Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
12556
Total
848
Critical
3598
High
3935
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-22741 | LOW | 3.1 | Spring MVC and WebFlux applications are vulnerable to cache poisoning when resolving static resources. More precisely, an application can be vulnerable when all the following … | Apr 29, 2026 |
| CVE-2026-22740 | MEDIUM | 6.5 | A WebFlux server application that processes multipart requests creates temp files for parts larger than 10 K. Under some circumstances, temp files may remain not … | Apr 29, 2026 |
| CVE-2026-4019 | MEDIUM | 5.3 | The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to unauthorized data access in all versions up to, and including, 7.4.5 This is … | Apr 29, 2026 |
| CVE-2026-42518 | UNKNOWN | — | This vulnerability exists in e-Sushrut due to disclosure of sensitive information and hardcoded AES encryption keys in client-side JavaScript. An unauthenticated remote attacker could exploit … | Apr 29, 2026 |
| CVE-2026-42517 | UNKNOWN | — | This vulnerability exists in e-Sushrut due to the use of reversible Base64 encoding for protecting sensitive data. An authenticated attacker could exploit this vulnerability by … | Apr 29, 2026 |
| CVE-2026-42516 | UNKNOWN | — | This vulnerability exists in e-Sushrut due to improper authorization checks during resource access. An authenticated attacker could exploit this vulnerability by manipulating encoded parameters in … | Apr 29, 2026 |
| CVE-2026-42515 | UNKNOWN | — | This vulnerability exists in e-Sushrut due to improper access control in resource access validation. An authenticated attacker could exploit this vulnerability by manipulating parameter in … | Apr 29, 2026 |
| CVE-2026-42514 | UNKNOWN | — | This vulnerability exists in e-Sushrut due to exposure of OTPs in plaintext within API responses. A remote attacker could exploit this vulnerability by intercepting API … | Apr 29, 2026 |
| CVE-2026-42513 | UNKNOWN | — | This vulnerability exists in e-Sushrut due to improper authentication logic that relies on client-side response parameters to determine authentication status. A remote attacker could exploit … | Apr 29, 2026 |
| CVE-2026-42412 | MEDIUM | 6.5 | Missing Authorization vulnerability in weDevs WP User Frontend allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP User Frontend: from n/a through … | Apr 29, 2026 |
| CVE-2026-3325 | UNKNOWN | — | SQL injection (SQLi) in MegaCMS v12.0.0, specifically in the “id_territorio” parameter of the “/web_comunications/cms/get_provincias” endpoint. The vulnerability arises from inadequate validation and sanitisation of user … | Apr 29, 2026 |
| CVE-2025-10503 | MEDIUM | 6.1 | The authentication endpoint accepts user-supplied input without enforcing expected validation constraints, leading to a lack of proper output encoding. This allows for the injection of … | Apr 29, 2026 |
| CVE-2026-42377 | HIGH | 7.3 | Missing Authorization vulnerability in Brainstorm Force SureForms Pro allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects SureForms Pro: from n/a through 2.8.0. | Apr 29, 2026 |
| CVE-2026-35155 | HIGH | 7.1 | Dell iDRAC10, versions 1.20.70.50 and 1.30.05.10, contains an Insufficiently Protected Credentials vulnerability. A race condition vulnerability exists that could allow an authenticated low‑privileged attacker to … | Apr 29, 2026 |
| CVE-2026-21023 | UNKNOWN | — | Insufficient verification of data authenticity in PackageManagerService prior to SMR Mar-2026 Release 1 allows local attackers to modify the installation restriction of specific application. | Apr 29, 2026 |
| CVE-2026-42615 | HIGH | 7.2 | GCHQ CyberChef before 11.0.0 allows XSS via Show Base64 offsets, as demonstrated by the /#recipe=Show_Base64_offsets('%3Cscript substring. | Apr 29, 2026 |
| CVE-2026-23773 | MEDIUM | 4.3 | Dell Disk Library for Mainframe, version(s) DLm 8700/2700 contain(s) a Server-Side Request Forgery (SSRF) vulnerability. A low privileged attacker with remote access could potentially exploit … | Apr 29, 2026 |
| CVE-2026-40560 | HIGH | 7.5 | Starman versions before 0.4018 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Starman incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are … | Apr 29, 2026 |
| CVE-2026-7363 | HIGH | 8.8 | Use after free in Canvas in Google Chrome on Linux, ChromeOS prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox … | Apr 28, 2026 |
| CVE-2026-7361 | HIGH | 8.8 | Use after free in iOS in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. … | Apr 28, 2026 |
| CVE-2026-7360 | LOW | 3.1 | Insufficient validation of untrusted input. in Compositing in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to bypass … | Apr 28, 2026 |
| CVE-2026-7359 | HIGH | 8.8 | Use after free in ANGLE in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a … | Apr 28, 2026 |
| CVE-2026-7358 | HIGH | 8.8 | Use after free in Animation in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted … | Apr 28, 2026 |
| CVE-2026-7357 | HIGH | 7.5 | Use after free in GPU in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially exploit heap … | Apr 28, 2026 |
| CVE-2026-7356 | HIGH | 8.8 | Use after free in Navigation in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium … | Apr 28, 2026 |