12L 16.03.53.12. This issue affects the function fromNatStaticSetting of the file /goform/NatStaticSetting. This manipulation of the argument page … | Apr 06, 2026 |
| CVE-2026-5686 | HIGH | 8.8 | A security flaw has been discovered in Tenda CX12L 16.03.53.12. This vulnerability affects the function fromRouteStatic of the file /goform/RouteStatic. The manipulation of the argument … | Apr 06, 2026 |
| CVE-2026-5685 | HIGH | 8.8 | A vulnerability was identified in Tenda CX12L 16.03.53.12. This affects the function fromAddressNat of the file /goform/addressNat. The manipulation of the argument page leads to … | Apr 06, 2026 |
| CVE-2026-5684 | HIGH | 8.0 | A vulnerability was determined in Tenda CX12L 16.03.53.12. Affected by this issue is the function fromwebExcptypemanFilter of the file /goform/webExcptypemanFilter. Executing a manipulation of the … | Apr 06, 2026 |
| CVE-2026-35475 | UNKNOWN | — | WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, the redirect parameter is taken directly from $_GET with no URL validation or whitelist … | Apr 06, 2026 |
| CVE-2026-35474 | UNKNOWN | — | WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, open redirect has been found in WeGIA webapp. The redirect parameter is taken directly … | Apr 06, 2026 |
| CVE-2026-35473 | UNKNOWN | — | WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, an Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, … | Apr 06, 2026 |
| CVE-2026-35471 | CRITICAL | 9.8 | goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.3, tdeleteFile() missing return after path traversal check. This vulnerability is fixed in 2.0.0-beta.3. | Apr 06, 2026 |
| CVE-2026-35454 | UNKNOWN | — | The Code Extension Marketplace is an open-source alternative to the VS Code Marketplace. Prior to 2.4.2, Zip Slip vulnerability in coder/code-marketplace allowed a malicious VSIX … | Apr 06, 2026 |
| CVE-2026-35452 | MEDIUM | 5.3 | WWBN AVideo is an open source video platform. In versions 26.0 and prior, the plugin/CloneSite/client.log.php endpoint serves the clone operation log file without any authentication. … | Apr 06, 2026 |
| CVE-2026-35450 | MEDIUM | 5.3 | WWBN AVideo is an open source video platform. In versions 26.0 and prior, the plugin/API/check.ffmpeg.json.php endpoint probes the FFmpeg remote server configuration and returns connectivity … | Apr 06, 2026 |
| CVE-2026-35449 | MEDIUM | 5.3 | WWBN AVideo is an open source video platform. In versions 26.0 and prior, the install/test.php diagnostic script has its CLI-only access guard disabled by commenting … | Apr 06, 2026 |
| CVE-2026-35448 | LOW | 3.7 | WWBN AVideo is an open source video platform. In versions 26.0 and prior, the BlockonomicsYPT plugin's check.php endpoint returns payment order data for any Bitcoin … | Apr 06, 2026 |
| CVE-2026-35444 | HIGH | 7.1 | SDL_image is a library to load images of various formats as SDL surfaces. In do_layer_surface() in src/IMG_xcf.c, pixel index values from decoded XCF tile data … | Apr 06, 2026 |
| CVE-2026-35442 | HIGH | 8.1 | Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, aggregate functions (min, max) applied to fields with the … | Apr 06, 2026 |
| CVE-2026-35441 | MEDIUM | 6.5 | Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, Directus' GraphQL endpoints (/graphql and /graphql/system) did not deduplicate … | Apr 06, 2026 |
| CVE-2026-35413 | MEDIUM | 5.3 | Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.16.1, when GRAPHQL_INTROSPECTION=false is configured, Directus correctly blocks standard GraphQL … | Apr 06, 2026 |
| CVE-2026-35412 | HIGH | 7.1 | Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.16.1, Directus' TUS resumable upload endpoint (/files/tus) allows any authenticated … | Apr 06, 2026 |
| CVE-2026-35411 | MEDIUM | 4.3 | Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.16.1, Directus is vulnerable to an open redirect via the … | Apr 06, 2026 |
| CVE-2026-35410 | MEDIUM | 6.1 | Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.16.1, an open redirect vulnerability exists in the login redirection … | Apr 06, 2026 |