Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
12747
Total
852
Critical
3670
High
3998
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-4369 | HIGH | 7.1 | A maliciously crafted HTML payload in an assembly variant name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a … | Apr 14, 2026 |
| CVE-2026-4345 | HIGH | 7.1 | A maliciously crafted HTML payload, stored in a design name and exported to CSV, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk … | Apr 14, 2026 |
| CVE-2026-4344 | HIGH | 7.1 | A maliciously crafted HTML payload in a component name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored … | Apr 14, 2026 |
| CVE-2026-37980 | MEDIUM | 6.9 | A flaw was found in Keycloak, specifically in the organization selection login page. A remote attacker with `manage-realm` or `manage-organizations` administrative privileges can exploit a … | Apr 14, 2026 |
| CVE-2026-37602 | LOW | 2.7 | SourceCodester Patient Appointment Scheduler System v1.0 is vulnerable to SQL Injection in the file /scheduler/admin/user/manage_user.php. | Apr 14, 2026 |
| CVE-2026-37601 | LOW | 2.7 | SourceCodester Patient Appointment Scheduler System v1.0 is vulnerable to SQL Injection in the file /scheduler/admin/appointments/manage_appointment.php. | Apr 14, 2026 |
| CVE-2026-37600 | LOW | 2.7 | SourceCodester Patient Appointment Scheduler System v1.0 is vulnerable to SQL Injection in the file /scheduler/admin/appointments/view_details.php. | Apr 14, 2026 |
| CVE-2026-37598 | LOW | 2.7 | SourceCodester Patient Appointment Scheduler System v1.0 is vulnerable to arbitrary code execution (RCE) via /scheduler/classes/SystemSettings.php?f=update_settings. | Apr 14, 2026 |
| CVE-2026-37597 | LOW | 2.7 | SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfh_attendance/admin/attendance_list.php. | Apr 14, 2026 |
| CVE-2026-37596 | LOW | 2.7 | SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfh_attendance/admin/manage_department.php. | Apr 14, 2026 |
| CVE-2026-37595 | LOW | 2.7 | SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfh_attendance/admin/manage_employee.php. | Apr 14, 2026 |
| CVE-2026-37594 | LOW | 2.7 | SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfh_attendance/admin/view_employee.php. | Apr 14, 2026 |
| CVE-2026-37593 | LOW | 2.7 | SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfh_attendance/admin/view_att.php. | Apr 14, 2026 |
| CVE-2026-37592 | LOW | 2.7 | Sourcecodester Storage Unit Rental Management System v1.0 is vulnerable to SQL in the file /storage/admin/maintenance/manage_pricing.php. | Apr 14, 2026 |
| CVE-2026-37591 | LOW | 2.7 | Sourcecodester Storage Unit Rental Management System v1.0 is vulnerable to SQL injection in the file /storage/admin/tenants/view_details.php. | Apr 14, 2026 |
| CVE-2026-37590 | LOW | 2.7 | SourceCodester Storage Unit Rental Management System v1.0 is vulnerable to SQL Injection in the file /storage/admin/rents/manage_rent.php. | Apr 14, 2026 |
| CVE-2026-37589 | LOW | 2.7 | SourceCodester Storage Unit Rental Management System v1.0 is vulnerable to SQL Injection in the file /storage/admin/maintenance/manage_storage_unit.php. | Apr 14, 2026 |
| CVE-2026-30480 | UNKNOWN | — | A Local File Inclusion (LFI) vulnerability in the NFSen module (nfsen.inc.php) of LibreNMS 22.11.0-23-gd091788f2 allows authenticated attackers to include arbitrary PHP files from the server … | Apr 14, 2026 |
| CVE-2025-69993 | MEDIUM | 6.1 | Leaflet versions up to and including 1.9.4 are vulnerable to Cross-Site Scripting (XSS) via the bindPopup() method. This method renders user-supplied input as raw HTML … | Apr 14, 2026 |
| CVE-2025-69893 | UNKNOWN | — | A side-channel vulnerability exists in the implementation of BIP-39 mnemonic processing, as observed in Trezor One v1.13.0 to v1.14.0, Trezor T v1.13.0 to v1.14.0, and … | Apr 14, 2026 |
| CVE-2025-61260 | UNKNOWN | — | A vulnerability was identified in OpenAI Codex CLI v0.23.0 and before that enables code execution through malicious MCP (Model Context Protocol) configuration files. The attack … | Apr 14, 2026 |
| CVE-2026-31049 | UNKNOWN | — | An issue in Hostbill v.2025-11-24 and 2025-12-01 allows a remote attacker to execute arbitrary code and escalate privileges via the CSV registration field | Apr 14, 2026 |
| CVE-2025-8095 | UNKNOWN | — | The OECH1 prefix encoding is intended to obfuscate values across the OpenEdge platform. It has been identified as cryptographically weak and unsuitable for stored encodings … | Apr 14, 2026 |
| CVE-2025-7389 | UNKNOWN | — | A vulnerability in the AdminServer component of OpenEdge on all supported platforms grants its authenticated users OS-level access to the server through the adopted authority … | Apr 14, 2026 |
| CVE-2026-5307 | UNKNOWN | — | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this … | Apr 14, 2026 |