Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
12604
Total
849
Critical
3630
High
3947
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-1660 | MEDIUM | 6.5 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.3 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that under certain … | Apr 22, 2026 |
| CVE-2025-9957 | LOW | 2.7 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.2 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that under certain … | Apr 22, 2026 |
| CVE-2025-6016 | MEDIUM | 6.5 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.2 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that could have … | Apr 22, 2026 |
| CVE-2025-3922 | MEDIUM | 6.5 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.4 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that could have … | Apr 22, 2026 |
| CVE-2025-0186 | MEDIUM | 6.5 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.6 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that could have … | Apr 22, 2026 |
| CVE-2026-30139 | MEDIUM | 6.1 | A reflected cross-site scripting (XSS) vulnerability in the AdvancedSearch functionality of Silverpeas Core before version 6.4.6 allows attackers to execute arbitrary JavaScript in the context … | Apr 22, 2026 |
| CVE-2025-58922 | MEDIUM | 4.3 | Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Avada allows Cross Site Request Forgery.This issue affects Avada: from n/a before 7.13.2. | Apr 22, 2026 |
| CVE-2024-58344 | MEDIUM | 6.4 | Carbon Forum 5.9.0 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious JavaScript code through the Forum Name field in dashboard … | Apr 22, 2026 |
| CVE-2018-25272 | CRITICAL | 9.8 | ELBA5 5.8.0 contains a remote code execution vulnerability that allows attackers to obtain database credentials and execute arbitrary commands with SYSTEM level permissions. Attackers can … | Apr 22, 2026 |
| CVE-2018-25271 | MEDIUM | 6.2 | Textpad 8.1.2 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long buffer string through the … | Apr 22, 2026 |
| CVE-2018-25270 | CRITICAL | 9.8 | ThinkPHP 5.0.23 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by invoking functions through the routing parameter. Attackers … | Apr 22, 2026 |
| CVE-2018-25269 | MEDIUM | 6.1 | ICEWARP 11.0.0.0 contains a cross-site scripting vulnerability that allows attackers to inject malicious HTML elements into emails by embedding base64-encoded payloads in object and embed … | Apr 22, 2026 |
| CVE-2018-25268 | HIGH | 8.4 | LanSpy 2.0.1.159 contains a local buffer overflow vulnerability that allows attackers to overwrite the instruction pointer by supplying oversized input to the scan field. Attackers … | Apr 22, 2026 |
| CVE-2018-25267 | MEDIUM | 6.2 | UltraISO 9.7.1.3519 contains a local buffer overflow vulnerability in the Output FileName field of the Make CD/DVD Image dialog that allows attackers to overwrite SEH … | Apr 22, 2026 |
| CVE-2018-25266 | MEDIUM | 6.2 | Angry IP Scanner 3.5.3 contains a buffer overflow vulnerability in the preferences dialog that allows local attackers to crash the application by supplying an excessively … | Apr 22, 2026 |
| CVE-2018-25265 | HIGH | 8.4 | LanSpy 2.0.1.159 contains a local buffer overflow vulnerability in the scan section that allows local attackers to execute arbitrary code by exploiting structured exception handling … | Apr 22, 2026 |
| CVE-2018-25262 | MEDIUM | 6.2 | Angry IP Scanner for Linux 3.5.3 contains a denial of service vulnerability that allows local attackers to crash the application by supplying malformed input to … | Apr 22, 2026 |
| CVE-2018-25261 | HIGH | 8.4 | Iperius Backup 5.8.1 contains a local buffer overflow vulnerability in the structured exception handling (SEH) mechanism that allows local attackers to execute arbitrary code by … | Apr 22, 2026 |
| CVE-2018-25260 | HIGH | 8.4 | MAGIX Music Editor 3.1 contains a buffer overflow vulnerability in the FreeDB Proxy Options dialog that allows local attackers to execute arbitrary code by exploiting … | Apr 22, 2026 |
| CVE-2018-25259 | HIGH | 8.4 | Terminal Services Manager 3.1 contains a stack-based buffer overflow vulnerability in the computer names field that allows local attackers to execute arbitrary code by triggering … | Apr 22, 2026 |
| CVE-2026-35548 | HIGH | 8.5 | An issue was discovered in guardsix (formerly Logpoint) ODBC Enrichment Plugins before 5.2.1 (5.2.1 is used in guardsix 7.9.0.0). A logic flaw allowed stored database … | Apr 22, 2026 |
| CVE-2026-6862 | MEDIUM | 5.5 | A flaw was found in libefiboot, a component of efivar. The device path node parser in libefiboot fails to validate that each node's Length field … | Apr 22, 2026 |
| CVE-2026-6861 | MEDIUM | 6.1 | A flaw was found in GNU Emacs. This vulnerability, a memory corruption issue, occurs when Emacs processes specially crafted SVG (Scalable Vector Graphics) CSS (Cascading … | Apr 22, 2026 |
| CVE-2026-6859 | HIGH | 8.8 | A flaw was found in InstructLab. The `linux_train.py` script hardcodes `trust_remote_code=True` when loading models from HuggingFace. This allows a remote attacker to achieve arbitrary Python … | Apr 22, 2026 |
| CVE-2026-6356 | CRITICAL | 9.6 | A vulnerability in the web application allows standard users to escalate their privileges to those of a super administrator through parameter manipulation, enabling them to … | Apr 22, 2026 |