Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
11702
Total
781
Critical
3315
High
3732
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-33449 | UNKNOWN | — | CVE-2026-33449 is a buffer overflow in a message handling function of the Secure Access client prior to 14.50. Attackers with control of a modified server … | Apr 30, 2026 |
| CVE-2026-28532 | MEDIUM | 6.5 | FRRouting before 10.5.3 contains an integer overflow vulnerability in seven OSPF Traffic Engineering and Segment Routing TLV parser functions where a uint16_t accumulator variable truncates … | Apr 30, 2026 |
| CVE-2026-7429 | MEDIUM | 4.6 | SSCMS v7.4.0 contains a reflected cross-site scripting vulnerability in the STL processing endpoint that allows attackers to execute arbitrary JavaScript by crafting malicious STL template … | Apr 30, 2026 |
| CVE-2026-33448 | UNKNOWN | — | CVE-2026-33448 is a format string vulnerability in the logging subsystem of Secure Access client for MacOS prior to 14.50. Attackers with control of a modified … | Apr 30, 2026 |
| CVE-2026-33447 | UNKNOWN | — | CVE-2026-33447 is a buffer overflow in a message parsing function of the Secure Access client prior to 14.50. Attackers with control of a modified server … | Apr 30, 2026 |
| CVE-2026-33446 | UNKNOWN | — | CVE-2026-33446 is a buffer overflow in the authentication sub-system of the Secure Access client prior to 14.50. Attackers with control of a modified server can … | Apr 30, 2026 |
| CVE-2025-56568 | UNKNOWN | — | Assertion failure vulnerability in the PCO (Protocol Configuration Options) parser in the SMF (Session Management Function) component of Open5GS before v2.7.5 allows remote attackers to … | Apr 30, 2026 |
| CVE-2025-46115 | UNKNOWN | — | An issue in open5gs v.2.7.3 allows a remote attacker to cause a denial of service via a crafted PDU Session Modification Request | Apr 30, 2026 |
| CVE-2026-7461 | HIGH | 7.2 | Improper neutralization of inputs used in an OS command in the FSx Windows File Server volume mounting component in Amazon ECS Agent on Windows before … | Apr 30, 2026 |
| CVE-2026-40904 | HIGH | 8.1 | Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew … | Apr 30, 2026 |
| CVE-2026-40603 | MEDIUM | 6.5 | Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew … | Apr 30, 2026 |
| CVE-2026-40601 | HIGH | 7.5 | Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew … | Apr 30, 2026 |
| CVE-2026-40600 | HIGH | 8.1 | Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew … | Apr 30, 2026 |
| CVE-2026-40595 | HIGH | 7.5 | Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew … | Apr 30, 2026 |
| CVE-2026-35514 | MEDIUM | 6.5 | Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, the … | Apr 30, 2026 |
| CVE-2026-32148 | UNKNOWN | — | Insufficient Verification of Data Authenticity vulnerability in hexpm hex (Hex.RemoteConverger module) allows dependency integrity bypass via unverified lockfile checksums. Hex stores checksums for dependencies in … | Apr 30, 2026 |
| CVE-2026-3833 | MEDIUM | 6.5 | A flaw was found in gnutls. This vulnerability occurs because gnutls performs case-sensitive comparisons of `nameConstraints` labels, specifically for `dNSName` (DNS) or `rfc822Name` (email) constraints … | Apr 30, 2026 |
| CVE-2026-3832 | LOW | 3.7 | A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted Online Certificate Status Protocol (OCSP) response during … | Apr 30, 2026 |
| CVE-2026-36766 | MEDIUM | 5.4 | Multiple authenticated cross-site scripting (XSS) vulnerabilities in the XssHttpServletRequestWrapper class of shopizer v3.2.5 allows attackers to execute arbitrary web scripts or HTML via injecting a … | Apr 30, 2026 |
| CVE-2026-36765 | UNKNOWN | — | An XML external entity (XXE) vulnerability in the /designer/loadReport endpoint of SpringBlade v4.8.0 allows authenticated attackers to execute arbitrary code via injecting a crafted payload. | Apr 30, 2026 |
| CVE-2026-36763 | MEDIUM | 6.1 | A stored cross-site scripting (XSS) vulnerability in the /api/blade-desk/notice/submit endpoint of SpringBlade v4.8.0 allows attackers to execute arbitrary web scripts or HTML via injecting a … | Apr 30, 2026 |
| CVE-2026-36762 | UNKNOWN | — | An issue in the fileEntityId parameter in the /a/file/upload endpoint of JeeSite v5.15.1 allows authenticated attackers with file upload permissions to execute a path traversal … | Apr 30, 2026 |
| CVE-2026-36761 | MEDIUM | 6.1 | A stored cross-site scripting (XSS) vulnerability in the /msg/msgInner/save endpoint of JeeSite v5.15.1 allows attackers to execute arbitrary web scripts or HTML via injecting a … | Apr 30, 2026 |
| CVE-2026-33845 | HIGH | 7.5 | A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow during reassembly and resulting … | Apr 30, 2026 |
| CVE-2026-36767 | CRITICAL | 10.0 | A path traversal vulnerability in the /content/images/add endpoint of shopizer v3.2.5 allows attackers write arbitrary files to any writeable path via a crafted POST request. | Apr 30, 2026 |