Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
12799
Total
856
Critical
3690
High
4021
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-32316 | HIGH | 8.2 | jq is a command-line JSON processor. An integer overflow vulnerability exists through version 1.8.1 within the jvp_string_append() and jvp_string_copy_replace_bad functions, where concatenating strings with a … | Apr 13, 2026 |
| CVE-2026-28291 | HIGH | 8.1 | simple-git enables running native Git commands from JavaScript. Versions up to and including 3.31.1 allow execution of arbitrary commands through Git option manipulation, bypassing safety … | Apr 13, 2026 |
| CVE-2025-3756 | MEDIUM | 6.5 | A vulnerability exists in the command handling of the IEC 61850 communication stack included in the product revisions listed as affected in this CVE. An … | Apr 13, 2026 |
| CVE-2026-6193 | HIGH | 7.3 | A security flaw has been discovered in PHPGurukul Daily Expense Tracking System 1.1. Affected is an unknown function of the file /register.php. The manipulation of … | Apr 13, 2026 |
| CVE-2026-6192 | LOW | 3.3 | A vulnerability was identified in uclouvain openjpeg up to 2.5.4. This impacts the function opj_pi_initialise_encode in the library src/lib/openjp2/pi.c. The manipulation leads to integer overflow. … | Apr 13, 2026 |
| CVE-2026-6191 | MEDIUM | 6.3 | A vulnerability was determined in itsourcecode Construction Management System 1.0. This affects an unknown function of the file /equipments.php. Executing a manipulation of the argument … | Apr 13, 2026 |
| CVE-2026-6190 | MEDIUM | 6.3 | A vulnerability was found in itsourcecode Construction Management System 1.0. The impacted element is an unknown function of the file /employees.php. Performing a manipulation of … | Apr 13, 2026 |
| CVE-2026-6189 | HIGH | 7.3 | A vulnerability has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. The affected element is an unknown function of the file /ajax.php?action=login. Such … | Apr 13, 2026 |
| CVE-2026-39940 | UNKNOWN | — | ChurchCRM is an open-source church management system. Prior to 7.0.0, it was possible in many places across the ChurchCRM application to create a link that, … | Apr 13, 2026 |
| CVE-2026-36952 | LOW | 2.7 | Sourcecodester Online Thesis Archiving System v1.0 is vulnerable to SQL injection in the file /otas/admin/curriculum/manage_curriculum.php. | Apr 13, 2026 |
| CVE-2026-36950 | LOW | 2.7 | Sourcecodester Online Thesis Archiving System v1.0 is vulnerable to SQL injection in /otas/projects_per_department.php. | Apr 13, 2026 |
| CVE-2026-36948 | HIGH | 7.3 | Sourcecodester Online Thesis Archiving System v1.0 is vulnerale to SQL injection in the file /otas/view_archive.php. | Apr 13, 2026 |
| CVE-2026-33555 | MEDIUM | 4.0 | An issue was discovered in HAProxy before 3.3.6. The HTTP/3 parser does not check that the received body length matches a previously announced content-length when … | Apr 13, 2026 |
| CVE-2026-23891 | UNKNOWN | — | Decidim is a participatory democracy framework. In versions below 0.30.5 and 0.31.0.rc1 through 0.31.0, a stored code execution vulnerability in the user name field allows … | Apr 13, 2026 |
| CVE-2026-6231 | MEDIUM | 4.3 | The bson_validate function may return early on specific inputs and incorrectly report success. This behavior could result in skipping validation for BSON data, allowing malformed … | Apr 13, 2026 |
| CVE-2026-6188 | HIGH | 7.3 | A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. Impacted is an unknown function of the file /ajax.php?action=delete_sales. This manipulation of … | Apr 13, 2026 |
| CVE-2026-6187 | HIGH | 7.3 | A vulnerability was detected in SourceCodester Pharmacy Sales and Inventory System 1.0. This issue affects some unknown processing of the file /ajax.php?action=chk_prod_availability. The manipulation of … | Apr 13, 2026 |
| CVE-2026-6186 | HIGH | 8.8 | A security vulnerability has been detected in UTT HiPER 1200GW up to 2.5.3-170306. This vulnerability affects the function strcpy of the file /goform/formNatStaticMap. The manipulation … | Apr 13, 2026 |
| CVE-2026-6184 | LOW | 2.4 | A weakness has been identified in code-projects Simple Content Management System 1.0. This affects an unknown part of the file /web/admin/welcome.php. Executing a manipulation of … | Apr 13, 2026 |
| CVE-2026-36938 | LOW | 2.7 | Sourcecodester Online Resort Management System v1.0 is vulnerable to SQL injection in /orms/admin/rooms/view_room.php. | Apr 13, 2026 |
| CVE-2026-36937 | LOW | 2.7 | Sourcecodester Online Resort Management System v1.0 is vulnerable to SQL injection in /orms/admin/reservations/view_details.php. | Apr 13, 2026 |
| CVE-2026-34188 | UNKNOWN | — | Improper Neutralization of Special Elements used in an OS Command vulnerability allows OS Command Injection via Event Response execution. This issue affects Pandora FMS: from … | Apr 13, 2026 |
| CVE-2026-34186 | UNKNOWN | — | Improper Neutralization of Special Elements used in an SQL Command vulnerability allows SQL Injection via custom fields. This issue affects Pandora FMS: from 777 through … | Apr 13, 2026 |
| CVE-2026-30813 | UNKNOWN | — | Improper Neutralization of Special Elements used in an SQL Command vulnerability allows SQL Injection via module search. This issue affects Pandora FMS: from 777 through … | Apr 13, 2026 |
| CVE-2026-30812 | UNKNOWN | — | Improper Neutralization of Input During Web Page Generation vulnerability allows Stored Cross-Site Scripting via event comments. This issue affects Pandora FMS: from 777 through 800 | Apr 13, 2026 |