Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
12600
Total
849
Critical
3629
High
3944
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-35385 | HIGH | 7.5 | In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download … | Apr 02, 2026 |
| CVE-2026-35038 | UNKNOWN | — | Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.24.0, there is an arbitrary prototype … | Apr 02, 2026 |
| CVE-2026-34877 | CRITICAL | 9.8 | An issue was discovered in Mbed TLS versions from 2.19.0 up to 3.6.5, Mbed TLS 4.0.0. Insufficient protection of serialized SSL context or session structures … | Apr 02, 2026 |
| CVE-2026-34831 | MEDIUM | 4.8 | Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Files#fail sets the Content-Length response header using String#size instead of … | Apr 02, 2026 |
| CVE-2026-34830 | MEDIUM | 5.9 | Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Sendfile#map_accel_path interpolates the value of the X-Accel-Mapping request header directly … | Apr 02, 2026 |
| CVE-2026-34829 | HIGH | 7.5 | Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Multipart::Parser only wraps the request body in a BoundedIO when … | Apr 02, 2026 |
| CVE-2026-34826 | MEDIUM | 5.3 | Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Utils.get_byte_ranges parses the HTTP Range header without limiting the number … | Apr 02, 2026 |
| CVE-2026-34786 | MEDIUM | 5.3 | Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Static#applicable_rules evaluates several header_rules types against the raw URL-encoded PATH_INFO, … | Apr 02, 2026 |
| CVE-2026-34785 | HIGH | 7.5 | Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Static determines whether a request should be served as a … | Apr 02, 2026 |
| CVE-2026-34763 | MEDIUM | 5.3 | Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Directory interpolates the configured root path directly into a regular … | Apr 02, 2026 |
| CVE-2026-34230 | MEDIUM | 5.3 | Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Utils.select_best_encoding processes Accept-Encoding values with quadratic time complexity when the … | Apr 02, 2026 |
| CVE-2026-34083 | MEDIUM | 6.1 | Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.24.0, SignalK Server contains a code-level … | Apr 02, 2026 |
| CVE-2026-33951 | UNKNOWN | — | Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.24.0-beta.1, the SignalK Server exposes an … | Apr 02, 2026 |
| CVE-2026-33950 | CRITICAL | 9.4 | Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.24.0-beta.4, there is a privilege escalation … | Apr 02, 2026 |
| CVE-2026-30603 | MEDIUM | 6.8 | An issue in the firmware update mechanism of Qianniao QN-L23PA0904 v20250721.1640 allows attackers to gain root access, install backdoors, and exfiltrate data via supplying a … | Apr 02, 2026 |
| CVE-2026-26961 | LOW | 3.7 | Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Multipart::Parser extracts the boundary parameter from multipart/form-data using a greedy … | Apr 02, 2026 |
| CVE-2026-26895 | MEDIUM | 5.3 | User enumeration vulnerability in /pwreset.php in osTicket v1.18.2 allows remote attackers to enumerate valid usernames registered in the platform. | Apr 02, 2026 |
| CVE-2026-25212 | CRITICAL | 9.9 | An issue was discovered in Percona PMM before 3.7. Because an internal database user retains specific superuser privileges, an attacker with pmm-admin rights can abuse … | Apr 02, 2026 |
| CVE-2025-65114 | HIGH | 7.5 | Apache Traffic Server allows request smuggling if chunked messages are malformed. This issue affects Apache Traffic Server: from 9.0.0 through 9.2.12, from 10.0.0 through 10.1.1. … | Apr 02, 2026 |
| CVE-2025-58136 | HIGH | 7.5 | A bug in POST request handling causes a crash under a certain condition. This issue affects Apache Traffic Server: from 10.0.0 through 10.1.1, from 9.0.0 … | Apr 02, 2026 |
| CVE-2026-5351 | MEDIUM | 6.3 | A weakness has been identified in Trendnet TEW-657BRM 1.00.1. This affects the function add_wps_client of the file /setup.cgi. This manipulation of the argument wl_enrolee_pin causes … | Apr 02, 2026 |
| CVE-2026-5350 | HIGH | 8.8 | A security flaw has been discovered in Trendnet TEW-657BRM 1.00.1. The impacted element is the function update_pcdb of the file /setup.cgi. The manipulation of the … | Apr 02, 2026 |
| CVE-2026-5349 | HIGH | 8.8 | A vulnerability was identified in Trendnet TEW-657BRM 1.00.1. The affected element is the function add_apcdb of the file /setup.cgi. The manipulation of the argument mac_pc_dba … | Apr 02, 2026 |
| CVE-2026-34876 | HIGH | 7.5 | An issue was discovered in Mbed TLS 3.x before 3.6.6. An out-of-bounds read vulnerability in mbedtls_ccm_finish() in library/ccm.c allows attackers to obtain adjacent CCM context … | Apr 02, 2026 |
| CVE-2026-33746 | CRITICAL | 9.8 | Convoy is a KVM server management panel for hosting businesses. From version 3.9.0-beta to before version 4.5.1, the JWTService::decode() method did not verify the cryptographic … | Apr 02, 2026 |