Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
12618
Total
849
Critical
3639
High
3952
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-5124 | LOW | 3.7 | A security vulnerability has been detected in osrg GoBGP up to 4.3.0. Affected is the function BGPHeader.DecodeFromBytes of the file pkg/packet/bgp/bgp.go of the component BGP … | Mar 30, 2026 |
| CVE-2026-29954 | HIGH | 7.6 | In KubePlus 4.1.4, the mutating webhook and kubeconfiggenerator components have an SSRF vulnerability when processing the chartURL field of ResourceComposition resources. The field is only … | Mar 30, 2026 |
| CVE-2026-29909 | MEDIUM | 5.3 | MRCMS V3.1.2 contains an unauthenticated directory enumeration vulnerability in the file management module. The /admin/file/list.do endpoint lacks authentication controls and proper input validation, allowing remote … | Mar 30, 2026 |
| CVE-2026-27508 | MEDIUM | 5.4 | Smoothwall Express versions prior to 3.1 Update 13 contain a reflected cross-site scripting vulnerability in the /redirect.cgi endpoint due to improper sanitation of the url … | Mar 30, 2026 |
| CVE-2026-26352 | MEDIUM | 5.4 | Smoothwall Express versions prior to 3.1 Update 13 contain a stored cross-site scripting vulnerability in the /cgi-bin/vpnmain.cgi script due to improper sanitation of the VPN_IP … | Mar 30, 2026 |
| CVE-2026-5170 | MEDIUM | 5.3 | A user with access to the cluster with a limited set of privilege actions can trigger a crash of a mongod process during the limited … | Mar 30, 2026 |
| CVE-2026-5123 | LOW | 3.7 | A weakness has been identified in osrg GoBGP up to 4.3.0. This impacts the function DecodeFromBytes of the file pkg/packet/bgp/bgp.go. Executing a manipulation of the … | Mar 30, 2026 |
| CVE-2026-34472 | HIGH | 7.1 | Unauthenticated credential disclosure in the wizard interface in ZTE ZXHN H188A V6.0.10P2_TE and V6.0.10P3N3_TE allows unauthenticated attackers on the local network to retrieve sensitive credentials … | Mar 30, 2026 |
| CVE-2026-33643 | HIGH | 7.4 | SQL Injection vulnerability in SchemaHero 0.23.0 via the column parameter to the mysqlColumnAsInsert function in file plugins/mysql/lib/column.go. | Mar 30, 2026 |
| CVE-2026-30562 | CRITICAL | 9.3 | A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the add_stock.php file via the "msg" … | Mar 30, 2026 |
| CVE-2026-30561 | UNKNOWN | — | A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the add_purchase.php file via the "msg" … | Mar 30, 2026 |
| CVE-2026-30560 | UNKNOWN | — | A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the add_supplier.php file via the "msg" … | Mar 30, 2026 |
| CVE-2026-30559 | UNKNOWN | — | A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the add_sales.php file via the "msg" … | Mar 30, 2026 |
| CVE-2026-30558 | UNKNOWN | — | A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the add_customer.php file via the "msg" … | Mar 30, 2026 |
| CVE-2026-30557 | UNKNOWN | — | A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the add_category.php file via the "msg" … | Mar 30, 2026 |
| CVE-2026-30556 | UNKNOWN | — | A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the index.php file via the "msg" … | Mar 30, 2026 |
| CVE-2026-2287 | UNKNOWN | — | CrewAI does not properly check that Docker is still running during runtime, and will fall back to a sandbox setting that allows for RCE exploitation. | Mar 30, 2026 |
| CVE-2026-2286 | UNKNOWN | — | CrewAI contains a server-side request forgery vulnerability that enables content acquisition from internal and cloud services, facilitated by the RAG search tools not properly validating … | Mar 30, 2026 |
| CVE-2026-2285 | UNKNOWN | — | CrewAI contains a arbitrary local file read vulnerability in the JSON loader tool that reads files without path validation, enabling access to files on the … | Mar 30, 2026 |
| CVE-2026-2275 | UNKNOWN | — | The CrewAI CodeInterpreter tool falls back to SandboxPython when it cannot reach Docker, which can enable RCE through arbitrary C function calling. | Mar 30, 2026 |
| CVE-2026-29953 | HIGH | 7.4 | SQL Injection vulnerability in SchemaHero 0.23.0 via the column parameter to the columnAsInsert function in file plugins/postgres/lib/column.go. | Mar 30, 2026 |
| CVE-2026-29597 | MEDIUM | 6.5 | Incorrect access control in the file_details.asp endpoint of DDSN Interactive Acora CMS v10.7.1 allows attackers with editor privileges to access sensitive files via crafted requests. | Mar 30, 2026 |
| CVE-2026-21712 | MEDIUM | 5.7 | A flaw in Node.js URL processing causes an assertion failure in native code when `url.format()` is called with a malformed internationalized domain name (IDN) containing … | Mar 30, 2026 |
| CVE-2026-5165 | MEDIUM | 6.7 | A flaw was found in virtio-win, specifically within the VirtIO Block (BLK) device. When the device undergoes a reset, it fails to properly manage memory, … | Mar 30, 2026 |
| CVE-2026-5164 | MEDIUM | 6.7 | A flaw was found in virtio-win. The `RhelDoUnMap()` function does not properly validate the number of descriptors provided by a user during an unmap request. … | Mar 30, 2026 |