Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
12600
Total
849
Critical
3629
High
3944
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-34871 | MEDIUM | 6.7 | An issue was discovered in Mbed TLS before 3.6.6 and 4.x before 4.1.0 and TF-PSA-Crypto before 1.1.0. There is a Predictable Seed in a Pseudo-Random … | Apr 01, 2026 |
| CVE-2026-25835 | HIGH | 7.7 | Mbed TLS before 3.6.6 and TF-PSA-Crypto before 1.1.0 misuse seeds in a Pseudo-Random Number Generator (PRNG). | Apr 01, 2026 |
| CVE-2026-25833 | HIGH | 7.5 | Mbed TLS 3.5.0 to 3.6.5 fixed in 3.6.6 and 4.1.0 has a buffer overflow in the x509_inet_pton_ipv6() function | Apr 01, 2026 |
| CVE-2026-5199 | UNKNOWN | — | A writer role user in an attacker-controlled namespace could signal, delete, and reset workflows or activities in a victim namespace on the same cluster. Exploitation … | Apr 01, 2026 |
| CVE-2026-34875 | CRITICAL | 9.8 | An issue was discovered in Mbed TLS through 3.6.5 and TF-PSA-Crypto 1.0.0. A buffer overflow can occur in public key export for FFDH keys. | Apr 01, 2026 |
| CVE-2026-34751 | CRITICAL | 9.1 | Payload is a free and open source headless content management system. Prior to version 3.79.1 in @payloadcms/graphql and payload, a vulnerability in the password recovery … | Apr 01, 2026 |
| CVE-2026-34447 | MEDIUM | 5.5 | Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. Prior to version 1.21.0, there is a symlink traversal vulnerability in external … | Apr 01, 2026 |
| CVE-2026-34446 | MEDIUM | 4.7 | Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. Prior to version 1.21.0, there is an issue in onnx.load, the code … | Apr 01, 2026 |
| CVE-2026-34445 | HIGH | 8.6 | Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. Prior to version 1.21.0, the ExternalDataInfo class in ONNX was using Python’s … | Apr 01, 2026 |
| CVE-2026-34397 | MEDIUM | 6.3 | Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From versions 2.0.0-alpha to before 2.3.9 and 3.0.0-alpha to before 3.1.1, there is … | Apr 01, 2026 |
| CVE-2026-34376 | HIGH | 7.5 | PdfDing is a selfhosted PDF manager, viewer and editor offering a seamless user experience on multiple devices. Prior to version 1.7.0, an access-control vulnerability allows … | Apr 01, 2026 |
| CVE-2026-34236 | HIGH | 8.2 | Auth0-PHP is a PHP SDK for Auth0 Authentication and Management APIs. From version 8.0.0 to before version 8.19.0, in applications built with the Auth0 PHP … | Apr 01, 2026 |
| CVE-2026-34222 | HIGH | 7.7 | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.11, there is a broken access control vulnerability in … | Apr 01, 2026 |
| CVE-2026-34159 | CRITICAL | 9.8 | llama.cpp is an inference of several LLM models in C/C++. Prior to version b8492, the RPC backend's deserialize_tensor() skips all bounds validation when a tensor's … | Apr 01, 2026 |
| CVE-2026-34076 | HIGH | 7.4 | Clerk JavaScript is the official JavaScript repository for Clerk authentication. In @clerk/hono from versions 0.1.0 to before 0.1.5, @clerk/express from versions 2.0.0 to before 2.0.7, … | Apr 01, 2026 |
| CVE-2026-34072 | HIGH | 8.3 | Cr*nMaster (cronmaster) is a Cronjob management UI with human readable syntax, live logging and log history for cronjobs. Prior to version 2.2.0, an authentication bypass … | Apr 01, 2026 |
| CVE-2026-27489 | UNKNOWN | — | Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. Prior to version 1.21.0, a path traversal vulnerability via symlink allows to … | Apr 01, 2026 |
| CVE-2026-25834 | MEDIUM | 6.5 | Mbed TLS v3.3.0 up to 3.6.5 and 4.0.0 allows Algorithm Downgrade. | Apr 01, 2026 |
| CVE-2026-5310 | LOW | 2.5 | A vulnerability was identified in Enter Software Iperius Backup up to 8.7.2. This impacts an unknown function of the file IperiusAccounts.ini. Such manipulation leads to … | Apr 01, 2026 |
| CVE-2026-34604 | HIGH | 7.1 | Tina is a headless content management system. Prior to version 2.2.2, @tinacms/graphql uses string-based path containment checks in FilesystemBridge. That blocks plain ../ traversal, but … | Apr 01, 2026 |
| CVE-2026-34603 | HIGH | 7.1 | Tina is a headless content management system. Prior to version 2.2.2, @tinacms/cli recently added lexical path-traversal checks to the dev media routes, but the implementation … | Apr 01, 2026 |
| CVE-2026-33990 | UNKNOWN | — | Docker Model Runner (DMR) is software used to manage, run, and deploy AI models using Docker. Prior to version 1.1.25, Docker Model Runner contains an … | Apr 01, 2026 |
| CVE-2026-33978 | MEDIUM | 5.4 | Notesnook is a note-taking app focused on user privacy & ease of use. Prior to version 3.3.17, a stored XSS vulnerability exists in the mobile … | Apr 01, 2026 |
| CVE-2026-33949 | HIGH | 8.1 | Tina is a headless content management system. Prior to version 2.2.2, a path traversal vulnerability in @tinacms/graphql allows unauthenticated users to write and overwrite arbitrary … | Apr 01, 2026 |
| CVE-2026-30643 | CRITICAL | 9.8 | An issue was discovered in DedeCMS 5.7.118 allowing attackers to execute code via crafted setup tag values in a module upload. | Apr 01, 2026 |