Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
226
Total
14
Critical
71
High
67
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-4984 | HIGH | 8.2 | The Twilio integration webhook handler accepts any POST request without validating Twilio's 'X-Twilio-Signature'. When processing media messages, it fetches user-controlled URLs ('MediaUrlN' parameters) using HTTP … | Mar 27, 2026 |
| CVE-2026-4980 | MEDIUM | 6.3 | A local file disclosure vulnerability in the XInclude processing component of Inkscape 1.1 before 1.3 allows a remote attacker to read local files via a … | Mar 27, 2026 |
| CVE-2026-4957 | LOW | 2.7 | A flaw has been found in OpenBMB XAgent 1.0.0. The impacted element is the function FunctionHandler.handle_tool_call of the file XAgent/function_handler.py of the component API Key … | Mar 27, 2026 |
| CVE-2026-4956 | HIGH | 7.3 | A vulnerability was detected in Shenzhen Ruiming Technology Streamax Crocus 1.3.44. The affected element is an unknown function of the file /DevicePrint.do?Action=ReadTask of the component … | Mar 27, 2026 |
| CVE-2026-4955 | HIGH | 7.3 | A vulnerability was found in Shenzhen Ruiming Technology Streamax Crocus 1.3.44. This impacts an unknown function of the file /OperateStatistic.do. The manipulation of the argument … | Mar 27, 2026 |
| CVE-2026-4954 | MEDIUM | 6.3 | A security vulnerability has been detected in mingSoft MCMS up to 5.5.0. Impacted is the function list of the file net/mingsoft/cms/action/web/ContentAction.java of the component Web … | Mar 27, 2026 |
| CVE-2026-4953 | HIGH | 7.3 | A weakness has been identified in mingSoft MCMS up to 5.5.0. This issue affects the function catchImage of the file net/mingsoft/cms/action/BaseAction.java of the component Editor … | Mar 27, 2026 |
| CVE-2026-33766 | UNKNOWN | — | WWBN AVideo is an open source video platform. In versions up to and including 26.0, `isSSRFSafeURL()` validates URLs against private/reserved IP ranges before fetching, but … | Mar 27, 2026 |
| CVE-2026-33764 | MEDIUM | 4.3 | WWBN AVideo is an open source video platform. In versions up to and including 26.0, the AI plugin's `save.json.php` endpoint loads AI response objects using … | Mar 27, 2026 |
| CVE-2026-33763 | MEDIUM | 5.3 | WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `get_api_video_password_is_correct` API endpoint allows any unauthenticated user to verify … | Mar 27, 2026 |
| CVE-2026-33761 | MEDIUM | 5.3 | WWBN AVideo is an open source video platform. In versions up to and including 26.0, three `list.json.php` endpoints in the Scheduler plugin lack any authentication … | Mar 27, 2026 |
| CVE-2026-33759 | MEDIUM | 5.3 | WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `objects/playlistsVideos.json.php` endpoint returns the full video contents of any … | Mar 27, 2026 |
| CVE-2026-33758 | UNKNOWN | — | OpenBao is an open source identity-based secrets management system. Prior to version 2.5.2, OpenBao installations that have an OIDC/JWT authentication method enabled and a role … | Mar 27, 2026 |
| CVE-2026-33757 | CRITICAL | 9.6 | OpenBao is an open source identity-based secrets management system. Prior to version 2.5.2, OpenBao does not prompt for user confirmation when logging in via JWT/OIDC … | Mar 27, 2026 |
| CVE-2026-33755 | HIGH | 8.8 | Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.158, 25.0.92, and 26.0.17, an authenticated SQL Injection vulnerability in the JMAP … | Mar 27, 2026 |
| CVE-2026-33750 | MEDIUM | 6.5 | The brace-expansion library generates arbitrary strings containing a common prefix and suffix. Prior to versions 5.0.5, 3.0.2, 2.0.3, and 1.1.13, a brace pattern with a … | Mar 27, 2026 |
| CVE-2026-33748 | UNKNOWN | — | BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, insufficient validation of … | Mar 27, 2026 |
| CVE-2026-33433 | UNKNOWN | — | Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.42, 3.6.11, and 3.7.0-ea.3, when `headerField` is configured with a non-canonical HTTP header … | Mar 27, 2026 |
| CVE-2026-33284 | UNKNOWN | — | GlobaLeaks is free and open-source whistleblowing software. Prior to version 5.0.89, the /api/support endpoint of GlobaLeaks performs minimal validation on user-submitted support requests. As a … | Mar 27, 2026 |
| CVE-2026-33206 | UNKNOWN | — | calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.6.0, a path traversal vulnerability exists in Calibre' handling … | Mar 27, 2026 |
| CVE-2026-33205 | UNKNOWN | — | calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.6.0, a Server-Side Request Forgery vulnerability in the background-image … | Mar 27, 2026 |
| CVE-2026-30689 | HIGH | 7.5 | A blog.admin v.8.0 and before system's getinfobytoken API interface contains an improper access control which leads to sensitive data exposure. Unauthorized parties can obtain sensitive … | Mar 27, 2026 |
| CVE-2026-30637 | HIGH | 7.5 | Server-Side Request Forgery (SSRF) vulnerability exists in the AnnounContent of the /admin/read.php in OTCMS V7.66 and before. The vulnerability allows remote attackers to craft HTTP … | Mar 27, 2026 |
| CVE-2026-30407 | UNKNOWN | — | Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by its CNA. Further investigation showed that it was not … | Mar 27, 2026 |
| CVE-2026-30304 | CRITICAL | 9.6 | In its design for automatic terminal command execution, AI Code offers two options: Execute safe commands and execute all commands. The description for the former … | Mar 27, 2026 |