Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
11702
Total
781
Critical
3315
High
3732
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-42779 | CRITICAL | 9.8 | The fix for CVE-2026-41635 was not applied to the 2.1.X and 2.2.X branches. Here was the original issue description: Apache MINA's AbstractIoBuffer.resolveClass() contains two branches, … | May 01, 2026 |
| CVE-2026-42778 | CRITICAL | 9.8 | The fix for CVE-2026-41409 was not applied to the 2.1.X and 2.2.X branches. Here was the original issue description: The fix for CVE-2024-52046 in Apache … | May 01, 2026 |
| CVE-2026-42404 | MEDIUM | 6.5 | Apache Neethi does not impose any restrictions on URIs when manually fetching remote policy references through the PolicyReference API. When an application explicitly calls the … | May 01, 2026 |
| CVE-2026-7567 | CRITICAL | 9.8 | The Temporary Login plugin for WordPress is vulnerable to Authentication Bypass in versions up to and including 1.0.0. This is due to improper input validation … | May 01, 2026 |
| CVE-2026-43003 | HIGH | 8.0 | An issue was discovered in OpenStack ironic-python-agent 1.0.0 through 11.5.0. Ironic Python Agent (IPA) sometimes executes grub-install from within a chroot of the deployed partition … | May 01, 2026 |
| CVE-2026-43001 | HIGH | 7.9 | An issue was discovered in OpenStack Keystone 13 through 29. POST /v3/credentials did not validate that the caller-supplied project_id for an EC2-type credential matched the … | May 01, 2026 |
| CVE-2026-42403 | HIGH | 7.5 | Apache Neethi does not properly detect circular references in policy definitions. When a WS-Policy document contains circular policy references (where Policy A references Policy B … | May 01, 2026 |
| CVE-2026-42402 | HIGH | 7.5 | Apache Neethi is vulnerable to a Denial of Service attack through algorithmic complexity in policy normalization. Specially crafted WS-Policy documents can trigger an exponential Cartesian … | May 01, 2026 |
| CVE-2026-40201 | MEDIUM | 5.4 | @diplodoc/search-extension 1.0.0 through 3.x before 3.0.3 allows stored XSS via the title in a .md file. | May 01, 2026 |
| CVE-2026-7584 | HIGH | 7.8 | The LabOne Q serialization framework uses a class-loading mechanism (import_cls) to dynamically import and instantiate Python classes during deserialization. Prior to the fix, this mechanism … | May 01, 2026 |
| CVE-2026-42996 | UNKNOWN | — | JS8Call through 2.3.1 and JS8Call-improved before 3.0 have a stack-based buffer overflow via a radio transmission of @APRSIS GRID followed by a long Maidenhead locator. … | May 01, 2026 |
| CVE-2026-7555 | HIGH | 7.3 | A vulnerability was identified in itsourcecode Electronic Judging System 1.0. This affects an unknown part of the file /intrams/login.php. Such manipulation of the argument Username … | May 01, 2026 |
| CVE-2026-7554 | MEDIUM | 5.6 | A vulnerability was determined in D-Link M60 up to 1.20B02. Affected by this issue is some unknown functionality of the file /usr/bin/httpd. This manipulation causes … | May 01, 2026 |
| CVE-2026-6127 | MEDIUM | 6.4 | The Elementor Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the _elementor_data meta field in versions up to, and including, 4.0.4. … | May 01, 2026 |
| CVE-2024-13362 | MEDIUM | 6.1 | Multiple plugins and/or themes for WordPress are vulnerable to Reflected Cross-Site Scripting via the url parameter in various versions due to insufficient input sanitization and … | May 01, 2026 |
| CVE-2026-7553 | MEDIUM | 4.7 | A vulnerability was found in code-projects Gym Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/edit_exercises.php. The manipulation of … | May 01, 2026 |
| CVE-2026-7550 | HIGH | 7.3 | A vulnerability has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. Affected is an unknown function of the file /ajax.php?action=save_customer. The manipulation of … | May 01, 2026 |
| CVE-2026-7549 | HIGH | 7.3 | A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. This impacts an unknown function of the file /ajax.php?action=delete_customer. Executing a manipulation … | May 01, 2026 |
| CVE-2026-42994 | UNKNOWN | — | Bitwarden CLI 2026.4.0 from 2026-04-22T21:57Z to 2026-04-22T23:30Z, when obtained from npm, had embedded malicious code. This is related to a Checkmarx supply chain incident. | May 01, 2026 |
| CVE-2026-7548 | HIGH | 8.8 | A vulnerability was detected in Totolink NR1800X 9.1.0u.6279_B20210910. This affects the function sub_41A68C of the file /cgi-bin/cstecgi.cgi. Performing a manipulation of the argument setUssd results … | May 01, 2026 |
| CVE-2026-7546 | CRITICAL | 9.8 | A security vulnerability has been detected in Totolink NR1800X 9.1.0u.6279_B20210910. The impacted element is the function find_host_ip of the component lighttpd. Such manipulation of the … | May 01, 2026 |
| CVE-2026-7545 | HIGH | 7.3 | A weakness has been identified in SourceCodester Advanced School Management System 1.0. The affected element is an unknown function of the file commonController.php of the … | May 01, 2026 |
| CVE-2026-7538 | CRITICAL | 9.8 | A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function Vulnerability of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation … | May 01, 2026 |
| CVE-2026-7536 | MEDIUM | 5.3 | A vulnerability was determined in Open5GS up to 2.7.7. This vulnerability affects the function bsf_sess_add_by_ip_address of the file /nbsf-management/v1/pcfBindings of the component BSF. Executing a … | May 01, 2026 |
| CVE-2026-7535 | MEDIUM | 4.3 | A vulnerability was found in Open5GS up to 2.7.7. This affects the function amf_namf_comm_handle_registration_status_update_request in the library /lib/app/ogs-init.c of the file /namf-comm/v1/ue-contexts/{ueContextId}/transfer-update. Performing a manipulation … | May 01, 2026 |