Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
12600
Total
849
Critical
3629
High
3944
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-35431 | CRITICAL | 10.0 | Server-side request forgery (ssrf) in Microsoft Entra ID Entitlement Management allows an unauthorized attacker to perform spoofing over a network. | Apr 23, 2026 |
| CVE-2026-33819 | CRITICAL | 10.0 | Deserialization of untrusted data in Microsoft Bing allows an unauthorized attacker to execute code over a network. | Apr 23, 2026 |
| CVE-2026-33102 | CRITICAL | 9.3 | Url redirection to untrusted site ('open redirect') in M365 Copilot allows an unauthorized attacker to elevate privileges over a network. | Apr 23, 2026 |
| CVE-2026-32210 | CRITICAL | 9.3 | Server-side request forgery (ssrf) in Microsoft Dynamics 365 (Online) allows an unauthorized attacker to perform spoofing over a network. | Apr 23, 2026 |
| CVE-2026-32172 | HIGH | 8.0 | Uncontrolled search path element in Microsoft Power Apps allows an unauthorized attacker to execute code over a network. | Apr 23, 2026 |
| CVE-2026-2708 | LOW | 3.7 | A request smuggling vulnerability exists in libsoup's HTTP/1 header parsing logic. The soup_message_headers_append_common() function in libsoup/soup-message-headers.c unconditionally appends each header value without validating for duplicate … | Apr 23, 2026 |
| CVE-2026-26210 | CRITICAL | 9.8 | KTransformers through 0.5.3 contains an unsafe deserialization vulnerability in the balance_serve backend mode where the scheduler RPC server binds a ZMQ ROUTER socket to all … | Apr 23, 2026 |
| CVE-2026-26150 | HIGH | 8.6 | Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate privileges over a network. | Apr 23, 2026 |
| CVE-2026-24303 | CRITICAL | 9.6 | Improper access control in Microsoft Partner Center allows an authorized attacker to elevate privileges over a network. | Apr 23, 2026 |
| CVE-2026-6942 | CRITICAL | 9.8 | radare2-mcp version 1.6.0 and earlier contains an os command injection vulnerability that allows remote attackers to execute arbitrary commands by bypassing the command filter through … | Apr 23, 2026 |
| CVE-2026-6941 | MEDIUM | 6.6 | radare2 prior to 6.1.4 contains a path traversal vulnerability in its project notes handling that allows attackers to read or write files outside the configured … | Apr 23, 2026 |
| CVE-2026-6940 | HIGH | 7.1 | radare2 prior to 6.1.4 contains a path traversal vulnerability in project deletion that allows local attackers to recursively delete arbitrary directories by supplying absolute paths … | Apr 23, 2026 |
| CVE-2026-6376 | UNKNOWN | — | A weakness in SpiceJet’s public booking retrieval page permits full passenger booking details to be accessed using only a PNR and last name, with no … | Apr 23, 2026 |
| CVE-2026-6375 | UNKNOWN | — | A vulnerability in SpiceJet’s booking API allows unauthenticated users to query passenger name records (PNRs) without any access controls. Because PNR identifiers follow a predictable … | Apr 23, 2026 |
| CVE-2026-28525 | MEDIUM | 6.8 | SWUpdate contains an integer underflow vulnerability in the multipart upload parser in mongoose_multipart.c that allows unauthenticated attackers to cause a denial of service by sending … | Apr 23, 2026 |
| CVE-2026-41279 | HIGH | 7.5 | Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the text-to-speech generation endpoint (POST /api/v1/text-to-speech/generate) … | Apr 23, 2026 |
| CVE-2026-41278 | HIGH | 7.5 | Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the GET /api/v1/public-chatflows/:id endpoint returns the … | Apr 23, 2026 |
| CVE-2026-41277 | HIGH | 8.8 | Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, a Mass Assignment vulnerability in the … | Apr 23, 2026 |
| CVE-2026-41276 | CRITICAL | 9.8 | Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, this vulnerability allows remote attackers to … | Apr 23, 2026 |
| CVE-2026-41275 | HIGH | 7.5 | Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the password reset functionality on cloud.flowiseai.com … | Apr 23, 2026 |
| CVE-2026-41273 | HIGH | 8.2 | Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, Flowise contains an authentication bypass vulnerability … | Apr 23, 2026 |
| CVE-2026-41272 | HIGH | 7.1 | Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the core security wrappers (secureAxiosRequest and … | Apr 23, 2026 |
| CVE-2026-41271 | HIGH | 8.3 | Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, a Server-Side Request Forgery (SSRF) vulnerability … | Apr 23, 2026 |
| CVE-2026-41270 | HIGH | 7.1 | Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, a Server-Side Request Forgery (SSRF) protection … | Apr 23, 2026 |
| CVE-2026-41269 | HIGH | 7.1 | Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the Chatflow configuration file upload settings … | Apr 23, 2026 |