Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
12556
Total
848
Critical
3598
High
3935
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-5661 | MEDIUM | 5.3 | A vulnerability was identified in Free5GC 4.2.0. This affects an unknown function of the component NGSetupRequest Handler. Such manipulation leads to denial of service. The … | Apr 06, 2026 |
| CVE-2026-34897 | MEDIUM | 6.5 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in David Lingren Media LIbrary Assistant allows Stored XSS.This issue affects Media LIbrary Assistant: … | Apr 06, 2026 |
| CVE-2026-34885 | HIGH | 8.5 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David Lingren Media LIbrary Assistant allows SQL Injection.This issue affects Media … | Apr 06, 2026 |
| CVE-2026-33540 | HIGH | 7.5 | Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.0, in pull-through cache mode, distribution discovers token auth endpoints by … | Apr 06, 2026 |
| CVE-2026-33510 | HIGH | 8.8 | Homarr is an open-source dashboard. Prior to 1.57.0, a DOM-based Cross-Site Scripting (XSS) vulnerability has been discovered in Homarr's /auth/login page. The application improperly trusts … | Apr 06, 2026 |
| CVE-2026-33406 | MEDIUM | 5.4 | Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. From 6.0 to before 6.5, configuration values … | Apr 06, 2026 |
| CVE-2026-33404 | LOW | 3.4 | Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. From 6.0 to before 6.5, client hostnames … | Apr 06, 2026 |
| CVE-2026-33403 | MEDIUM | 6.1 | Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. From 6.0 to before 6.5, a reflected … | Apr 06, 2026 |
| CVE-2026-32602 | MEDIUM | 4.2 | Homarr is an open-source dashboard. Prior to 1.57.0, the user registration endpoint (/api/trpc/user.register) is vulnerable to a race condition that allows an attacker to create … | Apr 06, 2026 |
| CVE-2026-31153 | MEDIUM | 5.4 | A stored cross-site scripting (XSS) vulnerability in Bynder v0.1.394 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | Apr 06, 2026 |
| CVE-2026-31151 | UNKNOWN | — | An issue in the login mechanism of Kaleris YMS v7.2.2.1 allows attackers to bypass login verification to access the application 's resources. | Apr 06, 2026 |
| CVE-2026-31150 | MEDIUM | 4.3 | Incorrect access control in Kaleris YMS v7.2.2.1 allows authenticated attackers with only the shipping/receiving role to view the truck's dashboard resources. | Apr 06, 2026 |
| CVE-2026-31067 | MEDIUM | 6.8 | A remote command execution (RCE) vulnerability in the /goform/formReleaseConnect component of UTT Aggressive 520W v3v1.7.7-180627 allows attackers to execute arbitrary commands via a crafted string. | Apr 06, 2026 |
| CVE-2026-31066 | MEDIUM | 4.5 | UTT Aggressive HiPER 810G v3v1.7.7-171114 was discovered to contain a buffer overflow in the selDateType parameter of the formTaskEdit function. This vulnerability allows attackers to … | Apr 06, 2026 |
| CVE-2026-31065 | MEDIUM | 4.5 | UTT Aggressive 520W v3v1.7.7-180627 was discovered to contain a buffer overflow in the addCommand parameter of the formConfigCliForEngineerOnly function. This vulnerability allows attackers to cause … | Apr 06, 2026 |
| CVE-2026-31063 | MEDIUM | 4.5 | UTT Aggressive HiPER 1200GW v2.5.3-170306 was discovered to contain a buffer overflow in the pools parameter of the formArpBindConfig function. This vulnerability allows attackers to … | Apr 06, 2026 |
| CVE-2026-31062 | MEDIUM | 4.5 | UTT Aggressive 520W v3v1.7.7-180627 was discovered to contain a buffer overflow in the filename parameter of the formFtpServerDirConfig function. This vulnerability allows attackers to cause … | Apr 06, 2026 |
| CVE-2026-31061 | MEDIUM | 4.5 | UTT Aggressive HiPER 810G v3v1.7.7-171114 was discovered to contain a buffer overflow in the timestart parameter of the ConfigAdvideo function. This vulnerability allows attackers to … | Apr 06, 2026 |
| CVE-2026-31060 | MEDIUM | 4.5 | UTT Aggressive HiPER 810G v3v1.7.7-171114 was discovered to contain a buffer overflow in the notes parameter of the formGroupConfig function. This vulnerability allows attackers to … | Apr 06, 2026 |
| CVE-2026-31059 | UNKNOWN | — | A remote command execution (RCE) vulnerability in the /goform/formDia component of UTT Aggressive HiPER 520W v3v1.7.7-180627 allows attackers to execute arbitrary commands via a crafted … | Apr 06, 2026 |
| CVE-2026-31058 | MEDIUM | 4.5 | UTT Aggressive HiPER 1200GW v2.5.3-170306 was discovered to contain a buffer overflow in the timeRangeName parameter of the formConfigDnsFilterGlobal function. This vulnerability allows attackers to … | Apr 06, 2026 |
| CVE-2026-31053 | MEDIUM | 6.2 | A double free vulnerability exists in librz/bin/format/le/le.c in the function le_load_fixup_record(). When processing malformed or circular LE fixup chains, relocation entries may be freed multiple … | Apr 06, 2026 |
| CVE-2026-29047 | HIGH | 7.2 | GLPI is a free asset and IT management software package. From 10.0.0 to before 10.0.24 and 11.0.6, an authenticated user can perform a SQL injection … | Apr 06, 2026 |
| CVE-2026-26263 | HIGH | 8.1 | GLPI is a free asset and IT management software package. From 11.0.0 to before 11.0.6, an unauthenticated time-based blind SQL injection exists in GLPI's Search … | Apr 06, 2026 |
| CVE-2026-26027 | HIGH | 7.5 | GLPI is a free asset and IT management software package. From 11.0.0 to before 11.0.6, an unauthenticated user can store an XSS payload through the … | Apr 06, 2026 |