Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
12565
Total
848
Critical
3603
High
3938
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-34990 | UNKNOWN | — | OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, a local unprivileged user can … | Apr 03, 2026 |
| CVE-2026-34980 | UNKNOWN | — | OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, in a network-exposed cupsd with … | Apr 03, 2026 |
| CVE-2026-34979 | MEDIUM | 5.3 | OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, there is a heap-based buffer … | Apr 03, 2026 |
| CVE-2026-34978 | MEDIUM | 6.5 | OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, the RSS notifier allows .. … | Apr 03, 2026 |
| CVE-2026-34947 | UNKNOWN | — | Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, staged user custom fields … | Apr 03, 2026 |
| CVE-2026-33709 | UNKNOWN | — | JupyterHub is software that allows one to create a multi-user server for Jupyter notebooks. Prior to version 5.4.4, an open redirect vulnerability in JupyterHub allows … | Apr 03, 2026 |
| CVE-2026-33175 | HIGH | 8.8 | OAuthenticator is software that allows OAuth2 identity providers to be plugged in and used with JupyterHub. Prior to version 17.4.0, an authentication bypass vulnerability in … | Apr 03, 2026 |
| CVE-2026-28797 | UNKNOWN | — | RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. In versions 0.24.0 and prior, a Server-Side Template Injection (SSTI) vulnerability exists in RAGFlow's Agent workflow Text … | Apr 03, 2026 |
| CVE-2026-27885 | HIGH | 7.2 | Piwigo is an open source photo gallery application for the web. Prior to version 16.3.0, a SQL Injection vulnerability was discovered in Piwigo affecting the … | Apr 03, 2026 |
| CVE-2026-27834 | HIGH | 7.2 | Piwigo is an open source photo gallery application for the web. Prior to version 16.3.0, a SQL Injection vulnerability exists in the pwg.users.getList Web Service … | Apr 03, 2026 |
| CVE-2026-27833 | HIGH | 7.5 | Piwigo is an open source photo gallery application for the web. Prior to version 16.3.0, the pwg.history.search API method in Piwigo is registered without the … | Apr 03, 2026 |
| CVE-2026-27634 | UNKNOWN | — | Piwigo is an open source photo gallery application for the web. Prior to version 16.3.0, the four date filter parameters (f_min_date_available, f_max_date_available, f_min_date_created, f_max_date_created) in … | Apr 03, 2026 |
| CVE-2026-27481 | UNKNOWN | — | Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, an authorization bypass vulnerability … | Apr 03, 2026 |
| CVE-2026-27456 | MEDIUM | 4.7 | util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from … | Apr 03, 2026 |
| CVE-2026-27447 | MEDIUM | 4.8 | OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, CUPS daemon (cupsd) contains an … | Apr 03, 2026 |
| CVE-2018-25237 | CRITICAL | 9.8 | Hirschmann HiSecOS devices versions prior to 05.3.03 contain a buffer overflow vulnerability in the HTTPS login interface when RADIUS authentication is enabled that allows remote … | Apr 03, 2026 |
| CVE-2016-15058 | HIGH | 8.1 | Hirschmann HiLCOS Classic Platform switches Classic L2E, L2P, L3E, L3P versions prior to 09.0.06 and Classic L2B prior to 05.3.07 contain a credential exposure vulnerability … | Apr 03, 2026 |
| CVE-2015-10148 | HIGH | 8.2 | Hirschmann HiLCOS devices OpenBAT, WLC, BAT300, BAT54 prior to 8.80 and OpenBAT prior to 9.10 are shipped with identical default SSH and SSL keys that … | Apr 03, 2026 |
| CVE-2026-5485 | HIGH | 7.8 | OS command injection in the browser-based authentication component in Amazon Athena ODBC driver before 2.0.5.1 on Linux might allow a threat actor to execute arbitrary … | Apr 03, 2026 |
| CVE-2026-35562 | HIGH | 7.5 | Allocation of resources without limits in the parsing components in Amazon Athena ODBC driver before 2.1.0.0 might allow a threat actor to cause a denial … | Apr 03, 2026 |
| CVE-2026-35561 | HIGH | 7.4 | Insufficient authentication security controls in the browser-based authentication components in Amazon Athena ODBC driver before 2.1.0.0 might allow a threat actor to intercept or hijack … | Apr 03, 2026 |
| CVE-2026-35560 | HIGH | 7.4 | Improper certificate validation in the identity provider connection components in Amazon Athena ODBC driver before 2.1.0.0 might allow a man-in-the-middle threat actor to intercept authentication … | Apr 03, 2026 |
| CVE-2026-35559 | MEDIUM | 6.5 | Out-of-bounds write in the query processing components in Amazon Athena ODBC driver before 2.1.0.0 might allow a threat actor to crash the driver by using … | Apr 03, 2026 |
| CVE-2026-35558 | HIGH | 7.8 | Improper neutralization of special elements in the authentication components in Amazon Athena ODBC driver before 2.1.0.0 might allow a threat actor to execute arbitrary code … | Apr 03, 2026 |
| CVE-2026-34511 | MEDIUM | 5.3 | OpenClaw before 2026.4.2 reuses the PKCE verifier as the OAuth state parameter in the Gemini OAuth flow, exposing it through the redirect URL. Attackers who … | Apr 03, 2026 |