Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
12150
Total
812
Critical
3409
High
3830
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-1577 | MEDIUM | 6.5 | IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause … | Apr 30, 2026 |
| CVE-2025-36335 | MEDIUM | 6.2 | IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.3.0, 5.3.1 stores user credentials in plain text which can be read by a local user. | Apr 30, 2026 |
| CVE-2025-36180 | MEDIUM | 5.3 | IBM watsonx.data 2.2 through 2.3 IBM Lakehouse does not properly restrict communication between pods which could allow an attacker to transfer data between pods without … | Apr 30, 2026 |
| CVE-2025-36122 | MEDIUM | 6.5 | IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes DB2 Connect Server) could allow an authenticated user to cause … | Apr 30, 2026 |
| CVE-2025-14688 | MEDIUM | 5.3 | IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause … | Apr 30, 2026 |
| CVE-2026-7501 | LOW | 3.5 | A weakness has been identified in LinkStackOrg LinkStack up to 4.8.6. Impacted is the function editPage of the file app/Http/Controllers/UserController.php. Executing a manipulation of the … | Apr 30, 2026 |
| CVE-2026-7435 | HIGH | 7.2 | SSCMS v7.4.0 contains a SQL injection vulnerability in the stl:sqlContent tag where the queryString attribute is passed directly to database execution without parameterization or sanitization. … | Apr 30, 2026 |
| CVE-2026-6539 | MEDIUM | 4.4 | Notepad++ 8.9.3 contains a format string injection vulnerability in the Find Results panel handler that allows attackers to cause denial of service and information disclosure … | Apr 30, 2026 |
| CVE-2026-4503 | HIGH | 7.5 | IBM Langflow Desktop 1.0.0 through 1.8.4 Langflow could allow an unauthenticated user to view other users' images due to an indirect object reference through a … | Apr 30, 2026 |
| CVE-2026-4502 | MEDIUM | 6.5 | IBM Langflow Desktop 1.2.0 through 1.8.4 Langflow could allow an authenticated attacker to traverse directories on the system. An attacker could send a specially crafted … | Apr 30, 2026 |
| CVE-2026-41263 | UNKNOWN | — | Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a timing side-channel vulnerability in Traefik's BasicAuth … | Apr 30, 2026 |
| CVE-2026-41174 | UNKNOWN | — | Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a potential vulnerability in Traefik's Kubernetes CRD … | Apr 30, 2026 |
| CVE-2026-40951 | UNKNOWN | — | CVE-2026-40951 is a memory corruption vulnerability on Secure Access Windows clients prior to 14.50. Attackers with local control of the Windows client can send malformed … | Apr 30, 2026 |
| CVE-2026-40950 | UNKNOWN | — | CVE-2026-40950 is a buffer overflow vulnerability in the Secure Access server prior to 14.50. Attackers with control of a modified client can send a specially … | Apr 30, 2026 |
| CVE-2026-40949 | UNKNOWN | — | CVE-2026-40949 is a buffer overflow vulnerability in the Secure Access Windows client prior to 14.50. Attackers with local control of the Windows client can use … | Apr 30, 2026 |
| CVE-2026-40912 | UNKNOWN | — | Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a high severity authentication bypass vulnerability in … | Apr 30, 2026 |
| CVE-2026-3346 | MEDIUM | 6.4 | IBM Langflow Desktop 1.6.0 through 1.8.4 Lanflow is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in … | Apr 30, 2026 |
| CVE-2026-3340 | MEDIUM | 6.5 | IBM Langflow Desktop 1.0.0 through 1.8.4 IBM Langflow is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests … | Apr 30, 2026 |
| CVE-2026-39858 | UNKNOWN | — | Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a high severity authentication bypass vulnerability in … | Apr 30, 2026 |
| CVE-2026-35051 | UNKNOWN | — | Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is an authentication bypass vulnerability in Traefik's ForwardAuth … | Apr 30, 2026 |
| CVE-2026-33452 | UNKNOWN | — | CVE-2026-33452 is a buffer overflow vulnerability in the Secure Access Windows client prior to 14.50. Attackers with local control of the Windows client can use … | Apr 30, 2026 |
| CVE-2026-33451 | UNKNOWN | — | CVE-2026-33451 is an arbitrary read/write vulnerability in the Secure Access Windows client prior to 14.50. Attackers with local control of the Windows client can send … | Apr 30, 2026 |
| CVE-2026-33450 | UNKNOWN | — | CVE-2026-33450 is an out of bounds read vulnerability in the Secure Access MacOS client prior to 14.50. Attackers with control of a modified server can … | Apr 30, 2026 |
| CVE-2026-33449 | UNKNOWN | — | CVE-2026-33449 is a buffer overflow in a message handling function of the Secure Access client prior to 14.50. Attackers with control of a modified server … | Apr 30, 2026 |
| CVE-2026-28532 | MEDIUM | 6.5 | FRRouting before 10.5.3 contains an integer overflow vulnerability in seven OSPF Traffic Engineering and Segment Routing TLV parser functions where a uint16_t accumulator variable truncates … | Apr 30, 2026 |