Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
12600
Total
849
Critical
3629
High
3944
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-29139 | UNKNOWN | — | SEPPmail Secure Email Gateway before version 15.0.3 allows account takeover by abusing GINA account initialization to reset a victim account password. | Apr 02, 2026 |
| CVE-2026-29138 | UNKNOWN | — | SEPPmail Secure Email Gateway before version 15.0.3 allows attackers with a specially crafted email address to claim another user's PGP signature as their own. | Apr 02, 2026 |
| CVE-2026-29137 | UNKNOWN | — | SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to hide security tags from users by crafting a long subject. | Apr 02, 2026 |
| CVE-2026-29136 | UNKNOWN | — | SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to inject HTML into notification emails about new CA certificates. | Apr 02, 2026 |
| CVE-2026-29135 | UNKNOWN | — | SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to craft a password-tag that bypasses subject sanitization. | Apr 02, 2026 |
| CVE-2026-29134 | UNKNOWN | — | SEPPmail Secure Email Gateway before version 15.0.3 allows an external user to modify GINA webdomain metadata and bypass per-domain restrictions. | Apr 02, 2026 |
| CVE-2026-29133 | UNKNOWN | — | SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to upload PGP keys with UIDs that do not match their email address. | Apr 02, 2026 |
| CVE-2026-29132 | UNKNOWN | — | SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker with access to a victim's GINA account to bypass a second-password check and read protected … | Apr 02, 2026 |
| CVE-2026-29131 | UNKNOWN | — | SEPPmail Secure Email Gateway before version 15.0.3 allows attackers with a specially crafted email address to read the contents of emails encrypted for other users. | Apr 02, 2026 |
| CVE-2026-0634 | HIGH | 7.8 | Code execution in AssistFeedbackService of TECNO Pova7 Pro 5G on Android allows local apps to execute arbitrary code as system via command injection. | Apr 02, 2026 |
| CVE-2026-5244 | HIGH | 7.3 | A vulnerability has been found in Cesanta Mongoose up to 7.20. This affects the function mg_tls_recv_cert of the file mongoose.c of the component TLS 1.3 … | Apr 02, 2026 |
| CVE-2026-5032 | HIGH | 7.5 | The W3 Total Cache plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 2.9.3. This is due to the … | Apr 02, 2026 |
| CVE-2026-0688 | MEDIUM | 6.4 | The Webmention plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.6.2 via the 'Tools::read' function. This makes … | Apr 02, 2026 |
| CVE-2026-0686 | HIGH | 7.2 | The Webmention plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.6.2 in the 'MF2::parse_authorpage' function via the … | Apr 02, 2026 |
| CVE-2026-5325 | LOW | 3.5 | A vulnerability was determined in SourceCodester Simple Customer Relationship Management System 1.0. This issue affects some unknown processing of the file /create-ticket.php of the component … | Apr 02, 2026 |
| CVE-2026-5323 | MEDIUM | 5.3 | A vulnerability was found in priyankark a11y-mcp up to 1.0.5. This vulnerability affects the function A11yServer of the file src/index.js. The manipulation results in server-side … | Apr 02, 2026 |
| CVE-2026-5322 | HIGH | 7.3 | A vulnerability has been found in AlejandroArciniegas mcp-data-vis bc597e391f184d2187062fd567599a3cb72adf51/de5a51525a69822290eaee569a1ab447b490746d. This affects the function Request of the file src/servers/database/server.js of the component MCP Handler. The manipulation … | Apr 02, 2026 |
| CVE-2026-4347 | HIGH | 8.1 | The MW WP Form plugin for WordPress is vulnerable to arbitrary file moving due to insufficient file path validation via the 'generate_user_filepath' function and the … | Apr 02, 2026 |
| CVE-2026-1540 | HIGH | 7.2 | The Spam Protect for Contact Form 7 WordPress plugin before 1.2.10 allows logging to a PHP file, which could allow an attacker with editor access … | Apr 02, 2026 |
| CVE-2026-5321 | MEDIUM | 4.3 | A flaw has been found in vanna-ai vanna up to 2.0.2. Affected by this issue is some unknown functionality of the component FastAPI/Flask Server. Executing … | Apr 02, 2026 |
| CVE-2026-5320 | HIGH | 7.3 | A vulnerability was detected in vanna-ai vanna up to 2.0.2. Affected by this vulnerability is an unknown functionality of the file /api/vanna/v2/ of the component … | Apr 02, 2026 |
| CVE-2026-5319 | MEDIUM | 4.3 | A security vulnerability has been detected in itsourcecode Payroll Management System up to 1.0. Affected is an unknown function of the file /navbar.php. Such manipulation … | Apr 02, 2026 |
| CVE-2026-5318 | MEDIUM | 4.3 | A weakness has been identified in LibRaw up to 0.22.0. This impacts the function HuffTable::initval of the file src/decompressors/losslessjpeg.cpp of the component JPEG DHT Parser. … | Apr 02, 2026 |
| CVE-2026-5317 | MEDIUM | 6.3 | A security flaw has been discovered in Nothings stb up to 1.22. This affects the function start_decoder of the file stb_vorbis.c. The manipulation results in … | Apr 02, 2026 |
| CVE-2026-1243 | MEDIUM | 5.4 | IBM Content Navigator 3.0.15, 3.1.0, and 3.2.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the … | Apr 02, 2026 |