Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
12557
Total
848
Critical
3598
High
3936
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-40473 | HIGH | 8.8 | The camel-mina component's MinaConverter.toObjectInput(IoBuffer) type converter wraps an IoBuffer in a java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. When a Camel route uses camel-mina … | Apr 27, 2026 |
| CVE-2026-40453 | CRITICAL | 9.9 | The fix for CVE-2025-27636 added setLowerCase(true) to HttpHeaderFilterStrategy so that case-variant header names such as 'CAmelExecCommandExecutable' are filtered out alongside 'CamelExecCommandExecutable'. The same setLowerCase(true) call … | Apr 27, 2026 |
| CVE-2026-40048 | HIGH | 7.8 | The Camel-PQC FileBasedKeyLifecycleManager class deserializes the contents of `<keyId>.key` files in the configured key directory using java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. The … | Apr 27, 2026 |
| CVE-2026-7097 | HIGH | 8.8 | A weakness has been identified in Tenda F456 1.0.0.5. This issue affects the function fromwebExcptypemanFilter of the file /goform/webExcptypemanFilter of the component httpd. This manipulation … | Apr 27, 2026 |
| CVE-2026-7096 | HIGH | 8.8 | A security flaw has been discovered in Tenda HG3 2.0 300003070. This vulnerability affects the function formgponConf of the file /boaform/admin/formgponConf. The manipulation of the … | Apr 27, 2026 |
| CVE-2026-7095 | MEDIUM | 4.3 | A vulnerability was identified in code-projects Employee Management System 1.0. This affects an unknown part of the file 370project/edit.php. The manipulation of the argument ID … | Apr 27, 2026 |
| CVE-2026-22077 | UNKNOWN | — | OPPO Wallet APP contains a trusted domain validation flaw that allows attackers to bypass protected interface access restrictions, which may lead to account token hijacking … | Apr 27, 2026 |
| CVE-2026-7094 | HIGH | 7.3 | A vulnerability was determined in ShadowCloneLabs GlutamateMCPServers up to e2de73280b01e5d943593dd1aa2c01c5b9112f78. Affected by this issue is some unknown functionality of the file src/puppeteer/index.ts of the component … | Apr 27, 2026 |
| CVE-2026-7093 | MEDIUM | 6.3 | A vulnerability was found in code-projects Invoice System in Laravel 1.0. Affected by this vulnerability is an unknown functionality of the file /invoice/ of the … | Apr 27, 2026 |
| CVE-2026-7092 | MEDIUM | 6.3 | A vulnerability has been found in code-projects Invoice System in Laravel 1.0. Affected is an unknown function of the file /profile/ of the component Profile … | Apr 27, 2026 |
| CVE-2026-7091 | MEDIUM | 6.3 | A flaw has been found in code-projects Invoice System in Laravel 1.0. This impacts an unknown function of the file /user of the component User … | Apr 27, 2026 |
| CVE-2026-42371 | MEDIUM | 5.1 | uriparser before 1.0.1 has numeric truncation in text range comparison, if an application accepts URIs with a length in gigabytes. | Apr 27, 2026 |
| CVE-2026-3008 | MEDIUM | 6.6 | Successful exploitation of the string injection vulnerability could allow an attacker to obtain memory address information or crash the application. | Apr 27, 2026 |
| CVE-2026-7090 | LOW | 2.4 | A vulnerability was detected in code-projects Chat System 1.0. This affects an unknown function of the file /admin/send_message.php of the component Chat Interface. The manipulation … | Apr 27, 2026 |
| CVE-2026-7089 | MEDIUM | 4.3 | A security vulnerability has been detected in code-projects Home Service System 1.0. The impacted element is an unknown function of the file /booking.php of the … | Apr 27, 2026 |
| CVE-2026-7088 | HIGH | 7.3 | A weakness has been identified in SourceCodester Pharmacy Sales and Inventory System 1.0. The affected element is an unknown function of the file /ajax.php?action=save_receiving. Executing … | Apr 27, 2026 |
| CVE-2026-7087 | HIGH | 7.3 | A security flaw has been discovered in SourceCodester Pharmacy Sales and Inventory System 1.0. Impacted is an unknown function of the file /ajax.php?action=save_sales. Performing a … | Apr 27, 2026 |
| CVE-2026-7086 | MEDIUM | 4.3 | A vulnerability was identified in HBAI-Ltd Toonflow-app up to 1.1.1. This issue affects the function updateStoryboardUrl of the file replaceUrl.ts of the component Storyboard Export. … | Apr 27, 2026 |
| CVE-2026-7085 | MEDIUM | 5.0 | A vulnerability was determined in HBAI-Ltd Toonflow-app up to 1.1.1. This vulnerability affects the function z.url of the file src/routes/setting/about/downloadApp.ts of the component downloadApp Endpoint. … | Apr 27, 2026 |
| CVE-2026-7084 | MEDIUM | 6.3 | A vulnerability was found in HBAI-Ltd Toonflow-app up to 1.1.1. This affects the function fetch of the file src/routes/setting/vendorConfig/getCodeByLink.ts of the component getCodeByLink Endpoint. The … | Apr 27, 2026 |
| CVE-2026-7083 | MEDIUM | 4.7 | A vulnerability has been found in likeadmin-likeshop likeadmin_php up to 1.9.6. Affected by this issue is the function queryResult of the file server\app\adminapi\lists\tools\DataTableLists.php of the … | Apr 27, 2026 |
| CVE-2026-7082 | HIGH | 8.8 | A flaw has been found in Tenda F456 1.0.0.5. Affected by this vulnerability is the function formWrlExtraSet of the file /goform/WrlExtraSet of the component httpd. … | Apr 27, 2026 |
| CVE-2026-7081 | HIGH | 8.8 | A vulnerability was detected in Tenda F456 1.0.0.5. Affected is the function fromGstDhcpSetSer of the file /goform/GstDhcpSetSer of the component httpd. Performing a manipulation of … | Apr 27, 2026 |
| CVE-2026-3868 | UNKNOWN | — | An improper handling of the length parameter inconsistency vulnerability has been identified in Moxa’s Secure Router. Because of improper validation of length parameters in the … | Apr 27, 2026 |
| CVE-2026-3867 | UNKNOWN | — | An improper ownership management vulnerability has been identified in Moxa’s Secure Router. Because of improper ownership management, a low-privileged authenticated user may access a configuration … | Apr 27, 2026 |