Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
12618
Total
849
Critical
3639
High
3952
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-34557 | CRITICAL | 9.1 | CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application … | Mar 30, 2026 |
| CVE-2026-32884 | MEDIUM | 5.9 | Botan is a C++ cryptography library. Prior to version 3.11.0, during processing of an X.509 certificate path using name constraints which restrict the set of … | Mar 30, 2026 |
| CVE-2026-32883 | MEDIUM | 5.9 | Botan is a C++ cryptography library. From version 3.0.0 to before version 3.11.0, during X509 path validation, OCSP responses were checked for an appropriate status … | Mar 30, 2026 |
| CVE-2026-32877 | HIGH | 8.2 | Botan is a C++ cryptography library. From version 2.3.0 to before version 3.11.0, during SM2 decryption, the code that checked the authentication code value (C3) … | Mar 30, 2026 |
| CVE-2026-32696 | LOW | 3.1 | NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. In NanoMQ version 0.24.6, after enabling auth.http_auth (HTTP authentication), when a client connects to the … | Mar 30, 2026 |
| CVE-2026-31946 | CRITICAL | 9.8 | OpenOlat is an open source web-based e-learning platform for teaching, learning, assessment and communication. From version 10.5.4 to before version 20.2.5, OpenOLAT's OpenID Connect implicit … | Mar 30, 2026 |
| CVE-2026-30313 | UNKNOWN | — | DSAI-Cline's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on string-based parsing … | Mar 30, 2026 |
| CVE-2026-30308 | UNKNOWN | — | In its design for automatic terminal command execution, HAI Build Code Generator offers two options: Execute safe commands and Execute all commands. The description for … | Mar 30, 2026 |
| CVE-2026-30306 | UNKNOWN | — | In its design for automatic terminal command execution, SakaDev offers two options: Execute safe commands and execute all commands. The description for the former states … | Mar 30, 2026 |
| CVE-2026-28228 | HIGH | 8.8 | OpenOlat is an open source web-based e-learning platform for teaching, learning, assessment and communication. Prior to versions 19.1.31, 20.1.18, and 20.2.5, an authenticated user with … | Mar 30, 2026 |
| CVE-2026-27599 | MEDIUM | 4.7 | CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application … | Mar 30, 2026 |
| CVE-2026-27018 | UNKNOWN | — | Gotenberg is an API for converting document formats. Prior to version 8.29.0, the fix introduced for CVE-2024-21527 can be bypassed using mixed-case or uppercase URL … | Mar 30, 2026 |
| CVE-2026-25627 | MEDIUM | 6.5 | NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. Prior to version 0.24.8, NanoMQ’s MQTT-over-WebSocket transport can be crashed by sending an MQTT packet … | Mar 30, 2026 |
| CVE-2026-5150 | HIGH | 7.3 | A security vulnerability has been detected in code-projects Accounting System 1.0. This issue affects some unknown processing of the file /viewin_costumer.php of the component Parameter … | Mar 30, 2026 |
| CVE-2026-5148 | MEDIUM | 4.7 | A weakness has been identified in YunaiV yudao-cloud up to 2026.01. This vulnerability affects unknown code of the file /admin-api/system/mail-log/page. This manipulation of the argument … | Mar 30, 2026 |
| CVE-2026-33026 | UNKNOWN | — | Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, the nginx-ui backup restore mechanism allows attackers to tamper … | Mar 30, 2026 |
| CVE-2026-32275 | UNKNOWN | — | Tautulli is a Python based monitoring and tracking tool for Plex Media Server. From version 1.3.10 to before version 2.17.0, an unsanitized JSONP callback parameter … | Mar 30, 2026 |
| CVE-2026-31831 | UNKNOWN | — | Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Prior to version 2.17.0, the /newsletter/image/images API endpoint is vulnerable to path … | Mar 30, 2026 |
| CVE-2026-31804 | MEDIUM | 4.0 | Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Prior to version 2.17.0, the /pms_image_proxy endpoint accepts a user-supplied img parameter … | Mar 30, 2026 |
| CVE-2026-31799 | MEDIUM | 4.9 | Tautulli is a Python based monitoring and tracking tool for Plex Media Server. From version 2.14.2 to before version 2.17.0 for parameters "before" and "after" … | Mar 30, 2026 |
| CVE-2026-30307 | UNKNOWN | — | Roo Code's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on fragile … | Mar 30, 2026 |
| CVE-2026-30305 | UNKNOWN | — | Syntx's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on fragile regular … | Mar 30, 2026 |
| CVE-2026-28505 | UNKNOWN | — | Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Prior to version 2.17.0, the str_eval() function in notification_handler.py implements a sandboxed … | Mar 30, 2026 |
| CVE-2026-21717 | MEDIUM | 5.9 | A flaw in V8's string hashing mechanism causes integer-like strings to be hashed to their numeric value, making hash collisions trivially predictable. By crafting a … | Mar 30, 2026 |
| CVE-2026-21716 | LOW | 3.3 | An incomplete fix for CVE-2024-36137 leaves `FileHandle.chmod()` and `FileHandle.chown()` in the promises API without the required permission checks, while their callback-based equivalents (`fs.fchmod()`, `fs.fchown()`) were … | Mar 30, 2026 |