Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
12565
Total
848
Critical
3603
High
3938
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-5474 | MEDIUM | 6.3 | A vulnerability was found in NASA cFS up to 7.0.0. This affects the function CFE_MSG_GetSize of the file apps/to_lab/fsw/src/to_lab_passthru_encode.c of the component CCSDS Packet Header … | Apr 03, 2026 |
| CVE-2026-5473 | MEDIUM | 4.5 | A vulnerability has been found in NASA cFS up to 7.0.0. The impacted element is the function pickle.load of the component Pickle Module. Such manipulation … | Apr 03, 2026 |
| CVE-2026-28373 | CRITICAL | 9.6 | The Stackfield Desktop App before 1.10.2 for macOS and Windows contains a path traversal vulnerability in certain decryption functionality when processing the filePath property. A … | Apr 03, 2026 |
| CVE-2026-5472 | MEDIUM | 6.3 | A flaw has been found in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. The affected element is an unknown function of the file /admin_panel/settings.php of … | Apr 03, 2026 |
| CVE-2026-5471 | LOW | 3.3 | A vulnerability was detected in Investory Toy Planet Trouble App up to 1.5.5 on Android. Impacted is an unknown function of the file assets/google-services-desktop.json of … | Apr 03, 2026 |
| CVE-2026-5470 | MEDIUM | 6.3 | A security vulnerability has been detected in mixelpixx Google-Research-MCP 1e062d7bd887bfe5f6e582b6cc288bb897b35cf2/ca613b736ab787bc926932f59cddc69457185a83. This issue affects the function extractContent of the file src/services/content-extractor.service.ts of the component Model Context … | Apr 03, 2026 |
| CVE-2026-35218 | HIGH | 8.7 | Budibase is an open-source low-code platform. Prior to version 3.32.5, Budibase's Builder Command Palette renders entity names (tables, views, queries, automations) using Svelte's {@html} directive … | Apr 03, 2026 |
| CVE-2026-35216 | CRITICAL | 9.0 | Budibase is an open-source low-code platform. Prior to version 3.33.4, an unauthenticated attacker can achieve Remote Code Execution (RCE) on the Budibase server by triggering … | Apr 03, 2026 |
| CVE-2026-35214 | HIGH | 8.7 | Budibase is an open-source low-code platform. Prior to version 3.33.4, the plugin file upload endpoint (POST /api/plugin/upload) passes the user-supplied filename directly to createTempFolder() without … | Apr 03, 2026 |
| CVE-2026-31818 | CRITICAL | 9.6 | Budibase is an open-source low-code platform. Prior to version 3.33.4, a server-side request forgery (SSRF) vulnerability exists in Budibase's REST datasource connector. The platform's SSRF … | Apr 03, 2026 |
| CVE-2026-31404 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: NFSD: Defer sub-object cleanup in export put callbacks svc_export_put() calls path_put() and auth_domain_put() immediately when … | Apr 03, 2026 |
| CVE-2026-31403 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: NFSD: Hold net reference for the lifetime of /proc/fs/nfs/exports fd The /proc/fs/nfs/exports proc entry is … | Apr 03, 2026 |
| CVE-2026-31402 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache The NFSv4.0 replay cache uses a … | Apr 03, 2026 |
| CVE-2026-31401 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: HID: bpf: prevent buffer overflow in hid_hw_request right now the returned value is considered to … | Apr 03, 2026 |
| CVE-2026-31400 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix cache_request leak in cache_release When a reader's file descriptor is closed while in … | Apr 03, 2026 |
| CVE-2026-31399 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: nvdimm/bus: Fix potential use after free in asynchronous initialization Dingisoul with KASAN reports a use … | Apr 03, 2026 |
| CVE-2026-31398 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: mm/rmap: fix incorrect pte restoration for lazyfree folios We batch unmap anonymous lazyfree folios by … | Apr 03, 2026 |
| CVE-2026-31397 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: mm/huge_memory: fix use of NULL folio in move_pages_huge_pmd() move_pages_huge_pmd() handles UFFDIO_MOVE for both normal THPs … | Apr 03, 2026 |
| CVE-2026-31396 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: net: macb: fix use-after-free access to PTP clock PTP clock is registered on every opening … | Apr 03, 2026 |
| CVE-2026-31395 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: bnxt_en: fix OOB access in DBG_BUF_PRODUCER async event handler The ASYNC_EVENT_CMPL_EVENT_ID_DBG_BUF_PRODUCER handler in bnxt_async_event_process() uses … | Apr 03, 2026 |
| CVE-2026-31394 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: mac80211: fix crash in ieee80211_chan_bw_change for AP_VLAN stations ieee80211_chan_bw_change() iterates all stations and accesses link->reserved.oper … | Apr 03, 2026 |
| CVE-2026-31393 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Validate L2CAP_INFO_RSP payload length before access l2cap_information_rsp() checks that cmd_len covers the fixed … | Apr 03, 2026 |
| CVE-2026-31392 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: smb: client: fix krb5 mount with username option Customer reported that some of their krb5 … | Apr 03, 2026 |
| CVE-2026-31391 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: crypto: atmel-sha204a - Fix OOM ->tfm_count leak If memory allocation fails, decrement ->tfm_count to avoid … | Apr 03, 2026 |
| CVE-2026-31390 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix memory leak in xe_vm_madvise_ioctl When check_bo_args_are_sane() validation fails, jump to the new free_vmas … | Apr 03, 2026 |