Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
12618
Total
849
Critical
3639
High
3952
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-5201 | HIGH | 7.5 | A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vulnerability occurs in the JPEG image loader due to improper validation of color … | Mar 31, 2026 |
| CVE-2026-5196 | MEDIUM | 6.3 | A vulnerability has been found in code-projects Student Membership System 1.0. Impacted is an unknown function of the file /delete_member.php. The manipulation of the argument … | Mar 31, 2026 |
| CVE-2026-5195 | HIGH | 7.3 | A flaw has been found in code-projects Student Membership System 1.0. This issue affects some unknown processing of the component User Registration Handler. Executing a … | Mar 31, 2026 |
| CVE-2026-3107 | UNKNOWN | — | Stored Cross-Site Scripting (XSS) in Teampass versions prior to 3.1.5.16, affecting the password manager's password import functionality at the endpoint 'redacted/index.php?page=items'. The application fails to … | Mar 31, 2026 |
| CVE-2026-3106 | UNKNOWN | — | Blind Cross-Site Scripting (XSS) in Teampass, versions prior to 3.1.5.16, within the password manager login functionality in the 'contraseña' parameter of the login form 'redacted/index.php'. … | Mar 31, 2026 |
| CVE-2025-41357 | UNKNOWN | — | Reflected Cross-Site Scripting (XSS) vulnerability in Anon Proxy Server v0.104. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending … | Mar 31, 2026 |
| CVE-2025-41356 | UNKNOWN | — | Reflected Cross-Site Scripting (XSS) vulnerability in Anon Proxy Server v0.104. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending … | Mar 31, 2026 |
| CVE-2025-41355 | UNKNOWN | — | Reflected Cross-Site Scripting (XSS) vulnerability in Anon Proxy Server v0.104. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending … | Mar 31, 2026 |
| CVE-2025-10559 | HIGH | 7.1 | A Path Traversal vulnerability affecting Factory Resource Management in DELMIA Factory Resource Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to … | Mar 31, 2026 |
| CVE-2025-10553 | HIGH | 8.7 | A Stored Cross-site Scripting (XSS) vulnerability affecting Factory Resource Management in DELMIA Factory Resource Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an … | Mar 31, 2026 |
| CVE-2025-10551 | HIGH | 8.7 | A Stored Cross-site Scripting (XSS) vulnerability affecting Document Management in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker … | Mar 31, 2026 |
| CVE-2026-5186 | MEDIUM | 5.3 | A weakness has been identified in Nothings stb up to 2.30. This impacts the function stbi__load_gif_main of the file stb_image.h of the component Multi-frame GIF … | Mar 31, 2026 |
| CVE-2026-5185 | MEDIUM | 5.3 | A security flaw has been discovered in Nothings stb_image up to 2.30. This affects the function stbi__gif_load_next of the file stb_image.h of the component Multi-frame … | Mar 31, 2026 |
| CVE-2026-5184 | MEDIUM | 6.3 | A vulnerability was identified in TRENDnet TEW-713RE up to 1.02. The impacted element is an unknown function of the file /goform/setSysAdm. The manipulation of the … | Mar 31, 2026 |
| CVE-2026-3881 | MEDIUM | 5.8 | The Performance Monitor WordPress plugin through 1.0.6 does not validate a parameter before making a request to it, which could allow unauthenticated users to perform … | Mar 31, 2026 |
| CVE-2026-5183 | MEDIUM | 6.3 | A vulnerability was determined in TRENDnet TEW-713RE up to 1.02. The affected element is the function sub_421494 of the file /goform/addRouting. Executing a manipulation of … | Mar 31, 2026 |
| CVE-2026-5182 | HIGH | 7.3 | A vulnerability was found in SourceCodester Teacher Record System 1.0. Impacted is an unknown function of the file Teacher Record System of the component Parameter … | Mar 31, 2026 |
| CVE-2026-34881 | MEDIUM | 5.0 | OpenStack Glance <29.1.1, >=30.0.0 <30.1.1, ==31.0.0 is affected by Server-Side Request Forgery (SSRF). By use of HTTP redirects, an authenticated user can bypass URL validation … | Mar 31, 2026 |
| CVE-2026-1877 | MEDIUM | 6.1 | The Auto Post Scheduler plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.84. This is due to … | Mar 31, 2026 |
| CVE-2026-1834 | MEDIUM | 6.4 | The Ibtana – WordPress Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ive' shortcode in all versions up to, … | Mar 31, 2026 |
| CVE-2026-5181 | MEDIUM | 6.3 | A vulnerability has been found in SourceCodester Simple Doctors Appointment System up to 1.0. This issue affects some unknown processing of the file /doctors_appointment/admin/ajax.php?action=save_category. Such … | Mar 31, 2026 |
| CVE-2026-5180 | HIGH | 7.3 | A flaw has been found in SourceCodester Simple Doctors Appointment System 1.0. This vulnerability affects unknown code of the file /admin/ajax.php?action=login2. This manipulation of the … | Mar 31, 2026 |
| CVE-2026-5179 | HIGH | 7.3 | A vulnerability was detected in SourceCodester Simple Doctors Appointment System 1.0. This affects an unknown part of the file /admin/login.php. The manipulation of the argument … | Mar 31, 2026 |
| CVE-2026-4146 | MEDIUM | 6.1 | The Loco Translate plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘update_href’ parameter in all versions up to, and including, 2.8.2 due … | Mar 31, 2026 |
| CVE-2026-1797 | MEDIUM | 5.3 | The Appointment Booking and Scheduler Plugin – Truebooker plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.4 … | Mar 31, 2026 |