Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
220
Total
14
Critical
71
High
65
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-30567 | UNKNOWN | — | A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Inventory System 1.0 in the view_product.php file via the "limit" parameter. The application fails to sanitize … | Mar 27, 2026 |
| CVE-2025-15617 | MEDIUM | 6.5 | Wazuh version 4.12.0 contains an exposure vulnerability in GitHub Actions workflow artifacts that allows attackers to extract the GITHUB_TOKEN from uploaded artifacts. Attackers can use … | Mar 27, 2026 |
| CVE-2026-4964 | MEDIUM | 6.3 | A security vulnerability has been detected in letta-ai letta 0.16.4. This vulnerability affects the function _convert_message_create_to_message of the file letta/helpers/message_helper.py of the component File URL … | Mar 27, 2026 |
| CVE-2026-4963 | MEDIUM | 6.3 | A weakness has been identified in huggingface smolagents 1.25.0.dev0. This affects the function evaluate_augassign/evaluate_call/evaluate_with of the file src/smolagents/local_python_executor.py of the component Incomplete Fix CVE-2025-9959. This … | Mar 27, 2026 |
| CVE-2026-4962 | HIGH | 7.0 | A security flaw has been discovered in UltraVNC up to 1.6.4.0. Affected by this issue is some unknown functionality in the library version.dll of the … | Mar 27, 2026 |
| CVE-2026-4961 | HIGH | 8.8 | A vulnerability was identified in Tenda AC6 15.03.05.16. Affected by this vulnerability is the function formQuickIndex of the file /goform/QuickIndex of the component POST Request … | Mar 27, 2026 |
| CVE-2026-4960 | HIGH | 8.8 | A vulnerability was determined in Tenda AC6 15.03.05.16. Affected is the function fromWizardHandle of the file /goform/WizardHandle of the component POST Request Handler. Executing a … | Mar 27, 2026 |
| CVE-2026-34411 | MEDIUM | 5.3 | Appsmith versions prior to 1.98 expose sensitive instance management API endpoints without authentication. Unauthenticated attackers can query endpoints like /api/v1/consolidated-api/view and /api/v1/tenants/current to retrieve configuration … | Mar 27, 2026 |
| CVE-2026-34362 | MEDIUM | 5.4 | WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `verifyTokenSocket()` function in `plugin/YPTSocket/functions.php` has its token timeout validation … | Mar 27, 2026 |
| CVE-2026-34247 | MEDIUM | 5.4 | WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `plugin/Live/uploadPoster.php` endpoint allows any authenticated user to overwrite the … | Mar 27, 2026 |
| CVE-2026-34245 | MEDIUM | 6.3 | WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `plugin/PlayLists/View/Playlists_schedules/add.json.php` endpoint allows any authenticated user with streaming permission … | Mar 27, 2026 |
| CVE-2026-33867 | UNKNOWN | — | WWBN AVideo is an open source video platform. In versions up to and including 26.0, AVideo allows content owners to password-protect individual videos. The video … | Mar 27, 2026 |
| CVE-2026-33770 | UNKNOWN | — | WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `fixCleanTitle()` static method in `objects/category.php` constructs a SQL SELECT … | Mar 27, 2026 |
| CVE-2026-33767 | UNKNOWN | — | WWBN AVideo is an open source video platform. In versions up to and including 26.0, in `objects/like.php`, the `getLike()` method constructs a SQL query using … | Mar 27, 2026 |
| CVE-2026-30576 | HIGH | 7.5 | A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0 in the add-stock.php file. The application fails to validate the "txtprice" and "txttotalcost" … | Mar 27, 2026 |
| CVE-2026-30575 | HIGH | 7.5 | A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0 in the add-stock.php file. The application fails to validate the "txtqty" parameter during … | Mar 27, 2026 |
| CVE-2026-30574 | HIGH | 7.5 | A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0 in the add-sales.php file. The application fails to verify if the requested sales … | Mar 27, 2026 |
| CVE-2026-30571 | UNKNOWN | — | A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Inventory System 1.0 in the view_category.php file via the "limit" parameter. The application fails to sanitize … | Mar 27, 2026 |
| CVE-2026-30570 | UNKNOWN | — | A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Inventory System 1.0 in the view_sales.php file via the "limit" parameter. The application fails to sanitize … | Mar 27, 2026 |
| CVE-2026-30569 | UNKNOWN | — | A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Inventory System 1.0. The vulnerability is located in the view_stock_availability.php file via the "limit" parameter. The … | Mar 27, 2026 |
| CVE-2026-28369 | HIGH | 8.7 | A flaw was found in Undertow. When Undertow receives an HTTP request where the first header line starts with one or more spaces, it incorrectly … | Mar 27, 2026 |
| CVE-2026-28368 | HIGH | 8.7 | A flaw was found in Undertow. This vulnerability allows a remote attacker to construct specially crafted requests where header names are parsed differently by Undertow … | Mar 27, 2026 |
| CVE-2026-28367 | HIGH | 8.7 | A flaw was found in Undertow. A remote attacker can exploit this vulnerability by sending `\r\r\r` as a header block terminator. This can be used … | Mar 27, 2026 |
| CVE-2025-15616 | MEDIUM | 6.7 | Wazuh wazuh-agent and wazuh-manager versions 2.1.0 before 4.8.0 contain multiple shell injection and untrusted search path vulnerabilities that allow attackers to execute arbitrary commands through … | Mar 27, 2026 |
| CVE-2025-15615 | MEDIUM | 5.8 | Wazuh Manager authd service in wazuh-manager packages through version 4.7.3 contains an improper restriction of client-initiated SSL/TLS renegotiation vulnerability that allows remote attackers to cause … | Mar 27, 2026 |