Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
12600
Total
849
Critical
3629
High
3944
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-2951 | MEDIUM | 5.4 | The Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and … | Apr 23, 2026 |
| CVE-2026-41679 | CRITICAL | 10.0 | Paperclip is a Node.js server and React UI that orchestrates a team of AI agents to run a business. Prior to version 2026.416.0, an unauthenticated … | Apr 23, 2026 |
| CVE-2026-41243 | UNKNOWN | — | OpenLearn is open-source educational forum software. Prior to commit 844b2a40a69d0c4911580fe501923f0b391313ab, when `safeMode` is enabled, unapproved forum posts are hidden from the public list, but the … | Apr 23, 2026 |
| CVE-2026-41211 | UNKNOWN | — | Vite+ is a unified toolchain and entry point for web development. Prior to version 0.1.17, `downloadPackageManager()` accepts an untrusted `version` string and uses it directly … | Apr 23, 2026 |
| CVE-2026-41208 | HIGH | 8.8 | Paperclip is a Node.js server and React UI that orchestrates a team of AI agents to run a business. Versions of @paperclipai/server prior to 2026.416.0 … | Apr 23, 2026 |
| CVE-2026-41206 | UNKNOWN | — | PySpector is a static analysis security testing (SAST) Framework engineered for modern Python development workflows. The plugin security validator in PySpector uses AST-based static analysis … | Apr 23, 2026 |
| CVE-2026-41200 | UNKNOWN | — | STIG Manager is an API and web client for managing Security Technical Implementation Guides (STIG) assessments of Information Systems. Versions 1.5.10 through 1.6.7 have a … | Apr 23, 2026 |
| CVE-2026-41197 | UNKNOWN | — | Noir is a Domain Specific Language for SNARK proving systems that is designed to use any ACIR compatible proving system, and Brillig is the bytecode … | Apr 23, 2026 |
| CVE-2026-41196 | UNKNOWN | — | Luanti (formerly Minetest) is an open source voxel game-creation platform. Starting in version 5.0.0 and prior to version 5.15.2, a malicious mod can trivially escape … | Apr 23, 2026 |
| CVE-2026-41182 | MEDIUM | 5.3 | LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to version 0.5.19 of the JavaScript SDK and version 0.7.31 of the Python … | Apr 23, 2026 |
| CVE-2026-41180 | HIGH | 7.5 | PsiTransfer is an open source, self-hosted file sharing solution. Prior to version 2.4.3, the upload PATCH flow under `/files/:uploadId` validates the mounted request path using … | Apr 23, 2026 |
| CVE-2026-1923 | MEDIUM | 6.4 | The Social Rocket – Social Sharing Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, … | Apr 23, 2026 |
| CVE-2026-6878 | MEDIUM | 5.6 | A vulnerability was identified in ByteDance verl up to 0.7.0. Affected is the function math_equal of the file prime_math/grader.py. The manipulation leads to sandbox issue. … | Apr 23, 2026 |
| CVE-2026-6874 | MEDIUM | 4.3 | A vulnerability was determined in ericc-ch copilot-api up to 0.7.0. This impacts an unknown function of the file /token of the component Header Handler. Executing … | Apr 23, 2026 |
| CVE-2026-5935 | HIGH | 7.3 | IBM Total Storage Service Console (TSSC) / TS4500 IMC 9.2, 9.3, 9.4, 9.5, 9.6 TSSC/IMC could allow an unauthenticated user to execute arbitrary commands with … | Apr 23, 2026 |
| CVE-2026-5926 | MEDIUM | 6.5 | IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 … | Apr 23, 2026 |
| CVE-2026-4919 | MEDIUM | 4.8 | IBM Guardium Data Protection 12.1 is vulnerable to cross-site scripting. This vulnerability allows an administrative user to embed arbitrary JavaScript code in the Web UI … | Apr 23, 2026 |
| CVE-2026-4918 | MEDIUM | 5.5 | IBM Guardium Data Protection 12.1 is vulnerable to stored cross-site scripting. This vulnerability allows an administrative user to embed arbitrary JavaScript code in the Web … | Apr 23, 2026 |
| CVE-2026-4917 | MEDIUM | 4.9 | IBM Guardium Data Protection 12.1 could allow an administrative user to traverse directories on the system. An attacker could send a specially crafted URL request … | Apr 23, 2026 |
| CVE-2026-41179 | UNKNOWN | — | Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Starting in version 1.48.0 and prior to version … | Apr 23, 2026 |
| CVE-2026-41176 | UNKNOWN | — | Rclone is a command-line program to sync files and directories to and from different cloud storage providers. The RC endpoint `options/set` is exposed without `AuthRequired: … | Apr 23, 2026 |
| CVE-2026-40062 | HIGH | 7.5 | A path Traversal vulnerability exists in Ziostation2 v2.9.8.7 and earlier. A remote unauthenticated attacker may get sensitive information on the operating system. | Apr 23, 2026 |
| CVE-2026-3621 | HIGH | 7.5 | IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.4 IBM WebSphere Application Server Liberty is vulnerable to identity spoofing under limited conditions when an application … | Apr 23, 2026 |
| CVE-2026-32679 | HIGH | 7.8 | The installers of LiveOn Meet Client for Windows (Downloader5Installer.exe and Downloader5InstallerForAdmin.exe) and the installers of Canon Network Camera Plugin (CanonNWCamPlugin.exe and CanonNWCamPluginForAdmin.exe) insecurely load Dynamic … | Apr 23, 2026 |
| CVE-2026-29198 | CRITICAL | 9.8 | In Rocket.Chat <8.3.0, <8.2.1, <8.1.2, <8.0.3, <7.13.5, <7.12.6, <7.11.6, and <7.10.9, a NoSQL injection vulnerability can lead to account takeover of the first user with … | Apr 23, 2026 |