Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
12628
Total
849
Critical
3640
High
3960
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-6060 | MEDIUM | 4.5 | A vulnerability in the SQL Box in the admin interface of OTRS leads to an uncontrolled resource consumption leading to a DoS against the webserver. … | Apr 20, 2026 |
| CVE-2025-11249 | UNKNOWN | — | Rejected reason: This CVE id was assigned as a duplicate of CVE-2025-66414. | Apr 20, 2026 |
| CVE-2026-41389 | MEDIUM | 5.8 | OpenClaw versions 2026.4.7 before 2026.4.15 fail to enforce local-root containment on tool-result media paths, allowing arbitrary local and UNC file access. Attackers can craft malicious … | Apr 20, 2026 |
| CVE-2026-39112 | MEDIUM | 5.4 | Cross Site Scripting vulnerability in Apartment Visitors Management System Apartment Visitors Management System V1.1 in the visname parameter of visitors-form.php. An authenticated attacker can inject … | Apr 20, 2026 |
| CVE-2026-39111 | HIGH | 7.5 | SQL Injection vulnerability in Apartment Visitors Management System Apartment Visitors Management System V1.1 in the email parameter of the forgot password page (forgot-password.php). This allows … | Apr 20, 2026 |
| CVE-2026-39110 | HIGH | 8.2 | SQL Injection vulnerability in Apartment Visitors Management System Apartment Visitors Management System V1.1 in the contactno parameter of the forgot password page (forgot-password.php). This allows … | Apr 20, 2026 |
| CVE-2026-39109 | CRITICAL | 9.4 | SQL Injection vulnerability in Apartment Visitors Management System Apartment Visitors Management System V1.1 within the username parameter of the login page (index.php). This allows an … | Apr 20, 2026 |
| CVE-2026-26399 | UNKNOWN | — | A stack-use-after-return issue exists in the Arduino_Core_STM32 library prior to version 1.7.0. The pwm_start() function allocates a TIM_HandleTypeDef structure on the stack and passes its … | Apr 20, 2026 |
| CVE-2026-23758 | UNKNOWN | — | GFI HelpDesk before 4.99.9 contains a stored cross-site scripting vulnerability in the ticket subject field that allows authenticated staff members to inject malicious JavaScript by … | Apr 20, 2026 |
| CVE-2026-23757 | MEDIUM | 5.4 | GFI HelpDesk before 4.99.10 contains a stored cross-site scripting vulnerability in the Reports module where the title parameter is passed directly to SWIFT_Report::Create() without HTML … | Apr 20, 2026 |
| CVE-2026-23756 | MEDIUM | 5.4 | GFI HelpDesk before 4.99.9 contains a stored cross-site scripting vulnerability in the Troubleshooter module where the subject POST parameter is not sanitized in Controller_Step.InsertSubmit() and … | Apr 20, 2026 |
| CVE-2026-23753 | MEDIUM | 4.8 | GFI HelpDesk before 4.99.9 contains a stored cross-site scripting vulnerability in the language management functionality where the charset POST parameter is passed directly to SWIFT_Language::Create() … | Apr 20, 2026 |
| CVE-2026-23752 | MEDIUM | 4.8 | GFI HelpDesk before 4.99.9 contains a stored cross-site scripting vulnerability in the template group creation and editing functionality that allows authenticated administrators to inject arbitrary … | Apr 20, 2026 |
| CVE-2026-6662 | HIGH | 7.3 | A vulnerability was found in ericc-ch copilot-api up to 0.7.0. The impacted element is the function cors of the file src/server.ts of the component Token … | Apr 20, 2026 |
| CVE-2026-41445 | HIGH | 8.8 | KissFFT before commit 8a8e66e contains an integer overflow vulnerability in the kiss_fftndr_alloc() function in kiss_fftndr.c where the allocation size calculation dimOther*(dimReal+2)*sizeof(kiss_fft_scalar) overflows signed 32-bit integer … | Apr 20, 2026 |
| CVE-2026-40488 | UNKNOWN | — | Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of … | Apr 20, 2026 |
| CVE-2026-40098 | UNKNOWN | — | Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of … | Apr 20, 2026 |
| CVE-2026-35154 | MEDIUM | 6.3 | Dell PowerProtect Data Domain appliances, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper privilege … | Apr 20, 2026 |
| CVE-2026-30269 | CRITICAL | 9.9 | Improper access control in Doorman v0.1.0 and v1.0.2 allows any authenticated user to update their own account role to a non-admin privileged role via /platform/user/{username}. … | Apr 20, 2026 |
| CVE-2026-30266 | HIGH | 7.8 | Insecure Permissions vulnerability in DeepCool DeepCreative v.1.2.7 and before allows a local attacker to execute arbitrary code via a crafted file | Apr 20, 2026 |
| CVE-2026-28684 | MEDIUM | 6.6 | python-dotenv reads key-value pairs from a .env file and can set them as environment variables. Prior to version 1.2.2, `set_key()` and `unset_key()` in python-dotenv follow … | Apr 20, 2026 |
| CVE-2026-26951 | MEDIUM | 6.7 | Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain a stack-based buffer overflow … | Apr 20, 2026 |
| CVE-2026-26943 | HIGH | 7.2 | Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an OS command injection … | Apr 20, 2026 |
| CVE-2026-26942 | MEDIUM | 6.7 | Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS command injection vulnerability. A … | Apr 20, 2026 |
| CVE-2026-25525 | MEDIUM | 4.9 | Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of … | Apr 20, 2026 |