Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
12604
Total
849
Critical
3630
High
3947
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-34999 | MEDIUM | 5.3 | OpenViking versions 0.2.5 prior to 0.2.14 contain a missing authentication vulnerability in the bot proxy router that allows remote unauthenticated attackers to access protected bot … | Apr 01, 2026 |
| CVE-2026-34430 | HIGH | 8.8 | ByteDance Deer-Flow versions prior to commit 92c7a20 contain a sandbox escape vulnerability in bash tool handling that allows attackers to execute arbitrary commands on the … | Apr 01, 2026 |
| CVE-2026-30522 | MEDIUM | 6.5 | A Business Logic vulnerability exists in SourceCodester Loan Management System v1.0 due to improper server-side validation. The application allows administrators to create "Loan Plans" with … | Apr 01, 2026 |
| CVE-2026-30289 | HIGH | 8.4 | An arbitrary file overwrite vulnerability in Tinybeans Private Family Album App v5.9.5-prod allows attackers to overwrite critical internal files via the file import process, leading … | Apr 01, 2026 |
| CVE-2026-30287 | HIGH | 8.4 | An arbitrary file overwrite vulnerability in Deep Thought Industries ACE Scanner PDF Scanner v1.4.5 allows attackers to overwrite critical internal files via the file import … | Apr 01, 2026 |
| CVE-2026-0522 | UNKNOWN | — | A local file inclusion vulnerability in the upload/download flow of the VertiGIS FM application allows authenticated attackers to read arbitrary files from the server by … | Apr 01, 2026 |
| CVE-2026-29014 | CRITICAL | 9.8 | MetInfo CMS versions 7.9, 8.0, and 8.1 contain an unauthenticated PHP code injection vulnerability that allows remote attackers to execute arbitrary code by sending crafted … | Apr 01, 2026 |
| CVE-2026-22768 | HIGH | 7.3 | Dell AppSync, version(s) 4.6.0, contain(s) an Incorrect Permission Assignment for Critical Resource vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, … | Apr 01, 2026 |
| CVE-2026-22767 | HIGH | 7.3 | Dell AppSync, version(s) 4.6.0, contain(s) an UNIX Symbolic Link (Symlink) Following vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading … | Apr 01, 2026 |
| CVE-2026-25601 | MEDIUM | 6.4 | A vulnerability was identified in MEPIS RM, an industrial software product developed by Metronik. The application contained a hardcoded cryptographic key within the Mx.Web.ComponentModel.dll component. … | Apr 01, 2026 |
| CVE-2026-24096 | UNKNOWN | — | Insufficient permission validation on multiple REST API Quick Setup endpoints in Checkmk 2.5.0 (beta) before version 2.5.0b2 and 2.4.0 before version 2.4.0p25 allows low-privileged users … | Apr 01, 2026 |
| CVE-2026-0932 | UNKNOWN | — | Blind server-side request forgery (SSRF) vulnerability in legacy connection methods of document co-authoring features in M-Files Server before 26.3 allow an unauthenticated attacker to cause … | Apr 01, 2026 |
| CVE-2026-23899 | UNKNOWN | — | An improper access check allows unauthorized access to webservice endpoints. | Apr 01, 2026 |
| CVE-2026-23898 | UNKNOWN | — | Lack of input validation leads to an arbitrary file deletion vulnerability in the autoupdate server mechanism. | Apr 01, 2026 |
| CVE-2026-21632 | UNKNOWN | — | Lack of output escaping for article titles leads to XSS vectors in various locations. | Apr 01, 2026 |
| CVE-2026-21631 | UNKNOWN | — | Lack of output escaping leads to a XSS vector in the multilingual associations component. | Apr 01, 2026 |
| CVE-2026-21630 | UNKNOWN | — | Improperly built order clauses lead to a SQL injection vulnerability in the articles webservice endpoint. | Apr 01, 2026 |
| CVE-2026-21629 | UNKNOWN | — | The ajax component was excluded from the default logged-in-user check in the administrative area. This behavior was potentially unexpected by 3rd party developers. | Apr 01, 2026 |
| CVE-2026-1879 | MEDIUM | 6.3 | A vulnerability was detected in Harvard University IQSS Dataverse up to 6.8. This affects an unknown function of the file /ThemeAndWidgets.xhtml of the component Theme … | Apr 01, 2026 |
| CVE-2024-53828 | MEDIUM | 5.3 | Ericsson Packet Core Controller (PCC) versions prior to 1.38 contain a vulnerability where an attacker sending a large volume of specially crafted messages may cause … | Apr 01, 2026 |
| CVE-2026-5261 | HIGH | 7.3 | A vulnerability was identified in Shandong Hoteam InforCenter PLM up to 8.3.8. The impacted element is the function uploadFileToIIS of the file /Base/BaseHandler.ashx. The manipulation … | Apr 01, 2026 |
| CVE-2026-4370 | CRITICAL | 10.0 | A vulnerability was identified in Juju from version 3.2.0 until 3.6.19 and from version 4.0 until 4.0.4, where the internal Dqlite database cluster fails to … | Apr 01, 2026 |
| CVE-2026-34889 | MEDIUM | 6.5 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brainstorm Force Ultimate Addons for WPBakery Page Builder allows DOM-Based XSS.This issue affects … | Apr 01, 2026 |
| CVE-2026-23411 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: apparmor: fix race between freeing data and fs accessing it AppArmor was putting the reference … | Apr 01, 2026 |
| CVE-2026-23410 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: apparmor: fix race on rawdata dereference There is a race condition that leads to a … | Apr 01, 2026 |