Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
12799
Total
856
Critical
3690
High
4021
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2025-7389 | UNKNOWN | — | A vulnerability in the AdminServer component of OpenEdge on all supported platforms grants its authenticated users OS-level access to the server through the adopted authority … | Apr 14, 2026 |
| CVE-2026-5307 | UNKNOWN | — | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this … | Apr 14, 2026 |
| CVE-2026-2450 | UNKNOWN | — | .NET misconfiguration: use of impersonation vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Hijacking a Privileged Thread of Execution.This issue affects upKeeper Instant Privilege … | Apr 14, 2026 |
| CVE-2024-9168 | UNKNOWN | — | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this … | Apr 14, 2026 |
| CVE-2026-2449 | UNKNOWN | — | Improper neutralization of argument delimiters in a command ('argument injection') vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Hijacking a Privileged Thread of Execution.This … | Apr 14, 2026 |
| CVE-2026-2332 | HIGH | 7.4 | In Eclipse Jetty, the HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used, similar to the "funky chunks" techniques outlined here: * … | Apr 14, 2026 |
| CVE-2026-24069 | MEDIUM | 5.4 | Kiuwan SAST improperly authorizes SSO logins for locally disabled mapped user accounts, allowing disabled users to continue accessing the application. Kiuwan Cloud was affected, and … | Apr 14, 2026 |
| CVE-2025-13822 | UNKNOWN | — | MCPHub in versions below 0.11.0 is vulnerable to authentication bypass. Some endpoints are not protected by authentication middleware, allowing an unauthenticated attacker to perform actions … | Apr 14, 2026 |
| CVE-2026-4109 | MEDIUM | 4.3 | The Eventin – Events Calendar, Event Booking, Ticket & Registration (AI Powered) plugin for WordPress is vulnerable to unauthorized access of data due to a … | Apr 14, 2026 |
| CVE-2026-33929 | MEDIUM | 4.3 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache PDFBox Examples. This issue affects the ExtractEmbeddedFiles example in Apache PDFBox: … | Apr 14, 2026 |
| CVE-2026-33892 | HIGH | 7.1 | A vulnerability has been identified in Industrial Edge Management Pro V1 (All versions >= V1.7.6 < V1.15.17), Industrial Edge Management Pro V2 (All versions >= … | Apr 14, 2026 |
| CVE-2026-31924 | MEDIUM | 5.3 | Cleartext Transmission of Sensitive Information vulnerability in Apache APISIX. tencent-cloud-cls log export uses plaintext HTTP This issue affects Apache APISIX: from 2.99.0 through 3.15.0. Users … | Apr 14, 2026 |
| CVE-2026-31923 | HIGH | 7.5 | Cleartext Transmission of Sensitive Information vulnerability in Apache APISIX. This can occur due to `ssl_verify` in openid-connect plugin configuration being set to false by default. … | Apr 14, 2026 |
| CVE-2026-31908 | UNKNOWN | — | Header injection vulnerability in Apache APISIX. The attacker can take advantage of certain configuration in forward-auth plugin to inject malicious headers. This issue affects Apache … | Apr 14, 2026 |
| CVE-2026-27668 | HIGH | 8.8 | A vulnerability has been identified in RUGGEDCOM CROSSBOW Secure Access Manager Primary (SAM-P) (All versions < V5.8). User Administrators are allowed to administer groups they … | Apr 14, 2026 |
| CVE-2026-25654 | HIGH | 8.8 | A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP3). Affected products do not properly validate user authorization when processing password reset … | Apr 14, 2026 |
| CVE-2026-24032 | HIGH | 7.3 | A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP3 with UMC). The affected application contains an authentication weakness due to insufficient … | Apr 14, 2026 |
| CVE-2025-40745 | LOW | 3.7 | A vulnerability has been identified in Siemens Software Center (All versions < V3.5.8.2), Simcenter 3D (All versions < V2506.6000), Simcenter Femap (All versions < V2506.0002), … | Apr 14, 2026 |
| CVE-2026-2582 | MEDIUM | 6.5 | The The Germanized for WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution via 'account_holder' parameter in all versions up to, and including, 3.20.5. … | Apr 14, 2026 |
| CVE-2026-3017 | HIGH | 7.2 | The Smart Post Show – Post Grid, Post Carousel & Slider, and List Category Posts plugin for WordPress is vulnerable to PHP Object Injection in … | Apr 14, 2026 |
| CVE-2026-4479 | MEDIUM | 4.4 | The WholeSale Products Dynamic Pricing Management WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and … | Apr 14, 2026 |
| CVE-2026-4059 | MEDIUM | 6.4 | The ShopLentor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the woolentor_quickview_button shortcode's button_text attribute in all versions up to, and including, 3.3.5. … | Apr 14, 2026 |
| CVE-2026-40315 | UNKNOWN | — | PraisonAI is a multi-agent teams system. Prior to 4.5.133, there is an SQL identifier injection vulnerability in SQLiteConversationStore where the table_prefix configuration value is directly … | Apr 14, 2026 |
| CVE-2026-40313 | CRITICAL | 9.1 | PraisonAI is a multi-agent teams system. In versions 4.5.139 and below, the GitHub Actions workflows are vulnerable to ArtiPACKED attack, a known credential leakage vector … | Apr 14, 2026 |
| CVE-2026-40289 | CRITICAL | 9.1 | PraisonAI is a multi-agent teams system. In versions below 4.5.139 of PraisonAI and 1.5.140 of praisonaiagents, the browser bridge (praisonai browser start) is vulnerable to … | Apr 14, 2026 |