Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
12600
Total
849
Critical
3629
High
3944
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2024-44250 | HIGH | 8.2 | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.1. An app may be able to execute arbitrary code … | Apr 02, 2026 |
| CVE-2024-44219 | HIGH | 7.5 | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.1. A malicious application with root privileges may be able … | Apr 02, 2026 |
| CVE-2024-40858 | HIGH | 7.1 | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.1. An app may be able to access Contacts without … | Apr 02, 2026 |
| CVE-2024-40849 | HIGH | 7.5 | A race condition was addressed with additional validation. This issue is fixed in macOS Sequoia 15.1. An app may be able to break out of … | Apr 02, 2026 |
| CVE-2023-7342 | HIGH | 8.8 | HiSecOS web server versions 03.4.00 prior to 04.1.00 contains a privilege escalation vulnerability that allows authenticated users with operator or auditor roles to escalate privileges … | Apr 02, 2026 |
| CVE-2026-5414 | MEDIUM | 5.3 | A security flaw has been discovered in Newgen OmniDocs up to 12.0.00. Affected by this issue is some unknown functionality of the file /omnidocs/WebApiRequestRedirection. The … | Apr 02, 2026 |
| CVE-2026-5413 | LOW | 3.7 | A vulnerability was identified in Newgen OmniDocs up to 12.0.00. Affected by this vulnerability is an unknown functionality of the file /omnidocs/GetWebApiConfiguration. The manipulation of … | Apr 02, 2026 |
| CVE-2026-5370 | LOW | 3.5 | A vulnerability was identified in krayin laravel-crm up to 2.2. Impacted is the function composeMail of the file packages/Webkul/Admin/tests/e2e-pw/tests/mail/inbox.spec.ts of the component Activities Module/Notes Module. … | Apr 02, 2026 |
| CVE-2026-5368 | HIGH | 7.3 | A vulnerability was determined in projectworlds Car Rental Project 1.0. The affected element is an unknown function of the file /login.php of the component Parameter … | Apr 02, 2026 |
| CVE-2026-35414 | MEDIUM | 4.2 | OpenSSH before 10.3 mishandles the authorized_keys principals option in uncommon scenarios involving a principals list in conjunction with a Certificate Authority that makes certain use … | Apr 02, 2026 |
| CVE-2026-34835 | MEDIUM | 4.8 | Rack is a modular Ruby web server interface. From versions 3.0.0.beta1 to before 3.1.21, and 3.2.0 to before 3.2.6, Rack::Request parses the Host header using … | Apr 02, 2026 |
| CVE-2026-34828 | HIGH | 7.1 | listmonk is a standalone, self-hosted, newsletter and mailing list manager. From version 4.1.0 to before version 6.1.0, a session management vulnerability allows previously issued authenticated … | Apr 02, 2026 |
| CVE-2026-34827 | HIGH | 7.5 | Rack is a modular Ruby web server interface. From versions 3.0.0.beta1 to before 3.1.21, and 3.2.0 to before 3.2.6, Rack::Multipart::Parser#handle_mime_head parses quoted multipart parameters such … | Apr 02, 2026 |
| CVE-2026-34725 | HIGH | 8.2 | DbGate is cross-platform database manager. From version 7.0.0 to before version 7.1.5, a stored XSS vulnerability exists in DbGate because attacker-controlled SVG icon strings are … | Apr 02, 2026 |
| CVE-2026-34717 | CRITICAL | 9.9 | OpenProject is an open-source, web-based project management software. Prior to version 17.2.3, the =n operator in modules/reporting/lib/report/operator.rb:177 embeds user input directly into SQL WHERE clauses … | Apr 02, 2026 |
| CVE-2026-34715 | MEDIUM | 5.3 | ewe is a Gleam web server. Prior to version 3.0.6, the encode_headers function in src/ewe/internal/encoder.gleam directly interpolates response header keys and values into raw HTTP … | Apr 02, 2026 |
| CVE-2026-34610 | MEDIUM | 5.9 | The leancrypto library is a cryptographic library that exclusively contains only PQC-resistant cryptographic algorithms. Prior to version 1.7.1, lc_x509_extract_name_segment() casts size_t vlen to uint8_t when … | Apr 02, 2026 |
| CVE-2026-34608 | MEDIUM | 4.9 | NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. Prior to version 0.24.10, in NanoMQ's webhook_inproc.c, the hook_work_cb() function processes nng messages by parsing … | Apr 02, 2026 |
| CVE-2026-34606 | UNKNOWN | — | Frappe Learning Management System (LMS) is a learning system that helps users structure their content. From version 2.27.0 to before version 2.48.0, Frappe LMS was … | Apr 02, 2026 |
| CVE-2026-34601 | HIGH | 7.5 | xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) `DOMParser` and `XMLSerializer` module. In xmldom versions 0.6.0 and prior and @xmldom/xmldom prior … | Apr 02, 2026 |
| CVE-2026-34598 | UNKNOWN | — | YesWiki is a wiki system written in PHP. Prior to version 4.6.0, a stored and blind XSS vulnerability exists in the form title field. A … | Apr 02, 2026 |
| CVE-2026-34593 | UNKNOWN | — | Ash Framework is a declarative, extensible framework for building Elixir applications. Prior to version 3.22.0, Ash.Type.Module.cast_input/2 unconditionally creates a new Erlang atom via Module.concat([value]) for … | Apr 02, 2026 |
| CVE-2026-34591 | UNKNOWN | — | Poetry is a dependency manager for Python. From version 1.4.0 to before version 2.3.3, a crafted wheel can contain ../ paths that Poetry writes to … | Apr 02, 2026 |
| CVE-2026-34590 | MEDIUM | 5.4 | Postiz is an AI social media scheduling tool. Prior to version 2.21.4, the POST /webhooks/ endpoint for creating webhooks uses WebhooksDto which validates the url … | Apr 02, 2026 |
| CVE-2026-34584 | MEDIUM | 5.4 | listmonk is a standalone, self-hosted, newsletter and mailing list manager. From version 4.1.0 to before version 6.1.0, bugs in list permission checks allows users in … | Apr 02, 2026 |