Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
12556
Total
848
Critical
3598
High
3935
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-30613 | MEDIUM | 4.6 | An information disclosure vulnerability exists in AZIOT 1 Node Smart Switch (16amp)- WiFi/Bluetooth Enabled Software Version: 1.1.9 due to improper access control on the UART … | Apr 06, 2026 |
| CVE-2025-61166 | MEDIUM | 6.1 | An open redirect in Ascertia SigningHub User v10.0 allows attackers to redirect users to a malicious site via a crafted URL. | Apr 06, 2026 |
| CVE-2025-59440 | HIGH | 7.5 | An issue was discovered in USIM in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, … | Apr 06, 2026 |
| CVE-2025-57835 | HIGH | 7.5 | An issue was discovered in RRC in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, … | Apr 06, 2026 |
| CVE-2026-5670 | MEDIUM | 6.3 | A vulnerability was found in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. This issue affects the function move_uploaded_file of the file /AssignmentSection/submission/upload.php. Performing a manipulation of the … | Apr 06, 2026 |
| CVE-2026-5669 | HIGH | 7.3 | A vulnerability has been found in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. This vulnerability affects unknown code of the file /login.php of the component Parameter Handler. … | Apr 06, 2026 |
| CVE-2026-5668 | LOW | 2.4 | A flaw has been found in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. This affects an unknown part of the file /admin/Add%20notice/add%20notice.php. This manipulation of the argument … | Apr 06, 2026 |
| CVE-2026-35042 | HIGH | 7.5 | fast-jwt provides fast JSON Web Token (JWT) implementation. In 6.1.0 and earlier, fast-jwt does not validate the crit (Critical) Header Parameter defined in RFC 7515 … | Apr 06, 2026 |
| CVE-2026-35039 | CRITICAL | 9.1 | fast-jwt provides fast JSON Web Token (JWT) implementation. From 0.0.1 to before 6.1.0, setting up a custom cacheKeyBuilder method which does not properly create unique … | Apr 06, 2026 |
| CVE-2026-35037 | HIGH | 7.2 | Ech0 is an open-source, self-hosted publishing platform for personal idea sharing. Prior to 4.2.8, the GET /api/website/title endpoint accepts an arbitrary URL via the website_url … | Apr 06, 2026 |
| CVE-2026-35036 | HIGH | 7.5 | Ech0 is an open-source, self-hosted publishing platform for personal idea sharing. Prior to 4.2.8, Ech0 implements link preview (editor fetches a page title) through GET … | Apr 06, 2026 |
| CVE-2026-35035 | HIGH | 7.2 | CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 0.31.2.0 , the application … | Apr 06, 2026 |
| CVE-2026-35030 | CRITICAL | 9.1 | LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1.83.0, when JWT authentication is enabled (enable_jwt_auth: … | Apr 06, 2026 |
| CVE-2026-35029 | UNKNOWN | — | LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1.83.0, the /config/update endpoint does not enforce … | Apr 06, 2026 |
| CVE-2026-34992 | UNKNOWN | — | Antrea is a Kubernetes networking solution intended to be Kubernetes native. Prior to 2.4.5 and 2.5.2, a missing encryption vulnerability affects inter-Node Pod traffic. In … | Apr 06, 2026 |
| CVE-2026-34989 | UNKNOWN | — | CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 31.0.0.0, the application fails … | Apr 06, 2026 |
| CVE-2026-34986 | HIGH | 7.5 | Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption (JWE), JSON … | Apr 06, 2026 |
| CVE-2026-34981 | MEDIUM | 5.8 | The whisperX API is a tool for enhancing and analyzing audio content. From 0.3.1 to 0.5.0, FileService.download_from_url() in app/services/file_service.py calls requests.get(url) with zero URL validation. … | Apr 06, 2026 |
| CVE-2026-34977 | UNKNOWN | — | Aperi'Solve is an open-source steganalysis web platform. Prior to 3.2.1, when uploading a JPEG, a user can specify an optional password to accompany the JPEG. … | Apr 06, 2026 |
| CVE-2026-34976 | CRITICAL | 10.0 | Dgraph is an open source distributed GraphQL database. Prior to 25.3.1, the restoreTenant admin mutation is missing from the authorization middleware config (admin.go), making it … | Apr 06, 2026 |
| CVE-2026-34975 | HIGH | 8.5 | Plunk is an open-source email platform built on top of AWS SES. Prior to 0.8.0, a CRLF header injection vulnerability was discovered in SESService.ts, where … | Apr 06, 2026 |
| CVE-2026-34841 | CRITICAL | 9.8 | Bruno is an open source IDE for exploring and testing APIs. Prior to 3.2.1, Bruno was affected by a supply chain attack involving compromised versions … | Apr 06, 2026 |
| CVE-2026-34783 | HIGH | 8.1 | Ferret is a declarative system for working with web data. Prior to 2.0.0-alpha.4, a path traversal vulnerability in Ferret's IO::FS::WRITE standard library function allows a … | Apr 06, 2026 |
| CVE-2026-31313 | UNKNOWN | — | An authenticated stored cross-site scripting (XSS) vulnerability in the creation/editing module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via … | Apr 06, 2026 |
| CVE-2026-5704 | MEDIUM | 5.0 | A flaw was found in tar. A remote attacker could exploit this vulnerability by crafting a malicious archive, leading to hidden file injection with fully … | Apr 06, 2026 |