Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
12618
Total
849
Critical
3639
High
3952
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-1710 | MEDIUM | 6.5 | The WooPayments: Integrated WooCommerce Payments plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_upe_appearance_ajax' function … | Mar 31, 2026 |
| CVE-2026-5178 | MEDIUM | 6.3 | A security vulnerability has been detected in Totolink A3300R 17.0.0cu.557_b20221024. Affected by this issue is the function setIptvCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of … | Mar 31, 2026 |
| CVE-2026-5177 | MEDIUM | 6.3 | A weakness has been identified in Totolink A3300R 17.0.0cu.557_b20221024. Affected by this vulnerability is the function setWiFiBasicCfg of the file /cgi-bin/cstecgi.cgi. Executing a manipulation of … | Mar 31, 2026 |
| CVE-2026-34073 | UNKNOWN | — | cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to version 46.0.6, DNS name constraints were only validated against … | Mar 31, 2026 |
| CVE-2026-34070 | HIGH | 7.5 | LangChain is a framework for building agents and LLM-powered applications. Prior to version 1.2.22, multiple functions in langchain_core.prompts.loading read files from paths embedded in deserialized … | Mar 31, 2026 |
| CVE-2026-34060 | UNKNOWN | — | Ruby LSP is an implementation of the language server protocol for Ruby. Prior to Shopify.ruby-lsp version 0.10.2 and ruby-lsp version 0.26.9, the rubyLsp.branch VS Code … | Mar 31, 2026 |
| CVE-2026-34054 | HIGH | 7.8 | vcpkg is a free and open-source C/C++ package manager. Prior to version 3.6.1#3, vcpkg's Windows builds of OpenSSL set openssldir to a path on the … | Mar 31, 2026 |
| CVE-2026-34043 | MEDIUM | 5.9 | Serialize JavaScript to a superset of JSON that includes regular expressions and functions. Prior to version 7.0.5, there is a Denial of Service (DoS) vulnerability … | Mar 31, 2026 |
| CVE-2026-34042 | HIGH | 8.2 | act is a project which allows for local running of github actions. Prior to version 0.2.86, act's built in actions/cache server listens to connections on … | Mar 31, 2026 |
| CVE-2026-34041 | UNKNOWN | — | act is a project which allows for local running of github actions. Prior to version 0.2.86, act unconditionally processes the deprecated ::set-env:: and ::add-path:: workflow … | Mar 31, 2026 |
| CVE-2026-34040 | HIGH | 8.8 | Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows attackers to bypass authorization plugins (AuthZ). … | Mar 31, 2026 |
| CVE-2026-34036 | MEDIUM | 6.5 | Dolibarr is an enterprise resource planning (ERP) and customer relationship management (CRM) software package. In versions 22.0.4 and prior, there is a Local File Inclusion … | Mar 31, 2026 |
| CVE-2026-33997 | MEDIUM | 6.8 | Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows plugins privilege validation to be bypassed … | Mar 31, 2026 |
| CVE-2026-32727 | HIGH | 8.1 | SciTokens is a reference library for generating and using SciTokens. Prior to version 1.9.7, the Enforcer is vulnerable to a path traversal attack where an … | Mar 31, 2026 |
| CVE-2026-32716 | HIGH | 8.1 | SciTokens is a reference library for generating and using SciTokens. Prior to version 1.9.6, the Enforcer incorrectly validates scope paths by using a simple prefix … | Mar 31, 2026 |
| CVE-2026-32714 | CRITICAL | 9.8 | SciTokens is a reference library for generating and using SciTokens. Prior to version 1.9.6, the KeyCache class in scitokens was vulnerable to SQL Injection because … | Mar 31, 2026 |
| CVE-2026-5176 | HIGH | 7.3 | A security flaw has been discovered in Totolink A3300R 17.0.0cu.557_b20221024. Affected is the function setSyslogCfg of the file /cgi-bin/cstecgi.cgi. Performing a manipulation of the argument … | Mar 31, 2026 |
| CVE-2026-4020 | HIGH | 7.5 | The Gravity SMTP plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.4. This is due to a … | Mar 31, 2026 |
| CVE-2026-3300 | CRITICAL | 9.8 | The Everest Forms Pro plugin for WordPress is vulnerable to Remote Code Execution via PHP Code Injection in all versions up to, and including, 1.9.12. … | Mar 31, 2026 |
| CVE-2026-5115 | UNKNOWN | — | The PaperCut NG/MF (specifically, the embedded application for Konica Minolta devices) is vulnerable to session hijacking. The PaperCut NG/MF Embedded application is a software interface … | Mar 31, 2026 |
| CVE-2026-4794 | UNKNOWN | — | Multiple cross-site scripting (XSS) vulnerabilities in PaperCut NG/MF before 25.0.10 allow authenticated administrator users to inject arbitrary web script or HTML code via different UI … | Mar 31, 2026 |
| CVE-2026-32734 | HIGH | 7.1 | baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has DOM-based cross-site scripting in tag creation. This issue has been patched in version … | Mar 31, 2026 |
| CVE-2026-30940 | HIGH | 7.2 | baserCMS is a website development framework. Prior to version 5.2.3, a path traversal vulnerability exists in the theme file management API (/baser/api/admin/bc-theme-file/theme_files/add.json) that allows arbitrary … | Mar 31, 2026 |
| CVE-2026-30880 | UNKNOWN | — | baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has an OS command injection vulnerability in the installer. This issue has been patched … | Mar 31, 2026 |
| CVE-2026-30879 | UNKNOWN | — | baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has a cross-site scripting vulnerability in blog posts. This issue has been patched in … | Mar 31, 2026 |