Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
12686
Total
851
Critical
3660
High
3983
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-1541 | MEDIUM | 4.3 | The Avada (Fusion) Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.15.1. This is due to … | Apr 15, 2026 |
| CVE-2026-1509 | MEDIUM | 5.4 | The Avada (Fusion) Builder plugin for WordPress is vulnerable to Arbitrary WordPress Action Execution in all versions up to, and including, 3.15.1. This is due … | Apr 15, 2026 |
| CVE-2026-1314 | MEDIUM | 5.3 | The 3D FlipBook – PDF Embedder, PDF Flipbook Viewer, Flipbook Image Gallery plugin for WordPress is vulnerable to unauthorized access of data due to a … | Apr 15, 2026 |
| CVE-2025-54550 | UNKNOWN | — | The example example_xcom that was included in airflow documentation implemented unsafe pattern of reading value from xcom in the way that could be exploited to … | Apr 15, 2026 |
| CVE-2025-15470 | MEDIUM | 6.5 | The Eleganzo theme for WordPress is vulnerable to arbitrary directory deletion due to insufficient path validation in the akd_required_plugin_callback function in all versions up to, … | Apr 15, 2026 |
| CVE-2026-40688 | HIGH | 7.2 | An out-of-bounds write vulnerability [CWE-787] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.0 through 7.4.11 may allow a remote privileged … | Apr 14, 2026 |
| CVE-2026-39399 | CRITICAL | 9.6 | NuGet Gallery is a package repository that powers nuget.org. A security vulnerability exists in the NuGetGallery backend job’s handling of .nuspec files within NuGet packages. … | Apr 14, 2026 |
| CVE-2026-39387 | HIGH | 7.2 | BoidCMS is an open-source, PHP-based flat-file CMS for building simple websites and blogs, using JSON as its database. Versions prior to 2.1.3 are vulnerable to … | Apr 14, 2026 |
| CVE-2026-35589 | HIGH | 8.0 | nanobot is a personal AI assistant. Versions prior to 0.1.5 contain a Cross-Site WebSocket Hijacking (CSWSH) vulnerability exists in the bridge's WebSocket server in bridge/src/server.ts, … | Apr 14, 2026 |
| CVE-2026-35034 | MEDIUM | 6.5 | Jellyfin is an open source self hosted media server. Versions prior to 10.11.7 contain a denial of service vulnerability in the SyncPlay group creation endpoint … | Apr 14, 2026 |
| CVE-2026-35033 | UNKNOWN | — | Jellyfin is an open source self hosted media server. Versions prior to 10.11.7 contain an unauthenticated arbitrary file read vulnerability via ffmpeg argument injection through … | Apr 14, 2026 |
| CVE-2026-35032 | UNKNOWN | — | Jellyfin is an open source self hosted media server. Versions prior to 10.11.7 contain a vulnerability chain in the LiveTV M3U tuner endpoint (POST /LiveTv/TunerHosts), … | Apr 14, 2026 |
| CVE-2026-35031 | CRITICAL | 9.9 | Jellyfin is an open source self hosted media server. Versions prior to 10.11.7 contain a vulnerability chain in the subtitle upload endpoint (POST /Videos/{itemId}/Subtitles), where … | Apr 14, 2026 |
| CVE-2026-34457 | CRITICAL | 9.1 | OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions prior to 7.15.2 contain a configuration-dependent authentication bypass in deployments where OAuth2 … | Apr 14, 2026 |
| CVE-2026-34454 | LOW | 3.5 | OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. A regression introduced in 7.11.0 prevents OAuth2 Proxy from clearing the session cookie … | Apr 14, 2026 |
| CVE-2026-33414 | UNKNOWN | — | Podman is a tool for managing OCI containers and pods. Versions 4.8.0 through 5.8.1 contain a command injection vulnerability in the HyperV machine backend in … | Apr 14, 2026 |
| CVE-2026-33023 | HIGH | 7.8 | libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. In versions 1.8.7 and prior, when built with the --with-gdk-pixbuf2 option, a use-after-free vulnerability exists … | Apr 14, 2026 |
| CVE-2026-33021 | HIGH | 7.3 | libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. Versions 1.8.7 and prior contain a use-after-free vulnerability in sixel_encoder_encode_bytes() because sixel_frame_init() stores the caller-owned … | Apr 14, 2026 |
| CVE-2026-27301 | MEDIUM | 5.5 | Adobe Framemaker versions 2022.8 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could lead to memory exposure. An attacker could leverage this … | Apr 14, 2026 |
| CVE-2026-27300 | MEDIUM | 5.5 | Adobe Framemaker versions 2022.8 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could lead to memory exposure. An attacker could leverage … | Apr 14, 2026 |
| CVE-2026-27299 | MEDIUM | 6.3 | Adobe Framemaker versions 2022.8 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read. An attacker could … | Apr 14, 2026 |
| CVE-2026-27298 | HIGH | 7.8 | Adobe Framemaker versions 2022.8 and earlier are affected by an Access of Resource Using Incompatible Type ('Type Confusion') vulnerability that could result in arbitrary code … | Apr 14, 2026 |
| CVE-2026-27297 | HIGH | 7.8 | Adobe Framemaker versions 2022.8 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the … | Apr 14, 2026 |
| CVE-2026-27296 | HIGH | 7.8 | Adobe Framemaker versions 2022.8 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the … | Apr 14, 2026 |
| CVE-2026-27295 | HIGH | 7.8 | Adobe Framemaker versions 2022.8 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the … | Apr 14, 2026 |