Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
12651
Total
850
Critical
3653
High
3967
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2025-36579 | MEDIUM | 5.1 | Dell Client Platform BIOS contains a Weak Password Recovery Mechanism vulnerability. An unauthenticated attacker with physical access to the system could potentially exploit this vulnerability, … | Apr 16, 2026 |
| CVE-2026-5426 | UNKNOWN | — | Hard-coded ASP.NET/IIS machineKey value in Digital Knowledge KnowledgeDeliver deployments prior to February 24, 2026 allows adversaries to circumvent ViewState validation mechanisms and achieve remote code … | Apr 16, 2026 |
| CVE-2026-37100 | UNKNOWN | — | An issue in the Bluetooth Low Energy (BLE) control interface of the Yamaha SR-B30A sound bar firmware 2.40 (Mobile App: Sound Bar Remote / version: … | Apr 16, 2026 |
| CVE-2026-6409 | UNKNOWN | — | A Denial of Service (DoS) vulnerability exists in the Protobuf PHP library during the parsing of untrusted input. Maliciously structured messages—specifically those containing negative varints … | Apr 16, 2026 |
| CVE-2026-3324 | HIGH | 8.2 | Zohocorp ManageEngine Log360 versions 13000 through 13013 are vulnerable to authentication bypass on certain actions due to improper filter configuration. | Apr 16, 2026 |
| CVE-2026-37347 | CRITICAL | 9.1 | SourceCodester Payroll Management and Information System v1.0 is vulnerable to SQL Injection in the file /payroll/view_employee.php. | Apr 16, 2026 |
| CVE-2026-37346 | MEDIUM | 4.7 | SourceCodester Payroll Management and Information System v1.0 is vulnerable to SQL Injection in the file /payroll/view_account.php?emp_id=. | Apr 16, 2026 |
| CVE-2026-37345 | CRITICAL | 9.8 | SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the file /parking/manage_park.php. | Apr 16, 2026 |
| CVE-2026-37344 | UNKNOWN | — | SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the file /parking/manage_location.php. | Apr 16, 2026 |
| CVE-2026-37343 | UNKNOWN | — | SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the file /parking/manage_user.php. | Apr 16, 2026 |
| CVE-2026-37342 | UNKNOWN | — | SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the file /parking/view_parked_details.php. | Apr 16, 2026 |
| CVE-2026-37341 | UNKNOWN | — | SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the file /parking/manage_category.php. | Apr 16, 2026 |
| CVE-2026-37340 | UNKNOWN | — | SourceCodester Simple Music Cloud Community System v1.0 is vulnerable to SQL Injection in the file /music/edit_music.php. | Apr 16, 2026 |
| CVE-2026-37339 | UNKNOWN | — | SourceCodester Simple Music Cloud Community System v1.0 is vulnerable to SQL Injection in the file /music/view_genre.php. | Apr 16, 2026 |
| CVE-2026-37338 | CRITICAL | 9.4 | SourceCodester Simple Music Cloud Community System v1.0 is vulnerable to SQL Injection in the file /music/view_user.php. | Apr 16, 2026 |
| CVE-2026-37337 | HIGH | 7.3 | SourceCodester Simple Music Cloud Community System v1.0 is vulnerable to SQL Injection in the file /music/view_playlist.php. | Apr 16, 2026 |
| CVE-2026-37336 | HIGH | 7.3 | SourceCodester Simple Music Cloud Community System v1.0 is vulnerable to SQL Injection in the file /music/view_music.php. | Apr 16, 2026 |
| CVE-2026-33804 | HIGH | 7.4 | @fastify/middie versions 9.3.1 and earlier are vulnerable to middleware bypass when the deprecated Fastify ignoreDuplicateSlashes option is enabled. The middleware path matching logic does not … | Apr 16, 2026 |
| CVE-2026-30656 | HIGH | 7.5 | A NULL pointer dereference vulnerability exists in fio (Flexible I/O Tester) v3.41 when parsing job files containing the fdp_pli option. The callback function str_fdp_pli_cb() does … | Apr 16, 2026 |
| CVE-2026-30459 | HIGH | 7.1 | An issue in the Forgot Password feature of Daylight Studio FuelCMS v1.5.2 allows unauthenticated attackers to obtain the password reset token of a victim user … | Apr 16, 2026 |
| CVE-2026-2840 | MEDIUM | 6.4 | The Email Encoder – Protect Email Addresses and Phone Numbers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'eeb_mailto' shortcode in all … | Apr 16, 2026 |
| CVE-2026-6410 | MEDIUM | 5.3 | @fastify/static versions 8.0.0 through 9.1.0 allow path traversal when directory listing is enabled via the list option. The dirList.path() function resolves directories outside the configured … | Apr 16, 2026 |
| CVE-2026-6270 | CRITICAL | 9.1 | @fastify/middie versions 9.3.1 and earlier do not register inherited middleware directly on child plugin engine instances. When a Fastify application registers authentication middleware in a … | Apr 16, 2026 |
| CVE-2026-5785 | HIGH | 8.1 | Zohocorp ManageEngine PAM360 versions before 8531 and ManageEngine Password Manager Pro versions from 8600 to 13230 are vulnerable to Authenticated SQL injection in the query … | Apr 16, 2026 |
| CVE-2026-4160 | MEDIUM | 5.3 | The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference via the … | Apr 16, 2026 |