Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
12604
Total
849
Critical
3630
High
3947
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-34716 | MEDIUM | 6.4 | WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo YPTSocket plugin's caller feature renders incoming call notifications using the … | Mar 31, 2026 |
| CVE-2026-34613 | MEDIUM | 6.5 | WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo endpoint objects/pluginSwitch.json.php allows administrators to enable or disable any installed … | Mar 31, 2026 |
| CVE-2026-34611 | MEDIUM | 6.5 | WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo endpoint objects/emailAllUsers.json.php allows administrators to send HTML emails to every … | Mar 31, 2026 |
| CVE-2026-34586 | MEDIUM | 6.5 | PdfDing is a selfhosted PDF manager, viewer and editor offering a seamless user experience on multiple devices. Prior to version 1.7.1, check_shared_access_allowed() validates only session … | Mar 31, 2026 |
| CVE-2026-34396 | MEDIUM | 6.1 | WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo admin panel renders plugin configuration values in HTML forms without … | Mar 31, 2026 |
| CVE-2026-34395 | MEDIUM | 6.5 | WWBN AVideo is an open source video platform. In versions 26.0 and prior, the plugin/YPTWallet/view/users.json.php endpoint returns all platform users with their personal information and … | Mar 31, 2026 |
| CVE-2026-34394 | HIGH | 8.1 | WWBN AVideo is an open source video platform. In versions 26.0 and prior, AVideo's admin plugin configuration endpoint (admin/save.json.php) lacks any CSRF token validation. There … | Mar 31, 2026 |
| CVE-2026-34384 | MEDIUM | 4.5 | Admidio is an open-source user management solution. Prior to version 5.0.8, the create_user, assign_member, and assign_user action modes in modules/registration.php approve pending user registrations via … | Mar 31, 2026 |
| CVE-2026-34383 | MEDIUM | 4.3 | Admidio is an open-source user management solution. Prior to version 5.0.8, the inventory module's item_save endpoint accepts a user-controllable POST parameter imported that, when set … | Mar 31, 2026 |
| CVE-2026-34382 | MEDIUM | 4.6 | Admidio is an open-source user management solution. From version 5.0.0 to before version 5.0.8, the delete mode handler in mylist_function.php permanently deletes list configurations without … | Mar 31, 2026 |
| CVE-2026-34381 | HIGH | 7.5 | Admidio is an open-source user management solution. From version 5.0.0 to before version 5.0.8, Admidio relies on adm_my_files/.htaccess to deny direct HTTP access to uploaded … | Mar 31, 2026 |
| CVE-2026-34372 | UNKNOWN | — | Sulu is an open-source PHP content management system based on the Symfony framework. From versions 1.0.0 to before 2.6.22, and 3.0.0 to before 3.0.5, a … | Mar 31, 2026 |
| CVE-2026-34367 | HIGH | 7.6 | InvoiceShelf is an open-source web & mobile app that helps track expenses, payments and create professional invoices and estimates. Prior to version 2.2.0, a Server-Side … | Mar 31, 2026 |
| CVE-2026-34366 | HIGH | 7.6 | InvoiceShelf is an open-source web & mobile app that helps track expenses, payments and create professional invoices and estimates. Prior to version 2.2.0, a Server-Side … | Mar 31, 2026 |
| CVE-2026-1579 | CRITICAL | 9.8 | The MAVLink communication protocol does not require cryptographic authentication by default. When MAVLink 2.0 message signing is not enabled, any message -- including SERIAL_CONTROL, which … | Mar 31, 2026 |
| CVE-2026-5211 | HIGH | 8.8 | A flaw has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, … | Mar 31, 2026 |
| CVE-2026-4800 | HIGH | 8.1 | Impact: The fix for CVE-2021-23337 (https://github.com/advisories/GHSA-35jh-r3h4-6jhm) added validation for the variable option in _.template but did not apply the same validation to options.imports key names. … | Mar 31, 2026 |
| CVE-2026-34784 | UNKNOWN | — | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.71 and 9.7.1-alpha.1, file … | Mar 31, 2026 |
| CVE-2026-34365 | HIGH | 7.6 | InvoiceShelf is an open-source web & mobile app that helps track expenses, payments and create professional invoices and estimates. Prior to version 2.2.0, a Server-Side … | Mar 31, 2026 |
| CVE-2026-34215 | UNKNOWN | — | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.63 and 9.7.0-alpha.7, the … | Mar 31, 2026 |
| CVE-2026-34206 | MEDIUM | 6.1 | Captcha Protect is a Traefik middleware to add an anti-bot challenge to individual IPs in a subnet when traffic spikes are detected from that subnet. … | Mar 31, 2026 |
| CVE-2026-34204 | UNKNOWN | — | MinIO is a high-performance object storage system. Prior to version RELEASE.2026-03-26T21-24-40Z, a flaw in extractMetadataFromMime() allows any authenticated user with s3:PutObject permission to inject internal … | Mar 31, 2026 |
| CVE-2026-34203 | LOW | 2.7 | Nautobot is a Network Source of Truth and Network Automation Platform. Prior to versions 2.4.30 and 3.0.10, user creation and editing via the REST API … | Mar 31, 2026 |
| CVE-2026-30290 | UNKNOWN | — | An arbitrary file overwrite vulnerability in InTouch Contacts & Caller ID APP v6.38.1 allows attackers to overwrite critical internal files via the file import process, … | Mar 31, 2026 |
| CVE-2026-30285 | UNKNOWN | — | An arbitrary file overwrite vulnerability in Zora: Post, Trade, Earn Crypto v2.60.0 allows attackers to overwrite critical internal files via the file import process, leading … | Mar 31, 2026 |