Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
12462
Total
832
Critical
3555
High
3875
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2018-25304 | HIGH | 8.4 | Free Download Manager 2.0 Built 417 contains a local buffer overflow vulnerability in the URL import functionality that allows attackers to trigger a structured exception … | Apr 29, 2026 |
| CVE-2018-25303 | HIGH | 8.4 | Allok Video to DVD Burner 2.6.1217 contains a stack-based buffer overflow vulnerability in the License Name field that allows local attackers to execute arbitrary code … | Apr 29, 2026 |
| CVE-2018-25302 | HIGH | 7.8 | Allok AVI to DVD SVCD VCD Converter 4.0.1217 contains a structured exception handling (SEH) based buffer overflow vulnerability that allows local attackers to execute arbitrary … | Apr 29, 2026 |
| CVE-2018-25301 | HIGH | 8.4 | Easy MPEG to DVD Burner 1.7.11 contains a structured exception handling (SEH) local buffer overflow vulnerability that allows local attackers to execute arbitrary code by … | Apr 29, 2026 |
| CVE-2018-25300 | HIGH | 8.2 | XATABoost CMS 1.0.0 contains a union-based SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the id parameter. … | Apr 29, 2026 |
| CVE-2018-25299 | HIGH | 8.4 | Prime95 29.4b8 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by exploiting structured exception handling (SEH) mechanisms. Attackers can inject … | Apr 29, 2026 |
| CVE-2018-25298 | MEDIUM | 5.3 | Merge PACS 7.0 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions by crafting malicious HTML forms targeting the merge-viewer endpoint. … | Apr 29, 2026 |
| CVE-2026-7466 | HIGH | 8.8 | AgentFlow contains an arbitrary code execution vulnerability that allows attackers to execute local Python pipeline files by supplying a user-controlled pipeline_path parameter to the POST … | Apr 29, 2026 |
| CVE-2026-7439 | MEDIUM | 4.4 | AgentFlow's local web API accepts non-JSON content types on POST /api/runs and POST /api/runs/validate endpoints without enforcing application/json validation, allowing attackers to bypass trust-boundary enforcement … | Apr 29, 2026 |
| CVE-2026-7424 | HIGH | 8.1 | Integer underflow in the DHCPv6 sub-option parser in FreeRTOS-Plus-TCP before V4.4.1 and V4.2.6 allows an adjacent network actor to corrupt the device's IPv6 address assignment, … | Apr 29, 2026 |
| CVE-2026-7423 | MEDIUM | 5.3 | Integer underflow in the ICMP and ICMPv6 echo reply handlers in FreeRTOS-Plus-TCP before V4.4.1 and V4.2.6 allows an adjacent network user to cause a denial … | Apr 29, 2026 |
| CVE-2026-7422 | MEDIUM | 6.5 | Insufficient packet validation in FreeRTOS-Plus-TCP before V4.2.6 and V4.4.1 allows an adjacent network actor to bypass all checksum and minimum-size validation by spoofing the Ethernet … | Apr 29, 2026 |
| CVE-2026-7398 | HIGH | 7.3 | A weakness has been identified in florensiawidjaja BioinfoMCP up to 7ada7918b9e515604d3c0ae264d3a9af10bf6e54. This vulnerability affects the function Upload of the file bioinfo_mcp_platform/app.py of the component Upload … | Apr 29, 2026 |
| CVE-2026-7397 | MEDIUM | 4.4 | A security flaw has been discovered in NousResearch hermes-agent 0.8.0. This affects the function _check_sensitive_path of the file tools/file_tools.py. The manipulation results in symlink following. … | Apr 29, 2026 |
| CVE-2026-41499 | MEDIUM | 6.5 | Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.0.0 to before version 4.14.4, multiple heap-based out-of-bounds … | Apr 29, 2026 |
| CVE-2026-30893 | CRITICAL | 9.0 | Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.4.0 to before version 4.14.4, a path traversal … | Apr 29, 2026 |
| CVE-2026-28221 | MEDIUM | 6.5 | Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.8.0 to before version 4.14.4, a stack-based buffer … | Apr 29, 2026 |
| CVE-2026-27105 | MEDIUM | 6.3 | Dell/Alienware Purchased Apps, versions prior to 1.1.31.0, contain an Improper Link Resolution Before File Access ('Link Following') vulnerability. A low privileged attacker with local access … | Apr 29, 2026 |
| CVE-2026-26206 | MEDIUM | 6.5 | Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.0.0 to before version 4.14.4, Wazuh's server API … | Apr 29, 2026 |
| CVE-2026-7396 | MEDIUM | 5.3 | A vulnerability was identified in NousResearch hermes-agent 0.8.0. Affected by this issue is some unknown functionality of the file gateway/platforms/wecom.py of the component WeChat Work … | Apr 29, 2026 |
| CVE-2026-7394 | MEDIUM | 4.7 | A vulnerability was determined in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/view_order.php of the component … | Apr 29, 2026 |
| CVE-2026-5712 | HIGH | 8.0 | This vulnerability impacts all versions of IdentityIQ and allows an authenticated identity that is the requestor or assignee of a work item to edit the … | Apr 29, 2026 |
| CVE-2026-26204 | MEDIUM | 4.4 | Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 1.0.0 to before version 4.14.4, a heap-based out-of-bounds … | Apr 29, 2026 |
| CVE-2026-26015 | UNKNOWN | — | DocsGPT is a GPT-powered chat for documentation. From version 0.15.0 to before version 0.16.0, an attacker accessing both the official DocsGPT website or any local … | Apr 29, 2026 |
| CVE-2026-7393 | MEDIUM | 4.7 | A vulnerability was found in SourceCodester Pizzafy Ecommerce System 1.0. Affected is the function save_menu of the file /admin/admin_class_novo.php of the component File Extension Handler. … | Apr 29, 2026 |