Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
12628
Total
849
Critical
3640
High
3960
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-33981 | UNKNOWN | — | changedetection.io is a free open source web page change detection tool. Prior to 0.54.7, the `jq:` and `jqraw:` include filter expressions allow use of the … | Mar 27, 2026 |
| CVE-2026-33980 | HIGH | 8.3 | Azure Data Explorer MCP Server is a Model Context Protocol (MCP) server that enables AI assistants to execute KQL queries and explore Azure Data Explorer … | Mar 27, 2026 |
| CVE-2026-33979 | HIGH | 8.2 | Express XSS Sanitizer is Express 4.x and 5.x middleware which sanitizes user input data (in req.body, req.query, req.headers and req.params) to prevent Cross Site Scripting … | Mar 27, 2026 |
| CVE-2026-33976 | CRITICAL | 9.6 | Notesnook is a note-taking app. Prior to version 3.3.11 on Web/Desktop and 3.3.17 on Android/iOS, a stored XSS in the Web Clipper rendering flow can … | Mar 27, 2026 |
| CVE-2026-33955 | HIGH | 8.6 | Notesnook is a note-taking app. Prior to version 3.3.11 on Web/Desktop, a cross-site scripting vulnerability stored in the note history comparison viewer can escalate to … | Mar 27, 2026 |
| CVE-2026-33954 | MEDIUM | 6.5 | LinkAce is a self-hosted archive to collect website links. In versions prior to 2.5.3, a private note attached to a non-private link can be disclosed … | Mar 27, 2026 |
| CVE-2026-33953 | HIGH | 8.5 | LinkAce is a self-hosted archive to collect website links. Versions prior to 2.5.3 block direct requests to private IP literals, but still performs server-side requests … | Mar 27, 2026 |
| CVE-2026-33946 | UNKNOWN | — | MCP Ruby SDK is the official Ruby SDK for Model Context Protocol servers and clients. Prior to version 0.9.2, the Ruby SDK's streamable_http_transport.rb implementation contains … | Mar 27, 2026 |
| CVE-2026-33943 | HIGH | 8.8 | Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. In versions 15.10.0 through 20.8.7, a code injection vulnerability in … | Mar 27, 2026 |
| CVE-2026-33941 | HIGH | 8.2 | Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, the Handlebars CLI precompiler (`bin/handlebars` / `lib/precompiler.js`) concatenates user-controlled … | Mar 27, 2026 |
| CVE-2026-33940 | HIGH | 8.1 | Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, a crafted object placed in the template context can … | Mar 27, 2026 |
| CVE-2026-33939 | HIGH | 7.5 | Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, when a Handlebars template contains decorator syntax referencing an … | Mar 27, 2026 |
| CVE-2026-27309 | HIGH | 7.8 | Substance3D - Stager versions 3.1.7 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context … | Mar 27, 2026 |
| CVE-2019-25652 | HIGH | 7.5 | UniFi Network Controller before version 5.10.22 and 5.11.x before 5.11.18 contains an improper certificate verification vulnerability that allows adjacent network attackers to conduct man-in-the-middle attacks … | Mar 27, 2026 |
| CVE-2019-25651 | HIGH | 8.3 | Ubiquiti UniFi Network Controller prior to 5.10.12 (excluding 5.6.42), UAP FW prior to 4.0.6, UAP-AC, UAP-AC v2, and UAP-AC Outdoor FW prior to 3.8.17, USW … | Mar 27, 2026 |
| CVE-2026-4976 | HIGH | 8.8 | A vulnerability was found in Totolink LR350 9.3.5u.6369_B20220309. This vulnerability affects the function setWiFiGuestCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ssid results … | Mar 27, 2026 |
| CVE-2026-34046 | UNKNOWN | — | Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.5.1, the `_read_flow` helper in `src/backend/base/langflow/api/v1/flows.py` branched on the `AUTO_LOGIN` … | Mar 27, 2026 |
| CVE-2026-33938 | HIGH | 8.1 | Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, the `@partial-block` special variable is stored in the template … | Mar 27, 2026 |
| CVE-2026-33937 | CRITICAL | 9.8 | Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, `Handlebars.compile()` accepts a pre-parsed AST object in addition to … | Mar 27, 2026 |
| CVE-2026-33916 | MEDIUM | 4.7 | Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, `resolvePartial()` in the Handlebars runtime resolves partial names via … | Mar 27, 2026 |
| CVE-2026-33907 | MEDIUM | 6.5 | Ella Core is a 5G core designed for private networks. Versions prior to 1.7.0 panic when processing Authentication Response and Authentication Failure NAS message missing … | Mar 27, 2026 |
| CVE-2026-33906 | HIGH | 7.2 | Ella Core is a 5G core designed for private networks. Prior to version 1.7.0, the NetworkManager role was granted backup and restore permission. The restore … | Mar 27, 2026 |
| CVE-2026-33904 | MEDIUM | 6.5 | Ella Core is a 5G core designed for private networks. Prior to version 1.7.0, a deadlock in the AMF's SCTP notification handler causes the entire … | Mar 27, 2026 |
| CVE-2026-33903 | MEDIUM | 6.5 | Ella Core is a 5G core designed for private networks. Versions prior to 1.7.0 panic when processing a specially crafted NGAP LocationReport message. An attacker … | Mar 27, 2026 |
| CVE-2026-33896 | HIGH | 7.4 | Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, `pki.verifyCertificateChain()` does not enforce RFC 5280 basicConstraints … | Mar 27, 2026 |