Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
12604
Total
849
Critical
3630
High
3947
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-3778 | MEDIUM | 6.2 | The application does not detect or guard against cyclic PDF object references while handling JavaScript in PDF. When pages and annotations are crafted that reference … | Apr 01, 2026 |
| CVE-2026-3777 | MEDIUM | 5.5 | The application does not properly validate the lifetime and validity of internal view cache pointers after JavaScript changes the document zoom and page state. When … | Apr 01, 2026 |
| CVE-2026-3776 | MEDIUM | 5.5 | The application does not validate the presence of required appearance (AP) data before accessing stamp annotation resources. When a PDF contains a stamp annotation missing … | Apr 01, 2026 |
| CVE-2026-3775 | HIGH | 7.8 | The application's update service, when checking for updates, loads certain system libraries from a search path that includes directories writable by low‑privileged users and is … | Apr 01, 2026 |
| CVE-2026-3774 | MEDIUM | 4.7 | The application allows PDF JavaScript and document/print actions (such as WillPrint/DidPrint) to update form fields, annotations, or optional content groups (OCGs) immediately before or after … | Apr 01, 2026 |
| CVE-2026-5248 | MEDIUM | 6.3 | A vulnerability has been found in gougucms 4.08.18. This affects the function reg_submit of the file gougucms-master\app\home\controller\Login.php of the component User Registration Handler. Such manipulation … | Apr 01, 2026 |
| CVE-2026-35057 | MEDIUM | 6.4 | XenForo before 2.3.10 and before 2.2.19 is vulnerable to stored cross-site scripting (XSS) in structured text mentions, primarily affecting legacy profile post content. An attacker … | Apr 01, 2026 |
| CVE-2026-35056 | HIGH | 7.2 | XenForo before 2.3.9 and before 2.2.18 allows remote code execution (RCE) by authenticated, but malicious, admin users. An attacker with admin panel access can execute … | Apr 01, 2026 |
| CVE-2026-35055 | MEDIUM | 6.1 | XenForo before 2.3.9 and before 2.2.18 is vulnerable to cross-site scripting (XSS) related to lightbox usage in posts. An attacker can inject malicious scripts that … | Apr 01, 2026 |
| CVE-2026-35054 | MEDIUM | 6.4 | XenForo before 2.3.9 is vulnerable to stored cross-site scripting (XSS) related to BB code rendering. An attacker can inject malicious scripts through BB code that … | Apr 01, 2026 |
| CVE-2026-2394 | UNKNOWN | — | Buffer Over-read vulnerability in RTI Connext Professional (Core Libraries) allows Overread Buffers.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.1, from … | Apr 01, 2026 |
| CVE-2025-71282 | HIGH | 7.5 | XenForo before 2.3.7 discloses filesystem paths through exception messages triggered by open_basedir restrictions. This allows an attacker to obtain information about the server's directory structure. | Apr 01, 2026 |
| CVE-2025-71281 | HIGH | 8.8 | XenForo before 2.3.7 does not properly restrict methods callable from within templates. A loose prefix match was used instead of a stricter first-word match for … | Apr 01, 2026 |
| CVE-2025-71280 | MEDIUM | 6.2 | XenForo before 2.3.7 allows information disclosure via local account page caching on shared systems. On systems where multiple users share a browser or machine, cached … | Apr 01, 2026 |
| CVE-2025-71279 | CRITICAL | 9.8 | XenForo before 2.3.7 contains a security issue affecting Passkeys that have been added to user accounts. An attacker may be able to compromise the security … | Apr 01, 2026 |
| CVE-2025-71278 | HIGH | 8.8 | XenForo before 2.3.5 allows OAuth2 client applications to request unauthorized scopes. This affects any customer using OAuth2 clients on any version of XenForo 2.3 prior … | Apr 01, 2026 |
| CVE-2025-13855 | HIGH | 7.6 | IBM Storage Protect Server 8.2.0 IBM Storage Protect Plus Server is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which … | Apr 01, 2026 |
| CVE-2024-58342 | MEDIUM | 6.3 | XenForo before 2.2.17 and 2.3.1 allows open redirect via a specially crafted URL. The getDynamicRedirect() function does not adequately validate the redirect target, allowing attackers … | Apr 01, 2026 |
| CVE-2026-5240 | MEDIUM | 4.3 | A security vulnerability has been detected in code-projects BloodBank Managing System 1.0. This affects an unknown part of the file /admin_state.php. The manipulation of the … | Apr 01, 2026 |
| CVE-2026-5238 | HIGH | 7.3 | A weakness has been identified in itsourcecode Payroll Management System 1.0. Affected by this issue is some unknown functionality of the file /view_employee.php of the … | Apr 01, 2026 |
| CVE-2026-4668 | MEDIUM | 6.5 | The Booking for Appointments and Events Calendar - Amelia plugin for WordPress is vulnerable to SQL Injection via the `sort` parameter in the payments listing … | Apr 01, 2026 |
| CVE-2026-5237 | HIGH | 7.3 | A security flaw has been discovered in itsourcecode Payroll Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /manage_user.php of … | Mar 31, 2026 |
| CVE-2026-5236 | MEDIUM | 5.3 | A vulnerability was identified in Axiomatic Bento4 up to 1.6.0-641. Affected is the function AP4_BitReader::SkipBits of the file Ap4Dac4Atom.cpp of the component DSI v1 Parser. … | Mar 31, 2026 |
| CVE-2026-5235 | MEDIUM | 5.3 | A vulnerability was determined in Axiomatic Bento4 up to 1.6.0-641. This impacts the function AP4_BitReader::ReadCache of the file Ap4Dac4Atom.cpp of the component MP4 File Parser. … | Mar 31, 2026 |
| CVE-2026-34556 | MEDIUM | 6.2 | iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, there is a heap-buffer-overflow (HBO) in … | Mar 31, 2026 |