Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
12651
Total
850
Critical
3653
High
3967
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-39313 | UNKNOWN | — | mcp-framework is a framework for building Model Context Protocol (MCP) servers. In versions 0.2.21 and below, the readRequestBody() function in the HTTP transport concatenates request … | Apr 16, 2026 |
| CVE-2026-35469 | UNKNOWN | — | spdystream is a Go library for multiplexing streams over SPDY connections. In versions 0.5.0 and below, the SPDY/3 frame parser does not validate attacker-controlled counts … | Apr 16, 2026 |
| CVE-2026-34164 | MEDIUM | 4.9 | Valtimo is an open-source business process automation platform. In versions 13.0.0 through 13.21.0, the InboxHandlingService logs the full content of every incoming inbox message at … | Apr 16, 2026 |
| CVE-2026-33472 | MEDIUM | 4.8 | Cryptomator is an open-source client-side encryption application for cloud storage. Version 1.19.1 contains a logic flaw in CheckHostTrustController.getAuthority() that allows an attacker to bypass the … | Apr 16, 2026 |
| CVE-2026-40901 | UNKNOWN | — | DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below ship the legacy velocity-1.7.jar, which pulls in commons-collections-3.2.1.jar containing the InvokerTransformer deserialization … | Apr 16, 2026 |
| CVE-2026-40900 | UNKNOWN | — | DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the /de2api/datasetData/previewSql endpoint. The user-supplied SQL … | Apr 16, 2026 |
| CVE-2026-40899 | UNKNOWN | — | DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a JDBC parameter blocklist bypass vulnerability in the MySQL datasource configuration. … | Apr 16, 2026 |
| CVE-2026-33207 | UNKNOWN | — | DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the /datasource/getTableField endpoint. The getTableFiledSql method … | Apr 16, 2026 |
| CVE-2026-33122 | UNKNOWN | — | DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the API datasource update process. When … | Apr 16, 2026 |
| CVE-2025-54502 | UNKNOWN | — | Incorrect use of boot service in the AMD Platform Configuration Blob (APCB) SMM driver could allow a privileged attacker with local access (Ring 0) to … | Apr 16, 2026 |
| CVE-2026-6442 | HIGH | 8.3 | Improper validation of bash commands in Snowflake Cortex Code CLI versions prior to 1.0.25 allowed subsequent commands to execute outside the sandbox. An attacker could … | Apr 16, 2026 |
| CVE-2026-33121 | UNKNOWN | — | DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the API datasource saving process. The … | Apr 16, 2026 |
| CVE-2026-33084 | UNKNOWN | — | DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the sort parameter of the /de2api/datasetData/enumValueObj … | Apr 16, 2026 |
| CVE-2025-54510 | UNKNOWN | — | A missing lock verification in AMD Secure Processor (ASP) firmware may permit a locally authenticated attacker with administrative privileges to alter MMIO routing on some … | Apr 16, 2026 |
| CVE-2025-43937 | MEDIUM | 6.6 | Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an insertion of sensitive information into log file vulnerability. A low privileged attacker with local access could … | Apr 16, 2026 |
| CVE-2025-43935 | MEDIUM | 4.4 | Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an improper resource shutdown or release vulnerability. A high privileged attacker with local access could potentially exploit … | Apr 16, 2026 |
| CVE-2023-20585 | UNKNOWN | — | Insufficient checks of the RMP on host buffer access in IOMMU may allow an attacker with privileges and a compromised hypervisor to trigger an out … | Apr 16, 2026 |
| CVE-2026-41082 | HIGH | 7.3 | In OCaml opam before 2.5.1, a .install field containing a destination filepath can use ../ to reach a parent directory. | Apr 16, 2026 |
| CVE-2026-33083 | UNKNOWN | — | DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the orderDirection parameter used in dataset-related … | Apr 16, 2026 |
| CVE-2026-33082 | UNKNOWN | — | DataEase is an open source data visualization analysis tool. Versions 2.10.20 and below contain a SQL injection vulnerability in the dataset export functionality. The expressionTree … | Apr 16, 2026 |
| CVE-2026-2336 | UNKNOWN | — | A privilege escalation vulnerability in Microchip IStaX allows an authenticated low-privileged user to recover a shared per-device cookie secret from their own webstax_auth session cookie … | Apr 16, 2026 |
| CVE-2026-27820 | UNKNOWN | — | zlib is a Ruby interface for the zlib compression/decompression library. Versions 3.0.0 and below, 3.1.0, 3.1.1, 3.2.0 and 3.2.1 contain a buffer overflow vulnerability in … | Apr 16, 2026 |
| CVE-2026-24749 | MEDIUM | 5.3 | The Silverstripe Assets Module is a required component of Silverstripe Framework. In versions prior to 2.4.5 and 3.0.0-rc1 through 3.1.2, images rendered in templates or … | Apr 16, 2026 |
| CVE-2025-43883 | MEDIUM | 4.1 | Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an improper check for unusual or exceptional conditions vulnerability. A high privileged attacker with local access could … | Apr 16, 2026 |
| CVE-2026-41080 | LOW | 2.9 | libexpat before 2.7.6 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document. | Apr 16, 2026 |