Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
12557
Total
848
Critical
3598
High
3936
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-7127 | HIGH | 7.3 | A weakness has been identified in SourceCodester Pharmacy Sales and Inventory System 1.0. This vulnerability affects unknown code of the file /ajax.php?action=delete_receiving. This manipulation of … | Apr 27, 2026 |
| CVE-2026-7126 | HIGH | 7.3 | A security flaw has been discovered in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects an unknown part of the file /ajax.php?action=save_category. The manipulation … | Apr 27, 2026 |
| CVE-2026-6265 | UNKNOWN | — | Insecure preserved inherited permissions vulnerability in Cerberus FTP Server on Windows allows Privilege Escalation.This issue has been resolved in Cerberus FTP Server: 2026.1 | Apr 27, 2026 |
| CVE-2026-41081 | MEDIUM | 6.5 | Improper Handling of TLS Client Authentication Failure Leading to Anonymous Principal Assignment in Apache Storm Versions Affected: up to 2.8.7 Description: When TLS transport is … | Apr 27, 2026 |
| CVE-2026-40557 | UNKNOWN | — | Improper Certificate Validation via Global SSL Context Downgrade in Apache Storm Prometheus Reporter Versions Affected: from 2.6.3 to 2.8.6 Description: In production deployments where an … | Apr 27, 2026 |
| CVE-2026-32688 | UNKNOWN | — | Allocation of Resources Without Limits or Throttling vulnerability in elixir-plug plug_cowboy allows unauthenticated remote denial of service via atom table exhaustion. Plug.Cowboy.Conn.conn/1 in lib/plug/cowboy/conn.ex calls … | Apr 27, 2026 |
| CVE-2025-15626 | UNKNOWN | — | Authenticated user can bypass authorization in Ribblr - Crochet & Knitting iOS application | Apr 27, 2026 |
| CVE-2026-7125 | CRITICAL | 9.8 | A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. Affected by this issue is the function setWiFiEasyCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. … | Apr 27, 2026 |
| CVE-2026-7124 | CRITICAL | 9.8 | A vulnerability was determined in Totolink A8000RU 7.1cu.643_b20200521. Affected by this vulnerability is the function setIpv6LanCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. … | Apr 27, 2026 |
| CVE-2026-7123 | CRITICAL | 9.8 | A vulnerability was found in Totolink A8000RU 7.1cu.643_b20200521. Affected is the function setIptvCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation … | Apr 27, 2026 |
| CVE-2026-7040 | HIGH | 7.5 | Text::Minify::XS versions from v0.3.0 before v0.7.8 for Perl have a heap overflow when processing some malformed UTF-8 characters. The minify functions mishandled some malformed UTF-8 … | Apr 27, 2026 |
| CVE-2026-7122 | CRITICAL | 9.8 | A vulnerability has been found in Totolink A8000RU 7.1cu.643_b20200521. This impacts the function setUPnPCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation … | Apr 27, 2026 |
| CVE-2026-7121 | CRITICAL | 9.8 | A flaw has been found in Totolink A8000RU 7.1cu.643_b20200521. This affects the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation … | Apr 27, 2026 |
| CVE-2026-7119 | HIGH | 8.8 | A vulnerability was detected in Tenda HG3 2.0. The impacted element is an unknown function of the file /boaform/formCountrystr. The manipulation of the argument countrystr … | Apr 27, 2026 |
| CVE-2026-7118 | MEDIUM | 6.3 | A security vulnerability has been detected in code-projects Employee Management System 1.0. The affected element is an unknown function of the file 370project/cancel.php. The manipulation … | Apr 27, 2026 |
| CVE-2026-7117 | MEDIUM | 6.3 | A weakness has been identified in code-projects Employee Management System 1.0. Impacted is an unknown function of the file 370project/approve.php. Executing a manipulation of the … | Apr 27, 2026 |
| CVE-2026-7116 | MEDIUM | 4.3 | A security flaw has been discovered in code-projects Employee Management System 1.0. This issue affects some unknown processing of the file 370project/mark.php. Performing a manipulation … | Apr 27, 2026 |
| CVE-2026-5943 | HIGH | 7.8 | Document structural anomalies caused inconsistencies between page element relationships and internal index states. When scripts triggered document modifications, object reference validity was not properly maintained, … | Apr 27, 2026 |
| CVE-2026-5942 | MEDIUM | 5.5 | Flaws in page lifecycle management allow document structure changes to desynchronize internal component states, causing subsequent operations to access invalidated objects and crash the program. | Apr 27, 2026 |
| CVE-2026-5941 | HIGH | 7.8 | Parsing logic flaws cause non-signature data to be misidentified as valid signatures when processing malformed form field hierarchies, leading to invalid memory writes and program … | Apr 27, 2026 |
| CVE-2026-5940 | HIGH | 7.8 | Calling a function that triggers a UI refresh after removing comments via a script may access an invalidated object, leading to program crashes. | Apr 27, 2026 |
| CVE-2026-5939 | MEDIUM | 5.5 | A crafted XFA PDF can trigger a use-after-free condition during calculate event processing, causing the application to crash and resulting in an arbitrary code execution. | Apr 27, 2026 |
| CVE-2026-5938 | MEDIUM | 5.5 | Improper control flow management allows a crafted document action chain to cause modal dialog reentry on the main thread, resulting in UI freeze and denial … | Apr 27, 2026 |
| CVE-2026-5937 | MEDIUM | 5.5 | Insufficient parameter verification leads to the occurrence of format errors in files, which will trigger an unhandled "std::invalid_argument" exception, ultimately causing the program to terminate. | Apr 27, 2026 |
| CVE-2026-42410 | MEDIUM | 6.5 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodexThemes TheGem Theme Elements (for Elementor) allows DOM-Based XSS.This issue affects TheGem Theme … | Apr 27, 2026 |