Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
12600
Total
849
Critical
3629
High
3944
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-31937 | HIGH | 7.5 | Suricata is a network IDS, IPS and NSM engine. Prior to version 7.0.15, inefficiency in DCERPC buffering can lead to a performance degradation. This issue … | Apr 02, 2026 |
| CVE-2026-31935 | HIGH | 7.5 | Suricata is a network IDS, IPS and NSM engine. Prior to versions 7.0.15 and 8.0.4, flooding of craft HTTP2 continuation frames can lead to memory … | Apr 02, 2026 |
| CVE-2026-31934 | HIGH | 7.5 | Suricata is a network IDS, IPS and NSM engine. From version 8.0.0 to before version 8.0.4, there is a quadratic complexity issue when searching for … | Apr 02, 2026 |
| CVE-2026-5338 | MEDIUM | 4.7 | A security vulnerability has been detected in Tenda G103 1.0.0.5. The affected element is the function action_set_system_settings of the file system.lua of the component Setting … | Apr 02, 2026 |
| CVE-2026-5334 | HIGH | 7.3 | A weakness has been identified in itsourcecode Online Enrollment System 1.0. Impacted is an unknown function of the file /enrollment/index.php?view=edit&id=3 of the component Parameter Handler. … | Apr 02, 2026 |
| CVE-2026-5333 | HIGH | 7.3 | A security flaw has been discovered in DefaultFuction Content-Management-System 1.0. This issue affects some unknown processing of the file /admin/tools.php. The manipulation of the argument … | Apr 02, 2026 |
| CVE-2026-5332 | LOW | 3.5 | A vulnerability was identified in Xiaopi Panel 1.0.0. This vulnerability affects unknown code of the file /demo.php of the component WAF Firewall. The manipulation of … | Apr 02, 2026 |
| CVE-2026-3692 | UNKNOWN | — | In Progress Flowmon versions prior to 12.5.8, a vulnerability exists whereby an authenticated low-privileged user may craft a request during the report generation process that … | Apr 02, 2026 |
| CVE-2026-35168 | HIGH | 8.8 | OpenSTAManager is an open source management software for technical assistance and invoicing. Prior to version 2.10.2, the Aggiornamenti (Updates) module in OpenSTAManager contains a database … | Apr 02, 2026 |
| CVE-2026-31933 | HIGH | 7.5 | Suricata is a network IDS, IPS and NSM engine. Prior to versions 7.0.15 and 8.0.4, specially crafted traffic can cause Suricata to slow down, affecting … | Apr 02, 2026 |
| CVE-2026-31932 | HIGH | 7.5 | Suricata is a network IDS, IPS and NSM engine. Prior to versions 7.0.15 and 8.0.4, inefficiency in KRB5 buffering can lead to performance degradation. This … | Apr 02, 2026 |
| CVE-2026-31931 | HIGH | 7.5 | Suricata is a network IDS, IPS and NSM engine. From version 8.0.0 to before version 8.0.4, use of the "tls.alpn" rule keyword can cause Suricata … | Apr 02, 2026 |
| CVE-2026-30867 | MEDIUM | 5.7 | CocoaMQTT is a MQTT 5.0 client library for iOS and macOS written in Swift. Prior to version 2.2.2, a vulnerability exists in the packet parsing … | Apr 02, 2026 |
| CVE-2026-2737 | UNKNOWN | — | A vulnerability exists in Progress Flowmon versions prior to 12.5.8 and 13.0.6, whereby an administrator who clicks a malicious link provided by an attacker may … | Apr 02, 2026 |
| CVE-2026-2701 | CRITICAL | 9.1 | Authenticated user can upload a malicious file to the server and execute it, which leads to remote code execution. | Apr 02, 2026 |
| CVE-2026-2699 | CRITICAL | 9.8 | Customer Managed ShareFile Storage Zones Controller (SZC) allows an unauthenticated attacker to access restricted configuration pages. This leads to changing system configuration and potential remote … | Apr 02, 2026 |
| CVE-2026-29782 | HIGH | 7.2 | OpenSTAManager is an open source management software for technical assistance and invoicing. Prior to version 2.10.2, the oauth2.php file in OpenSTAManager is an unauthenticated endpoint … | Apr 02, 2026 |
| CVE-2026-28805 | HIGH | 8.8 | OpenSTAManager is an open source management software for technical assistance and invoicing. Prior to version 2.10.2, multiple AJAX select handlers in OpenSTAManager are vulnerable to … | Apr 02, 2026 |
| CVE-2026-26928 | UNKNOWN | — | SzafirHost downloads necessary files in the context of the initiating web page. When called, SzafirHost updates its dynamic library. JAR files are correctly verified based … | Apr 02, 2026 |
| CVE-2026-26927 | UNKNOWN | — | Szafir SDK Web is a browser plug-in that can run SzafirHost application which download the necessary files when launched. In Szafir SDK Web it is … | Apr 02, 2026 |
| CVE-2026-5331 | MEDIUM | 4.7 | A vulnerability was determined in OpenCart 4.1.0.3. This affects an unknown part of the file installer.php of the component Extension Installer Page. Executing a manipulation … | Apr 02, 2026 |
| CVE-2026-5330 | MEDIUM | 6.5 | A vulnerability was found in SourceCodester/mayuri_k Best Courier Management System 1.0. Affected by this issue is some unknown functionality of the file /ajax.php?action=delete_user of the … | Apr 02, 2026 |
| CVE-2026-5328 | MEDIUM | 6.3 | A weakness has been identified in shsuishang modulithshop up to 829bac71f507e84684c782b9b062b8bf3b5585d6. The impacted element is the function listItem of the file src/main/java/com/suisung/shopsuite/pt/service/impl/ProductIndexServiceImpl.java of the component … | Apr 02, 2026 |
| CVE-2026-4636 | HIGH | 8.1 | A flaw was found in Keycloak. An authenticated user with the uma_protection role can bypass User-Managed Access (UMA) policy validation. This allows the attacker to … | Apr 02, 2026 |
| CVE-2026-4634 | HIGH | 7.5 | A flaw was found in Keycloak. An unauthenticated attacker can exploit this vulnerability by sending a specially crafted POST request with an excessively long scope … | Apr 02, 2026 |