Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
12600
Total
849
Critical
3629
High
3944
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-30273 | HIGH | 7.3 | pandas-ai v3.0.0 was discovered to contain a SQL injection vulnerability via the pandasai.agent.base._execute_sql_query component. | Apr 01, 2026 |
| CVE-2026-2265 | MEDIUM | 6.5 | An unauthenticated remote code execution (RCE) vulnerability exists in applications that use the Replicator node package manager (npm) version 1.0.5 to deserialize untrusted user input … | Apr 01, 2026 |
| CVE-2026-20174 | MEDIUM | 4.9 | A vulnerability in the Metadata update feature of Cisco Nexus Dashboard Insights could allow an authenticated, remote attacker to write arbitrary files to an affected … | Apr 01, 2026 |
| CVE-2026-20160 | CRITICAL | 9.8 | A vulnerability in Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system … | Apr 01, 2026 |
| CVE-2026-20155 | HIGH | 8.0 | A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker with low privileges to access … | Apr 01, 2026 |
| CVE-2026-20151 | HIGH | 7.3 | A vulnerability in the web interface of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an authenticated, remote attacker to elevate privileges on an … | Apr 01, 2026 |
| CVE-2026-20097 | MEDIUM | 6.5 | A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with admin-level privileges to execute arbitrary code as the … | Apr 01, 2026 |
| CVE-2026-20096 | MEDIUM | 6.5 | A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with admin-level privileges to perform command injection attacks on … | Apr 01, 2026 |
| CVE-2026-20095 | MEDIUM | 6.5 | A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with admin-level privileges to perform command injection attacks on … | Apr 01, 2026 |
| CVE-2026-20094 | HIGH | 8.8 | A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with read-only privileges to perform command injection attacks on … | Apr 01, 2026 |
| CVE-2026-20093 | CRITICAL | 9.8 | A vulnerability in the change password functionality of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to bypass authentication and gain access … | Apr 01, 2026 |
| CVE-2026-20090 | MEDIUM | 4.8 | A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with administrative privileges to conduct a stored XSS attack … | Apr 01, 2026 |
| CVE-2026-20089 | MEDIUM | 4.8 | A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with administrative privileges to conduct a stored XSS attack … | Apr 01, 2026 |
| CVE-2026-20088 | MEDIUM | 4.8 | A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with administrative privileges to conduct a stored XSS attack … | Apr 01, 2026 |
| CVE-2026-20087 | MEDIUM | 4.8 | A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with administrative privileges to conduct a stored XSS attack … | Apr 01, 2026 |
| CVE-2026-20085 | MEDIUM | 6.1 | A vulnerability in the web-based management interface of Cisco IMC could allow an unauthenticated, remote attacker to conduct a reflected XSS attack against a user … | Apr 01, 2026 |
| CVE-2026-20042 | MEDIUM | 6.5 | A vulnerability in the configuration backup feature of Cisco Nexus Dashboard could allow an attacker who has the encryption password and access to Full or … | Apr 01, 2026 |
| CVE-2026-20041 | MEDIUM | 6.1 | A vulnerability in Cisco Nexus Dashboard and Cisco Nexus Dashboard Insights could allow an unauthenticated, remote attacker to conduct a server-side request forgery (SSRF) attack … | Apr 01, 2026 |
| CVE-2024-43028 | CRITICAL | 9.8 | A command injection vulnerability in the component /jmreport/show of jeecg boot v3.0.0 to v3.5.3 allows attackers to execute arbitrary code via a crafted HTTP request. | Apr 01, 2026 |
| CVE-2024-40489 | CRITICAL | 9.8 | There is an injection vulnerability in jeecg boot versions 3.0.0 to 3.5.3 due to lax character filtering, which allows attackers to execute arbitrary code on … | Apr 01, 2026 |
| CVE-2026-5175 | MEDIUM | 5.0 | Improper access control in the multi-factor authentication (MFA) management API in Devolutions Server allows an authenticated attacker to delete their own configured MFA factors and … | Apr 01, 2026 |
| CVE-2026-4989 | MEDIUM | 4.3 | Improper input validation in the gateway health check feature in Devolutions Server allows a low-privileged authenticated user to perform server-side request forgery (SSRF), potentially leading … | Apr 01, 2026 |
| CVE-2026-4927 | MEDIUM | 6.5 | Exposure of sensitive information in the users MFA feature in Devolutions Server allows users with user management privileges to obtain other users OTP keys via … | Apr 01, 2026 |
| CVE-2026-4925 | MEDIUM | 5.0 | Improper access control in the users MFA feature in Devolutions Server allows an authenticated user to bypass administrator-enforced restrictions and remove their own multi-factor authentication … | Apr 01, 2026 |
| CVE-2026-4924 | HIGH | 8.2 | Improper authentication in the two-factor authentication (2FA) feature in Devolutions Server 2026.1.11 and earlier allows a remote attacker with valid credentials to bypass multifactor authentication … | Apr 01, 2026 |