Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
12604
Total
849
Critical
3630
High
3947
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-34573 | UNKNOWN | — | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.68 and 9.7.0-alpha.12, the … | Mar 31, 2026 |
| CVE-2026-34243 | CRITICAL | 9.8 | wenxian is a tool to generate BIBTEX files from given identifiers (DOI, PMID, arXiv ID, or paper title). In versions 0.3.1 and prior, a GitHub … | Mar 31, 2026 |
| CVE-2026-34240 | HIGH | 7.5 | JOSE is a Javascript Object Signing and Encryption (JOSE) library. Prior to version 0.3.5+1, a vulnerability in jose could allow an unauthenticated, remote attacker to … | Mar 31, 2026 |
| CVE-2026-34237 | MEDIUM | 6.1 | MCP Java SDK is the official Java SDK for Model Context Protocol servers and clients. Prior to versions 1.0.1 and 1.1.1, there is a hardcoded … | Mar 31, 2026 |
| CVE-2026-34235 | UNKNOWN | — | PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, a heap out-of-bounds read vulnerability exists in PJSIP's … | Mar 31, 2026 |
| CVE-2026-34231 | MEDIUM | 6.1 | Slippers is a UI component framework for Django. Prior to version 0.6.3, a Cross-Site Scripting (XSS) vulnerability exists in the {% attrs %} template tag … | Mar 31, 2026 |
| CVE-2026-34227 | UNKNOWN | — | Sliver is a command and control framework that uses a custom Wireguard netstack. Prior to version 1.7.4, a single click on a malicious link gives … | Mar 31, 2026 |
| CVE-2026-34221 | UNKNOWN | — | MikroORM is a TypeScript ORM for Node.js based on Data Mapper, Unit of Work and Identity Map patterns. Prior to versions 6.6.10 and 7.0.6, a … | Mar 31, 2026 |
| CVE-2026-34220 | UNKNOWN | — | MikroORM is a TypeScript ORM for Node.js based on Data Mapper, Unit of Work and Identity Map patterns. Prior to versions 6.6.10 and 7.0.6, there … | Mar 31, 2026 |
| CVE-2026-34219 | UNKNOWN | — | libp2p-rust is the official rust language Implementation of the libp2p networking stack. Prior to version 0.49.4, the Rust libp2p Gossipsub implementation contains a remotely reachable … | Mar 31, 2026 |
| CVE-2026-34218 | UNKNOWN | — | ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to version 4.2.14, two related startup defects created a window during which … | Mar 31, 2026 |
| CVE-2026-30284 | UNKNOWN | — | An arbitrary file overwrite vulnerability in UXGROUP LLC Voice Recorder v10.0 allows attackers to overwrite critical internal files via the file import process, leading to … | Mar 31, 2026 |
| CVE-2026-30281 | UNKNOWN | — | An arbitrary file overwrite vulnerability in MaruNuri LLC v2.0.23 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code … | Mar 31, 2026 |
| CVE-2026-30276 | UNKNOWN | — | An arbitrary file overwrite vulnerability in DeftPDF Document Translator v54.0 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary … | Mar 31, 2026 |
| CVE-2026-22569 | MEDIUM | 5.4 | An incorrect startup configuration of affected versions of Zscaler Client Connector on Windows may cause a limited amount of traffic from being inspected under rare … | Mar 31, 2026 |
| CVE-2026-22561 | UNKNOWN | — | Uncontrolled search path elements in Anthropic Claude for Windows installer (Claude Setup.exe) versions prior to 1.1.3363 allow local privilege escalation via DLL search-order hijacking. The … | Mar 31, 2026 |
| CVE-2026-4799 | MEDIUM | 4.3 | In Search Guard FLX up to version 4.0.1, it is possible to use specially crafted requests to redirect the user to an untrusted URL. | Mar 31, 2026 |
| CVE-2026-34532 | UNKNOWN | — | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.67 and 9.7.0-alpha.11, an … | Mar 31, 2026 |
| CVE-2026-34504 | HIGH | 8.3 | OpenClaw before 2026.3.28 contains a server-side request forgery vulnerability in the fal provider image-generation-provider.ts component that allows attackers to fetch internal URLs. A malicious or … | Mar 31, 2026 |
| CVE-2026-34503 | HIGH | 8.1 | OpenClaw before 2026.3.28 fails to disconnect active WebSocket sessions when devices are removed or tokens are revoked. Attackers with revoked credentials can maintain unauthorized access … | Mar 31, 2026 |
| CVE-2026-34377 | UNKNOWN | — | ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.0 and zebra-consensus version 5.0.1, a logic error in Zebra's transaction verification … | Mar 31, 2026 |
| CVE-2026-34373 | UNKNOWN | — | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.66 and 9.7.0-alpha.10, the … | Mar 31, 2026 |
| CVE-2026-34363 | UNKNOWN | — | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.65 and 9.7.0-alpha.9, when … | Mar 31, 2026 |
| CVE-2026-34224 | UNKNOWN | — | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.64 and 9.7.0-alpha.8, an … | Mar 31, 2026 |
| CVE-2026-34214 | HIGH | 7.7 | Trino is a distributed SQL query engine for big data analytics. From version 439 to before version 480, Iceberg connector REST catalog static credentials (access … | Mar 31, 2026 |