Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
12600
Total
849
Critical
3629
High
3944
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-4325 | MEDIUM | 5.3 | A flaw was found in Keycloak. The SingleUseObjectProvider, a global key-value store, lacks proper type and namespace isolation. This vulnerability allows an attacker to delete … | Apr 02, 2026 |
| CVE-2026-4282 | HIGH | 7.4 | A flaw was found in Keycloak. The SingleUseObjectProvider, a global key-value store, lacks proper type and namespace isolation. This vulnerability allows an unauthenticated attacker to … | Apr 02, 2026 |
| CVE-2026-3872 | HIGH | 7.3 | A flaw was found in Keycloak. This issue allows an attacker, who controls another path on the same web server, to bypass the allowed path … | Apr 02, 2026 |
| CVE-2026-34890 | MEDIUM | 6.5 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mark O’Donnell MSTW League Manager allows DOM-Based XSS.This issue affects MSTW League Manager: … | Apr 02, 2026 |
| CVE-2026-5327 | MEDIUM | 6.3 | A security flaw has been discovered in efforthye fast-filesystem-mcp up to 3.5.1. The affected element is the function handleGetDiskUsage of the file src/index.ts. Performing a … | Apr 02, 2026 |
| CVE-2026-23417 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: bpf: Fix constant blinding for PROBE_MEM32 stores BPF_ST | BPF_PROBE_MEM32 immediate stores are not handled … | Apr 02, 2026 |
| CVE-2026-23416 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: mm/mseal: update VMA end correctly on merge Previously we stored the end of the current … | Apr 02, 2026 |
| CVE-2026-23415 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: futex: Fix UaF between futex_key_to_node_opt() and vma_replace_policy() During futex_key_to_node_opt() execution, vma->vm_policy is read under speculative … | Apr 02, 2026 |
| CVE-2026-23414 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: tls: Purge async_hold in tls_decrypt_async_wait() The async_hold queue pins encrypted input skbs while the AEAD … | Apr 02, 2026 |
| CVE-2026-23413 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: clsact: Fix use-after-free in init/destroy rollback asymmetry Fix a use-after-free in the clsact qdisc upon … | Apr 02, 2026 |
| CVE-2026-23412 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: netfilter: bpf: defer hook memory release until rcu readers are done Yiming Qian reports UaF … | Apr 02, 2026 |
| CVE-2026-5326 | MEDIUM | 5.3 | A vulnerability was identified in SourceCodester Leave Application System 1.0. Impacted is an unknown function of the file /index.php?page=manage_user of the component User Information Handler. … | Apr 02, 2026 |
| CVE-2026-32145 | UNKNOWN | — | Allocation of Resources Without Limits or Throttling vulnerability in gleam-wisp wisp allows a denial of service via multipart form body parsing. The multipart_body function bypasses … | Apr 02, 2026 |
| CVE-2026-5246 | MEDIUM | 5.6 | A vulnerability was determined in Cesanta Mongoose up to 7.20. Affected is the function mg_tls_verify_cert_signature of the file mongoose.c of the component P-384 Public Key … | Apr 02, 2026 |
| CVE-2026-5245 | MEDIUM | 5.6 | A vulnerability was found in Cesanta Mongoose up to 7.20. This impacts the function handle_mdns_record of the file mongoose.c of the component mDNS Record Handler. … | Apr 02, 2026 |
| CVE-2026-33617 | MEDIUM | 5.3 | An unauthenticated remote attacker can access a configuration file containing database credentials. This can result in a some loss of confidentiality, but there is no … | Apr 02, 2026 |
| CVE-2026-33616 | HIGH | 7.5 | An unauthenticated remote attacker can exploit an unauthenticated blind SQL Injection vulnerability in the mb24api endpoint due to improper neutralization of special elements in a … | Apr 02, 2026 |
| CVE-2026-33615 | CRITICAL | 9.1 | An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the setinfo endpoint due to improper neutralization of special elements in a SQL … | Apr 02, 2026 |
| CVE-2026-33614 | HIGH | 7.5 | An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getinfo endpoint due to improper neutralization of special elements in a SQL … | Apr 02, 2026 |
| CVE-2026-33613 | HIGH | 7.2 | Due to the improper neutralisation of special elements used in an OS command, a remote attacker can exploit an RCE vulnerability in the generateSrpArray function, … | Apr 02, 2026 |
| CVE-2026-29144 | UNKNOWN | — | SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to bypass subject sanitization and forge security tags using Unicode lookalike characters. | Apr 02, 2026 |
| CVE-2026-29143 | UNKNOWN | — | SEPPmail Secure Email Gateway before version 15.0.3 does not properly authenticate the inner message of S/MIME-encrypted MIME entities, allowing an attacker to control trusted headers. | Apr 02, 2026 |
| CVE-2026-29142 | UNKNOWN | — | SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to forge a GINA-encrypted email. | Apr 02, 2026 |
| CVE-2026-29141 | UNKNOWN | — | SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to bypass subject sanitization and forge tags such as [signed OK]. | Apr 02, 2026 |
| CVE-2026-29140 | UNKNOWN | — | SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to cause attacker-controlled certificates to be used for future encryption to a victim by adding … | Apr 02, 2026 |