Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
12556
Total
848
Critical
3598
High
3935
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-5666 | MEDIUM | 5.3 | A vulnerability was detected in code-projects Online FIR System 1.0. Affected by this issue is some unknown functionality of the file /complaints.sql of the component … | Apr 06, 2026 |
| CVE-2026-5665 | HIGH | 7.3 | A security vulnerability has been detected in code-projects Online FIR System 1.0. Affected by this vulnerability is an unknown functionality of the file /Login/checklogin.php of … | Apr 06, 2026 |
| CVE-2026-34982 | HIGH | 8.2 | Vim is an open source, command line text editor. Prior to version 9.2.0276, a modeline sandbox bypass in Vim allows arbitrary OS command execution when … | Apr 06, 2026 |
| CVE-2026-34969 | UNKNOWN | — | Nhost is an open source Firebase alternative with GraphQL. Prior to 0.48.0, the auth service's OAuth provider callback flow places the refresh token directly into … | Apr 06, 2026 |
| CVE-2026-34951 | UNKNOWN | — | Workbench is a suite of tools for administrators and developers to interact with Salesforce.com organizations via the Force.com APIs. Prior to 65.0.0, Workbench contains a … | Apr 06, 2026 |
| CVE-2026-34950 | CRITICAL | 9.1 | fast-jwt provides fast JSON Web Token (JWT) implementation. In 6.1.0 and earlier, the publicKeyPemMatcher regex in fast-jwt/src/crypto.js uses a ^ anchor that is defeated by … | Apr 06, 2026 |
| CVE-2026-34940 | UNKNOWN | — | KubeAI is an AI inference operator for kubernetes. Prior to 0.23.2, the ollamaStartupProbeScript() function in internal/modelcontroller/engine_ollama.go constructs a shell command string using fmt.Sprintf with unsanitized … | Apr 06, 2026 |
| CVE-2026-34764 | LOW | 2.3 | Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. From 33.0.0-alpha.1 to before 39.8.5, 40.8.5, 41.1.0, and 42.0.0-alpha.5, apps that … | Apr 06, 2026 |
| CVE-2026-34756 | MEDIUM | 6.5 | vLLM is an inference and serving engine for large language models (LLMs). From 0.1.0 to before 0.19.0, a Denial of Service vulnerability exists in the … | Apr 06, 2026 |
| CVE-2026-34755 | MEDIUM | 6.5 | vLLM is an inference and serving engine for large language models (LLMs). From 0.7.0 to before 0.19.0, the VideoMediaIO.load_base64() method at vllm/multimodal/media/video.py splits video/jpeg data … | Apr 06, 2026 |
| CVE-2026-34753 | MEDIUM | 5.4 | vLLM is an inference and serving engine for large language models (LLMs). From 0.16.0 to before 0.19.0, a server-side request forgery (SSRF) vulnerability in download_bytes_from_url … | Apr 06, 2026 |
| CVE-2026-34589 | UNKNOWN | — | OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.2.0 to before … | Apr 06, 2026 |
| CVE-2026-34588 | UNKNOWN | — | OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.1.0 to before … | Apr 06, 2026 |
| CVE-2026-34444 | UNKNOWN | — | Lupa integrates the runtimes of Lua or LuaJIT2 into CPython. In 2.6 and earlier, attribute_filter is not consistently applied when attributes are accessed through built-in … | Apr 06, 2026 |
| CVE-2026-34402 | HIGH | 8.1 | ChurchCRM is an open-source church management system. Prior to 7.1.0, authenticated users with Edit Records or Manage Groups permissions can exploit a time-based blind SQL … | Apr 06, 2026 |
| CVE-2026-34380 | MEDIUM | 5.9 | OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.2.0 to before … | Apr 06, 2026 |
| CVE-2026-34379 | HIGH | 7.1 | OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.2.0 to before … | Apr 06, 2026 |
| CVE-2026-34378 | MEDIUM | 6.5 | OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.4.0 to before … | Apr 06, 2026 |
| CVE-2026-34217 | UNKNOWN | — | SandboxJS is a JavaScript sandboxing library. Prior to 0.8.36, a scope modification vulnerability exists in @nyariv/sandboxjs. The vulnerability allows untrusted sandboxed code to leak internal … | Apr 06, 2026 |
| CVE-2026-34211 | UNKNOWN | — | SandboxJS is a JavaScript sandboxing library. Prior to 0.8.36, the @nyariv/sandboxjs parser contains unbounded recursion in the restOfExp function and the lispify/lispifyExpr call chain. An … | Apr 06, 2026 |
| CVE-2026-34208 | CRITICAL | 10.0 | SandboxJS is a JavaScript sandboxing library. Prior to 0.8.36, SandboxJS blocks direct assignment to global objects (for example Math.random = ...), but this protection can … | Apr 06, 2026 |
| CVE-2026-34148 | HIGH | 7.5 | Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Prior to 1.9.6, 1.10.5, 2.0.8, and 2.1.1, @fedify/fedify follows HTTP redirects recursively … | Apr 06, 2026 |
| CVE-2026-33752 | HIGH | 8.6 | curl_cffi is the a Python binding for curl. Prior to 0.15.0, curl_cffi does not restrict requests to internal IP ranges, and follows redirects automatically via … | Apr 06, 2026 |
| CVE-2026-33727 | MEDIUM | 6.4 | Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. Version 6.4 has a local privilege-escalation vulnerability allows code execution as root from the … | Apr 06, 2026 |
| CVE-2026-33405 | LOW | 3.1 | Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. From 6.0 to before 6.5, the formatInfo() … | Apr 06, 2026 |