Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
12799
Total
856
Critical
3690
High
4021
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-39417 | MEDIUM | 4.6 | MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain an incomplete fix for CVE-2025-53928, where a Remote Code Execution vulnerability still … | Apr 14, 2026 |
| CVE-2026-34069 | MEDIUM | 5.3 | nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. In versions 1.2.2 and below, an unauthenticated p2p peer … | Apr 14, 2026 |
| CVE-2026-33948 | UNKNOWN | — | jq is a command-line JSON processor. Commits before 6374ae0bcdfe33a18eb0ae6db28493b1f34a0a5b contain a vulnerability where CLI input parsing allows validation bypass via embedded NUL bytes. When reading … | Apr 14, 2026 |
| CVE-2026-27683 | MEDIUM | 4.1 | SAP BusinessObjects Business Intelligence application allows an authenticated attacker to inject malicious JavaScript payloads through crafted URLs. When a victim accesses the URL, the script … | Apr 14, 2026 |
| CVE-2026-27681 | CRITICAL | 9.9 | Due to insufficient authorization checks in SAP Business Planning and Consolidation and SAP Business Warehouse, an authenticated user can execute crafted SQL statements to read, … | Apr 14, 2026 |
| CVE-2026-27679 | MEDIUM | 6.5 | Due to missing authorization checks in the SAP S/4HANA frontend OData Service (Manage Reference Structures), an attacker could update and delete child entities via exposed … | Apr 14, 2026 |
| CVE-2026-27678 | MEDIUM | 6.5 | Due to missing authorization checks in the SAP S/4HANA backend OData Service (Manage Reference Structures), an attacker could update and delete child entities via exposed … | Apr 14, 2026 |
| CVE-2026-27677 | MEDIUM | 6.5 | Due to missing authorization checks in the SAP S/4HANA OData Service (Manage Reference Equipment), an attacker could update and delete child entities via OData services … | Apr 14, 2026 |
| CVE-2026-27676 | MEDIUM | 4.3 | Due to missing authorization checks in the SAP S/4HANA OData Service (Manage Technical Object Structures), an attacker could update and delete child entities via exposed … | Apr 14, 2026 |
| CVE-2026-27675 | LOW | 2.0 | SAP Landscape Transformation contains a vulnerability in an RFC-exposed function module that could allow a high privileged adversary to inject arbitrary ABAP code and operating … | Apr 14, 2026 |
| CVE-2026-27674 | MEDIUM | 6.1 | Due to a Code Injection vulnerability in SAP NetWeaver Application Server Java (Web Dynpro Java), an unauthenticated attacker could supply crafted input that is interpreted … | Apr 14, 2026 |
| CVE-2026-27673 | MEDIUM | 4.9 | Due to a missing authorization check, SAP S/4HANA (Private Cloud and On-Premise) allows an authenticated user to delete files on the operating system and gain … | Apr 14, 2026 |
| CVE-2026-27672 | MEDIUM | 4.3 | The Material Master application does not enforce authorization checks for authenticated users when executing reports, resulting in the disclosure of sensitive information. This vulnerability has … | Apr 14, 2026 |
| CVE-2026-24318 | MEDIUM | 4.2 | Due to an Insecure session management vulnerability in SAP Business Objects Business Intelligence Platform, an unauthenticated attacker could obtain valid session tokens and reuse them … | Apr 14, 2026 |
| CVE-2026-0512 | MEDIUM | 6.1 | Due to a Cross-Site Scripting (XSS) vulnerability in the SAP Supplier Relationship Management (SICF Handler in SRM Catalog), an unauthenticated attacker could craft a malicious … | Apr 14, 2026 |
| CVE-2026-6203 | MEDIUM | 6.1 | The User Registration & Membership plugin for WordPress is vulnerable to Open Redirect in versions up to and including 5.1.4. This is due to insufficient … | Apr 13, 2026 |
| CVE-2026-5086 | UNKNOWN | — | Crypt::SecretBuffer versions before 0.019 for Perl is suseceptible to timing attacks. For example, if Crypt::SecretBuffer was used to store and compare plaintext passwords, then discrepencies … | Apr 13, 2026 |
| CVE-2026-39979 | UNKNOWN | — | jq is a command-line JSON processor. In commits before 2f09060afab23fe9390cce7cb860b10416e1bf5f, the jv_parse_sized() API in libjq accepts a counted buffer with an explicit length parameter, but … | Apr 13, 2026 |
| CVE-2026-39956 | MEDIUM | 6.1 | jq is a command-line JSON processor. In commits after 69785bf77f86e2ea1b4a20ca86775916889e91c9, the _strindices builtin in jq's src/builtin.c passes its arguments directly to jv_string_indexes() without verifying they … | Apr 13, 2026 |
| CVE-2026-6224 | HIGH | 7.3 | A security flaw has been discovered in nocobase plugin-workflow-javascript up to 2.0.23. This issue affects the function createSafeConsole of the file packages/plugins/@nocobase/plugin-workflow-javascript/src/server/Vm.js. Performing a manipulation … | Apr 13, 2026 |
| CVE-2026-6220 | MEDIUM | 4.7 | A vulnerability was identified in HummerRisk up to 1.5.0. This vulnerability affects the function ServerService.addServer of the file ServerService.java of the component Video File Download … | Apr 13, 2026 |
| CVE-2026-4786 | UNKNOWN | — | Mitgation of CVE-2026-4519 was incomplete. If the URL contained "%action" the mitigation could be bypassed for certain browser types the "webbrowser.open()" API could have commands … | Apr 13, 2026 |
| CVE-2026-40312 | MEDIUM | 6.2 | ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-19, an off by one error in the MSL … | Apr 13, 2026 |
| CVE-2026-40311 | MEDIUM | 5.5 | ImageMagick is free and open-source software used for editing and manipulating digital images. Versions below 7.1.2-19 and 6.9.13-44 contain a heap use-after-free vulnerability that can … | Apr 13, 2026 |
| CVE-2026-40310 | MEDIUM | 5.5 | ImageMagick is free and open-source software used for editing and manipulating digital images. Versions below both 7.1.2-19 and 6.9.13-44, contain a heap out-of-bounds write in … | Apr 13, 2026 |