Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
12150
Total
812
Critical
3409
High
3830
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-7513 | HIGH | 8.8 | A vulnerability has been found in UTT HiPER 1200GW up to 2.5.3-170306. The impacted element is the function strcpy of the file /goform/formRemoteControl. The manipulation … | May 01, 2026 |
| CVE-2026-7512 | HIGH | 8.8 | A flaw has been found in UTT HiPER 1200GW up to 2.5.3-1703. The affected element is the function strcpy of the file /goform/formUser. Executing a … | May 01, 2026 |
| CVE-2026-5656 | HIGH | 7.0 | Profile import path traversal in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service and possible code execution | May 01, 2026 |
| CVE-2026-5405 | HIGH | 7.8 | RDP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service and possible code execution | May 01, 2026 |
| CVE-2026-5404 | MEDIUM | 4.7 | K12 RF5 file parser crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service | May 01, 2026 |
| CVE-2026-5403 | HIGH | 7.8 | SBC codec crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service and possible code execution | May 01, 2026 |
| CVE-2026-22726 | MEDIUM | 5.0 | Route Services can be leveraged to send app traffic to network destinations outside of an app's configured egress rules. As a result, a malicious developer … | May 01, 2026 |
| CVE-2026-7510 | MEDIUM | 6.3 | A vulnerability was determined in OWAP DefectDojo up to 2.55.4. Affected by this vulnerability is an unknown functionality of the component Benchmark/Engagement/Product/Survey. Executing a manipulation … | Apr 30, 2026 |
| CVE-2026-7508 | MEDIUM | 6.3 | A vulnerability was found in Bootstrap CMS 0.9.0-alpha. Affected is an unknown function of the file resources/views/pages/show.blade.php of the component Page Creation Handler. Performing a … | Apr 30, 2026 |
| CVE-2026-7506 | HIGH | 7.3 | A vulnerability has been found in SourceCodester Hotel Management System 1.0. This impacts an unknown function of the file /index.php/reservation/check. Such manipulation of the argument … | Apr 30, 2026 |
| CVE-2026-7505 | HIGH | 7.3 | A flaw has been found in nextlevelbuilder GoClaw and GoClaw Lite up to 3.8.5. This affects an unknown function of the component RPC Handler. This … | Apr 30, 2026 |
| CVE-2026-4178 | UNKNOWN | — | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | Apr 30, 2026 |
| CVE-2026-28909 | MEDIUM | 6.5 | Users who connect to malicious registries with hostnames matching the bypass patterns will have their registry credentials exposed in plaintext. This issue is fixed in … | Apr 30, 2026 |
| CVE-2026-7551 | HIGH | 8.8 | HKUDS OpenHarness contains a remote code execution vulnerability in the /bridge slash command that allows remote senders accepted by configuration to execute arbitrary operating system … | Apr 30, 2026 |
| CVE-2026-7503 | HIGH | 8.8 | A vulnerability was detected in code-projects for Plugin 4.1.2cu.5137. The impacted element is the function setWiFiMultipleConfig in the library /lib/cste_modules/wireless.so of the file /cgi-bin/cstecgi.cgi. The … | Apr 30, 2026 |
| CVE-2026-7502 | MEDIUM | 5.4 | A security vulnerability has been detected in LinkStackOrg LinkStack up to 4.8.6. The affected element is the function saveLink of the file app/Http/Controllers/UserController.php of the … | Apr 30, 2026 |
| CVE-2026-6543 | HIGH | 8.8 | IBM Langflow Desktop 1.0.0 through 1.8.4 Langflow allows an attacker to execute arbitrary commands with the privileges of the process running Langflow. This allows reading … | Apr 30, 2026 |
| CVE-2026-6542 | MEDIUM | 6.5 | IBM Langflow OSS 1.0.0 through 1.8.4 could allow any user to supply a flow_id to read transaction logs and vertex build data belonging to other … | Apr 30, 2026 |
| CVE-2026-6389 | HIGH | 8.8 | IBM Turbonomic prometurbo agent 8.16.0 through 8.17.6 IBM Turbonomic Application Resource Management grants excessive cluster‑wide permissions, including unrestricted read access to all secrets. An attacker … | Apr 30, 2026 |
| CVE-2026-40687 | MEDIUM | 4.8 | In Exim before 4.99.2, when the SPA authentication driver is used with an adversarial SPA resource, there can be an out-of-bounds write that crashes the … | Apr 30, 2026 |
| CVE-2026-40686 | LOW | 3.7 | In Exim before 4.99.2, when utf8 operators are enabled, there is an out-of-bounds read if large UTF-8 trailing characters are present (malformed UTF-8 header data). … | Apr 30, 2026 |
| CVE-2026-40685 | MEDIUM | 6.5 | In Exim before 4.99.2, when JSON lookup is enabled, an out-of-bounds heap write can occur when a JSON operator encounters malformed JSON in an untrusted … | Apr 30, 2026 |
| CVE-2026-40684 | MEDIUM | 5.9 | In Exim before 4.99.2, on systems using musl libc (not glibc), an attacker can crash the connection instance when malformed DNS data is present in … | Apr 30, 2026 |
| CVE-2026-3345 | MEDIUM | 6.5 | IBM Langflow Desktop <=1.8.4 Langflow could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request … | Apr 30, 2026 |
| CVE-2026-2311 | MEDIUM | 6.4 | IBM i 7.6, 7.5, 7.4, 7.3, and 7.2 s vulnerable to privilege escalation caused by an invalid IBM i Web Administration GUI authorization check. A … | Apr 30, 2026 |