Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
12600
Total
849
Critical
3629
High
3944
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-34577 | HIGH | 8.6 | Postiz is an AI social media scheduling tool. Prior to version 2.21.3, the GET /public/stream endpoint in PublicController accepts a user-supplied url query parameter and … | Apr 02, 2026 |
| CVE-2026-34576 | UNKNOWN | — | Postiz is an AI social media scheduling tool. Prior to version 2.21.3, the POST /public/v1/upload-from-url endpoint accepts a user-supplied URL and fetches it server-side using … | Apr 02, 2026 |
| CVE-2026-34526 | MEDIUM | 5.0 | SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. … | Apr 02, 2026 |
| CVE-2026-34524 | HIGH | 8.3 | SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. … | Apr 02, 2026 |
| CVE-2026-34523 | MEDIUM | 5.3 | SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. … | Apr 02, 2026 |
| CVE-2026-34522 | HIGH | 8.1 | SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. … | Apr 02, 2026 |
| CVE-2026-34124 | UNKNOWN | — | A denial-of-service vulnerability was identified in TP-Link Tapo C520WS v2.6 within the HTTP request path parsing logic. The implementation enforces length restrictions on the raw … | Apr 02, 2026 |
| CVE-2026-34122 | UNKNOWN | — | A stack-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 within a configuration handling component due to insufficient input validation. An attacker can … | Apr 02, 2026 |
| CVE-2026-34121 | UNKNOWN | — | An authentication bypass vulnerability within the HTTP handling of the DS configuration service in TP-Link Tapo C520WS v2.6 was identified, due to inconsistent parsing and … | Apr 02, 2026 |
| CVE-2026-34120 | UNKNOWN | — | A heap-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 within the asynchronous parsing of local video stream content due to insufficient alignment … | Apr 02, 2026 |
| CVE-2026-34119 | UNKNOWN | — | A heap-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 within the HTTP parsing loop when appending segmented request bodies without continuous write‑boundary … | Apr 02, 2026 |
| CVE-2026-34118 | UNKNOWN | — | A heap-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 in the HTTP POST body parsing logic due to missing validation of remaining … | Apr 02, 2026 |
| CVE-2026-33271 | MEDIUM | 6.7 | Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis True Image (Windows) before build 42902. | Apr 02, 2026 |
| CVE-2026-32762 | MEDIUM | 4.8 | Rack is a modular Ruby web server interface. From versions 3.0.0.beta1 to before 3.1.21 and 3.2.0 to before 3.2.6, Rack::Utils.forwarded_values parses the RFC 7239 Forwarded … | Apr 02, 2026 |
| CVE-2026-28728 | MEDIUM | 6.7 | Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis True Image (Windows) before build 42902. | Apr 02, 2026 |
| CVE-2026-27774 | MEDIUM | 6.7 | Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis True Image (Windows) before build 42902. | Apr 02, 2026 |
| CVE-2026-26962 | MEDIUM | 4.8 | Rack is a modular Ruby web server interface. From version 3.2.0 to before version 3.2.6, Rack::Multipart::Parser unfolds folded multipart part headers incorrectly. When a multipart … | Apr 02, 2026 |
| CVE-2026-5360 | LOW | 3.7 | A vulnerability has been found in Free5GC 4.2.0. The affected element is an unknown function of the component aper. Such manipulation leads to type confusion. … | Apr 02, 2026 |
| CVE-2026-5355 | MEDIUM | 6.3 | A vulnerability has been found in Trendnet TEW-657BRM 1.00.1. Affected by this issue is the function vpn_drop of the file /setup.cgi. The manipulation of the … | Apr 02, 2026 |
| CVE-2026-5354 | MEDIUM | 6.3 | A flaw has been found in Trendnet TEW-657BRM 1.00.1. Affected by this vulnerability is the function vpn_connect of the file /setup.cgi. Executing a manipulation of … | Apr 02, 2026 |
| CVE-2026-5353 | MEDIUM | 6.3 | A vulnerability was detected in Trendnet TEW-657BRM 1.00.1. Affected is the function ping_test of the file /setup.cgi. Performing a manipulation of the argument c4_IPAddr results … | Apr 02, 2026 |
| CVE-2026-5352 | MEDIUM | 6.3 | A security vulnerability has been detected in Trendnet TEW-657BRM 1.00.1. This impacts the function Edit of the file /setup.cgi. Such manipulation of the argument pcdb_list … | Apr 02, 2026 |
| CVE-2026-35388 | LOW | 2.5 | OpenSSH before 10.3 omits connection multiplexing confirmation for proxy-mode multiplexing sessions. | Apr 02, 2026 |
| CVE-2026-35387 | LOW | 3.1 | OpenSSH before 10.3 can use unintended ECDSA algorithms. Listing of any ECDSA algorithm in PubkeyAcceptedAlgorithms or HostbasedAcceptedAlgorithms is misinterpreted to mean all ECDSA algorithms. | Apr 02, 2026 |
| CVE-2026-35386 | LOW | 3.6 | In OpenSSH before 10.3, command execution can occur via shell metacharacters in a username within a command line. This requires a scenario where the username … | Apr 02, 2026 |