Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
226
Total
14
Critical
71
High
67
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-30303 | CRITICAL | 9.8 | The command auto-approval module in Axon Code contains an OS Command Injection vulnerability, rendering its whitelist security mechanism ineffective. The vulnerability stems from the incorrect … | Mar 27, 2026 |
| CVE-2026-29871 | HIGH | 7.5 | A path traversal vulnerability exists in the awesome-llm-apps project in commit e46690f99c3f08be80a9877fab52acacf7ab8251 (2026-01-19) in the Beifong AI News and Podcast Agent backend in FastAPI backend, … | Mar 27, 2026 |
| CVE-2026-28375 | MEDIUM | 6.5 | A testdata data-source can be used to trigger out-of-memory crashes in Grafana. | Mar 27, 2026 |
| CVE-2026-27880 | HIGH | 7.5 | The OpenFeature feature toggle evaluation endpoint reads unbounded values into memory, which can cause out-of-memory crashes. | Mar 27, 2026 |
| CVE-2026-27879 | MEDIUM | 6.5 | A resample query can be used to trigger out-of-memory crashes in Grafana. | Mar 27, 2026 |
| CVE-2026-27877 | MEDIUM | 6.5 | When using public dashboards and direct data-sources, all direct data-sources' passwords are exposed despite not being used in dashboards. No passwords of proxied data-sources are … | Mar 27, 2026 |
| CVE-2026-27876 | CRITICAL | 9.1 | A chained attack via SQL Expressions and a Grafana Enterprise plugin can lead to a remote arbitrary code execution impact (RCE). This is enabled by … | Mar 27, 2026 |
| CVE-2026-1496 | UNKNOWN | — | Vulnerable versions of Coverity Connect lack an error handler in the authentication logic for command line tooling that makes it vulnerable to an authentication bypass. … | Mar 27, 2026 |
| CVE-2025-69988 | MEDIUM | 6.5 | BS Producten Petcam 33.1.0.0818 is vulnerable to Incorrect Access Control. An unauthenticated attacker in physical proximity can associate with this open network. Once connected, the … | Mar 27, 2026 |
| CVE-2025-69986 | HIGH | 7.2 | A buffer overflow vulnerability exists in the ONVIF GetStreamUri function of LSC Indoor Camera V7.6.32. The application fails to validate the length of the Protocol … | Mar 27, 2026 |
| CVE-2025-61190 | UNKNOWN | — | A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in DSpace JSPUI 6.5 within the search/discover filtering functionality. The vulnerability exists due to improper sanitization … | Mar 27, 2026 |
| CVE-2024-11604 | UNKNOWN | — | Insertion of Sensitive Information into Log File vulnerability in the SCIM Driver module in OpenText IDM Driver and Extensions on Windows, Linux, 64 bit allows … | Mar 27, 2026 |
| CVE-2026-32859 | MEDIUM | 5.4 | ByteDance Deer-Flow versions prior to commit 5dbb362 contain a stored cross-site scripting vulnerability in the artifacts API that allows attackers to execute arbitrary scripts by … | Mar 27, 2026 |
| CVE-2026-32695 | UNKNOWN | — | Traefik is an HTTP reverse proxy and load balancer. Prior to versions 3.6.11 and 3.7.0-ea.2, Traefik's Knative provider builds router rules by interpolating user-controlled values … | Mar 27, 2026 |
| CVE-2025-13478 | UNKNOWN | — | Cache misconfiguration vulnerability in OpenText Identity Manager on Windows, Linux allows remote authenticated users to obtain another user's session data via insecure application cache handling. … | Mar 27, 2026 |
| CVE-2026-4982 | UNKNOWN | — | A user with permission "update world" in any Venueless world is able to exfiltrate chat messages from direct messages or channels in other worlds on … | Mar 27, 2026 |
| CVE-2026-4340 | UNKNOWN | — | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this … | Mar 27, 2026 |
| CVE-2026-4622 | UNKNOWN | — | OS Command Injection vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to execute arbitrary OS commands via network. | Mar 27, 2026 |
| CVE-2026-4621 | UNKNOWN | — | Hidden Functionality vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to enable telnet via network. | Mar 27, 2026 |
| CVE-2026-4620 | UNKNOWN | — | OS Command Injection vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to execute arbitrary OS commands via network. | Mar 27, 2026 |
| CVE-2026-4619 | UNKNOWN | — | Path Traversal vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to wtite over any file via network. | Mar 27, 2026 |
| CVE-2026-4309 | UNKNOWN | — | Missing Authorization vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to get a specific device information and change the settings via network. | Mar 27, 2026 |
| CVE-2026-25101 | UNKNOWN | — | Bludit allows user's session identifier to be set before authentication. The value of this session ID stays the same after authentication. This behavior enables an … | Mar 27, 2026 |
| CVE-2026-25100 | UNKNOWN | — | Bludit is vulnerable to Stored Cross-Site Scripting (XSS) in its image upload functionality. An authenticated attacker with content upload privileges (such as Author, Editor, or … | Mar 27, 2026 |
| CVE-2026-25099 | UNKNOWN | — | Bludit’s API plugin allows an authenticated attacker with a valid API token to upload files of any type and extension without restriction, which can then … | Mar 27, 2026 |