Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
12600
Total
849
Critical
3629
High
3944
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-34518 | UNKNOWN | — | AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, when following redirects to a different origin, aiohttp drops the … | Apr 01, 2026 |
| CVE-2026-34517 | UNKNOWN | — | AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, for some multipart form fields, aiohttp read the entire field … | Apr 01, 2026 |
| CVE-2026-34516 | UNKNOWN | — | AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, a response with an excessive number of multipart headers may … | Apr 01, 2026 |
| CVE-2026-34515 | UNKNOWN | — | AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, on Windows the static resource handler may expose information about … | Apr 01, 2026 |
| CVE-2026-34514 | UNKNOWN | — | AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, an attacker who controls the content_type parameter in aiohttp could … | Apr 01, 2026 |
| CVE-2026-34513 | UNKNOWN | — | AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, an unbounded DNS cache could result in excessive memory usage … | Apr 01, 2026 |
| CVE-2026-2862 | MEDIUM | 5.3 | IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 … | Apr 01, 2026 |
| CVE-2026-2475 | LOW | 3.1 | IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 … | Apr 01, 2026 |
| CVE-2026-22815 | UNKNOWN | — | AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, insufficient restrictions in header/trailer handling could cause uncapped memory usage. … | Apr 01, 2026 |
| CVE-2026-1491 | MEDIUM | 5.3 | IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 … | Apr 01, 2026 |
| CVE-2026-1345 | HIGH | 7.3 | IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 … | Apr 01, 2026 |
| CVE-2025-36373 | MEDIUM | 4.1 | IBM DataPower Gateway 10.6CD 10.6.1.0 through 10.6.5.0 and IBM DataPower Gateway 10.5.0 10.5.0.0 through 10.5.0.20 and IBM DataPower Gateway 10.6.0 10.6.0.0 through 10.6.0.8 IBM DataPower … | Apr 01, 2026 |
| CVE-2025-13916 | MEDIUM | 5.9 | IBM Aspera Shares 1.9.9 through 1.11.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information | Apr 01, 2026 |
| CVE-2026-5311 | MEDIUM | 5.3 | A security flaw has been discovered in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, … | Apr 01, 2026 |
| CVE-2026-34872 | CRITICAL | 9.1 | An issue was discovered in Mbed TLS 3.5.x and 3.6.x through 3.6.5 and TF-PSA-Crypto 1.0. There is a lack of contributory behavior in FFDH due … | Apr 01, 2026 |
| CVE-2026-34750 | MEDIUM | 6.5 | Payload is a free and open source headless content management system. Prior to version 3.78.0 in @payloadcms/storage-azure, @payloadcms/storage-gcs, @payloadcms/storage-r2, and @payloadcms/storage-s3, the client-upload signed-URL endpoints … | Apr 01, 2026 |
| CVE-2026-34749 | MEDIUM | 5.4 | Payload is a free and open source headless content management system. Prior to version 3.79.1, a Cross-Site Request Forgery (CSRF) vulnerability exists in the authentication … | Apr 01, 2026 |
| CVE-2026-34748 | HIGH | 8.7 | Payload is a free and open source headless content management system. Prior to version 3.78.0 in @payloadcms/next, a stored Cross-Site Scripting (XSS) vulnerability existed in … | Apr 01, 2026 |
| CVE-2026-34747 | HIGH | 8.5 | Payload is a free and open source headless content management system. Prior to version 3.79.1, certain request inputs were not properly validated. An attacker could … | Apr 01, 2026 |
| CVE-2026-34746 | HIGH | 7.7 | Payload is a free and open source headless content management system. Prior to version 3.79.1, an authenticated Server-Side Request Forgery (SSRF) vulnerability exists in the … | Apr 01, 2026 |
| CVE-2026-34456 | CRITICAL | 9.1 | Reviactyl is an open-source game server management panel built using Laravel, React, FilamentPHP, Vite, and Go. From version 26.2.0-beta.1 to before version 26.2.0-beta.5, a vulnerability … | Apr 01, 2026 |
| CVE-2026-34455 | UNKNOWN | — | Hi.Events is an open-source event management and ticket selling platform. From version 0.8.0-beta.1 to before version 1.7.1-beta, multiple repository classes pass the user-supplied sort_by query … | Apr 01, 2026 |
| CVE-2025-66442 | MEDIUM | 5.1 | In Mbed TLS through 4.0.0, there is a compiler-induced timing side channel (in RSA and CBC/ECB decryption) that only occurs with LLVM's select-optimize feature. TF-PSA-Crypto … | Apr 01, 2026 |
| CVE-2026-35000 | MEDIUM | 6.5 | ChangeDetection.io versions prior to 0.54.7 contain a protection bypass vulnerability in the SafeXPath3Parser implementation that allows attackers to read arbitrary local files by using unblocked … | Apr 01, 2026 |
| CVE-2026-34874 | HIGH | 7.5 | An issue was discovered in Mbed TLS through 3.6.5 and 4.x through 4.0.0. There is a NULL pointer dereference in distinguished name parsing that allows … | Apr 01, 2026 |