Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
12557
Total
848
Critical
3598
High
3936
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-7264 | MEDIUM | 6.3 | A weakness has been identified in SourceCodester Pizzafy Ecommerce System 1.0. Impacted is the function get_cart_items of the file /admin/ajax.php?action=get_cart_items. Executing a manipulation of the … | Apr 28, 2026 |
| CVE-2026-41636 | HIGH | 7.5 | Uncontrolled Recursion vulnerability in Apache Thrift Node.js bindings This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes … | Apr 28, 2026 |
| CVE-2026-41607 | MEDIUM | 6.5 | Out-of-bounds Read vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue. | Apr 28, 2026 |
| CVE-2026-41606 | MEDIUM | 5.3 | Uncontrolled Recursion vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue. | Apr 28, 2026 |
| CVE-2026-41605 | HIGH | 7.3 | Integer Overflow or Wraparound vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes … | Apr 28, 2026 |
| CVE-2026-41604 | HIGH | 8.2 | Out-of-bounds Read vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue. | Apr 28, 2026 |
| CVE-2026-41603 | HIGH | 7.4 | Improper Validation of Certificate with Host Mismatch vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version … | Apr 28, 2026 |
| CVE-2026-41602 | HIGH | 7.5 | Integer Overflow or Wraparound vulnerability in Apache Thrift TFramedTransport Go language implementation This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to … | Apr 28, 2026 |
| CVE-2025-48431 | HIGH | 7.5 | Mismatched Memory Management Routines vulnerability in Apache Thrift c_glib language bindings. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version … | Apr 28, 2026 |
| CVE-2026-7248 | CRITICAL | 9.8 | A vulnerability was found in D-Link DI-8100 16.07.26A1. This affects the function tgfile_htm of the file tgfile.htm of the component CGI Endpoint. The manipulation of … | Apr 28, 2026 |
| CVE-2026-7247 | HIGH | 7.2 | A vulnerability has been found in D-Link DI-8100 16.07.26A1. Affected by this issue is the function file_exten_asp of the file file_exten.asp of the component File … | Apr 28, 2026 |
| CVE-2026-7244 | CRITICAL | 9.8 | A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. The impacted element is the function setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi of the component CGI … | Apr 28, 2026 |
| CVE-2026-7243 | CRITICAL | 9.8 | A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. The affected element is the function setRadvdCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The … | Apr 28, 2026 |
| CVE-2026-7242 | CRITICAL | 9.8 | A vulnerability was determined in Totolink A8000RU 7.1cu.643_b20200521. Impacted is the function setOpenVpnClientCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation … | Apr 28, 2026 |
| CVE-2026-7241 | CRITICAL | 9.8 | A vulnerability was found in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function setWiFiBasicCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a … | Apr 28, 2026 |
| CVE-2026-40980 | MEDIUM | 6.5 | In Spring AI, a malicious PDF file can be crafted that triggers the allocation of unreasonable amounts of memory when handled by `ForkPDFLayoutTextStripper`. Affected versions: … | Apr 28, 2026 |
| CVE-2026-40979 | MEDIUM | 6.1 | In Spring AI, having access to a shared environment can expose the ONNX model used by the application. Affected versions: Spring AI: 1.0.0 - 1.0.5 … | Apr 28, 2026 |
| CVE-2026-40978 | HIGH | 8.8 | SQL injection vulnerability in Spring AI's `CosmosDBVectorStore` allows attackers to execute arbitrary SQL queries via crafted document IDs. Affected versions: Spring AI: 1.0.0 - 1.0.5 … | Apr 28, 2026 |
| CVE-2025-10539 | MEDIUM | 4.8 | Due to improper TLS certificate validation in the DeskTime Time Tracking App before version 1.3.674, attackers who can position themselves in the network path between … | Apr 28, 2026 |
| CVE-2026-7240 | CRITICAL | 9.8 | A vulnerability has been found in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the function setVpnAccountCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such … | Apr 28, 2026 |
| CVE-2026-7238 | MEDIUM | 4.7 | A flaw has been found in code-projects Online Music Site 1.0. This affects an unknown part of the file /Administrator/PHP/AdminUpdateAlbum.php. This manipulation of the argument … | Apr 28, 2026 |
| CVE-2026-7237 | HIGH | 7.3 | A vulnerability was detected in AgiFlow scaffold-mcp up to 1.0.27. Affected by this issue is some unknown functionality of the file packages/scaffold-mcp/src/server/index.ts of the component … | Apr 28, 2026 |
| CVE-2026-7235 | MEDIUM | 5.3 | A security vulnerability has been detected in ErlichLiu claude-agent-sdk-master up to b185aa7ff0d864581257008077b4010fca1747bf. Affected by this vulnerability is an unknown functionality of the file app/api/agent-output/route.ts. The … | Apr 28, 2026 |
| CVE-2026-4911 | MEDIUM | 5.3 | The Booking Package plugin for WordPress is vulnerable to Price Manipulation in versions up to, and including, 1.7.06 This is due to the intentForStripe() function … | Apr 28, 2026 |
| CVE-2026-4805 | MEDIUM | 6.4 | The Woostify plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.5.0 This is due to insufficient input sanitization … | Apr 28, 2026 |