Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
226
Total
14
Critical
71
High
67
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-33870 | HIGH | 7.5 | Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, Netty incorrectly parses quoted strings in HTTP/1.1 chunked transfer encoding … | Mar 27, 2026 |
| CVE-2026-33869 | MEDIUM | 4.8 | Mastodon is a free, open-source social network server based on ActivityPub. In versions on the 4.5.x branch prior to 4.5.8 and on the 4.4.x branch … | Mar 27, 2026 |
| CVE-2026-33868 | MEDIUM | 4.3 | Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 4.5.8, 4.4.15, and 4.3.21, an unauthenticated Open Redirect vulnerability (CWE-601) exists … | Mar 27, 2026 |
| CVE-2026-33765 | UNKNOWN | — | Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. Versions prior to 6.0 have a critical … | Mar 27, 2026 |
| CVE-2026-33739 | MEDIUM | 5.7 | FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Prior to 1.5.10.1812, the listing tables on multiple management pages (Host, Storage, Group, Image, Printer, Snapin) … | Mar 27, 2026 |
| CVE-2026-33654 | UNKNOWN | — | nanobot is a personal AI assistant. Prior to version 0.1.6, an indirect prompt injection vulnerability exists in the email channel processing module (`nanobot/channels/email.py`), allowing a … | Mar 27, 2026 |
| CVE-2026-33045 | UNKNOWN | — | Home Assistant is open source home automation software that puts local control and privacy first. Starting in version 2025.02 and prior to version 2026.01 the … | Mar 27, 2026 |
| CVE-2026-33044 | UNKNOWN | — | Home Assistant is open source home automation software that puts local control and privacy first. Starting in version 2020.02 and prior to version 2026.01, an … | Mar 27, 2026 |
| CVE-2026-32241 | HIGH | 7.5 | Flannel is a network fabric for containers, designed for Kubernetes. The Flannel project includes an experimental Extension backend that allows users to easily prototype new … | Mar 27, 2026 |
| CVE-2026-31951 | MEDIUM | 6.8 | LibreChat is a ChatGPT clone with additional features. In versions 0.8.2-rc1 through 0.8.3-rc1, user-created MCP (Model Context Protocol) servers can include arbitrary HTTP headers that … | Mar 27, 2026 |
| CVE-2026-31950 | MEDIUM | 5.3 | LibreChat is a ChatGPT clone with additional features. In versions 0.8.2-rc2 through 0.8.2-rc3, the SSE streaming endpoint `/api/agents/chat/stream/:streamId` does not verify that the requesting user … | Mar 27, 2026 |
| CVE-2026-31945 | HIGH | 7.7 | LibreChat is a ChatGPT clone with additional features. Versions 0.8.2-rc2 through 0.8.2 are vulnerable to a server-side request forgery (SSRF) attack when using agent actions … | Mar 27, 2026 |
| CVE-2026-31943 | HIGH | 8.5 | LibreChat is a ChatGPT clone with additional features. Prior to version 0.8.3, `isPrivateIP()` in `packages/api/src/auth/domain.ts` fails to detect IPv4-mapped IPv6 addresses in their hex-normalized form, … | Mar 27, 2026 |
| CVE-2026-4970 | MEDIUM | 6.3 | A security flaw has been discovered in code-projects Social Networking Site 1.0. This affects an unknown function of the file delete_photos.php of the component Endpoint. … | Mar 27, 2026 |
| CVE-2026-4969 | LOW | 3.5 | A vulnerability was identified in code-projects Social Networking Site 1.0. The impacted element is an unknown function of the file /home.php of the component Alert … | Mar 27, 2026 |
| CVE-2026-34387 | UNKNOWN | — | Fleet is open source device management software. Prior to 4.81.1, a command injection vulnerability in Fleet's software installer pipeline allows an attacker to achieve arbitrary … | Mar 27, 2026 |
| CVE-2026-34386 | UNKNOWN | — | Fleet is open source device management software. Prior to 4.81.0, a SQL injection vulnerability in Fleet's MDM bootstrap package configuration allows an authenticated user with … | Mar 27, 2026 |
| CVE-2026-34385 | UNKNOWN | — | Fleet is open source device management software. Prior to 4.81.0, a second-order SQL injection vulnerability in Fleet's Apple MDM profile delivery pipeline could allow an … | Mar 27, 2026 |
| CVE-2026-34375 | HIGH | 8.2 | WWBN AVideo is an open source video platform. In versions up to and including 26.0, the YPTWallet Stripe payment confirmation page directly echoes the `$_REQUEST['plugin']` … | Mar 27, 2026 |
| CVE-2026-34374 | CRITICAL | 9.1 | WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `Live_schedule::keyExists()` method constructs a SQL query by interpolating a … | Mar 27, 2026 |
| CVE-2026-34369 | MEDIUM | 5.3 | WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `get_api_video_file` and `get_api_video` API endpoints in AVideo return full … | Mar 27, 2026 |
| CVE-2026-29180 | UNKNOWN | — | Fleet is open source device management software. Prior to 4.81.1, a broken access control vulnerability in Fleet's host transfer API allows a team maintainer to … | Mar 27, 2026 |
| CVE-2026-26061 | UNKNOWN | — | Fleet is open source device management software. Prior to 4.81.0, Fleet contained multiple unauthenticated HTTP endpoints that read request bodies without enforcing a size limit. … | Mar 27, 2026 |
| CVE-2026-26060 | UNKNOWN | — | Fleet is open source device management software. Prior to 4.81.0, a vulnerability in Fleet’s password management logic could allow previously issued password reset tokens to … | Mar 27, 2026 |
| CVE-2025-15612 | MEDIUM | 4.8 | Wazuh provisioning scripts and Dockerfiles contain an insecure transport vulnerability where curl is invoked with the -k/--insecure flag, disabling SSL/TLS certificate validation. Attackers with network … | Mar 27, 2026 |