Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
12628
Total
849
Critical
3640
High
3960
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-5760 | CRITICAL | 9.8 | SGLang's reranking endpoint (/v1/rerank) achieves Remote Code Execution (RCE) when a model file containing a malcious tokenizer.chat_template is loaded, as the Jinja2 chat templates are … | Apr 20, 2026 |
| CVE-2026-4048 | HIGH | 8.4 | OS Command Injection Remote Code Execution Vulnerability in UI in Progress ADC Products allows an authenticated attacker with “All” permissions to execute arbitrary commands on … | Apr 20, 2026 |
| CVE-2026-3519 | HIGH | 8.4 | OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “VS Administration” permissions to execute arbitrary commands … | Apr 20, 2026 |
| CVE-2026-3518 | HIGH | 8.4 | OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “All” permissions to execute arbitrary commands on … | Apr 20, 2026 |
| CVE-2026-3517 | HIGH | 8.4 | OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “Geo Administration” permissions to execute arbitrary commands … | Apr 20, 2026 |
| CVE-2026-33558 | MEDIUM | 5.3 | Information exposure vulnerability has been identified in Apache Kafka. The NetworkClient component will output entire requests and responses information in the DEBUG log level in … | Apr 20, 2026 |
| CVE-2026-33557 | CRITICAL | 9.1 | A possible security vulnerability has been identified in Apache Kafka. By default, the broker property `sasl.oauthbearer.jwt.validator.class` is set to `org.apache.kafka.common.security.oauthbearer.DefaultJwtValidator`. It accepts any JWT token … | Apr 20, 2026 |
| CVE-2025-66335 | MEDIUM | 5.3 | Apache Doris MCP Server versions earlier than 0.6.1 are affected by an improper neutralization flaw in query context handling that may allow execution of unintended … | Apr 20, 2026 |
| CVE-2026-6648 | LOW | 3.5 | A vulnerability was found in Qibo CMS 1.0. Affected by this vulnerability is an unknown functionality of the component Internal Message Module. Performing a manipulation … | Apr 20, 2026 |
| CVE-2026-6636 | MEDIUM | 4.3 | A vulnerability was detected in p2r3 convert up to 6998584ace3e11db66dff0b423612a5cf91de75b. Affected is the function Bun.serve of the file buildCache.js of the component API. Performing a … | Apr 20, 2026 |
| CVE-2026-6635 | HIGH | 7.3 | A security vulnerability has been detected in rowboatlabs rowboat up to 0.1.67. This impacts the function tool_call of the file apps/experimental/tools_webhook/app.py of the component tools_webhook. … | Apr 20, 2026 |
| CVE-2026-6634 | MEDIUM | 6.3 | A weakness has been identified in usememos memos up to 0.22.1. This affects the function memos_access_token of the file src/App.tsx of the component UpdateInstanceSetting. This … | Apr 20, 2026 |
| CVE-2026-6633 | LOW | 3.5 | A security flaw has been discovered in Yifang CMS up to 2.0.5. The impacted element is the function store of the file plugins/yifang_backend_account/logic/admin/L_rbac_admin.php of the … | Apr 20, 2026 |
| CVE-2026-5958 | UNKNOWN | — | When sed is invoked with both -i (in-place edit) and --follow-symlinks, the function open_next_file() performs two separate, non-atomic filesystem operations on the same path: 1. … | Apr 20, 2026 |
| CVE-2026-6654 | MEDIUM | 5.1 | Double-Free / Use-After-Free (UAF) in the `IntoIter::drop` and `ThinVec::clear` functions in the thin_vec crate. A panic in `ptr::drop_in_place` skips setting the length to zero. | Apr 20, 2026 |
| CVE-2026-6632 | HIGH | 8.8 | A vulnerability was identified in Tenda F451 1.0.0.7_cn_svn7958. The affected element is the function fromSafeClientFilter of the file /goform/SafeClientFilter of the component httpd. The manipulation … | Apr 20, 2026 |
| CVE-2026-6631 | HIGH | 8.8 | A vulnerability was determined in Tenda F451 1.0.0.7_cn_svn7958. Impacted is the function fromwebExcptypemanFilter of the file /goform/webExcptypemanFilter of the component httpd. Executing a manipulation of … | Apr 20, 2026 |
| CVE-2026-6630 | HIGH | 8.8 | A vulnerability was found in Tenda F451 1.0.0.7_cn_svn7958. This issue affects the function fromGstDhcpSetSer of the file /goform/GstDhcpSetSer of the component httpd. Performing a manipulation … | Apr 20, 2026 |
| CVE-2026-6629 | HIGH | 7.3 | A vulnerability has been found in Metasoft 美特软件 MetaCRM up to 6.4.0. This vulnerability affects the function Statement.executeUpdate of the file sql.jsp of the component … | Apr 20, 2026 |
| CVE-2026-6628 | MEDIUM | 6.3 | A flaw has been found in phili67 Ecclesia CRM up to 8.0.0. This affects the function ValidateInput of the file /v2/query/view/ of the component Query … | Apr 20, 2026 |
| CVE-2026-6626 | MEDIUM | 6.3 | A vulnerability was detected in Cockpit-HQ Cockpit up to 2.13.5. Affected by this issue is some unknown functionality of the component Asset Handler/Aggregate Handler. The … | Apr 20, 2026 |
| CVE-2026-6625 | HIGH | 7.3 | A security vulnerability has been detected in moxi624 Mogu Blog v2 up to 5.2. Affected by this vulnerability is the function LocalFileServiceImpl.uploadPictureByUrl of the file … | Apr 20, 2026 |
| CVE-2026-6624 | LOW | 2.4 | A weakness has been identified in BichitroGan ISP Billing Software 2025.3.20. Affected is an unknown function of the file /?\_route=pool/add of the component Pool List … | Apr 20, 2026 |
| CVE-2026-6623 | LOW | 2.4 | A security flaw has been discovered in BichitroGan ISP Billing Software 2025.3.20. This impacts an unknown function of the file /?_route=settings/users-view/ of the component Profile … | Apr 20, 2026 |
| CVE-2026-6622 | LOW | 2.4 | A vulnerability was identified in BichitroGan ISP Billing Software 2025.3.20. This affects an unknown function of the file /?\_route=customers/edit/ of the component Customer Handler. Such … | Apr 20, 2026 |