Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
12618
Total
849
Critical
3639
High
3952
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-21715 | LOW | 3.3 | A flaw in Node.js Permission Model filesystem enforcement leaves `fs.realpathSync.native()` without the required read permission checks, while all comparable filesystem functions correctly enforce them. As … | Mar 30, 2026 |
| CVE-2026-21714 | MEDIUM | 5.3 | A memory leak occurs in Node.js HTTP/2 servers when a client sends WINDOW_UPDATE frames on stream 0 (connection-level) that cause the flow control window to … | Mar 30, 2026 |
| CVE-2026-21713 | MEDIUM | 5.9 | A flaw in Node.js HMAC verification uses a non-constant-time comparison when validating user-provided signatures, potentially leaking timing information proportional to the number of matching bytes. … | Mar 30, 2026 |
| CVE-2026-21711 | MEDIUM | 5.3 | A flaw in Node.js Permission Model network enforcement leaves Unix Domain Socket (UDS) server operations without the required permission checks, while all comparable network paths … | Mar 30, 2026 |
| CVE-2026-21710 | HIGH | 7.5 | A flaw in Node.js HTTP request handling causes an uncaught `TypeError` when a request is received with a header named `__proto__` and the application accesses … | Mar 30, 2026 |
| CVE-2026-5147 | HIGH | 7.3 | A security flaw has been discovered in YunaiV yudao-cloud up to 2026.01. This affects an unknown part of the file /admin-api/system/tenant/get-by-website. The manipulation of the … | Mar 30, 2026 |
| CVE-2026-3991 | HIGH | 7.8 | Symantec Data Loss Prevention Windows Endpoint, prior to 25.1 MP1, 16.1 MP2, 16.0 RU2 HF9, 16.0 RU1 MP1 HF12, and 16.0 MP2 HF15, may be … | Mar 30, 2026 |
| CVE-2026-3502 | HIGH | 7.8 | TrueConf Client downloads application update code and applies it without performing verification. An attacker who is able to influence the update delivery path can substitute … | Mar 30, 2026 |
| CVE-2026-34714 | CRITICAL | 9.2 | Vim before 9.2.0272 allows code execution that happens immediately upon opening a crafted file in the default configuration, because %{expr} injection occurs with tabpanel lacking … | Mar 30, 2026 |
| CVE-2026-29925 | HIGH | 7.7 | Invoice Ninja v5.12.46 and v5.12.48 is vulnerable to Server-Side Request Forgery (SSRF) in CheckDatabaseRequest.php. | Mar 30, 2026 |
| CVE-2026-29924 | HIGH | 7.6 | Grav CMS v1.7.x and before is vulnerable to XML External Entity (XXE) through the SVG file upload functionality in the admin panel and File Manager … | Mar 30, 2026 |
| CVE-2026-5126 | MEDIUM | 6.3 | A flaw has been found in SourceCodester RSS Feed Parser 1.0. Affected by this issue is the function file_get_contents. This manipulation causes server-side request forgery. … | Mar 30, 2026 |
| CVE-2026-5125 | MEDIUM | 5.3 | A vulnerability was detected in raine consult-llm-mcp up to 2.5.3. Affected by this vulnerability is the function child_process.execSync of the file src/server.ts. The manipulation of … | Mar 30, 2026 |
| CVE-2026-4046 | HIGH | 7.5 | The iconv() function in the GNU C Library versions 2.43 and earlier may crash due to an assertion failure when converting inputs from the IBM1390 … | Mar 30, 2026 |
| CVE-2026-33032 | CRITICAL | 9.8 | Nginx UI is a web user interface for the Nginx web server. In versions 2.3.5 and prior, the nginx-ui MCP (Model Context Protocol) integration exposes … | Mar 30, 2026 |
| CVE-2026-33030 | HIGH | 8.8 | Nginx UI is a web user interface for the Nginx web server. In versions 2.3.3 and prior, Nginx-UI contains an Insecure Direct Object Reference (IDOR) … | Mar 30, 2026 |
| CVE-2026-33029 | UNKNOWN | — | Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, an input validation vulnerability in the logrotate configuration allows … | Mar 30, 2026 |
| CVE-2026-33028 | UNKNOWN | — | Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, the nginx-ui application is vulnerable to a Race Condition. … | Mar 30, 2026 |
| CVE-2026-33027 | UNKNOWN | — | Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, the nginx-ui configuration improperly handles URL-encoded traversal sequences. When … | Mar 30, 2026 |
| CVE-2026-30077 | HIGH | 7.5 | OpenAirInterface V2.2.0 AMF crashes when it fails to decode the message. Not all decode failures result in a crash. But the crash is consistent for … | Mar 30, 2026 |
| CVE-2026-29872 | HIGH | 8.2 | A cross-session information disclosure vulnerability exists in the awesome-llm-apps project in commit e46690f99c3f08be80a9877fab52acacf7ab8251 (2026-01-19). The affected Streamlit-based GitHub MCP Agent stores user-supplied API tokens in … | Mar 30, 2026 |
| CVE-2025-66215 | LOW | 3.8 | OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, an attacker with physical access to the computer at the time … | Mar 30, 2026 |
| CVE-2025-66038 | LOW | 3.9 | OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, sc_compacttlv_find_tag searches a compact-TLV buffer for a given tag. In compact-TLV, … | Mar 30, 2026 |
| CVE-2025-66037 | LOW | 3.9 | OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, feeding a crafted input to the fuzz_pkcs15_reader harness causes OpenSC to … | Mar 30, 2026 |
| CVE-2025-49010 | LOW | 3.8 | OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, an attacker with physical access to the computer at the time … | Mar 30, 2026 |