Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
13087
Total
868
Critical
3778
High
4150
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-5525 | MEDIUM | 6.0 | A stack-based buffer overflow vulnerability exists in Notepad++ version 8.9.3 in the file drop handler component. When a user drags and drops a directory path … | Apr 10, 2026 |
| CVE-2026-40212 | MEDIUM | 5.4 | OpenStack Skyline before 5.0.1, 6.0.0, and 7.0.0 has a DOM-based Cross-Site Scripting (XSS) vulnerability in the console because document.write is used unsafely, which is relevant … | Apr 10, 2026 |
| CVE-2026-22750 | HIGH | 7.5 | When configuring SSL bundles in Spring Cloud Gateway by using the configuration property spring.ssl.bundle, the configuration was silently ignored and the default SSL configuration was … | Apr 10, 2026 |
| CVE-2026-6030 | MEDIUM | 6.3 | A flaw has been found in itsourcecode Construction Management System 1.0. The impacted element is an unknown function of the file /del1.php. This manipulation of … | Apr 10, 2026 |
| CVE-2026-6029 | CRITICAL | 9.8 | A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. The affected element is the function setVpnAccountCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The … | Apr 10, 2026 |
| CVE-2026-6028 | CRITICAL | 9.8 | A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Impacted is the function setPptpServerCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The … | Apr 10, 2026 |
| CVE-2026-6027 | CRITICAL | 9.8 | A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. This issue affects the function setUrlFilterRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing … | Apr 10, 2026 |
| CVE-2026-6026 | CRITICAL | 9.8 | A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. This vulnerability affects the function setPortalConfWeChat of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. … | Apr 10, 2026 |
| CVE-2026-4432 | MEDIUM | 6.5 | The YITH WooCommerce Wishlist WordPress plugin before 4.13.0 does not properly validate wishlist ownership in the save_title() AJAX handler before allowing wishlist renaming operations. The … | Apr 10, 2026 |
| CVE-2026-28704 | HIGH | 7.8 | Emocheck insecurely loads Dynamic Link Libraries (DLLs). If a crafted DLL file is placed to the same directory, an arbitrary code may be executed with … | Apr 10, 2026 |
| CVE-2026-1115 | CRITICAL | 9.6 | A Stored Cross-Site Scripting (XSS) vulnerability was identified in the social feature of parisneo/lollms, affecting the latest version prior to 2.2.0. The vulnerability exists in … | Apr 10, 2026 |
| CVE-2025-14545 | MEDIUM | 6.5 | The YML for Yandex Market WordPress plugin before 5.0.26 is vulnerable to Remote Code Execution via the feed generation process. | Apr 10, 2026 |
| CVE-2026-6025 | CRITICAL | 9.8 | A vulnerability was identified in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setSyslogCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of … | Apr 10, 2026 |
| CVE-2026-6024 | HIGH | 7.3 | A vulnerability was determined in Tenda i6 1.0.0.7(2204). Affected by this issue is the function R7WebsSecurityHandlerfunction of the component HTTP Handler. This manipulation causes path … | Apr 10, 2026 |
| CVE-2026-6016 | HIGH | 8.8 | A vulnerability was found in Tenda AC9 15.03.02.13. The affected element is the function decodePwd of the file /goform/WizardHandle of the component POST Request Handler. … | Apr 10, 2026 |
| CVE-2026-6015 | HIGH | 8.8 | A vulnerability has been found in Tenda AC9 15.03.02.13. Impacted is the function formQuickIndex of the file /goform/QuickIndex of the component POST Request Handler. Such … | Apr 10, 2026 |
| CVE-2026-5477 | UNKNOWN | — | An integer overflow existed in the wolfCrypt CMAC implementation, that could be exploited to forge CMAC tags. The function wc_CmacUpdate used the guard `if (cmac->totalSz … | Apr 10, 2026 |
| CVE-2026-6014 | HIGH | 8.8 | A flaw has been found in D-Link DIR-513 1.10. This issue affects the function formAdvanceSetup of the file /goform/formAdvanceSetup of the component POST Request Handler. … | Apr 10, 2026 |
| CVE-2026-6013 | HIGH | 8.8 | A vulnerability was detected in D-Link DIR-513 1.10. This vulnerability affects the function formSetRoute of the file /goform/formSetRoute of the component POST Request Handler. The … | Apr 10, 2026 |
| CVE-2026-6012 | HIGH | 8.8 | A security vulnerability has been detected in D-Link DIR-513 1.10. This affects the function formSetPassword of the file /goform/formSetPassword of the component POST Request Handler. … | Apr 10, 2026 |
| CVE-2026-6011 | MEDIUM | 5.6 | A weakness has been identified in OpenClaw up to 2026.1.26. Affected by this issue is some unknown functionality of the file src/agents/tools/web-fetch.ts of the component … | Apr 10, 2026 |
| CVE-2026-4482 | UNKNOWN | — | The installer certificate files in the …/bootstrap/common/ssl folder do not seem to have restricted permissions on Windows systems (users have read and execute access). For … | Apr 10, 2026 |
| CVE-2026-6010 | MEDIUM | 6.3 | A security flaw has been discovered in CodeAstro Online Classroom 1.0/2.php. Affected by this vulnerability is an unknown functionality of the file /OnlineClassroom/takeassessment2.php?exid=14. Performing a … | Apr 10, 2026 |
| CVE-2026-6007 | MEDIUM | 6.3 | A vulnerability was found in itsourcecode Construction Management System 1.0. This affects an unknown function of the file /del.php. The manipulation of the argument equipname … | Apr 10, 2026 |
| CVE-2026-6006 | MEDIUM | 6.3 | A vulnerability has been found in code-projects Patient Record Management System 1.0. The impacted element is an unknown function of the file /edit_hpatient.php. The manipulation … | Apr 10, 2026 |