Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
13161
Total
872
Critical
3825
High
4173
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-5961 | HIGH | 7.3 | A security vulnerability has been detected in code-projects Simple IT Discussion Forum 1.0. This vulnerability affects unknown code of the file /topic-details.php. The manipulation of … | Apr 09, 2026 |
| CVE-2026-40046 | UNKNOWN | — | Integer Overflow or Wraparound vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ MQTT. The fix for "CVE-2025-66168: MQTT control packet remaining length field is … | Apr 09, 2026 |
| CVE-2026-39976 | HIGH | 7.1 | Laravel Passport provides OAuth2 server support to Laravel. From 13.0.0 to before 13.7.1, there is an Authentication Bypass for client_credentials tokens. the league/oauth2-server library sets … | Apr 09, 2026 |
| CVE-2026-39974 | HIGH | 8.5 | n8n-MCP is a Model Context Protocol (MCP) server that provides AI assistants with comprehensive access to n8n node documentation, properties, and operations. Prior to 2.47.4, … | Apr 09, 2026 |
| CVE-2026-39972 | UNKNOWN | — | Mercure is a protocol for pushing data updates to web browsers and other HTTP clients in a battery-efficient way. Prior to 0.22.0, a cache key … | Apr 09, 2026 |
| CVE-2026-39962 | UNKNOWN | — | MISP is an open source threat intelligence and sharing platform. Prior to 2.5.36, improper neutralization of special elements in an LDAP query in ApacheAuthenticate.php allows … | Apr 09, 2026 |
| CVE-2026-39959 | HIGH | 7.1 | Tmds.DBus provides .NET libraries for working with D-Bus from .NET. Tmds.DBus and Tmds.DBus.Protocol are vulnerable to malicious D-Bus peers. A peer on the same bus … | Apr 09, 2026 |
| CVE-2026-39958 | UNKNOWN | — | oma is a package manager for AOSC OS. Prior to 1.25.2, oma-topics is responsible for fetching metadata for testing repositories (topics) named "Topic Manifests" ({mirror}/debs/manifest/topics.json) … | Apr 09, 2026 |
| CVE-2026-39957 | UNKNOWN | — | Lychee is a free, open-source photo-management tool. Prior to 7.5.4, a SQL operator-precedence bug in SharingController::listAll() causes the orWhereNotNull('user_group_id') clause to escape the ownership filter … | Apr 09, 2026 |
| CVE-2026-39943 | MEDIUM | 6.5 | Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, Directus stores revision records (in directus_revisions) whenever items are … | Apr 09, 2026 |
| CVE-2026-39942 | HIGH | 8.5 | Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, the PATCH /files/{id} endpoint accepts a user-controlled filename_disk parameter. … | Apr 09, 2026 |
| CVE-2026-39856 | MEDIUM | 5.5 | osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.13, an out-of-bounds read vulnerability exists in osslsigncode version 2.12 and earlier in … | Apr 09, 2026 |
| CVE-2026-39855 | MEDIUM | 5.5 | osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.13, an integer underflow vulnerability exists in osslsigncode version 2.12 and earlier in … | Apr 09, 2026 |
| CVE-2026-30479 | UNKNOWN | — | A Dynamic-link Library Injection vulnerability in OSGeo Project MapServer before v8.0 allows attackers to execute arbitrary code via a crafted executable. | Apr 09, 2026 |
| CVE-2026-5960 | MEDIUM | 4.3 | A weakness has been identified in code-projects Patient Record Management System 1.0. This affects an unknown part of the file /db/hcpms.sql of the component SQL … | Apr 09, 2026 |
| CVE-2026-4878 | MEDIUM | 6.7 | A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the `cap_set_file()` function. This allows an attacker … | Apr 09, 2026 |
| CVE-2026-39941 | UNKNOWN | — | ChurchCRM is an open-source church management system. Prior to 7.1.0, an XSS vulnerability allows attacker-supplied input sent via a the EName and EDesc parameters in … | Apr 09, 2026 |
| CVE-2026-39853 | HIGH | 7.8 | osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.12, A stack buffer overflow vulnerability exists in osslsigncode in several signature verification … | Apr 09, 2026 |
| CVE-2026-39843 | HIGH | 7.7 | Plane is an an open-source project management tool. From 0.28.0 to before 1.3.0, the remediation of GHSA-jcc6-f9v6-f7jw is incomplete which could lead to the same … | Apr 09, 2026 |
| CVE-2026-39398 | UNKNOWN | — | Rejected reason: The affected product and advisory are not public. | Apr 09, 2026 |
| CVE-2026-35205 | UNKNOWN | — | Helm is a package manager for Charts for Kubernetes. From 4.0.0 to 4.1.3, Helm will install plugins missing provenance (.prov file) when signature verification is … | Apr 09, 2026 |
| CVE-2026-35204 | UNKNOWN | — | Helm is a package manager for Charts for Kubernetes. From 4.0.0 to 4.1.3, a specially crafted Helm plugin, when installed or updated, will cause Helm … | Apr 09, 2026 |
| CVE-2026-35041 | MEDIUM | 4.2 | fast-jwt provides fast JSON Web Token (JWT) implementation. From 5.0.0 to 6.2.0, a denial-of-service condition exists in fast-jwt when the allowedAud verification option is configured … | Apr 09, 2026 |
| CVE-2026-35040 | MEDIUM | 5.3 | fast-jwt provides fast JSON Web Token (JWT) implementation. Prior to 6.2.1, using certain modifiers on RegExp objects in the allowedAud, allowedIss, allowedSub, allowedJti, or allowedNonce … | Apr 09, 2026 |
| CVE-2026-34020 | UNKNOWN | — | Use of GET Request Method With Sensitive Query Strings vulnerability in Apache OpenMeetings. The REST login endpoint uses HTTP GET method with username and password … | Apr 09, 2026 |