Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
12686
Total
851
Critical
3660
High
3983
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-33440 | MEDIUM | 5.0 | Weblate is a web based localization tool. In versions prior to 5.17, the ALLOWED_ASSET_DOMAINS setting applied only to the first issued requests and didn't restrict … | Apr 15, 2026 |
| CVE-2026-33435 | HIGH | 8.0 | Weblate is a web based localization tool. In versions prior to 5.17, the project backup didn't filter Git and Mercurial configuration files which could lead … | Apr 15, 2026 |
| CVE-2026-33220 | MEDIUM | 6.8 | Weblate is a web based localization tool. In versions prior to 5.17, the translation memory API exposed unintended endpoints, which in turn didn't perform proper … | Apr 15, 2026 |
| CVE-2026-6290 | HIGH | 8.0 | Velociraptor versions prior to 0.76.3 contain a vulnerability in the query() plugin which allows access to all orgs with the user's current ACL token. This … | Apr 15, 2026 |
| CVE-2026-5758 | MEDIUM | 6.5 | JavaScript is vulnerable to prototype pollution in Mafintosh's protocol-buffers-schema Version 3.6.0, where an attacker may alter the application logic, bypass security checks, cause a DoS … | Apr 15, 2026 |
| CVE-2026-33214 | MEDIUM | 4.3 | Weblate is a web based localization tool. In versions prior to 5.17, the translation memory API exposed unintended endpoints, which in turn didn't enforce proper … | Apr 15, 2026 |
| CVE-2026-33212 | LOW | 3.1 | Weblate is a web based localization tool. In versions prior to 5.17, the tasks API didn't verify user access for pending tasks. This could expose … | Apr 15, 2026 |
| CVE-2026-32631 | HIGH | 7.4 | Git for Windows is the Windows port of Git. Versions prior to 2.53.0.windows.3 do not have protections that prevent attackers from obtaining a user's NTLM … | Apr 15, 2026 |
| CVE-2026-30993 | CRITICAL | 9.8 | Slah CMS v1.5.0 and below was discovered to contain a remote code execution (RCE) vulnerability in the session() function at config.php. This vulnerability is exploitable … | Apr 15, 2026 |
| CVE-2026-6372 | HIGH | 7.5 | Missing Authorization vulnerability in Plisio Accept Cryptocurrencies with Plisio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accept Cryptocurrencies with Plisio: from n/a … | Apr 15, 2026 |
| CVE-2026-6370 | MEDIUM | 5.9 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HashThemes Mini Ajax Cart for WooCommerce allows Stored XSS.This issue affects Mini Ajax … | Apr 15, 2026 |
| CVE-2026-30996 | HIGH | 7.5 | An issue in the file handling logic of the component download.php of SAC-NFe v2.0.02 allows attackers to execute a directory traversal and read arbitrary files … | Apr 15, 2026 |
| CVE-2026-30995 | HIGH | 8.6 | Slah CMS v1.5.0 and below was discovered to contain a SQL injection vulnerability via the id parameter in the vereador_ver.php endpoint. | Apr 15, 2026 |
| CVE-2026-30994 | HIGH | 7.5 | Incorrect access control in the config.php component of Slah v1.5.0 and below allows unauthenticated attackers to access sensitive information, including active session credentials. | Apr 15, 2026 |
| CVE-2026-20186 | CRITICAL | 9.9 | A vulnerability in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an … | Apr 15, 2026 |
| CVE-2026-20184 | CRITICAL | 9.8 | A vulnerability in the integration of single sign-on (SSO) with Control Hub in Cisco Webex Services could have allowed an unauthenticated, remote attacker to impersonate … | Apr 15, 2026 |
| CVE-2026-20180 | CRITICAL | 9.9 | A vulnerability in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an … | Apr 15, 2026 |
| CVE-2026-20170 | MEDIUM | 6.1 | A vulnerability in the Desktop Agent functionality of Cisco Webex Contact Center could have allowed an unauthenticated, remote attacker to conduct cross-site scripting attacks. Cisco … | Apr 15, 2026 |
| CVE-2026-20161 | MEDIUM | 5.5 | A vulnerability in the CLI of Cisco ThousandEyes Enterprise Agent could allow an authenticated, local attacker with low privileges to overwrite arbitrary files on the … | Apr 15, 2026 |
| CVE-2026-20152 | MEDIUM | 5.3 | A vulnerability in the authentication service feature of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass authentication … | Apr 15, 2026 |
| CVE-2026-20148 | MEDIUM | 4.9 | A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to perform path traversal attacks on the underlying operating system and … | Apr 15, 2026 |
| CVE-2026-20147 | CRITICAL | 9.9 | A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an … | Apr 15, 2026 |
| CVE-2026-20136 | MEDIUM | 6.0 | A vulnerability in the CLI of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, local attacker with administrative … | Apr 15, 2026 |
| CVE-2026-20132 | MEDIUM | 4.8 | Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker with administrative write privileges to conduct a … | Apr 15, 2026 |
| CVE-2026-20081 | MEDIUM | 6.5 | Multiple vulnerabilities in Cisco Unity Connection could allow an authenticated, remote attacker to download arbitrary files from an affected system. To exploit these vulnerabilities, the attacker … | Apr 15, 2026 |