Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
12618
Total
849
Critical
3639
High
3952
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2018-25227 | MEDIUM | 6.2 | Valentina Studio 9.0.4 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the … | Mar 30, 2026 |
| CVE-2018-25226 | MEDIUM | 6.2 | FTPShell Server 6.83 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the account … | Mar 30, 2026 |
| CVE-2026-1612 | UNKNOWN | — | AL-KO Robolinho Update Software has hard-coded AWS Access and Secret keys that allow anyone to access AL-KO's AWS bucket. Using the keys directly might give … | Mar 30, 2026 |
| CVE-2026-5128 | CRITICAL | 10.0 | A sensitive information exposure vulnerability exists in ArthurFiorette steam-trader 2.1.1. An unauthenticated attacker can send a request to the /users API endpoint to retrieve highly … | Mar 30, 2026 |
| CVE-2026-5121 | UNKNOWN | — | A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer allocation logic. A remote attacker can … | Mar 30, 2026 |
| CVE-2026-4416 | HIGH | 7.8 | The Performance Library component of Gigabyte Control Center has an Insecure Deserialization vulnerability. Authenticated local attackers can send a malicious serialized payload to the EasyTune … | Mar 30, 2026 |
| CVE-2026-4415 | HIGH | 8.1 | Gigabyte Control Center developed by GIGABYTE has an Arbitrary File Write vulnerability. When the pairing feature is enabled, unauthenticated remote attackers can write arbitrary files … | Mar 30, 2026 |
| CVE-2026-3945 | HIGH | 7.5 | An integer overflow vulnerability in the HTTP chunked transfer encoding parser in tinyproxy up to and including version 1.11.3 allows an unauthenticated remote attacker to … | Mar 30, 2026 |
| CVE-2026-2328 | HIGH | 7.5 | An unauthenticated remote attacker can exploit insufficient input validation to access backend components beyond their intended scope via path traversal, resulting in exposure of sensitive … | Mar 30, 2026 |
| CVE-2026-25704 | UNKNOWN | — | A Privilege Dropping / Lowering Errors/Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in cosmic-greeter can allow an attacker to regain privileges that should have been dropped … | Mar 30, 2026 |
| CVE-2025-3716 | UNKNOWN | — | User enumeration in ESET Protect (on-prem) via Response Timing. | Mar 30, 2026 |
| CVE-2025-15379 | CRITICAL | 10.0 | A command injection vulnerability exists in MLflow's model serving container initialization code, specifically in the `_install_model_dependencies_to_env()` function. When deploying a model with `env_manager=LOCAL`, MLflow reads … | Mar 30, 2026 |
| CVE-2026-5119 | MEDIUM | 5.9 | A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the initial … | Mar 30, 2026 |
| CVE-2026-5107 | MEDIUM | 4.2 | A vulnerability has been found in FRRouting FRR up to 10.5.1. This affects the function process_type2_route of the file bgpd/bgp_evpn.c of the component EVPN Type-2 … | Mar 30, 2026 |
| CVE-2026-5106 | LOW | 2.4 | A flaw has been found in code-projects Exam Form Submission 1.0. The impacted element is an unknown function of the file /admin/update_fst.php. Executing a manipulation … | Mar 30, 2026 |
| CVE-2026-5105 | MEDIUM | 6.3 | A vulnerability was detected in Totolink A3300R 17.0.0cu.557_b20221024. The affected element is the function setVpnPassCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. Performing … | Mar 30, 2026 |
| CVE-2026-5104 | MEDIUM | 6.3 | A security vulnerability has been detected in Totolink A3300R 17.0.0cu.557_b20221024. Impacted is the function setStaticRoute of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument ip … | Mar 30, 2026 |
| CVE-2026-5103 | MEDIUM | 6.3 | A weakness has been identified in Totolink A3300R 17.0.0cu.557_b20221024. This issue affects the function setUPnPCfg of the file /cgi-bin/cstecgi.cgi. This manipulation of the argument enable … | Mar 30, 2026 |
| CVE-2026-3124 | HIGH | 7.5 | The Download Monitor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.7 via the executePayment() function … | Mar 30, 2026 |
| CVE-2025-15036 | CRITICAL | 9.6 | A path traversal vulnerability exists in the `extract_archive_to_dir` function within the `mlflow/pyfunc/dbconnect_artifact_cache.py` file of the mlflow/mlflow repository. This vulnerability, present in versions before v3.7.0, arises … | Mar 30, 2026 |
| CVE-2026-5102 | MEDIUM | 6.3 | A security flaw has been discovered in Totolink A3300R 17.0.0cu.557_b20221024. This vulnerability affects the function setSmartQosCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. … | Mar 30, 2026 |
| CVE-2026-2370 | HIGH | 8.1 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 14.3 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 affecting Jira Connect … | Mar 30, 2026 |
| CVE-2025-7741 | UNKNOWN | — | Hardcoded Password Vulnerability have been found in CENTUM. Affected products contain a hardcoded password for the user account (PROG) used for CENTUM Authentication Mode within … | Mar 30, 2026 |
| CVE-2026-5101 | MEDIUM | 6.3 | A vulnerability was identified in Totolink A3300R 17.0.0cu.557_b20221024. This affects the function setLanCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. The manipulation of … | Mar 29, 2026 |
| CVE-2026-4176 | CRITICAL | 9.8 | Perl versions from 5.9.4 before 5.40.4-RC1, from 5.41.0 before 5.42.2-RC1, from 5.43.0 before 5.43.9 contain a vulnerable version of Compress::Raw::Zlib. Compress::Raw::Zlib is included in the … | Mar 29, 2026 |