Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
12618
Total
849
Critical
3639
High
3952
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-5122 | LOW | 3.7 | A security flaw has been discovered in osrg GoBGP up to 4.3.0. This affects the function DecodeFromBytes of the file pkg/packet/bgp/bgp.go of the component BGP … | Mar 30, 2026 |
| CVE-2026-33373 | UNKNOWN | — | An issue was discovered in Zimbra Collaboration (ZCS) 10.0 and 10.1. A Cross-Site Request Forgery (CSRF) vulnerability exists in Zimbra Web Client due to the … | Mar 30, 2026 |
| CVE-2026-30566 | MEDIUM | 6.1 | A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the view_customers.php file via the "limit" … | Mar 30, 2026 |
| CVE-2026-30565 | MEDIUM | 6.1 | A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the view_supplier.php file via the "limit" … | Mar 30, 2026 |
| CVE-2026-30564 | MEDIUM | 6.1 | A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the view_payments.php file via the "limit" … | Mar 30, 2026 |
| CVE-2026-30563 | MEDIUM | 6.1 | A Stored Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the update_details.php file. The application fails … | Mar 30, 2026 |
| CVE-2026-30082 | MEDIUM | 6.1 | Multiple stored cross-site scripting (XSS) vulnerabilities in the Edit feature of the Software Package List page of IngEstate Server v11.14.0 allow attackers to execute arbitrary … | Mar 30, 2026 |
| CVE-2026-3321 | UNKNOWN | — | A vulnerability of authorization bypass through user-controlled key in the 'console-survey/api/v1/answer/{EVENTID}/{TIMESTAMP}/' endpoint. Exploiting this vulnerability would allow an unauthenticated attacker to enumerate event IDs and … | Mar 30, 2026 |
| CVE-2026-28528 | MEDIUM | 4.6 | BlueKitchen BTstack versions prior to 1.8.1 contain an out-of-bounds read vulnerability in the AVRCP Browsing Target GET_FOLDER_ITEMS handler that fails to validate packet boundaries and … | Mar 30, 2026 |
| CVE-2026-28527 | LOW | 3.5 | BlueKitchen BTstack versions prior to 1.8.1 contain an out-of-bounds read vulnerability in the AVRCP Controller GET_PLAYER_APPLICATION_SETTING_ATTRIBUTE_TEXT and GET_PLAYER_APPLICATION_SETTING_VALUE_TEXT handlers that allows nearby attackers to read … | Mar 30, 2026 |
| CVE-2026-28526 | LOW | 3.5 | BlueKitchen BTstack versions prior to 1.8.1 contain an out-of-bounds read vulnerability in the AVRCP Controller LIST_PLAYER_APPLICATION_SETTING_ATTRIBUTES and LIST_PLAYER_APPLICATION_SETTING_VALUES handlers that allows attackers to read beyond … | Mar 30, 2026 |
| CVE-2026-4315 | UNKNOWN | — | A Cross-Site Request Forgery (CSRF) vulnerability in the WatchGuard Fireware OS WebUI could allow a remote attacker to trigger a denial-of-service (DoS) condition in the … | Mar 30, 2026 |
| CVE-2026-4266 | UNKNOWN | — | An Insecure Deserialization vulnerability in WatchGuard Fireware OS allows an attacker that has obtained write access to the local filesystem through another vulnerability to execute … | Mar 30, 2026 |
| CVE-2026-4425 | UNKNOWN | — | Rejected reason: Reserved for EastLink case, but no need for CVE anymore | Mar 30, 2026 |
| CVE-2019-25655 | MEDIUM | 6.2 | Device Monitoring Studio 8.10.00.8925 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string to … | Mar 30, 2026 |
| CVE-2019-25654 | HIGH | 7.5 | Core FTP/SFTP Server 1.2 contains a buffer overflow vulnerability that allows attackers to crash the service by supplying an excessively long string in the User … | Mar 30, 2026 |
| CVE-2019-25653 | MEDIUM | 6.2 | Navicat for Oracle 12.1.15 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in … | Mar 30, 2026 |
| CVE-2018-25235 | MEDIUM | 6.2 | NetworkActiv Web Server 4.0 contains a buffer overflow vulnerability in the username field of the Security options that allows local attackers to crash the application … | Mar 30, 2026 |
| CVE-2018-25234 | MEDIUM | 6.2 | SmartFTP Client 9.0.2615.0 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the … | Mar 30, 2026 |
| CVE-2018-25233 | MEDIUM | 6.2 | WebDrive 18.00.5057 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the username … | Mar 30, 2026 |
| CVE-2018-25232 | MEDIUM | 5.5 | Softros LAN Messenger 9.2 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string to … | Mar 30, 2026 |
| CVE-2018-25231 | MEDIUM | 6.2 | HeidiSQL 9.5.0.5196 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long file path in the … | Mar 30, 2026 |
| CVE-2018-25230 | MEDIUM | 5.5 | Free IP Switcher 3.1 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the … | Mar 30, 2026 |
| CVE-2018-25229 | MEDIUM | 5.5 | BulletProof FTP Server 2019.0.0.50 contains a denial of service vulnerability in the SMTP configuration interface that allows local attackers to crash the application by supplying … | Mar 30, 2026 |
| CVE-2018-25228 | MEDIUM | 6.2 | NetSetMan 4.7.1 contains a buffer overflow vulnerability in the Workgroup feature that allows local attackers to crash the application by supplying oversized input. Attackers can … | Mar 30, 2026 |