Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
12628
Total
849
Critical
3640
High
3960
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-24177 | HIGH | 7.7 | NVIDIA KAI Scheduler contains a vulnerability where an attacker could access API endpoints without authorization. A successful exploit of this vulnerability might lead to information … | Apr 21, 2026 |
| CVE-2026-24176 | MEDIUM | 4.3 | NVIDIA KAI Scheduler contains a vulnerability where an attacker could cause improper authorization through cross-namespace pod references. A successful exploit of this vulnerability might lead … | Apr 21, 2026 |
| CVE-2026-21571 | UNKNOWN | — | This Critical severity OS Command Injection vulnerability was introduced in versions 9.6.0, 10.0.0, 10.1.0, 10.2.0, 11.0.0, 11.1.0, 12.0.0, and 12.1.0 of Bamboo Data Center. This … | Apr 21, 2026 |
| CVE-2019-25714 | UNKNOWN | — | Seeyon OA A8 contains an unauthenticated arbitrary file write vulnerability in the /seeyon/htmlofficeservlet endpoint that allows remote attackers to write arbitrary files to the web … | Apr 21, 2026 |
| CVE-2026-40565 | MEDIUM | 6.1 | FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, FreeScout's linkify() function in app/Misc/Helper.php converts plain-text URLs in email bodies … | Apr 21, 2026 |
| CVE-2026-40498 | UNKNOWN | — | FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, an unauthenticated attacker can access diagnostic and system tools that should … | Apr 21, 2026 |
| CVE-2026-37748 | HIGH | 7.2 | Visitor Management System 1.0 by sanjay1313 is vulnerable to Unrestricted File Upload in vms/php/admin_user_insert.php and vms/php/update_1.php. The move_uploaded_file() function is called without any MIME type, … | Apr 21, 2026 |
| CVE-2025-41029 | UNKNOWN | — | SQL injection vulnerability in Zeon Academy Pro by Zeon Global Tech. This vulnerability allows an attacker to retrieve, create, update, and delete databases by sending … | Apr 21, 2026 |
| CVE-2025-41011 | UNKNOWN | — | HTML injection vulnerability in PHP Point of Sale v19.4. This vulnerability allows an attacker to render HTML in the victim's browser due to a lack … | Apr 21, 2026 |
| CVE-2025-15638 | CRITICAL | 10.0 | Net::Dropbear versions before 0.14 for Perl contains a vulnerable version of libtomcrypt. Net::Dropbear versions before 0.14 includes versions of Dropbear 2019.78 or earlier. These include … | Apr 21, 2026 |
| CVE-2017-20230 | CRITICAL | 10.0 | Storable versions before 3.05 for Perl has a stack overflow. The retrieve_hook function stored the length of the class name into a signed integer but … | Apr 21, 2026 |
| CVE-2026-5789 | UNKNOWN | — | Vulnerability related to an unquoted search path in CivetWeb v1.16. This vulnerability allows a local attacker to execute arbitrary code with elevated privileges by placing … | Apr 21, 2026 |
| CVE-2026-3298 | UNKNOWN | — | The method "sock_recvfrom_into()" of "asyncio.ProacterEventLoop" (Windows only) was missing a boundary check for the data buffer when using nbytes parameter. This allowed for an out-of-bounds … | Apr 21, 2026 |
| CVE-2026-31019 | HIGH | 8.8 | In the Website module of Dolibarr ERP & CRM 22.0.4 and below, the application uses blacklist-based filtering to restrict dangerous PHP functions related to system … | Apr 21, 2026 |
| CVE-2026-31018 | HIGH | 8.8 | In Dolibarr ERP & CRM <= 22.0.4, PHP code detection and editing permission enforcement in the Website module is not applied consistently to all input … | Apr 21, 2026 |
| CVE-2026-31014 | MEDIUM | 6.3 | Dovestones Softwares AD Self Update <4.0.0.5 is vulnerable to Cross Site Request Forgery (CSRF). The affected endpoint processes state-changing requests without requiring a CSRF token … | Apr 21, 2026 |
| CVE-2026-31013 | MEDIUM | 6.1 | Dovestones Softwares ADPhonebook <4.0.1.1 has a reflected cross-site scripting (XSS) vulnerability in the search parameter of the /ADPhonebook?Department=HR endpoint. User-supplied input is reflected in the … | Apr 21, 2026 |
| CVE-2026-29644 | MEDIUM | 5.3 | XiangShan (open-source high-performance RISC-V processor) commit edb1dfaf7d290ae99724594507dc46c2c2125384 (2024-11-28) has improper gating of its distributed CSR write-enable path, allowing illegal CSR write attempts to alter custom … | Apr 21, 2026 |
| CVE-2026-1089 | MEDIUM | 6.5 | User‑Controlled HTTP Header in Fortra's GoAnywhere MFT prior to version 7.10.0 allows attackers to trigger a DNS lookup, as well as DNS Rebinding and Information … | Apr 21, 2026 |
| CVE-2026-0972 | HIGH | 7.3 | The login limit is not enforced on the SFTP service of Fortra's GoAnywhere MFT prior to 7.10.0 if the Web User attempting to be logged … | Apr 21, 2026 |
| CVE-2026-0971 | MEDIUM | 4.3 | An improper session timeout issue in Fortra's GoAnywhere MFT prior to version 7.10.0 results in SAML configured Web Users being redirected to the regular login … | Apr 21, 2026 |
| CVE-2025-31981 | MEDIUM | 5.3 | HCL BigFix Service Management (SM) Discovery is vulnerable to unenforced encryption due to port 80 (HTTP) being open, allowing unencrypted access. An attacker with access … | Apr 21, 2026 |
| CVE-2025-31958 | LOW | 3.7 | HCL BigFix Service Management is susceptible to HTTP Request Smuggling. HTTP request smuggling vulnerabilities arise when websites route HTTP requests through web servers with inconsistent … | Apr 21, 2026 |
| CVE-2025-1241 | MEDIUM | 5.8 | Encrypted values in Fortra's GoAnywhere MFT prior to version 7.10.0 and GoAnywhere Agents prior to version 2.2.0 utilize a static IV which allows admin users … | Apr 21, 2026 |
| CVE-2025-14362 | HIGH | 7.3 | The login limit is not enforced on the SFTP service of Fortra's GoAnywhere MFT prior to 7.10.0 if the Web User attempting to be logged … | Apr 21, 2026 |