Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
11537
Total
770
Critical
3263
High
3665
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-33846 | HIGH | 7.5 | A heap buffer overflow vulnerability exists in the DTLS handshake fragment reassembly logic of GnuTLS. The issue arises in merge_handshake_packet() where incoming handshake fragments are … | May 04, 2026 |
| CVE-2026-7747 | CRITICAL | 9.8 | A security flaw has been discovered in Totolink N300RH 3.2.4-B20220812. Affected by this vulnerability is the function loginauth of the file /cgi-bin/cstecgi.cgi of the component … | May 04, 2026 |
| CVE-2026-7746 | MEDIUM | 6.3 | A vulnerability was identified in SourceCodester Web-based Pharmacy Product Management System 1.0. Affected is an unknown function of the file /product_expiry/edit-admin.php. Such manipulation of the … | May 04, 2026 |
| CVE-2026-7745 | MEDIUM | 6.3 | A vulnerability was determined in CodeAstro Online Classroom 1.0. This impacts an unknown function of the file /OnlineClassroom/facultydetails. This manipulation of the argument deleteid causes … | May 04, 2026 |
| CVE-2025-14320 | CRITICAL | 9.8 | Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Tegsoft Management and Information Services Trade Limited Company Online Support Application allows Reflected … | May 04, 2026 |
| CVE-2026-7744 | MEDIUM | 6.3 | A vulnerability was found in CodeAstro Online Classroom 1.0. This affects an unknown function of the file /OnlineClassroom/addnewstudent. The manipulation of the argument fname results … | May 04, 2026 |
| CVE-2026-7743 | MEDIUM | 6.3 | A vulnerability has been found in CodeAstro Online Classroom 1.0. The impacted element is an unknown function of the file /OnlineClassroom/studentdetails. The manipulation of the … | May 04, 2026 |
| CVE-2026-7742 | MEDIUM | 6.3 | A flaw has been found in CodeAstro Online Classroom 1.0. The affected element is an unknown function of the file /OnlineClassroom/facultylogin. Executing a manipulation of … | May 04, 2026 |
| CVE-2026-7741 | MEDIUM | 6.3 | A vulnerability was detected in CodeAstro Online Classroom 1.0. Impacted is an unknown function of the file /OnlineClassroom/studentlogin. Performing a manipulation of the argument sid … | May 04, 2026 |
| CVE-2026-7740 | LOW | 3.3 | A security vulnerability has been detected in justdan96 tsMuxer up to 2.7.0. This issue affects the function VvcVpsUnit::setFPS of the file tsMuxer/vvc.cpp. Such manipulation of … | May 04, 2026 |
| CVE-2026-7739 | LOW | 3.3 | A weakness has been identified in justdan96 tsMuxer up to 2.7.0. This vulnerability affects the function HevcVpsUnit::setFPS of the file /AFLplusplus/tsMuxer_prev/tsMuxer/hevc.cpp. This manipulation of the … | May 04, 2026 |
| CVE-2026-7738 | MEDIUM | 6.3 | A security flaw has been discovered in puchunjie doc-tools-mcp 1.0.18. This affects the function create_document/open_document of the file src/mcp-server.ts of the component MCP Interface. The … | May 04, 2026 |
| CVE-2026-7737 | MEDIUM | 5.3 | A vulnerability was identified in osrg GoBGP up to 4.3.0. Affected by this issue is the function BMPPeerUpNotification.ParseBody/BMPStatisticsReport.ParseBody of the file pkg/packet/bmp/bmp.go of the component … | May 04, 2026 |
| CVE-2026-7736 | HIGH | 7.3 | A vulnerability was determined in osrg GoBGP up to 4.3.0. Affected by this vulnerability is the function parseRibEntry of the file pkg/packet/mrt/mrt.go. Executing a manipulation … | May 04, 2026 |
| CVE-2026-5335 | MEDIUM | 5.3 | The Magic Export & Import WordPress plugin before 1.2.0 stores exported CSV files at a publicly accessible location, making it possible for any visitors to … | May 04, 2026 |
| CVE-2026-43864 | LOW | 2.5 | mutt before 2.3.2 has a show_sig_summary NULL pointer dereference. | May 04, 2026 |
| CVE-2026-43863 | LOW | 3.7 | mutt before 2.3.2 has an infinite loop in data_object_to_stream in crypt-gpgme.c. | May 04, 2026 |
| CVE-2026-43862 | LOW | 3.7 | In mutt before 2.3.2, the imap_auth_gss security level is mishandled. | May 04, 2026 |
| CVE-2026-43861 | LOW | 3.7 | mutt before 2.3.2 does not check for '\0' in url_pct_decode. | May 04, 2026 |
| CVE-2026-43860 | LOW | 3.7 | mutt before 2.3.2 sometimes truncates the hash_passwd by one byte for IMAP auth_cram MD5 digest. | May 04, 2026 |
| CVE-2026-43859 | LOW | 3.7 | mutt before 2.3.2 sometimes uses strfcpy instead of memcpy for the IMAP auth_cram MD5 digest. | May 04, 2026 |
| CVE-2026-29200 | UNKNOWN | — | A critical IDOR vulnerability has been discovered in Comet Backup affecting all versions from 20.11.0 to 26.1.1 and 26.2.1. The vulnerability allows a tenant administrator … | May 04, 2026 |
| CVE-2026-29199 | HIGH | 8.1 | phpBB before 3.3.16 is vulnerable to Host Header Injection that can lead to password rest link poisoning. When force_server_vars is disabled, the servers hostname may … | May 04, 2026 |
| CVE-2026-20451 | MEDIUM | 6.7 | In slbc, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege if a malicious … | May 04, 2026 |
| CVE-2026-20450 | MEDIUM | 6.5 | In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has … | May 04, 2026 |