Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
12556
Total
848
Critical
3598
High
3935
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-0204 | HIGH | 8.0 | A vulnerability in the access control mechanism of SonicOS may allow certain management interface functions to be accessible under specific conditions. | Apr 29, 2026 |
| CVE-2026-7390 | LOW | 3.5 | A vulnerability was detected in SourceCodester Pharmacy Sales and Inventory System 1.0. The impacted element is the function Customer of the file /index.php?page=customer. The manipulation … | Apr 29, 2026 |
| CVE-2026-7389 | HIGH | 7.3 | A security vulnerability has been detected in EyouCMS up to 1.7.9. The affected element is the function GetSortData of the file application/common.php. The manipulation of … | Apr 29, 2026 |
| CVE-2026-7388 | MEDIUM | 4.7 | A weakness has been identified in EyouCMS up to 1.7.9. Impacted is the function editFile of the file application/admin/logic/FilemanagerLogic.php of the component Template File Handler. … | Apr 29, 2026 |
| CVE-2026-7386 | HIGH | 7.3 | A flaw has been found in fatbobman mail-mcp-bridge up to 1.3.3. Affected is an unknown function of the file src/mail_mcp_server.py. Executing a manipulation of the … | Apr 29, 2026 |
| CVE-2026-6849 | HIGH | 8.8 | Improper neutralization of special elements used in an OS command ('OS command injection') vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus OS My Computer … | Apr 29, 2026 |
| CVE-2026-5166 | CRITICAL | 9.6 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Software Center allows Path Traversal. … | Apr 29, 2026 |
| CVE-2026-42198 | HIGH | 7.5 | pgjdbc is an open source postgresql JDBC Driver. From version 42.2.0 to before version 42.7.11, pgjdbc is vulnerable to a client-side denial of service during … | Apr 29, 2026 |
| CVE-2026-41940 | CRITICAL | 9.8 | cPanel and WHM versions after 11.40 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to … | Apr 29, 2026 |
| CVE-2026-40230 | UNKNOWN | — | Helpy contains a stored cross-site scripting vulnerability in the knowledge base Doc rendering logic. An authenticated attacker with admin or agent editor privileges can persist … | Apr 29, 2026 |
| CVE-2026-40229 | UNKNOWN | — | Helpy contains a stored cross-site scripting vulnerability in the post author display logic. Any registered user can persist arbitrary HTML in their account name field … | Apr 29, 2026 |
| CVE-2026-38993 | MEDIUM | 6.5 | Cockpit 2.13.5 and earlier is vulnerable to directory traversal via the Buckets component. This vulnerability allows authenticated attackers to write files to arbitrary locations within … | Apr 29, 2026 |
| CVE-2026-38991 | HIGH | 8.8 | Cockpit 2.13.5 and earlier is affected by a misconfiguration within the Bucket component _isFileTypeAllowed function where a specially crafted filename bypasses an extension filter. This … | Apr 29, 2026 |
| CVE-2026-37555 | HIGH | 7.5 | An issue was discovered in libsndfile 1.2.2 IMA ADPCM codec. The AIFF code path (line 241) was fixed with (sf_count_t) cast, but the WAV code … | Apr 29, 2026 |
| CVE-2026-30769 | HIGH | 7.8 | An issue in the TVicPort64.sys component of EnTech Taiwan TVicPort Product v4.0, File v5.2.1.0 allows attackers to escalate privileges via sending crafted IOCTL 0x80002008 requests. | Apr 29, 2026 |
| CVE-2026-2810 | UNKNOWN | — | Netskope was notified about a potential gap in the Endpoint DLP Module for Netskope Client on Windows systems. The successful exploitation of the gap can … | Apr 29, 2026 |
| CVE-2025-56537 | MEDIUM | 6.1 | A stored cross-site scripting (XSS) vulnerability in opennebula v6.10.0.1 and fixed in v.7.0 allows attackers to execute arbitrary web scripts or HTML via injecting a … | Apr 29, 2026 |
| CVE-2025-56536 | MEDIUM | 6.1 | A stored cross-site scripting (XSS) vulnerability in opennebula v6.10.0.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the … | Apr 29, 2026 |
| CVE-2025-56535 | MEDIUM | 6.1 | A cross-site scripting (XSS) vulnerability in opennebula v6.10.0.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the zone … | Apr 29, 2026 |
| CVE-2025-56534 | MEDIUM | 6.1 | A cross-site scripting (XSS) vulnerability in the custom authenticator driver of opennebula v6.10.0.1 allows attackers to execute arbitrary web scripts or HTML via a crafted … | Apr 29, 2026 |
| CVE-2026-7384 | HIGH | 7.3 | A vulnerability was detected in ezequiroga mcp-bases 357ca19c7a49a9b9cb2ef639b366f03aba8bea39/c630b8ab0f970614d42da8e566e9c0d15a16414c. This impacts the function search_papers of the file research_server.py. Performing a manipulation of the argument topic results … | Apr 29, 2026 |
| CVE-2026-7111 | HIGH | 8.4 | Text::CSV_XS versions before 1.62 for Perl have a use-after-free when registered callbacks extend the Perl argument stack, which may enable type confusion or memory corruption. … | Apr 29, 2026 |
| CVE-2026-5161 | HIGH | 8.8 | Improper link resolution before file access ('link following') vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus About allows Symlink Attack. This issue affects Pardus … | Apr 29, 2026 |
| CVE-2026-5141 | HIGH | 8.8 | Improper Privilege Management, Improper Access Control, Incorrect privilege assignment vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Software Center allows Hijacking a privileged process. … | Apr 29, 2026 |
| CVE-2026-41952 | HIGH | 7.8 | Local privilege escalation due to improper input validation. The following products are affected: Acronis DeviceLock DLP (Windows) before build 9.0.93212, Acronis Cyber Protect Cloud Agent … | Apr 29, 2026 |