Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
226
Total
14
Critical
71
High
67
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-4994 | LOW | 3.5 | A vulnerability was found in wandb OpenUI up to 1.0/3.5-turb. Affected is the function generic_exception_handler of the file backend/openui/server.py of the component APIStatusError Handler. The … | Mar 28, 2026 |
| CVE-2026-4993 | LOW | 3.3 | A vulnerability has been found in wandb OpenUI up to 0.0.0.0/1.0. This impacts an unknown function of the file backend/openui/config.py. The manipulation of the argument … | Mar 28, 2026 |
| CVE-2026-2442 | MEDIUM | 5.3 | The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Improper Neutralization of CRLF Sequences ('CRLF Injection') in all … | Mar 28, 2026 |
| CVE-2026-23399 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: nf_tables: nft_dynset: fix possible stateful expression memleak in error path If cloning the second stateful … | Mar 28, 2026 |
| CVE-2026-1307 | MEDIUM | 6.5 | The Ninja Forms - The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up … | Mar 28, 2026 |
| CVE-2025-15445 | UNKNOWN | — | The Restaurant Cafeteria WordPress theme through 0.4.6 exposes insecure admin-ajax actions without nonce or capability checks, allowing any logged-in user, like subscriber, to perform privileged … | Mar 28, 2026 |
| CVE-2025-12886 | HIGH | 7.2 | The Oxygen Theme theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.0.8 via the laborator_calc_route AJAX action. … | Mar 28, 2026 |
| CVE-2026-4987 | HIGH | 7.5 | The SureForms – Contact Form, Payment Form & Other Custom Form Builder plugin for WordPress is vulnerable to Payment Amount Bypass in all versions up … | Mar 28, 2026 |
| CVE-2026-1679 | HIGH | 7.3 | The eswifi socket offload driver copies user-provided payloads into a fixed buffer without checking available space; oversized sends overflow `eswifi->buf`, corrupting kernel memory (CWE-120). Exploit … | Mar 28, 2026 |
| CVE-2026-4992 | MEDIUM | 4.3 | A flaw has been found in wandb OpenUI up to 1.0. This affects the function create_share/get_share of the file backend/openui/server.py of the component HTMLAnnotator Component. … | Mar 27, 2026 |
| CVE-2026-4991 | LOW | 3.5 | A vulnerability was detected in QDOCS Smart School Management System up to 7.2. The impacted element is an unknown function of the file /admin/enquiry of … | Mar 27, 2026 |
| CVE-2026-4248 | HIGH | 8.0 | The Ultimate Member plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.11.2. This is due to the … | Mar 27, 2026 |
| CVE-2026-33996 | UNKNOWN | — | LibJWT is a C JSON Web Token Library. Starting in version 3.0.0 and prior to version 3.3.0, the JWK parsing for RSA-PSS did not protect … | Mar 27, 2026 |
| CVE-2026-33994 | UNKNOWN | — | Locutus brings stdlibs of other programming languages to JavaScript for educational purposes. Starting in version 2.0.39 and prior to version 3.0.25, a prototype pollution vulnerability … | Mar 27, 2026 |
| CVE-2026-33993 | UNKNOWN | — | Locutus brings stdlibs of other programming languages to JavaScript for educational purposes. Prior to version 3.0.25, the `unserialize()` function in `locutus/php/var/unserialize` assigns deserialized keys to … | Mar 27, 2026 |
| CVE-2026-33992 | UNKNOWN | — | pyLoad is a free and open-source download manager written in Python. Prior to version 0.5.0b3.dev97, PyLoad's download engine accepts arbitrary URLs without validation, enabling Server-Side … | Mar 27, 2026 |
| CVE-2026-33991 | HIGH | 8.8 | WeGIA is a web manager for charitable institutions. Prior to version 3.6.7, the file `html/socio/sistema/deletar_tag.php` uses `extract($_REQUEST)` on line 14 and directly concatenates the `$id_tag` … | Mar 27, 2026 |
| CVE-2026-33936 | MEDIUM | 5.3 | The `ecdsa` PyPI package is a pure Python implementation of ECC (Elliptic Curve Cryptography) with support for ECDSA (Elliptic Curve Digital Signature Algorithm), EdDSA (Edwards-curve … | Mar 27, 2026 |
| CVE-2026-4990 | HIGH | 7.3 | A security vulnerability has been detected in chatwoot up to 4.11.1. The affected element is an unknown function of the file /app/login of the component … | Mar 27, 2026 |
| CVE-2026-4988 | LOW | 3.7 | A security flaw has been discovered in Open5GS 2.7.6. This issue affects the function smf_gx_cca_cb/smf_gy_cca_cb/smf_s6b of the component CCA Message Handler. The manipulation results in … | Mar 27, 2026 |
| CVE-2026-4985 | MEDIUM | 4.3 | A vulnerability was identified in dloebl CGIF up to 0.5.2. This vulnerability affects the function cgif_addframe of the file src/cgif.c of the component GIF Image … | Mar 27, 2026 |
| CVE-2026-34226 | HIGH | 7.5 | Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. Versions prior to 20.8.9 may attach cookies from the current … | Mar 27, 2026 |
| CVE-2026-33989 | HIGH | 8.1 | Mobile Next is an MCP server for mobile development and automation. Prior to version 0.0.49, the `@mobilenext/mobile-mcp` server contains a Path Traversal vulnerability in the … | Mar 27, 2026 |
| CVE-2026-33981 | UNKNOWN | — | changedetection.io is a free open source web page change detection tool. Prior to 0.54.7, the `jq:` and `jqraw:` include filter expressions allow use of the … | Mar 27, 2026 |
| CVE-2026-33980 | HIGH | 8.3 | Azure Data Explorer MCP Server is a Model Context Protocol (MCP) server that enables AI assistants to execute KQL queries and explore Azure Data Explorer … | Mar 27, 2026 |