Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
12799
Total
856
Critical
3690
High
4021
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-4914 | MEDIUM | 5.4 | Stored XSS in Ivanti N-ITSM before version 2025.4 allows a remote authenticated attacker to obtain limited information from other user sessions. User interaction is required. | Apr 14, 2026 |
| CVE-2026-4913 | MEDIUM | 5.7 | Improper protection of an alternate path in Ivanti N-ITSM before version 2025.4 allows a remote authenticated attacker to retain access when their account has been … | Apr 14, 2026 |
| CVE-2026-4369 | HIGH | 7.1 | A maliciously crafted HTML payload in an assembly variant name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a … | Apr 14, 2026 |
| CVE-2026-4345 | HIGH | 7.1 | A maliciously crafted HTML payload, stored in a design name and exported to CSV, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk … | Apr 14, 2026 |
| CVE-2026-4344 | HIGH | 7.1 | A maliciously crafted HTML payload in a component name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored … | Apr 14, 2026 |
| CVE-2026-37980 | MEDIUM | 6.9 | A flaw was found in Keycloak, specifically in the organization selection login page. A remote attacker with `manage-realm` or `manage-organizations` administrative privileges can exploit a … | Apr 14, 2026 |
| CVE-2026-37602 | LOW | 2.7 | SourceCodester Patient Appointment Scheduler System v1.0 is vulnerable to SQL Injection in the file /scheduler/admin/user/manage_user.php. | Apr 14, 2026 |
| CVE-2026-37601 | LOW | 2.7 | SourceCodester Patient Appointment Scheduler System v1.0 is vulnerable to SQL Injection in the file /scheduler/admin/appointments/manage_appointment.php. | Apr 14, 2026 |
| CVE-2026-37600 | LOW | 2.7 | SourceCodester Patient Appointment Scheduler System v1.0 is vulnerable to SQL Injection in the file /scheduler/admin/appointments/view_details.php. | Apr 14, 2026 |
| CVE-2026-37598 | LOW | 2.7 | SourceCodester Patient Appointment Scheduler System v1.0 is vulnerable to arbitrary code execution (RCE) via /scheduler/classes/SystemSettings.php?f=update_settings. | Apr 14, 2026 |
| CVE-2026-37597 | LOW | 2.7 | SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfh_attendance/admin/attendance_list.php. | Apr 14, 2026 |
| CVE-2026-37596 | LOW | 2.7 | SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfh_attendance/admin/manage_department.php. | Apr 14, 2026 |
| CVE-2026-37595 | LOW | 2.7 | SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfh_attendance/admin/manage_employee.php. | Apr 14, 2026 |
| CVE-2026-37594 | LOW | 2.7 | SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfh_attendance/admin/view_employee.php. | Apr 14, 2026 |
| CVE-2026-37593 | LOW | 2.7 | SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfh_attendance/admin/view_att.php. | Apr 14, 2026 |
| CVE-2026-37592 | LOW | 2.7 | Sourcecodester Storage Unit Rental Management System v1.0 is vulnerable to SQL in the file /storage/admin/maintenance/manage_pricing.php. | Apr 14, 2026 |
| CVE-2026-37591 | LOW | 2.7 | Sourcecodester Storage Unit Rental Management System v1.0 is vulnerable to SQL injection in the file /storage/admin/tenants/view_details.php. | Apr 14, 2026 |
| CVE-2026-37590 | LOW | 2.7 | SourceCodester Storage Unit Rental Management System v1.0 is vulnerable to SQL Injection in the file /storage/admin/rents/manage_rent.php. | Apr 14, 2026 |
| CVE-2026-37589 | LOW | 2.7 | SourceCodester Storage Unit Rental Management System v1.0 is vulnerable to SQL Injection in the file /storage/admin/maintenance/manage_storage_unit.php. | Apr 14, 2026 |
| CVE-2026-30480 | UNKNOWN | — | A Local File Inclusion (LFI) vulnerability in the NFSen module (nfsen.inc.php) of LibreNMS 22.11.0-23-gd091788f2 allows authenticated attackers to include arbitrary PHP files from the server … | Apr 14, 2026 |
| CVE-2025-69993 | MEDIUM | 6.1 | Leaflet versions up to and including 1.9.4 are vulnerable to Cross-Site Scripting (XSS) via the bindPopup() method. This method renders user-supplied input as raw HTML … | Apr 14, 2026 |
| CVE-2025-69893 | UNKNOWN | — | A side-channel vulnerability exists in the implementation of BIP-39 mnemonic processing, as observed in Trezor One v1.13.0 to v1.14.0, Trezor T v1.13.0 to v1.14.0, and … | Apr 14, 2026 |
| CVE-2025-61260 | UNKNOWN | — | A vulnerability was identified in OpenAI Codex CLI v0.23.0 and before that enables code execution through malicious MCP (Model Context Protocol) configuration files. The attack … | Apr 14, 2026 |
| CVE-2026-31049 | UNKNOWN | — | An issue in Hostbill v.2025-11-24 and 2025-12-01 allows a remote attacker to execute arbitrary code and escalate privileges via the CSV registration field | Apr 14, 2026 |
| CVE-2025-8095 | UNKNOWN | — | The OECH1 prefix encoding is intended to obfuscate values across the OpenEdge platform. It has been identified as cryptographically weak and unsuitable for stored encodings … | Apr 14, 2026 |