Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
12604
Total
849
Critical
3630
High
3947
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-40062 | HIGH | 7.5 | A path Traversal vulnerability exists in Ziostation2 v2.9.8.7 and earlier. A remote unauthenticated attacker may get sensitive information on the operating system. | Apr 23, 2026 |
| CVE-2026-3621 | HIGH | 7.5 | IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.4 IBM WebSphere Application Server Liberty is vulnerable to identity spoofing under limited conditions when an application … | Apr 23, 2026 |
| CVE-2026-32679 | HIGH | 7.8 | The installers of LiveOn Meet Client for Windows (Downloader5Installer.exe and Downloader5InstallerForAdmin.exe) and the installers of Canon Network Camera Plugin (CanonNWCamPlugin.exe and CanonNWCamPluginForAdmin.exe) insecurely load Dynamic … | Apr 23, 2026 |
| CVE-2026-29198 | CRITICAL | 9.8 | In Rocket.Chat <8.3.0, <8.2.1, <8.1.2, <8.0.3, <7.13.5, <7.12.6, <7.11.6, and <7.10.9, a NoSQL injection vulnerability can lead to account takeover of the first user with … | Apr 23, 2026 |
| CVE-2026-1726 | MEDIUM | 4.8 | IBM Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2, 4.2.1, 5.0, and 5.1 | Apr 23, 2026 |
| CVE-2026-1352 | MEDIUM | 6.5 | IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause … | Apr 23, 2026 |
| CVE-2026-1274 | MEDIUM | 4.9 | IBM Guardium Data Protection 12.0, 12.1, and 12.2 is vulnerable to a Bypass Business Logic vulnerability in the access management control panel. | Apr 23, 2026 |
| CVE-2026-1272 | LOW | 2.7 | IBM Guardium Data Protection 12.0, 12.1, and 12.2 is vulnerable to Security Misconfiguration vulnerability in the user access control panel. | Apr 23, 2026 |
| CVE-2025-36074 | MEDIUM | 5.5 | IBM Security Verify Directory (Container) 10.0.0 through 10.0.0.3 IBM Security Verify Directory could be vulnerable to malicious file upload by not validating file type. A … | Apr 23, 2026 |
| CVE-2026-4049 | UNKNOWN | — | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | Apr 22, 2026 |
| CVE-2026-41455 | HIGH | 8.5 | WeKan before 8.35 contains a server-side request forgery vulnerability in webhook integration URL handling where the url schema field accepts any string without protocol restriction … | Apr 22, 2026 |
| CVE-2026-41454 | HIGH | 8.3 | WeKan before 8.35 contains a missing authorization vulnerability in the Integration REST API endpoints that allows authenticated board members to perform administrative actions without proper … | Apr 22, 2026 |
| CVE-2026-41314 | UNKNOWN | — | pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.2 can craft a PDF … | Apr 22, 2026 |
| CVE-2026-41313 | UNKNOWN | — | pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.2 can craft a PDF … | Apr 22, 2026 |
| CVE-2026-41312 | UNKNOWN | — | pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.2 can craft a PDF … | Apr 22, 2026 |
| CVE-2026-41177 | MEDIUM | 5.5 | Squidex is an open source headless content management system and content management hub. Prior to version 7.23.0, the Squidex Restore API is vulnerable to Blind … | Apr 22, 2026 |
| CVE-2026-41175 | HIGH | 8.1 | Statamic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.20 and 6.13.0, manipulating query parameters on Control Panel and REST … | Apr 22, 2026 |
| CVE-2026-41172 | UNKNOWN | — | Squidex is an open source headless content management system and content management hub. Prior to version 7.23.0, an SSRF vulnerability allows a user with asset … | Apr 22, 2026 |
| CVE-2026-41171 | UNKNOWN | — | Squidex is an open source headless content management system and content management hub. Versions prior to 7.23.0 have a Server-Side Request Forgery (SSRF) vulnerability due … | Apr 22, 2026 |
| CVE-2026-41170 | UNKNOWN | — | Squidex is an open source headless content management system and content management hub. Prior to version 7.23.0, the `RestoreController.PostRestoreJob` endpoint allows an administrator to supply … | Apr 22, 2026 |
| CVE-2026-40517 | HIGH | 7.8 | radare2 prior to 6.1.4 contains a command injection vulnerability in the PDB parser's print_gvars() function that allows attackers to execute arbitrary commands by crafting a … | Apr 22, 2026 |
| CVE-2026-41168 | UNKNOWN | — | pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.1 can craft a PDF … | Apr 22, 2026 |
| CVE-2026-41167 | CRITICAL | 9.1 | Jellystat is a free and open source Statistics App for Jellyfin. Prior to version 1.1.10, multiple API endpoints in Jellystat build SQL queries by interpolating … | Apr 22, 2026 |
| CVE-2026-41166 | HIGH | 7.0 | OpenRemote is an open-source internet-of-things platform. Prior to version 1.22.1, a user who has `write:admin` in one Keycloak realm can call the Manager API to … | Apr 22, 2026 |
| CVE-2026-41134 | UNKNOWN | — | Kiota is an OpenAPI based HTTP Client code generator. Versions prior to 1.31.1 are affected by a code-generation literal injection vulnerability in multiple writer sinks … | Apr 22, 2026 |