Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
12565
Total
848
Critical
3603
High
3938
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-5467 | MEDIUM | 4.3 | A vulnerability was identified in Casdoor 2.356.0. Affected by this issue is some unknown functionality of the component OAuth Authorization Request Handler. Such manipulation of … | Apr 03, 2026 |
| CVE-2026-4108 | HIGH | 7.3 | Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Non-Owner Mailbox Permission report. | Apr 03, 2026 |
| CVE-2026-4107 | HIGH | 7.3 | Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Folder Message Count and Size report. | Apr 03, 2026 |
| CVE-2026-3880 | HIGH | 7.3 | Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Public Folder Client Permissions report. | Apr 03, 2026 |
| CVE-2026-3879 | HIGH | 7.3 | Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Equipment Mailbox Details report. | Apr 03, 2026 |
| CVE-2026-28703 | HIGH | 7.3 | Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Mails Exchanged Between Users report. | Apr 03, 2026 |
| CVE-2026-28756 | HIGH | 7.3 | Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Permissions based on Distribution Groups report. | Apr 03, 2026 |
| CVE-2026-28754 | HIGH | 7.3 | Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Distribution Lists report. | Apr 03, 2026 |
| CVE-2026-5462 | LOW | 3.3 | A vulnerability was identified in Wahoo Fitness SYSTM App up to 7.2.1 on Android. Impacted is an unknown function of the file com/WahooFitness/SYSTM/BuildConfig.java of the … | Apr 03, 2026 |
| CVE-2026-4350 | HIGH | 8.1 | The Perfmatters plugin for WordPress is vulnerable to arbitrary file deletion via path traversal in all versions up to, and including, 2.5.9.1. This is due … | Apr 03, 2026 |
| CVE-2025-7024 | HIGH | 7.3 | Incorrect Default Permissions vulnerability in AIRBUS PSS TETRA Connectivity Server on Windows Server OS allows Privilege Abuse. An attacker may execute arbitrary code with SYSTEM … | Apr 03, 2026 |
| CVE-2026-5458 | LOW | 3.3 | A weakness has been identified in Noelse Individuals & Pro App up to 2.1.7 on Android. This impacts an unknown function of the file com/reactnative/antelop/BuildConfig.java … | Apr 03, 2026 |
| CVE-2026-5457 | LOW | 3.3 | A security flaw has been discovered in PropertyGuru AgentNet Singapore App up to 23.7.10 on Android. This affects an unknown function of the file com/allproperty/android/agentnet/BuildConfig.java … | Apr 03, 2026 |
| CVE-2026-5456 | LOW | 3.3 | A vulnerability was identified in Align Technology My Invisalign App 3.12.4 on Android. The impacted element is an unknown function of the file com/aligntech/myinvisalign/BuildConfig.java of … | Apr 03, 2026 |
| CVE-2026-5455 | LOW | 3.3 | A vulnerability was determined in Dialogue App up to 4.3.2 on Android. The affected element is an unknown function of the file file res/raw/config.json of … | Apr 03, 2026 |
| CVE-2026-5463 | HIGH | 8.6 | Command injection vulnerability in console.run_module_with_output() in pymetasploit3 through version 1.0.6 allows attackers to inject newline characters into module options such as RHOSTS. This breaks the … | Apr 03, 2026 |
| CVE-2026-5454 | LOW | 3.3 | A vulnerability was found in GRID Organiser App up to 1.0.5 on Android. Impacted is an unknown function of the file file res/raw/app.json of the … | Apr 03, 2026 |
| CVE-2026-5453 | LOW | 3.3 | A vulnerability has been found in Rico só vantagem pra investir App up to 4.58.32.12421 on Android. This issue affects some unknown processing of the … | Apr 03, 2026 |
| CVE-2026-35549 | MEDIUM | 6.5 | An issue was discovered in MariaDB Server before 11.4.10, 11.5.x through 11.8.x before 11.8.6, and 12.x before 12.2.2. If the caching_sha2_password authentication plugin is installed, … | Apr 03, 2026 |
| CVE-2026-35545 | MEDIUM | 5.3 | An issue was discovered in Roundcube Webmail before 1.5.15 and 1.6.15. The remote image blocking feature can be bypassed via SVG content in an e-mail … | Apr 03, 2026 |
| CVE-2026-35544 | MEDIUM | 5.3 | An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Insufficient Cascading Style Sheets (CSS) sanitization in HTML e-mail messages may lead to a … | Apr 03, 2026 |
| CVE-2026-35543 | MEDIUM | 5.3 | An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. The remote image blocking feature can be bypassed via SVG content (with animate attributes) … | Apr 03, 2026 |
| CVE-2026-35542 | MEDIUM | 5.3 | An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. The remote image blocking feature can be bypassed via a crafted background attribute of … | Apr 03, 2026 |
| CVE-2026-35541 | MEDIUM | 4.2 | An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Incorrect password comparison in the password plugin could lead to type confusion that allows … | Apr 03, 2026 |
| CVE-2026-35540 | MEDIUM | 5.4 | An issue was discovered in Roundcube Webmail 1.6.0 before 1.6.14. Insufficient Cascading Style Sheets (CSS) sanitization in HTML e-mail messages may lead to SSRF or … | Apr 03, 2026 |