Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
12557
Total
848
Critical
3598
High
3936
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-41526 | MEDIUM | 6.5 | In KDE KCoreAddons before 6.25, KShell::quoteArgs is intended to safely quote arguments so that they can be passed to a shell command. This parsing does … | Apr 28, 2026 |
| CVE-2026-41525 | MEDIUM | 6.5 | KDE Dolphin before 25.12.3 allows applications in a Flatpak (or with AppArmor confinement) to open folders outside of the application sandbox without additional scrutiny. Dolphin's … | Apr 28, 2026 |
| CVE-2026-40966 | MEDIUM | 5.9 | In Spring AI, an attacker can bypass conversation isolation and exfiltrate sensitive memory from other users’ chat histories, including secrets and credentials, by injecting filter … | Apr 28, 2026 |
| CVE-2024-54013 | UNKNOWN | — | Penetration Testing engineers at Amazon have identified a security flaw related to request handling in the web server component that could, under certain conditions, lead … | Apr 28, 2026 |
| CVE-2024-54012 | UNKNOWN | — | Penetration Testing engineers at Amazon discovered a vulnerability where the camera system failed to properly validate input, allowing specially crafted requests containing malicious commands to … | Apr 28, 2026 |
| CVE-2024-54011 | UNKNOWN | — | Penetration Testing engineers at Amazon have discovered a flaw where the camera system fails to properly handle data supplied in certain requests, causing a service … | Apr 28, 2026 |
| CVE-2026-7234 | HIGH | 7.3 | A weakness has been identified in BrowserOperator browser-operator-core up to 0.6.0. Affected is the function startsWith of the file scripts/component_server/server.js. Executing a manipulation of the … | Apr 28, 2026 |
| CVE-2026-7233 | LOW | 3.3 | A vulnerability was determined in Artifex MuPDF up to 1.28.0. The impacted element is the function fz_subset_cff_for_gids of the file subset-cff.c of the component CFF … | Apr 28, 2026 |
| CVE-2026-7230 | MEDIUM | 4.3 | A vulnerability was found in SourceCodester Safety Anger Pad 1.0. The affected element is an unknown function. The manipulation of the argument angerDisplay results in … | Apr 28, 2026 |
| CVE-2026-7229 | MEDIUM | 6.3 | A vulnerability was found in code-projects Coaching Management System 1.0. This affects an unknown function of the file /cims/modules/admin/reply.php of the component POST Handler. Performing … | Apr 28, 2026 |
| CVE-2026-5306 | MEDIUM | 5.4 | The Check & Log Email WordPress plugin before 2.0.13 does not properly handle email replacement, which could allow unauthenticated users to perform Stored XSS attacks … | Apr 28, 2026 |
| CVE-2026-40967 | HIGH | 8.6 | In Spring AI, various FilterExpressionConverter implementations accept a filter expression object and translate them to specific vector store query languages. In several cases, keys and … | Apr 28, 2026 |
| CVE-2026-40356 | MEDIUM | 5.9 | In MIT Kerberos 5 (aka krb5) before 1.22.3, there is an integer underflow and resultant out-of-bounds read if an application calls gss_accept_sec_context() on a system … | Apr 28, 2026 |
| CVE-2026-7228 | HIGH | 7.3 | A flaw has been found in SourceCodester Pizzafy Ecommerce System 1.0. The affected element is the function get_cart_count of the file /admin/ajax.php?action=get_cart_count. This manipulation of … | Apr 28, 2026 |
| CVE-2026-7227 | HIGH | 7.3 | A vulnerability was detected in SourceCodester Pizzafy Ecommerce System 1.0. Impacted is the function Login of the file /admin/ajax.php?action=login. The manipulation of the argument e-mail … | Apr 28, 2026 |
| CVE-2026-7226 | HIGH | 7.3 | A security vulnerability has been detected in SourceCodester Pizzafy Ecommerce System 1.0. This issue affects the function login2 of the file /admin/ajax.php?action=login2. The manipulation of … | Apr 28, 2026 |
| CVE-2026-7225 | HIGH | 7.3 | A weakness has been identified in SourceCodester Pizzafy Ecommerce System 1.0. This vulnerability affects the function delete_menu of the file /admin/ajax.php?action=delete_menu. Executing a manipulation of … | Apr 28, 2026 |
| CVE-2026-7224 | HIGH | 7.3 | A security flaw has been discovered in SourceCodester Pizzafy Ecommerce System 1.0. This affects the function delete_cart of the file /admin/ajax.php?action=delete_cart. Performing a manipulation of … | Apr 28, 2026 |
| CVE-2026-6809 | MEDIUM | 6.4 | The Social Post Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Threads embed handler in all versions up to, and including, … | Apr 28, 2026 |
| CVE-2026-6725 | MEDIUM | 6.4 | The WPC Smart Messages for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'text' attribute of the `wpcsm_text_rotator` shortcode in all … | Apr 28, 2026 |
| CVE-2026-6551 | MEDIUM | 6.4 | The Timeline Blocks for Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'titleTag' attribute of the timeline-blocks/tb-timeline-blocks block in all versions … | Apr 28, 2026 |
| CVE-2026-42510 | MEDIUM | 6.6 | OpenStack Ironic before 35.0.1 allows ipmitool execution in a non-default configuration that has a console interface. | Apr 28, 2026 |
| CVE-2026-40355 | MEDIUM | 5.9 | In MIT Kerberos 5 (aka krb5) before 1.22.3, there is a NULL pointer dereference if an application calls gss_accept_sec_context() on a system with a NegoEx … | Apr 28, 2026 |
| CVE-2026-7223 | HIGH | 7.3 | A vulnerability was identified in BigSweetPotatoStudio HyperChat up to 2.0.0-alpha.63. Affected by this issue is the function fetch of the file packages/core/src/http/aiProxyMiddleware.mts of the component … | Apr 28, 2026 |
| CVE-2026-7222 | LOW | 3.5 | A vulnerability was determined in code-projects Coaching Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /cims/modules/student/complaint.php of the component … | Apr 28, 2026 |