Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
12618
Total
849
Critical
3639
High
3952
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-30878 | MEDIUM | 5.3 | baserCMS is a website development framework. Prior to version 5.2.3, a public mail submission API allows unauthenticated users to submit mail form entries even when … | Mar 31, 2026 |
| CVE-2026-30877 | CRITICAL | 9.1 | baserCMS is a website development framework. Prior to version 5.2.3, there is an OS command injection vulnerability in the update functionality. Due to this issue, … | Mar 31, 2026 |
| CVE-2026-27697 | UNKNOWN | — | baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has a SQL injection vulnerability in blog posts. This issue has been patched in … | Mar 31, 2026 |
| CVE-2026-21861 | CRITICAL | 9.1 | baserCMS is a website development framework. Prior to version 5.2.3, baserCMS contains an OS command injection vulnerability in the core update functionality. An authenticated administrator … | Mar 31, 2026 |
| CVE-2025-32957 | HIGH | 8.7 | baserCMS is a website development framework. Prior to version 5.2.3, the application's restore function allows users to upload a .zip file, which is then automatically … | Mar 31, 2026 |
| CVE-2026-5157 | MEDIUM | 4.3 | A vulnerability was identified in code-projects Online Food Ordering System 1.0. Affected is an unknown function of the file /form/order.php of the component Order Module. … | Mar 31, 2026 |
| CVE-2026-5156 | HIGH | 8.8 | A vulnerability was determined in Tenda CH22 1.0.0.1. This impacts the function formQuickIndex of the file /goform/QuickIndex of the component Parameter Handler. This manipulation of … | Mar 31, 2026 |
| CVE-2026-5155 | HIGH | 8.8 | A vulnerability was found in Tenda CH22 1.0.0.1. This affects the function fromAdvSetWan of the file /goform/AdvSetWan of the component Parameter Handler. The manipulation of … | Mar 30, 2026 |
| CVE-2026-5154 | HIGH | 8.8 | A vulnerability has been found in Tenda CH22 1.0.0.1/1.If. The impacted element is the function fromSetCfm of the file /goform/setcfm of the component Parameter Handler. … | Mar 30, 2026 |
| CVE-2026-5130 | HIGH | 8.8 | The Debugger & Troubleshooter plugin for WordPress was vulnerable to Unauthenticated Privilege Escalation in versions up to and including 1.3.2. This was due to the … | Mar 30, 2026 |
| CVE-2026-5153 | MEDIUM | 6.3 | A flaw has been found in Tenda CH22 1.0.0.1. The affected element is the function FormWriteFacMac of the file /goform/WriteFacMac. Executing a manipulation of the … | Mar 30, 2026 |
| CVE-2026-4257 | CRITICAL | 9.8 | The Contact Form by Supsystic plugin for WordPress is vulnerable to Server-Side Template Injection (SSTI) leading to Remote Code Execution (RCE) in all versions up … | Mar 30, 2026 |
| CVE-2026-33995 | MEDIUM | 5.3 | FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, a double-free vulnerability in kerberos_AcceptSecurityContext() and kerberos_InitializeSecurityContextA() (WinPR, winpr/libwinpr/sspi/Kerberos/kerberos.c) can cause … | Mar 30, 2026 |
| CVE-2026-33987 | HIGH | 7.1 | FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, in persistent_cache_read_entry_v3() in libfreerdp/cache/persistent.c, persistent->bmpSize is updated before winpr_aligned_recalloc(). If realloc … | Mar 30, 2026 |
| CVE-2026-33986 | HIGH | 7.5 | FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, in yuv_ensure_buffer() in libfreerdp/codec/h264.c, h264->width and h264->height are updated before the … | Mar 30, 2026 |
| CVE-2026-33985 | MEDIUM | 5.9 | FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, pixel data from adjacent heap memory is rendered to screen, potentially … | Mar 30, 2026 |
| CVE-2026-33984 | HIGH | 7.5 | FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, in resize_vbar_entry() in libfreerdp/codec/clear.c, vBarEntry->size is updated to vBarEntry->count before the … | Mar 30, 2026 |
| CVE-2026-33983 | MEDIUM | 6.5 | FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, progressive_decompress_tile_upgrade() detects a mismatch via progressive_rfx_quant_cmp_equal() but only emits WLog_WARN, execution … | Mar 30, 2026 |
| CVE-2026-33982 | HIGH | 7.1 | FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, there is a heap-buffer-overflow READ vulnerability at 24 bytes before the … | Mar 30, 2026 |
| CVE-2026-33977 | UNKNOWN | — | FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, a malicious RDP server can crash the FreeRDP client by sending … | Mar 30, 2026 |
| CVE-2026-33952 | UNKNOWN | — | FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, an unvalidated auth_length field read from the network triggers a WINPR_ASSERT() … | Mar 30, 2026 |
| CVE-2026-32794 | MEDIUM | 4.8 | Improper Certificate Validation vulnerability in Apache Airflow Provider for Databricks. Provider code did not validate certificates for connections to Databricks back-end which could result in … | Mar 30, 2026 |
| CVE-2026-5152 | HIGH | 8.8 | A vulnerability was detected in Tenda CH22 1.0.0.1. Impacted is the function formCreateFileName of the file /goform/createFileName. Performing a manipulation of the argument fileNameMit results … | Mar 30, 2026 |
| CVE-2026-4789 | UNKNOWN | — | Kyverno, versions 1.16.0 and later, are vulnerable to SSRF due to unrestricted CEL HTTP functions. | Mar 30, 2026 |
| CVE-2026-34558 | CRITICAL | 9.1 | CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application … | Mar 30, 2026 |