Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
12604
Total
849
Critical
3630
High
3947
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-30520 | MEDIUM | 4.8 | A Blind SQL Injection vulnerability exists in SourceCodester Loan Management System v1.0. The vulnerability is located in the ajax.php file (specifically the save_loan action). The … | Mar 31, 2026 |
| CVE-2026-30286 | UNKNOWN | — | An arbitrary file overwrite vulnerability in Funambol, Inc. Zefiro Cloud v32.0.2026011614 allows attackers to overwrite critical internal files via the file import process, leading to … | Mar 31, 2026 |
| CVE-2026-30283 | UNKNOWN | — | An arbitrary file overwrite vulnerability in PEAKSEL D.O.O. NIS Animal Sounds and Ringtones v1.3.0 allows attackers to overwrite critical internal files via the file import … | Mar 31, 2026 |
| CVE-2026-30282 | CRITICAL | 9.0 | An arbitrary file overwrite vulnerability in UXGROUP LLC Cast to TV Screen Mirroring v2.2.77 allows attackers to overwrite critical internal files via the file import … | Mar 31, 2026 |
| CVE-2026-30279 | UNKNOWN | — | An arbitrary file overwrite vulnerability in Squareapps LLC My Location Travel Timeline v11.80 allows attackers to overwrite critical internal files via the file import process, … | Mar 31, 2026 |
| CVE-2026-30278 | UNKNOWN | — | An arbitrary file overwrite vulnerability in FLY is FUN Aviation Navigation v35.33 allows attackers to overwrite critical internal files via the file import process, leading … | Mar 31, 2026 |
| CVE-2026-30277 | UNKNOWN | — | An arbitrary file overwrite vulnerability in PDF Reader App : TA/UTAX Mobile Print v3.7.2.251001 allows attackers to overwrite critical internal files via the file import … | Mar 31, 2026 |
| CVE-2026-2123 | UNKNOWN | — | A security audit identified a privilege escalation vulnerability in Operations Agent(<=OA 12.29) on Windows. Under specific conditions Operations Agent may run executables from specific writeable … | Mar 31, 2026 |
| CVE-2025-62184 | UNKNOWN | — | Pega Platform versions 8.1.0 through 25.1.0 are affected by a Stored Cross-site Scripting vulnerability in a user interface component. Requires an administrative user and given … | Mar 31, 2026 |
| CVE-2026-5205 | MEDIUM | 6.3 | A vulnerability was identified in chatwoot up to 4.11.2. Affected by this vulnerability is the function Webhooks::Trigger in the library lib/webhooks/trigger.rb of the component Webhook … | Mar 31, 2026 |
| CVE-2026-34361 | CRITICAL | 9.3 | HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. Prior to version 6.9.4, the FHIR Validator HTTP service … | Mar 31, 2026 |
| CVE-2026-34360 | MEDIUM | 5.8 | HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. Prior to version 6.9.4, the /loadIG HTTP endpoint in … | Mar 31, 2026 |
| CVE-2026-34359 | HIGH | 7.4 | HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. Prior to version 6.9.4, ManagedWebAccessUtils.getServer() uses String.startsWith() to match … | Mar 31, 2026 |
| CVE-2026-24165 | HIGH | 7.8 | NVIDIA BioNeMo contains a vulnerability where a user could cause a deserialization of untrusted data. A successful exploit of this vulnerability might lead to code … | Mar 31, 2026 |
| CVE-2026-24164 | HIGH | 8.8 | NVIDIA BioNeMo contains a vulnerability where a user could cause a deserialization of untrusted data. A successful exploit of this vulnerability might lead to code … | Mar 31, 2026 |
| CVE-2026-24154 | HIGH | 7.6 | NVIDIA Jetson Linux has vulnerability in initrd, where an unprivileged attacker with physical access coul inject incorrect command line arguments. A successful exploit of this … | Mar 31, 2026 |
| CVE-2026-24153 | MEDIUM | 5.2 | NVIDIA Jetson Linux has a vulnerability in initrd, where the nvluks trusted application is not disabled. A successful exploit of this vulnerability might lead to … | Mar 31, 2026 |
| CVE-2026-24148 | HIGH | 8.3 | NVIDIA Jetson for JetPack contains a vulnerability in the system initialization logic, where an unprivileged attacker could cause the initialization of a resource with an … | Mar 31, 2026 |
| CVE-2026-5204 | HIGH | 8.8 | A vulnerability was determined in Tenda CH22 1.0.0.1. Affected is the function formWebTypeLibrary of the file /goform/webtypelibrary of the component Parameter Handler. This manipulation of … | Mar 31, 2026 |
| CVE-2026-5203 | MEDIUM | 4.7 | A vulnerability was found in CMS Made Simple up to 2.2.22. This impacts the function _copyFilesToFolder in the library modules/UserGuide/lib/class.UserGuideImporterExporter.php of the component UserGuide Module … | Mar 31, 2026 |
| CVE-2026-5087 | UNKNOWN | — | PAGI::Middleware::Session::Store::Cookie versions through 0.001003 for Perl generates random bytes insecurely. PAGI::Middleware::Session::Store::Cookie attempts to read bytes from the /dev/urandom device directly. If that fails (for example, … | Mar 31, 2026 |
| CVE-2026-4819 | MEDIUM | 4.9 | In Search Guard FLX versions from 1.0.0 up to 4.0.1, the audit logging feature might log user credentials from users logging into Kibana. | Mar 31, 2026 |
| CVE-2026-4818 | MEDIUM | 6.8 | In Search Guard FLX versions from 3.0.0 up to 4.0.1, there exists an issue which allows users without the necessary privileges to execute some management … | Mar 31, 2026 |
| CVE-2026-34595 | UNKNOWN | — | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.70 and 9.7.0-alpha.18, an … | Mar 31, 2026 |
| CVE-2026-34574 | UNKNOWN | — | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.69 and 9.7.0-alpha.14, an … | Mar 31, 2026 |