Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
12556
Total
848
Critical
3598
High
3935
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-40556 | UNKNOWN | — | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | Apr 28, 2026 |
| CVE-2026-27760 | HIGH | 8.1 | OpenCATS prior to commit 3002a29 contains a PHP code injection vulnerability in the installer AJAX endpoint that allows unauthenticated attackers to execute arbitrary code by … | Apr 28, 2026 |
| CVE-2025-67223 | HIGH | 7.5 | The Aranda File Server (AFS) component in Aranda Software Aranda Service Desk before 8.3.12 stores daily activity logs with predictable names in a publicly accessible … | Apr 28, 2026 |
| CVE-2026-7281 | LOW | 2.4 | A vulnerability was determined in SourceCodester Pharmacy Sales and Inventory System 1.0. The impacted element is the function supplier of the file /index.php?page=supplier. Executing a … | Apr 28, 2026 |
| CVE-2026-7272 | HIGH | 7.3 | A flaw has been found in WilliamCloudQi matlab-mcp-server up to ab88f6b9bf5f36f725e8628029f7f6dd0d9913ca. The affected element is the function generate_matlab_code/execute_matlab_code of the file src/index.ts of the component … | Apr 28, 2026 |
| CVE-2026-6706 | MEDIUM | 6.5 | Improper access control in the vault documentation feature in Devolutions Server 2026.1.14.0 and earlier allows an authenticated attacker to read documentation content from unauthorized vaults … | Apr 28, 2026 |
| CVE-2026-5944 | HIGH | 8.2 | An improper access control vulnerability exists in the Cisco Intersight Device Connector for Nutanix Prism Central. The service exposes an API passthrough endpoint on TCP … | Apr 28, 2026 |
| CVE-2026-40552 | UNKNOWN | — | mpGabinet is vulnerable to Remote Command Execution. An authorized user with access to the application and direct access to the backend database can achieve system … | Apr 28, 2026 |
| CVE-2026-40551 | UNKNOWN | — | mpGabinet performs client-side authentication. An attacker with access to any application instance connected to the backend server can bypass the login verification process by manipulating … | Apr 28, 2026 |
| CVE-2026-40550 | UNKNOWN | — | mpGabinet is vulnerable to Privilege Escalation due to excessive database privileges assigned to the user used by the application. An attacker with access to any … | Apr 28, 2026 |
| CVE-2026-7309 | MEDIUM | 4.3 | A flaw was found in the OpenShift Container Platform build system. A user with the `edit` ClusterRole can inject arbitrary environment variables, such as `LD_PRELOAD` … | Apr 28, 2026 |
| CVE-2026-7271 | MEDIUM | 5.3 | A vulnerability was detected in DV0x creative-ad-agent up to 751b9e5146604dc65049bd0f62dcbdad6212f8a3. Impacted is an unknown function of the file server/sdk-server.ts of the component creative-ad-agent-server. Performing a … | Apr 28, 2026 |
| CVE-2026-7269 | LOW | 2.4 | A vulnerability was found in SourceCodester Pharmacy Sales and Inventory System 1.0. Affected is an unknown function of the file /index.php?page=product. Performing a manipulation of … | Apr 28, 2026 |
| CVE-2026-5781 | UNKNOWN | — | An authorization vulnerability in MphRx's Minerva V3.6.0, specifically in the '/minerva/moUser/update' endpoint, could allow an authenticated user with user modification privileges to escalate their privileges … | Apr 28, 2026 |
| CVE-2026-5780 | UNKNOWN | — | An insecure direct object reference (IDOR) vulnerability in MphRx's Minerva V3.6.0, specifically in the endpoint '/minerva/moUser/show/'. If this vulnerability is successfully exploited, an authenticated user … | Apr 28, 2026 |
| CVE-2026-5779 | UNKNOWN | — | An insecure direct object reference (IDOR) vulnerability in MphRx's Minerva V3.6.0, specifically in the '/minerva/user/updateUserProfile' endpoint. This allows an authenticated user to modify the information … | Apr 28, 2026 |
| CVE-2026-5435 | HIGH | 7.3 | The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to enforce the caller-supplied buffer length, and can … | Apr 28, 2026 |
| CVE-2026-7268 | MEDIUM | 6.3 | A vulnerability has been found in SourceCodester Pizzafy Ecommerce System 1.0. This impacts the function save_category of the file /admin/ajax.php?action=save_category. Such manipulation of the argument … | Apr 28, 2026 |
| CVE-2026-7267 | MEDIUM | 6.3 | A flaw has been found in SourceCodester Pizzafy Ecommerce System 1.0. This affects an unknown function of the file /view_prod.php. This manipulation of the argument … | Apr 28, 2026 |
| CVE-2026-7266 | MEDIUM | 6.3 | A vulnerability was detected in SourceCodester Pizzafy Ecommerce System 1.0. The impacted element is the function save_order of the file /admin/ajax.php?action=save_order. The manipulation of the … | Apr 28, 2026 |
| CVE-2026-7265 | MEDIUM | 6.3 | A security vulnerability has been detected in SourceCodester Pizzafy Ecommerce System 1.0. The affected element is the function Category of the file pizza/index.php?page=category. The manipulation … | Apr 28, 2026 |
| CVE-2026-3323 | HIGH | 7.5 | An unsecured configuration interface on affected devices allows unauthenticated remote attackers to access sensitive information, including hashed credentials and access codes. | Apr 28, 2026 |
| CVE-2026-7280 | MEDIUM | 6.7 | AVACAST developed by eMPIA Technology has a Unquoted Service Path vulnerability, allowing privileged local attackers to place a malicious executable file in a specific directory, … | Apr 28, 2026 |
| CVE-2026-7279 | HIGH | 7.8 | AVACAST developed by eMPIA Technology, has a DLL Hijacking vulnerability, allowing authenticated local attackers to place a malicious DLL in a specific directory, resulting in … | Apr 28, 2026 |
| CVE-2026-7264 | MEDIUM | 6.3 | A weakness has been identified in SourceCodester Pizzafy Ecommerce System 1.0. Impacted is the function get_cart_items of the file /admin/ajax.php?action=get_cart_items. Executing a manipulation of the … | Apr 28, 2026 |