Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
12565
Total
848
Critical
3603
High
3938
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-32662 | MEDIUM | 5.3 | Development and test API endpoints are present that mirror production functionality. | Apr 03, 2026 |
| CVE-2026-32646 | HIGH | 7.5 | A specific administrative endpoint is accessible without proper authentication, exposing device management functions. | Apr 03, 2026 |
| CVE-2026-28767 | MEDIUM | 5.3 | A specific administrative endpoint notifications is accessible without proper authentication. | Apr 03, 2026 |
| CVE-2026-28766 | CRITICAL | 9.3 | A specific endpoint exposes all user account information for registered Gardyn users without requiring authentication. | Apr 03, 2026 |
| CVE-2026-26058 | MEDIUM | 6.1 | Zulip is an open-source team collaboration tool. From version 1.4.0 to before version 11.6, ./manage.py import reads arbitrary files from the server filesystem via path … | Apr 03, 2026 |
| CVE-2026-25742 | MEDIUM | 5.3 | Zulip is an open-source team collaboration tool. Prior to version 11.6, Zulip is an open-source team collaboration tool. From version 1.4.0 to before version 11.6, … | Apr 03, 2026 |
| CVE-2026-25197 | CRITICAL | 9.1 | A specific endpoint allows authenticated users to pivot to other user profiles by modifying the id number in the API call. | Apr 03, 2026 |
| CVE-2026-22665 | HIGH | 8.1 | prompts.chat prior to commit 1464475 contains an identity confusion vulnerability due to inconsistent case-sensitive and case-insensitive handling of usernames across write and read paths, allowing … | Apr 03, 2026 |
| CVE-2026-22664 | HIGH | 7.7 | prompts.chat prior to commit 30a8f04 contains a server-side request forgery vulnerability in Fal.ai media status polling that allows authenticated users to perform arbitrary outbound requests … | Apr 03, 2026 |
| CVE-2026-22663 | HIGH | 7.5 | prompts.chat prior to commit 7b81836 contains multiple authorization bypass vulnerabilities due to missing isPrivate checks across API endpoints and page metadata generation that allow unauthorized … | Apr 03, 2026 |
| CVE-2026-22662 | MEDIUM | 4.3 | prompts.chat prior to commit 1464475 contains a blind server-side request forgery vulnerability in the Wiro media generator that allows authenticated users to perform server-side fetches … | Apr 03, 2026 |
| CVE-2026-22661 | HIGH | 8.1 | prompts.chat prior to commit 0f8d4c3 contains a path traversal vulnerability in skill file handling that allows attackers to write arbitrary files to the client system … | Apr 03, 2026 |
| CVE-2025-10681 | HIGH | 8.6 | Storage credentials are hardcoded in the mobile app and device firmware. These credentials do not adequately limit end user permissions and do not expire within … | Apr 03, 2026 |
| CVE-2022-4987 | HIGH | 7.3 | Hirschmann Industrial HiVision version 08.1.03 prior to 08.1.04 and 08.2.00 contains a vulnerability in the execution of user-configured external applications that allows a local attacker … | Apr 03, 2026 |
| CVE-2020-37216 | HIGH | 7.5 | Hirschmann HiOS devices versions prior to 08.1.00 and 07.1.01 contain a denial of service vulnerability in the EtherNet/IP stack where improper handling of packet length … | Apr 03, 2026 |
| CVE-2017-20237 | CRITICAL | 9.8 | Hirschmann Industrial HiVision versions prior to 06.0.07 and 07.0.03 contains an authentication bypass vulnerability in the master service that allows unauthenticated remote attackers to execute … | Apr 03, 2026 |
| CVE-2026-5484 | MEDIUM | 5.3 | A weakness has been identified in BookStackApp BookStack up to 26.03. Affected is the function chapterToMarkdown of the file app/Exports/ExportFormatter.php of the component Chapter Export … | Apr 03, 2026 |
| CVE-2026-28798 | CRITICAL | 9.0 | ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. Prior to version 1.5.3, a proxy endpoint (/v1/sys/proxy) … | Apr 03, 2026 |
| CVE-2026-25726 | HIGH | 8.1 | Cloudreve is a self-hosted file management and sharing system. Prior to version 4.13.0, the application uses the weak pseudo-random number generator math/rand seeded with time.Now().UnixNano() … | Apr 03, 2026 |
| CVE-2026-3184 | LOW | 3.7 | A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname … | Apr 03, 2026 |
| CVE-2026-2625 | MEDIUM | 4.0 | A flaw was found in rust-rpm-sequoia. An attacker can exploit this vulnerability by providing a specially crafted Red Hat Package Manager (RPM) file. During the … | Apr 03, 2026 |
| CVE-2026-5476 | MEDIUM | 4.6 | A vulnerability was identified in NASA cFS up to 7.0.0 on 32-bit. Affected is the function CFE_TBL_ValidateCodecLoadSize of the file cfe/modules/tbl/fsw/src/cfe_tbl_passthru_codec.c. The manipulation leads to … | Apr 03, 2026 |
| CVE-2026-5475 | MEDIUM | 5.5 | A vulnerability was determined in NASA cFS up to 7.0.0. This impacts the function CFE_SB_TransmitMsg of the file cfe_sb_priv.c of the component CCSDS Header Size … | Apr 03, 2026 |
| CVE-2026-32186 | MEDIUM | 6.5 | Microsoft Bing Elevation of Privilege Vulnerability | Apr 03, 2026 |
| CVE-2026-0545 | CRITICAL | 9.1 | In mlflow/mlflow, the FastAPI job endpoints under `/ajax-api/3.0/jobs/*` are not protected by authentication or authorization when the `basic-auth` app is enabled. This vulnerability affects the … | Apr 03, 2026 |