Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
12600
Total
849
Critical
3629
High
3944
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-5316 | MEDIUM | 4.3 | A vulnerability was identified in Nothings stb up to 1.22. The impacted element is the function setup_free of the file stb_vorbis.c. The manipulation leads to … | Apr 02, 2026 |
| CVE-2026-5315 | MEDIUM | 4.3 | A vulnerability was determined in Nothings stb up to 1.26. The affected element is the function stbtt__buf_get8 in the library stb_truetype.h of the component TTF … | Apr 02, 2026 |
| CVE-2026-21767 | MEDIUM | 4.0 | HCL BigFix Platform is affected by insufficient authentication. The application might allow users to access sensitive areas of the application without proper authentication. | Apr 02, 2026 |
| CVE-2026-21765 | HIGH | 8.8 | HCL BigFix Platform is affected by insecure permissions on private cryptographic keys. The private cryptographic keys located on a Windows host machine might be subject … | Apr 02, 2026 |
| CVE-2026-5314 | MEDIUM | 4.3 | A vulnerability was found in Nothings stb up to 1.26. Impacted is the function stbtt_InitFont_internal in the library stb_truetype.h of the component TTF File Handler. … | Apr 01, 2026 |
| CVE-2026-4759 | UNKNOWN | — | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | Apr 01, 2026 |
| CVE-2026-3882 | UNKNOWN | — | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | Apr 01, 2026 |
| CVE-2026-32929 | HIGH | 7.8 | V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read in VS6ComFile!get_macro_mem_COM. Opening a crafted V7 file may lead to information disclosure from the affected product. | Apr 01, 2026 |
| CVE-2026-32928 | HIGH | 7.8 | V-SFT versions 6.2.10.0 and prior contain a stack-based buffer overflow in VS6ComFile!CSaveData::_conv_AnimationItem. Opening a crafted V7 file may lead to arbitrary code execution on the … | Apr 01, 2026 |
| CVE-2026-32927 | HIGH | 7.8 | V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read vulnerability in VS6MemInIF!set_temp_type_default. Opening a crafted V7 file may lead to information disclosure from the affected … | Apr 01, 2026 |
| CVE-2026-32926 | HIGH | 7.8 | V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read vulnerability in VS6ComFile!load_link_inf. Opening a crafted V7 file may lead to information disclosure from the affected … | Apr 01, 2026 |
| CVE-2026-32925 | HIGH | 7.8 | V-SFT versions 6.2.10.0 and prior contain a stack-based buffer overflow in VS6ComFile!CV7BaseMap::WriteV7DataToRom. Opening a crafted V7 file may lead to arbitrary code execution on the … | Apr 01, 2026 |
| CVE-2025-66487 | LOW | 2.7 | IBM Aspera Shares 1.9.9 through 1.11.0 does not properly rate limit the frequency that an authenticated user can send emails, which could result in email … | Apr 01, 2026 |
| CVE-2025-66486 | MEDIUM | 4.8 | IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed … | Apr 01, 2026 |
| CVE-2025-66485 | MEDIUM | 5.4 | IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow … | Apr 01, 2026 |
| CVE-2025-66484 | MEDIUM | 5.5 | IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI … | Apr 01, 2026 |
| CVE-2025-66483 | MEDIUM | 6.3 | IBM Aspera Shares 1.9.9 through 1.11.0 does not invalidate session after a password reset which could allow an authenticated user to impersonate another user on … | Apr 01, 2026 |
| CVE-2025-36375 | MEDIUM | 6.5 | IBM DataPower Gateway 10.6CD 10.6.1.0 through 10.6.5.0 and IBM DataPower Gateway 10.5.0 10.5.0.0 through 10.5.0.20 and IBM DataPower Gateway 10.6.0 10.6.0.0 through 10.6.0.8 IBM DataPower … | Apr 01, 2026 |
| CVE-2025-0711 | UNKNOWN | — | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | Apr 01, 2026 |
| CVE-2026-5313 | MEDIUM | 4.3 | A vulnerability has been found in Nothings stb up to 2.30. This issue affects the function stbi__gif_load_next in the library stb_image.h of the component GIF … | Apr 01, 2026 |
| CVE-2026-3987 | UNKNOWN | — | A path traversal vulnerability in the Fireware OS Web UI on WatchGuard Firebox systems may allow a privileged authenticated remote attacker to execute arbitrary code … | Apr 01, 2026 |
| CVE-2026-34572 | HIGH | 8.8 | CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application … | Apr 01, 2026 |
| CVE-2026-34571 | CRITICAL | 9.9 | CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, a Stored … | Apr 01, 2026 |
| CVE-2026-34570 | UNKNOWN | — | CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application … | Apr 01, 2026 |
| CVE-2026-34569 | CRITICAL | 9.9 | CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application … | Apr 01, 2026 |