Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
12628
Total
849
Critical
3640
High
3960
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-31430 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: X.509: Fix out-of-bounds access when parsing extensions Leo reports an out-of-bounds access when parsing a … | Apr 20, 2026 |
| CVE-2026-31429 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: net: skb: fix cross-cache free of KFENCE-allocated skb head SKB_SMALL_HEAD_CACHE_SIZE is intentionally set to a … | Apr 20, 2026 |
| CVE-2025-13480 | UNKNOWN | — | Fudo Enterprise in versions from 5.5.0 through 5.6.2 allows low privileged users to access certain administrator-only resources via improperly protected API endpoints. This includes sensitive … | Apr 20, 2026 |
| CVE-2026-6621 | HIGH | 7.3 | A vulnerability was determined in 1024bit extend-deep up to 0.1.6. The impacted element is an unknown function of the file index.js. This manipulation of the … | Apr 20, 2026 |
| CVE-2026-6620 | MEDIUM | 6.3 | A vulnerability was found in SonicCloudOrg sonic-server up to 2.0.0. The affected element is the function Upload of the file FileTool.java of the component File … | Apr 20, 2026 |
| CVE-2026-6619 | LOW | 3.5 | A vulnerability has been found in langgenius dify up to 1.13.3. Impacted is the function openInNewTab of the file web/app/components/base/image-uploader/image-preview.tsx of the component ImagePreview. The … | Apr 20, 2026 |
| CVE-2026-6618 | MEDIUM | 6.3 | A flaw has been found in langgenius dify up to 1.13.3. This issue affects the function parse_openai_plugin_json_to_tool_bundle of the file api/core/tools/utils/parser.py of the component ApiBasedToolSchemaParser. … | Apr 20, 2026 |
| CVE-2026-5967 | HIGH | 8.8 | ThreatSonar Anti-Ransomware developed by TeamT5 has an Privilege Escalation vulnerability. Authenticated remote attackers with shell access can inject OS commands and execute them with root … | Apr 20, 2026 |
| CVE-2026-39454 | HIGH | 7.8 | SKYSEA Client View and SKYMEC IT Manager provided by Sky Co.,LTD. configure the installation folder with improper file access permission settings. A non-administrative user may … | Apr 20, 2026 |
| CVE-2026-6617 | MEDIUM | 6.3 | A vulnerability was detected in langgenius dify up to 0.6.9. This vulnerability affects the function get_api_tool_provider_remote_schema of the file api/services/tools/api_tools_manage_service.py of the component ApiToolManageService. Performing … | Apr 20, 2026 |
| CVE-2026-6616 | MEDIUM | 6.3 | A security vulnerability has been detected in TransformerOptimus SuperAGI up to 0.0.14. This affects the function extract_with_bs4/extract_with_3k/extract_with_lxml of the file superagi/helper/webpage_extractor.py of the component WebScraperTool. … | Apr 20, 2026 |
| CVE-2026-6615 | HIGH | 7.3 | A weakness has been identified in TransformerOptimus SuperAGI up to 0.0.14. Affected by this issue is the function Upload of the file superagi/controllers/resources.py of the … | Apr 20, 2026 |
| CVE-2026-5966 | HIGH | 8.1 | ThreatSonar Anti-Ransomware developed by TeamT5 has an Arbitrary File Deletion vulnerability. Authenticated remote attackers with web access can exploit Path Traversal to delete arbitrary files … | Apr 20, 2026 |
| CVE-2026-5964 | CRITICAL | 9.8 | EasyFlow .NET developed by Digiwin has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database … | Apr 20, 2026 |
| CVE-2026-5963 | CRITICAL | 9.8 | EasyFlow .NET developed by Digiwin has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database … | Apr 20, 2026 |
| CVE-2026-41282 | MEDIUM | 4.0 | ProjectDiscovery Nuclei 3 before 3.8.0 allows DSL expression injection. This affects use of -env-vars for multi-step templates against untrusted targets (not the default configuration). | Apr 20, 2026 |
| CVE-2026-6644 | UNKNOWN | — | A command injection vulnerability was found in the PPTP VPN Clients on the ADM. The vulnerability allows an administrative user to break out of the … | Apr 20, 2026 |
| CVE-2026-6643 | UNKNOWN | — | A stack-based buffer overflow vulnerability was found in the VPN Clients on the ADM. The issue stems from the use of unbounded sscanf() and passing … | Apr 20, 2026 |
| CVE-2026-6614 | MEDIUM | 6.3 | A security flaw has been discovered in TransformerOptimus SuperAGI up to 0.0.14. Affected by this vulnerability is the function get_project/update_project/get_projects_organisation of the file superagi/controllers/project.py. The … | Apr 20, 2026 |
| CVE-2026-6613 | MEDIUM | 6.3 | A vulnerability was identified in TransformerOptimus SuperAGI up to 0.0.14. Affected is the function delete_agent/stop_schedule/get_schedule_data of the file superagi/controllers/agent.py. The manipulation of the argument agent_id … | Apr 20, 2026 |
| CVE-2026-6612 | MEDIUM | 6.3 | A vulnerability was determined in TransformerOptimus SuperAGI up to 0.0.14. This impacts the function get_agent_execution/update_agent_execution of the file superagi/controllers/agent_execution.py of the component Agent Execution Endpoint. … | Apr 20, 2026 |
| CVE-2026-6611 | LOW | 3.1 | A vulnerability was found in liangliangyy DjangoBlog up to 2.1.0.0. This affects an unknown function of the file djangoblog/settings.py of the component File Upload Endpoint. … | Apr 20, 2026 |
| CVE-2024-7083 | LOW | 3.5 | The Email Encoder WordPress plugin before 2.3.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin … | Apr 20, 2026 |
| CVE-2026-6610 | LOW | 3.7 | A vulnerability has been found in liangliangyy DjangoBlog up to 2.1.0.0. The impacted element is an unknown function of the file djangoblog/settings.py of the component … | Apr 20, 2026 |
| CVE-2026-6609 | MEDIUM | 6.3 | A flaw has been found in liangliangyy DjangoBlog up to 2.1.0.0. The affected element is the function form_valid of the file oauth/views.py. This manipulation of … | Apr 20, 2026 |