Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
12628
Total
849
Critical
3640
High
3960
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-6712 | MEDIUM | 4.4 | The Website LLMs.txt plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 8.2.6 due to … | Apr 21, 2026 |
| CVE-2026-6711 | MEDIUM | 6.1 | The Website LLMs.txt plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 8.2.6. This … | Apr 21, 2026 |
| CVE-2026-6703 | MEDIUM | 4.3 | The Responsive Blocks – Page Builder for Blocks & Patterns plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, … | Apr 21, 2026 |
| CVE-2026-31370 | MEDIUM | 6.3 | Honor E APP is affected by information leak vulnerability, successful exploitation of this vulnerability may affect service confidentiality. | Apr 21, 2026 |
| CVE-2026-31369 | LOW | 3.2 | PcManager is affected by type privilege bypass, successful exploitation of this vulnerability may affect service availability | Apr 21, 2026 |
| CVE-2026-31368 | HIGH | 7.8 | AiAssistant is affected by type privilege bypass, successful exploitation of this vulnerability may affect service availability. | Apr 21, 2026 |
| CVE-2026-5965 | CRITICAL | 9.8 | NewSoftOA developed by NewSoft has an OS Command Injection vulnerability, allowing unauthenticated local attackers to inject arbitrary OS commands and execute them on the server. | Apr 21, 2026 |
| CVE-2026-6675 | MEDIUM | 5.3 | The Responsive Blocks – Page Builder for Blocks & Patterns plugin for WordPress is vulnerable to Unauthenticated Open Email Relay in all versions up to, … | Apr 21, 2026 |
| CVE-2026-6674 | MEDIUM | 6.5 | The Plugin: CMS für Motorrad Werkstätten plugin for WordPress is vulnerable to SQL Injection via the 'arttype' parameter in all versions up to, and including, … | Apr 21, 2026 |
| CVE-2026-40497 | HIGH | 8.1 | FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, FreeScout's `Helper::stripDangerousTags()` removes `<script>`, `<form>`, `<iframe>`, `<object>` but does NOT strip … | Apr 21, 2026 |
| CVE-2026-6058 | MEDIUM | 4.5 | ** UNSUPPORTED WHEN ASSIGNED ** An improper encoding or escaping vulnerability in the CGI program of Zyxel WRE6505 v2 firmware version V1.00(ABDV.3)C0 could allow an … | Apr 21, 2026 |
| CVE-2026-40496 | UNKNOWN | — | FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, attachment download tokens are generated using a weak and predictable formula: … | Apr 21, 2026 |
| CVE-2026-40250 | UNKNOWN | — | OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.4.0 through … | Apr 21, 2026 |
| CVE-2026-40244 | UNKNOWN | — | OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.4.0 through … | Apr 21, 2026 |
| CVE-2026-39973 | HIGH | 7.1 | Apktool is a tool for reverse engineering Android APK files. In versions 3.0.0 and 3.0.1, a path traversal vulnerability in `brut/androlib/res/decoder/ResFileDecoder.java` allows a maliciously crafted … | Apr 21, 2026 |
| CVE-2026-39886 | MEDIUM | 5.3 | OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. Versions 3.4.0 through 3.4.9 … | Apr 21, 2026 |
| CVE-2026-39866 | UNKNOWN | — | Lawnchair is a free, open-source home app for Android. Prior to commit fcba413f55dd47f8a3921445252849126c6266b2, command injection in release_update.yml workflow dispatch input allows arbitrary code execution. Commit … | Apr 21, 2026 |
| CVE-2026-40264 | UNKNOWN | — | OpenBao is an open source identity-based secrets management system. OpenBao's namespaces provide multi-tenant separation. Prior to version 2.5.3, a tenant who leaks token accessors can … | Apr 21, 2026 |
| CVE-2026-39946 | UNKNOWN | — | OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, when OpenBao revoked privileges on a role in the PostgreSQL database secrets … | Apr 21, 2026 |
| CVE-2026-39861 | UNKNOWN | — | Claude Code is an agentic coding tool. Prior to version 2.1.64, Claude Code's sandbox did not prevent sandboxed processes from creating symlinks pointing to locations … | Apr 21, 2026 |
| CVE-2026-39396 | LOW | 3.1 | OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, `ExtractPluginFromImage()` in OpenBao's OCI plugin downloader extracts a plugin binary from a … | Apr 21, 2026 |
| CVE-2026-39388 | UNKNOWN | — | OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, OpenBao's Certificate authentication method, when a token renewal is requested and `disable_binding=true` … | Apr 21, 2026 |
| CVE-2026-39386 | HIGH | 8.8 | Neko is a a self-hosted virtual browser that runs in Docker and uses WebRTC In versions 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1, any authenticated … | Apr 21, 2026 |
| CVE-2026-39378 | MEDIUM | 6.5 | The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. In versions 6.5 through 7.17.0, when `HTMLExporter.embed_images=True`, nbconvert's markdown renderer … | Apr 21, 2026 |
| CVE-2026-39377 | MEDIUM | 6.5 | The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. Versions 6.5 through 7.17.0 allow arbitrary file writes to locations … | Apr 21, 2026 |