Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
12604
Total
849
Critical
3630
High
3947
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-34452 | UNKNOWN | — | The Claude SDK for Python provides access to the Claude API from Python applications. From version 0.86.0 to before version 0.87.0, the async local filesystem … | Mar 31, 2026 |
| CVE-2026-34451 | UNKNOWN | — | Claude SDK for TypeScript provides access to the Claude API from server-side TypeScript or JavaScript applications. From version 0.79.0 to before version 0.81.0, the local … | Mar 31, 2026 |
| CVE-2026-34450 | UNKNOWN | — | The Claude SDK for Python provides access to the Claude API from Python applications. From version 0.86.0 to before version 0.87.0, the local filesystem memory … | Mar 31, 2026 |
| CVE-2026-34449 | CRITICAL | 9.6 | SiYuan is a personal knowledge management system. Prior to version 3.6.2, a malicious website can achieve Remote Code Execution (RCE) on any desktop running SiYuan … | Mar 31, 2026 |
| CVE-2026-34448 | CRITICAL | 9.0 | SiYuan is a personal knowledge management system. Prior to version 3.6.2, an attacker who can place a malicious URL in an Attribute View mAsse field … | Mar 31, 2026 |
| CVE-2026-34443 | UNKNOWN | — | FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.211, checkIpByMask() in app/Misc/Helper.php checks whether the input … | Mar 31, 2026 |
| CVE-2026-34442 | MEDIUM | 5.4 | FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.211, host header manipulation in FreeScout version (http://localhost:8080/system/status) … | Mar 31, 2026 |
| CVE-2026-34441 | MEDIUM | 4.8 | cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.40.0, cpp-httplib is vulnerable to HTTP Request Smuggling. The server's static file … | Mar 31, 2026 |
| CVE-2026-34406 | UNKNOWN | — | APTRS (Automated Penetration Testing Reporting System) is a Python and Django-based automated reporting tool designed for penetration testers and security organizations. Prior to version 2.0.1, … | Mar 31, 2026 |
| CVE-2026-34405 | MEDIUM | 6.1 | Nuxt OG Image generates OG Images with Vue templates in Nuxt. Prior to version 6.2.5, the image‑generation component by the URI: /_og/d/ (and, in older … | Mar 31, 2026 |
| CVE-2026-34404 | UNKNOWN | — | Nuxt OG Image generates OG Images with Vue templates in Nuxt. Prior to version 6.2.5, the image‑generation component by the URI: /_og/d/ (and, in older … | Mar 31, 2026 |
| CVE-2026-34401 | MEDIUM | 6.5 | XML Notepad is a Windows program that provides a simple intuitive User Interface for browsing and editing XML documents. Prior to version 2.9.0.21, XML Notepad … | Mar 31, 2026 |
| CVE-2026-34400 | UNKNOWN | — | Alerta is a monitoring tool. Prior to version 9.1.0, the Query string search API (q=) was vulnerable to SQL injection via the Postgres query parser, … | Mar 31, 2026 |
| CVE-2026-5213 | HIGH | 8.8 | A vulnerability was determined in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 … | Mar 31, 2026 |
| CVE-2026-5212 | HIGH | 8.8 | A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, … | Mar 31, 2026 |
| CVE-2026-3470 | LOW | 3.8 | A vulnerability exists in the SonicWall Email Security appliance due to improper input sanitization that may lead to data corruption, allowing a remote authenticated attacker … | Mar 31, 2026 |
| CVE-2026-3469 | LOW | 2.7 | A denial-of-service (DoS) vulnerability exists due to improper input validation in the SonicWall Email Security appliance, allowing a remote authenticated attacker as admin user to … | Mar 31, 2026 |
| CVE-2026-3468 | MEDIUM | 4.8 | A stored Cross-Site Scripting (XSS) vulnerability has been identified in the SonicWall Email Security appliance due to improper neutralization of user-supplied input during web page … | Mar 31, 2026 |
| CVE-2026-34740 | MEDIUM | 6.5 | WWBN AVideo is an open source video platform. In versions 26.0 and prior, the EPG (Electronic Program Guide) link feature in AVideo allows authenticated users … | Mar 31, 2026 |
| CVE-2026-34739 | MEDIUM | 6.1 | WWBN AVideo is an open source video platform. In versions 26.0 and prior, the User_Location plugin's testIP.php page reflects the ip request parameter directly into … | Mar 31, 2026 |
| CVE-2026-34738 | MEDIUM | 4.3 | WWBN AVideo is an open source video platform. In versions 26.0 and prior, AVideo's video processing pipeline accepts an overrideStatus request parameter that allows any … | Mar 31, 2026 |
| CVE-2026-34737 | MEDIUM | 6.5 | WWBN AVideo is an open source video platform. In versions 26.0 and prior, the StripeYPT plugin includes a test.php debug endpoint that is accessible to … | Mar 31, 2026 |
| CVE-2026-34733 | MEDIUM | 6.5 | WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo installation script install/deleteSystemdPrivate.php contains a PHP operator precedence bug in … | Mar 31, 2026 |
| CVE-2026-34732 | MEDIUM | 5.3 | WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo CreatePlugin template for list.json.php does not include any authentication or … | Mar 31, 2026 |
| CVE-2026-34731 | HIGH | 7.5 | WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo on_publish_done.php endpoint in the Live plugin allows unauthenticated users to … | Mar 31, 2026 |