Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
12628
Total
849
Critical
3640
High
3960
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-25524 | HIGH | 8.1 | Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of … | Apr 20, 2026 |
| CVE-2026-24506 | HIGH | 7.2 | Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an OS command injection … | Apr 20, 2026 |
| CVE-2026-24505 | HIGH | 7.2 | Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain an improper input validation vulnerability. A high privileged attacker with remote access could potentially exploit this … | Apr 20, 2026 |
| CVE-2026-24504 | HIGH | 7.2 | Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper input validation … | Apr 20, 2026 |
| CVE-2026-22761 | MEDIUM | 6.7 | Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain a command injection vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, … | Apr 20, 2026 |
| CVE-2025-66954 | MEDIUM | 6.5 | A vulnerability exists in the Buffalo Link Station version 1.85-0.01 that allows unauthenticated or guest-level users to enumerate valid usernames and their associated privilege roles. … | Apr 20, 2026 |
| CVE-2026-6652 | MEDIUM | 4.7 | A weakness has been identified in Pagekit CMS up to 1.0.18. This issue affects the function evaluate of the file app/modules/view/src/PhpEngine.php of the component StringStorage … | Apr 20, 2026 |
| CVE-2026-6651 | LOW | 2.4 | A security flaw has been discovered in erponline.xyz ERP Online up to 4.0.0. This vulnerability affects unknown code of the component Inventory Edit Item Page. … | Apr 20, 2026 |
| CVE-2026-6650 | MEDIUM | 4.7 | A vulnerability was identified in Z-BlogPHP 1.7.5. This affects the function App::UnPack of the file /zb_users/plugin/AppCentre/app_upload.php of the component ZBA File Handler. The manipulation leads … | Apr 20, 2026 |
| CVE-2026-6066 | HIGH | 7.1 | ConnectWise has released a security update for ConnectWise Automate™ that addresses a behavior in the ConnectWise Automate Solution Center where certain client-to-server communications could occur … | Apr 20, 2026 |
| CVE-2026-41245 | MEDIUM | 5.9 | Junrar is an open source java RAR archive library. Prior to version 7.5.10, a path traversal vulnerability in `LocalFolderExtractor` allows an attacker to write arbitrary … | Apr 20, 2026 |
| CVE-2026-40896 | MEDIUM | 6.5 | OpenProject is open-source, web-based project management software. Prior to version 17.3.0, a user with `manage_agendas` permission in any project can inject agenda items into meetings … | Apr 20, 2026 |
| CVE-2026-3219 | UNKNOWN | — | pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This … | Apr 20, 2026 |
| CVE-2026-39918 | CRITICAL | 9.8 | Vvveb prior to 1.0.8.1 contains a code injection vulnerability in the installation endpoint where the subdir POST parameter is written unsanitized into the env.php configuration … | Apr 20, 2026 |
| CVE-2026-34429 | MEDIUM | 5.4 | Vvveb prior to 1.0.8.1 contains a stored cross-site scripting vulnerability that allows authenticated users with media upload and rename permissions to execute arbitrary JavaScript by … | Apr 20, 2026 |
| CVE-2026-34428 | HIGH | 7.7 | Vvveb prior to 1.0.8.1 contains a server-side request forgery vulnerability in the oEmbedProxy action of the editor/editor module where the url parameter is passed directly … | Apr 20, 2026 |
| CVE-2026-34427 | HIGH | 8.8 | Vvveb prior to 1.0.8.1 contains a privilege escalation vulnerability in the admin user profile save endpoint that allows authenticated users to modify privileged fields on … | Apr 20, 2026 |
| CVE-2026-26944 | HIGH | 8.8 | Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain a missing authentication for … | Apr 20, 2026 |
| CVE-2026-25883 | MEDIUM | 5.8 | Vexa is an open-source, self-hostable meeting bot API and meeting transcription API. Prior to 0.10.0-260419-1910, the Vexa webhook feature allows authenticated users to configure an … | Apr 20, 2026 |
| CVE-2026-25058 | HIGH | 7.5 | Vexa is an open-source, self-hostable meeting bot API and meeting transcription API. Prior to 0.10.0-260419-1910, the Vexa transcription-collector service exposes an internal endpoint `GET /internal/transcripts/{meeting_id}` … | Apr 20, 2026 |
| CVE-2026-24468 | MEDIUM | 5.3 | OpenAEV is an open source platform allowing organizations to plan, schedule and conduct cyber adversary simulation campaign and tests. Starting in version 1.11.0 and prior … | Apr 20, 2026 |
| CVE-2026-24467 | CRITICAL | 9.0 | OpenAEV is an open source platform allowing organizations to plan, schedule and conduct cyber adversary simulation campaign and tests. Starting in version 1.0.0 and prior … | Apr 20, 2026 |
| CVE-2026-23774 | HIGH | 7.2 | Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.10, LTS2024 … | Apr 20, 2026 |
| CVE-2026-6649 | MEDIUM | 6.3 | A vulnerability was determined in Qibo CMS 1.0. Affected by this issue is some unknown functionality of the file /index/image/headers. Executing a manipulation of the … | Apr 20, 2026 |
| CVE-2026-6369 | UNKNOWN | — | An improper access control vulnerability in the canonical-livepatch snap client prior to version 10.15.0 allows a local unprivileged user to obtain a sensitive, root-level authentication … | Apr 20, 2026 |