Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
12557
Total
848
Critical
3598
High
3936
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-31256 | HIGH | 7.5 | A null pointer dereference vulnerability exists in the RTSP service of the MERCURY MIPC252W 1.0.5 Build 230306 Rel.79931n. During the processing of a SETUP request … | Apr 27, 2026 |
| CVE-2026-31255 | CRITICAL | 9.8 | A command injection vulnerability exists in Tenda AC18 V15.03.05.05_multi. The vulnerability is located in the /goform/SetSambaCfg interface, where improper handling of the guestuser parameter allows … | Apr 27, 2026 |
| CVE-2025-69428 | HIGH | 7.5 | An issue in Pro-Bit before v1.77.4 allows unauthenticated attackers to directly access sensitive directory and its subdirectories. | Apr 27, 2026 |
| CVE-2021-36438 | MEDIUM | 6.5 | SQL Injection vulnerability exists in Sourcecodester Online Job Portal phppdo 1.0 ivia the category parameter in /jobportal/index.php. | Apr 27, 2026 |
| CVE-2026-7146 | HIGH | 7.3 | A security vulnerability has been detected in AlejandroArciniegas mcp-data-vis up to de5a51525a69822290eaee569a1ab447b490746d. Affected by this vulnerability is the function axios of the file src/servers/web-scraper/server.js of … | Apr 27, 2026 |
| CVE-2026-7145 | MEDIUM | 5.4 | A weakness has been identified in mettle sendportal up to 3.0.1. Affected is the function destroy of the file app/Http/Controllers/Workspaces/WorkspaceInvitationsController.php of the component Invitation Handler. … | Apr 27, 2026 |
| CVE-2026-7144 | MEDIUM | 4.3 | A security flaw has been discovered in 1000 Projects Portfolio Management System MCA 1.0. This impacts an unknown function of the file update_passwd_process.php. The manipulation … | Apr 27, 2026 |
| CVE-2026-7143 | MEDIUM | 6.3 | A vulnerability was identified in 1000 Projects Portfolio Management System MCA up to 1.0. This affects an unknown function of the file /admin/block_status.php. The manipulation … | Apr 27, 2026 |
| CVE-2026-31691 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: igb: remove napi_synchronize() in igb_down() When an AF_XDP zero-copy application terminates abruptly (e.g., kill -9), … | Apr 27, 2026 |
| CVE-2026-31690 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: firmware: thead: Fix buffer overflow and use standard endian macros Addresses two issues in the … | Apr 27, 2026 |
| CVE-2026-31689 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: EDAC/mc: Fix error path ordering in edac_mc_alloc() When the mci->pvt_info allocation in edac_mc_alloc() fails, the … | Apr 27, 2026 |
| CVE-2026-31688 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: driver core: enforce device_lock for driver_match_device() Currently, driver_match_device() is called from three sites. One site … | Apr 27, 2026 |
| CVE-2026-31687 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: gpio: omap: do not register driver in probe() Commit 11a78b794496 ("ARM: OMAP: MPUIO wake updates") … | Apr 27, 2026 |
| CVE-2026-31686 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: mm/kasan: fix double free for kasan pXds kasan_free_pxd() assumes the page table is always struct … | Apr 27, 2026 |
| CVE-2026-25908 | MEDIUM | 6.7 | Dell Alienware Command Center (AWCC), versions prior to 6.13.8.0, contain an Execution with Unnecessary Privileges vulnerability in the AWCC. A low privileged attacker with local … | Apr 27, 2026 |
| CVE-2025-69689 | HIGH | 8.8 | The Fan Control application V251 contains an improper privilege handling vulnerability in its Open File Dialog. The dialog processes user-supplied paths with elevated permissions, which … | Apr 27, 2026 |
| CVE-2026-7142 | MEDIUM | 6.3 | A vulnerability was determined in Wooey up to 0.13.2. The impacted element is the function add_or_update_script of the file wooey/api/scripts.py of the component API Endpoint. … | Apr 27, 2026 |
| CVE-2026-7141 | MEDIUM | 5.6 | A vulnerability was found in vllm up to 0.19.0. The affected element is the function has_mamba_layers of the file vllm/v1/kv_cache_interface.py of the component KV Block … | Apr 27, 2026 |
| CVE-2026-7140 | CRITICAL | 9.8 | A vulnerability has been found in Totolink A8000RU 7.1cu.643_b20200521. Impacted is the function CsteSystem of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation … | Apr 27, 2026 |
| CVE-2026-7139 | CRITICAL | 9.8 | A flaw has been found in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function setWiFiAclRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This … | Apr 27, 2026 |
| CVE-2026-38936 | MEDIUM | 6.1 | A reflected cross-site scripting (XSS) vulnerability exists in diskover-community <= 2.3.5 in public/selectindices.php via the namecontains parameter | Apr 27, 2026 |
| CVE-2026-38935 | MEDIUM | 6.1 | A reflected cross-site scripting (XSS) vulnerability exists in diskover-community <= 2.3.5 in public/view.php via the doctype parameter | Apr 27, 2026 |
| CVE-2026-38934 | HIGH | 8.8 | Cross Site Request Forgery vulnerability in diskoverdata diskover-community v.2.3.5. and before allows a remote attacker to escalate privileges and obtain sensitive information via the public/settings_process.php | Apr 27, 2026 |
| CVE-2026-30462 | MEDIUM | 4.3 | A path traversal vulnerability in the Blocks module of Daylight Studio FuelCMS v1.5.2 allows attackers to execute a directory traversal. | Apr 27, 2026 |
| CVE-2026-30346 | MEDIUM | 4.3 | An open redirect in the /api/google/authorize endpoint of hunvreus DevPush v0.3.2 allows attackers to redirect users to malicious sites via supplying a crafted URL. | Apr 27, 2026 |