Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
12556
Total
848
Critical
3598
High
3935
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-35201 | MEDIUM | 5.9 | Discount is an implementation of John Gruber's Markdown markup language in C. From 1.3.1.1 to before 2.2.7.4, a signed length truncation bug causes an out-of-bounds … | Apr 06, 2026 |
| CVE-2026-35200 | UNKNOWN | — | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 8.6.73 and 9.7.1-alpha.4, a file … | Apr 06, 2026 |
| CVE-2026-35199 | MEDIUM | 6.1 | SymCrypt is the core cryptographic function library currently used by Windows. From 103.5.0 to before 103.11.0, The SymCryptXmssSign function passes a 64-bit leaf count value … | Apr 06, 2026 |
| CVE-2026-35197 | MEDIUM | 6.6 | dye is a portable and respectful color library for shell scripts. Prior to 1.1.1, certain dye template expressions would result in execution of arbitrary code. … | Apr 06, 2026 |
| CVE-2026-35187 | HIGH | 7.7 | pyLoad is a free and open-source download manager written in Python. In 0.5.0b3.dev96 and earlier, the parse_urls API function in src/pyload/core/api/__init__.py fetches arbitrary URLs server-side … | Apr 06, 2026 |
| CVE-2026-35185 | UNKNOWN | — | HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to 25.0.0, the /server-status endpoint is publicly accessible and exposes sensitive information including … | Apr 06, 2026 |
| CVE-2026-35184 | UNKNOWN | — | EcclesiaCRM is CRM Software for church management. Prior to 8.0.0, there is a SQL injection vulnerability in v2/templates/query/queryview.php via the custom and value parameters. This … | Apr 06, 2026 |
| CVE-2026-35183 | HIGH | 7.1 | Brave CMS is an open-source CMS. Prior to 2.0.6, an Insecure Direct Object Reference (IDOR) vulnerability exists in the article image deletion feature. It is … | Apr 06, 2026 |
| CVE-2026-35182 | HIGH | 8.8 | Brave CMS is an open-source CMS. Prior to 2.0.6, this vulnerability is a missing authorization check found in the update role endpoint at routes/web.php. The … | Apr 06, 2026 |
| CVE-2026-35181 | MEDIUM | 4.3 | WWBN AVideo is an open source video platform. In versions 26.0 and prior, the player skin configuration endpoint at admin/playerUpdate.json.php does not validate CSRF tokens. … | Apr 06, 2026 |
| CVE-2026-35180 | MEDIUM | 4.3 | WWBN AVideo is an open source video platform. In versions 26.0 and prior, the site customization endpoint at admin/customize_settings_nativeUpdate.json.php lacks CSRF token validation and writes … | Apr 06, 2026 |
| CVE-2026-35179 | MEDIUM | 5.3 | WWBN AVideo is an open source video platform. In versions 26.0 and prior, the SocialMediaPublisher plugin exposes a publishInstagram.json.php endpoint that acts as an unauthenticated … | Apr 06, 2026 |
| CVE-2026-35178 | UNKNOWN | — | Workbench is a suite of tools for administrators and developers to interact with Salesforce.com organizations via the Force.com APIs. Prior to 65.0.0, Workbench contains remote … | Apr 06, 2026 |
| CVE-2026-35176 | HIGH | 7.1 | openFPGALoader is a utility for programming FPGAs. In 1.1.1 and earlier, a heap-buffer-overflow read vulnerability exists in POFParser::parseSection() that allows out-of-bounds heap memory access when … | Apr 06, 2026 |
| CVE-2026-35172 | HIGH | 7.5 | Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.0, distribution can restore read access in repo a after an … | Apr 06, 2026 |
| CVE-2026-35170 | HIGH | 7.1 | openFPGALoader is a utility for programming FPGAs. In 1.1.1 and earlier, a heap-buffer-overflow read vulnerability exists in BitParser::parseHeader() that allows out-of-bounds heap memory access when … | Apr 06, 2026 |
| CVE-2026-35022 | CRITICAL | 9.8 | Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection vulnerability in authentication helper execution where helper configuration values are executed using … | Apr 06, 2026 |
| CVE-2026-35021 | HIGH | 7.8 | Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection vulnerability in the prompt editor invocation utility that allows attackers to execute … | Apr 06, 2026 |
| CVE-2026-35020 | HIGH | 8.4 | Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection vulnerability in the command lookup helper and deep-link terminal launcher that allows … | Apr 06, 2026 |
| CVE-2025-57834 | HIGH | 7.5 | An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem (Exynos 980, 850, 990, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, … | Apr 06, 2026 |
| CVE-2025-54602 | HIGH | 7.0 | An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580, W920, … | Apr 06, 2026 |
| CVE-2025-54328 | CRITICAL | 10.0 | An issue was discovered in SMS in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, … | Apr 06, 2026 |
| CVE-2026-5678 | HIGH | 7.3 | A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. The affected element is the function setScheduleCfg of the file /cgi-bin/cstecgi.cgi. Executing a manipulation of the … | Apr 06, 2026 |
| CVE-2026-5677 | HIGH | 7.3 | A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. Impacted is the function CsteSystem of the file /cgi-bin/cstecgi.cgi. Performing a manipulation of the argument … | Apr 06, 2026 |
| CVE-2026-5676 | HIGH | 7.3 | A vulnerability was identified in Totolink A8000R 5.9c.681_B20180413. This issue affects the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument langType leads … | Apr 06, 2026 |