Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
13055
Total
867
Critical
3775
High
4128
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-6179 | UNKNOWN | — | Stored Cross Site Scripting in NightWolf Penetration Testing Platform allows attack trigger and run malicious script in user's browser | Apr 13, 2026 |
| CVE-2026-6152 | HIGH | 7.3 | A vulnerability was determined in code-projects Vehicle Showroom Management System 1.0. This issue affects some unknown processing of the file /util/StaffAddingFunction.php. This manipulation of the … | Apr 13, 2026 |
| CVE-2026-6151 | HIGH | 7.3 | A vulnerability was found in code-projects Vehicle Showroom Management System 1.0. This vulnerability affects unknown code of the file /util/PaymentStatusFunction.php. The manipulation of the argument … | Apr 13, 2026 |
| CVE-2026-6150 | MEDIUM | 4.3 | A vulnerability has been found in code-projects Simple Laundry System 1.0. This affects an unknown part of the file /checkupdatestatus.php. The manipulation of the argument … | Apr 13, 2026 |
| CVE-2026-6149 | HIGH | 7.3 | A flaw has been found in code-projects Vehicle Showroom Management System 1.0. Affected by this issue is some unknown functionality of the file /util/BookVehicleFunction.php. Executing … | Apr 13, 2026 |
| CVE-2026-6148 | HIGH | 7.3 | A vulnerability was detected in code-projects Vehicle Showroom Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /util/MonthTotalReportUpdateFunction.php. Performing a … | Apr 13, 2026 |
| CVE-2026-6143 | MEDIUM | 6.3 | A security flaw has been discovered in farion1231 cc-switch up to 3.12.3. Affected by this issue is some unknown functionality of the file src-tauri/src/proxy/server.rs of … | Apr 13, 2026 |
| CVE-2026-6142 | HIGH | 7.3 | A vulnerability was identified in tushar-2223 Hotel Management System up to bb1f3b3666124b888f1e4bcf51b6fba9fbb01d15. Affected by this vulnerability is an unknown functionality of the file /admin/roomdelete.php. The … | Apr 13, 2026 |
| CVE-2026-6141 | MEDIUM | 6.3 | A vulnerability was determined in danielmiessler Personal_AI_Infrastructure up to 2.3.0. Affected is an unknown function of the file Skills/Parser/Tools/parse_url.ts. Executing a manipulation can lead to … | Apr 13, 2026 |
| CVE-2026-6140 | CRITICAL | 9.8 | A vulnerability was found in Totolink A7100RU 7.4cu.2313_b20191024. This impacts the function UploadFirmwareFile of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation … | Apr 13, 2026 |
| CVE-2026-6139 | CRITICAL | 9.8 | A vulnerability has been found in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function UploadOpenVpnCert of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation … | Apr 13, 2026 |
| CVE-2026-25204 | MEDIUM | 6.2 | Deserialization of untrusted data vulnerability in Samsung Open Source Escargot Java Script allows denial of service condition via process abort. This issue affects escarogt prior … | Apr 13, 2026 |
| CVE-2026-6138 | CRITICAL | 9.8 | A flaw has been found in Totolink A7100RU 7.4cu.2313_b20191024. The impacted element is the function setAccessDeviceCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. … | Apr 13, 2026 |
| CVE-2026-6137 | HIGH | 8.8 | A vulnerability was detected in Tenda F451 1.0.0.7_cn_svn7958. The affected element is the function fromAdvSetWan of the file /goform/AdvSetWan. The manipulation of the argument wanmode/PPPOEPassword … | Apr 13, 2026 |
| CVE-2026-6136 | HIGH | 8.8 | A security vulnerability has been detected in Tenda F451 1.0.0.7_cn_svn7958. Impacted is the function frmL7ImForm of the file /goform/L7Im. The manipulation of the argument page … | Apr 13, 2026 |
| CVE-2026-6135 | HIGH | 8.8 | A weakness has been identified in Tenda F451 1.0.0.7_cn_svn7958. This issue affects the function fromSetIpBind of the file /goform/SetIpBind. Executing a manipulation of the argument … | Apr 13, 2026 |
| CVE-2026-6134 | HIGH | 8.8 | A security flaw has been discovered in Tenda F451 1.0.0.7_cn_svn7958. This vulnerability affects the function fromqossetting of the file /goform/qossetting. Performing a manipulation of the … | Apr 12, 2026 |
| CVE-2026-6133 | HIGH | 8.8 | A vulnerability was identified in Tenda F451 1.0.0.7_cn_svn7958. This affects the function fromSafeUrlFilter of the file /goform/SafeUrlFilter. Such manipulation of the argument page leads to … | Apr 12, 2026 |
| CVE-2026-6132 | CRITICAL | 9.8 | A vulnerability was determined in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this issue is the function setLedCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. … | Apr 12, 2026 |
| CVE-2026-6131 | CRITICAL | 9.8 | A vulnerability was found in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this vulnerability is the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. … | Apr 12, 2026 |
| CVE-2026-6130 | HIGH | 7.3 | A flaw has been found in chatboxai chatbox up to 1.20.0. This impacts the function StdioClientTransport of the file src/main/mcp/ipc-stdio-transport.ts of the component Model Context … | Apr 12, 2026 |
| CVE-2026-6129 | HIGH | 7.3 | A vulnerability was detected in zhayujie chatgpt-on-wechat CowAgent up to 2.0.4. This affects an unknown function of the component Agent Mode Service. Performing a manipulation … | Apr 12, 2026 |
| CVE-2026-40396 | MEDIUM | 4.0 | Varnish Cache 9 before 9.0.1 allows a "workspace overflow" denial of service (daemon panic) after timeout_linger. A malicious client could send an HTTP/1 request, wait … | Apr 12, 2026 |
| CVE-2026-40395 | MEDIUM | 4.0 | Varnish Enterprise before 6.0.16r12 allows a "workspace overflow" denial of service (daemon panic) for shared VCL. The headerplus.write_req0() function from vmod_headerplus updates the underlying req0, … | Apr 12, 2026 |
| CVE-2026-40394 | MEDIUM | 4.0 | Varnish Cache 9 before 9.0.1 and Varnish Enterprise before 6.0.16r11 allows a "workspace overflow" denial of service (daemon panic) for certain amounts of prefetched data. … | Apr 12, 2026 |