Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
12628
Total
849
Critical
3640
High
3960
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-33895 | HIGH | 7.5 | Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, Ed25519 signature verification accepts forged non-canonical signatures … | Mar 27, 2026 |
| CVE-2026-33894 | HIGH | 7.5 | Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, RSASSA PKCS#1 v1.5 signature verification accepts forged … | Mar 27, 2026 |
| CVE-2026-33891 | HIGH | 7.5 | Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, a Denial of Service (DoS) vulnerability exists … | Mar 27, 2026 |
| CVE-2026-33887 | MEDIUM | 5.4 | Statamic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.16 and 6.7.2, authenticated Control Panel users could view entry revisions … | Mar 27, 2026 |
| CVE-2026-33886 | MEDIUM | 6.5 | Statamic is a Laravel and Git powered content management system (CMS). Starting in version 5.7.12 and prior to versions 5.73.16 and 6.7.2, a control panel … | Mar 27, 2026 |
| CVE-2026-33885 | MEDIUM | 6.1 | Statamic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.16 and 6.7.2, the external URL detection used for redirect validation … | Mar 27, 2026 |
| CVE-2026-33884 | MEDIUM | 4.3 | Statamic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.16 and 6.7.2, an authenticated Control Panel user with access to … | Mar 27, 2026 |
| CVE-2026-33883 | MEDIUM | 6.1 | Statamic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.16 and 6.7.2, the `user:reset_password_form` tag could render user-input directly into … | Mar 27, 2026 |
| CVE-2026-33882 | MEDIUM | 6.5 | Statamic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.16 and 6.7.2, the markdown preview endpoint could be manipulated to … | Mar 27, 2026 |
| CVE-2026-33881 | UNKNOWN | — | Windmill is an open-source developer platform for internal code: APIs, background jobs, workflows and UIs. Workspace environment variable values are interpolated into JavaScript string literals … | Mar 27, 2026 |
| CVE-2026-33879 | UNKNOWN | — | Federated Learning and Interoperability Platform (FLIP) is an open-source platform for federated training and evaluation of medical imaging AI models across healthcare institutions. The FLIP … | Mar 27, 2026 |
| CVE-2026-33875 | CRITICAL | 9.3 | Gematik Authenticator securely authenticates users for login to digital health applications. Versions prior to 4.16.0 are vulnerable to authentication flow hijacking, potentially allowing attackers to … | Mar 27, 2026 |
| CVE-2026-33874 | HIGH | 7.8 | Gematik Authenticator securely authenticates users for login to digital health applications. Starting in version 4.12.0 and prior to version 4.16.0, the Mac OS version of … | Mar 27, 2026 |
| CVE-2026-33873 | UNKNOWN | — | Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.9.0, the Agentic Assistant feature in Langflow executes LLM-generated Python … | Mar 27, 2026 |
| CVE-2026-32187 | MEDIUM | 4.2 | Microsoft Edge (Chromium-based) Defense in Depth Vulnerability | Mar 27, 2026 |
| CVE-2026-4975 | HIGH | 8.8 | A vulnerability has been found in Tenda AC15 15.03.05.19. This affects the function formSetCfm of the file /goform/setcfm of the component POST Request Handler. The … | Mar 27, 2026 |
| CVE-2026-4974 | HIGH | 8.8 | A flaw has been found in Tenda AC7 15.03.06.44. Affected by this issue is the function fromSetSysTime of the file /goform/SetSysTimeCfg of the component POST … | Mar 27, 2026 |
| CVE-2026-4973 | LOW | 3.5 | A vulnerability was detected in SourceCodester Online Quiz System up to 1.0. Affected by this vulnerability is an unknown functionality of the file endpoint/add-question.php. Performing … | Mar 27, 2026 |
| CVE-2026-4972 | LOW | 2.4 | A security vulnerability has been detected in code-projects Online Reviewer System up to 1.0. Affected is an unknown function of the file /system/system/students/assessments/databank/btn_functions.php. Such manipulation … | Mar 27, 2026 |
| CVE-2026-4971 | MEDIUM | 4.3 | A weakness has been identified in SourceCodester Note Taking App up to 1.0. This impacts an unknown function. This manipulation causes cross-site request forgery. The … | Mar 27, 2026 |
| CVE-2026-34475 | MEDIUM | 5.4 | Varnish Cache before 8.0.1 and Varnish Enterprise before 6.0.16r12, in certain unchecked req.url scenarios, mishandle URLs with a path of / for HTTP/1.1, potentially leading … | Mar 27, 2026 |
| CVE-2026-34391 | UNKNOWN | — | Fleet is open source device management software. Prior to 4.81.1, a vulnerability in Fleet's Windows MDM command processing allows a malicious enrolled device to access … | Mar 27, 2026 |
| CVE-2026-34389 | UNKNOWN | — | Fleet is open source device management software. Prior to 4.81.0, Fleet contained an issue in the user invitation flow where the email address provided during … | Mar 27, 2026 |
| CVE-2026-34388 | UNKNOWN | — | Fleet is open source device management software. Prior to 4.81.0, a denial-of-service vulnerability in Fleet's gRPC Launcher endpoint allows an authenticated host to crash the … | Mar 27, 2026 |
| CVE-2026-34205 | CRITICAL | 9.6 | Home Assistant is open source home automation software that puts local control and privacy first. Home Assistant apps (formerly add-ons) configured with host network mode … | Mar 27, 2026 |