Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
13240
Total
877
Critical
3855
High
4195
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-35204 | UNKNOWN | — | Helm is a package manager for Charts for Kubernetes. From 4.0.0 to 4.1.3, a specially crafted Helm plugin, when installed or updated, will cause Helm … | Apr 09, 2026 |
| CVE-2026-35041 | MEDIUM | 4.2 | fast-jwt provides fast JSON Web Token (JWT) implementation. From 5.0.0 to 6.2.0, a denial-of-service condition exists in fast-jwt when the allowedAud verification option is configured … | Apr 09, 2026 |
| CVE-2026-35040 | MEDIUM | 5.3 | fast-jwt provides fast JSON Web Token (JWT) implementation. Prior to 6.2.1, using certain modifiers on RegExp objects in the allowedAud, allowedIss, allowedSub, allowedJti, or allowedNonce … | Apr 09, 2026 |
| CVE-2026-34020 | UNKNOWN | — | Use of GET Request Method With Sensitive Query Strings vulnerability in Apache OpenMeetings. The REST login endpoint uses HTTP GET method with username and password … | Apr 09, 2026 |
| CVE-2026-33266 | UNKNOWN | — | Use of Hard-coded Cryptographic Key vulnerability in Apache OpenMeetings. The remember-me cookie encryption key is set to default value in openmeetings.properties and not being auto-rotated. … | Apr 09, 2026 |
| CVE-2026-33005 | UNKNOWN | — | Improper Handling of Insufficient Privileges vulnerability in Apache OpenMeetings. Any registered user can query web service with their credentials and get files/sub-folders of any folder … | Apr 09, 2026 |
| CVE-2025-70365 | UNKNOWN | — | A stored cross-site scripting (XSS) vulnerability exists in Kiamo before 8.4 due to improper output encoding of user-supplied input in administrative interfaces. An authenticated administrative … | Apr 09, 2026 |
| CVE-2025-70364 | UNKNOWN | — | An issue was discovered in Kiamo before 8.4 allowing authenticated administrative attackers to execute arbitrary PHP code on the server. | Apr 09, 2026 |
| CVE-2025-15480 | UNKNOWN | — | In Ubuntu, ubuntu-desktop-provision version 24.04.4 could leak sensitive user credentials during crash reporting. Upon installation failure, if a user submitted a bug report to Launchpad, … | Apr 09, 2026 |
| CVE-2025-14551 | UNKNOWN | — | In Ubuntu, Subiquity version 24.04.4 could leak sensitive user credentials during crash reporting. Upon installation failure, if a user submitted a bug report to Launchpad, … | Apr 09, 2026 |
| CVE-2026-5959 | MEDIUM | 6.6 | A security flaw has been discovered in GL.iNet GL-RM1, GL-RM10, GL-RM10RC and GL-RM1PE 1.8.1. Affected by this issue is some unknown functionality of the component … | Apr 09, 2026 |
| CVE-2026-5445 | UNKNOWN | — | An out-of-bounds read vulnerability exists in the `DecodeLookupTable` function within `DicomImageDecoder.cpp`. The lookup-table decoding logic used for `PALETTE COLOR` images does not validate pixel indices … | Apr 09, 2026 |
| CVE-2026-5444 | UNKNOWN | — | A heap buffer overflow vulnerability exists in the PAM image parsing logic. When Orthanc processes a crafted PAM image embedded in a DICOM file, image … | Apr 09, 2026 |
| CVE-2026-5443 | UNKNOWN | — | A heap buffer overflow vulnerability exists during the decoding of `PALETTE COLOR` DICOM images. Pixel length validation uses 32-bit multiplication for width and height calculations. … | Apr 09, 2026 |
| CVE-2026-5442 | UNKNOWN | — | A heap buffer overflow vulnerability exists in the DICOM image decoder. Dimension fields are encoded using Value Representation (VR) Unsigned Long (UL), instead of the … | Apr 09, 2026 |
| CVE-2026-5441 | UNKNOWN | — | An out-of-bounds read vulnerability exists in the `DecodePsmctRle1` function of `DicomImageDecoder.cpp`. The `PMSCT_RLE1` decompression routine, which decodes the proprietary Philips Compression format, does not properly … | Apr 09, 2026 |
| CVE-2026-5440 | UNKNOWN | — | A memory exhaustion vulnerability exists in the HTTP server due to unbounded use of the `Content-Length` header. The server allocates memory directly based on the … | Apr 09, 2026 |
| CVE-2026-5439 | UNKNOWN | — | A memory exhaustion vulnerability exists in ZIP archive processing. Orthanc automatically extracts ZIP archives uploaded to certain endpoints and trusts metadata fields describing the uncompressed … | Apr 09, 2026 |
| CVE-2026-5438 | UNKNOWN | — | A gzip decompression bomb vulnerability exists when Orthanc processes HTTP request with `Content-Encoding: gzip`. The server does not enforce limits on decompressed size and allocates … | Apr 09, 2026 |
| CVE-2026-5437 | UNKNOWN | — | An out-of-bounds read vulnerability exists in `DicomStreamReader` during DICOM meta-header parsing. When processing malformed metadata structures, the parser may read beyond the bounds of the … | Apr 09, 2026 |
| CVE-2026-4116 | UNKNOWN | — | Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSLVPN user to bypass Workplace/Connect Tunnel TOTP authentication. | Apr 09, 2026 |
| CVE-2026-4114 | UNKNOWN | — | Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSLVPN admin to bypass AMC TOTP authentication. | Apr 09, 2026 |
| CVE-2026-4113 | UNKNOWN | — | An observable response discrepancy vulnerability in the SonicWall SMA1000 series appliances allows a remote attacker to enumerate SSL VPN user credentials. | Apr 09, 2026 |
| CVE-2026-4112 | UNKNOWN | — | Improper neutralization of special elements used in an SQL command (“SQL Injection”) in SonicWall SMA1000 series appliances allows a remote authenticated attacker with read-only administrator … | Apr 09, 2026 |
| CVE-2026-34757 | MEDIUM | 5.1 | LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.0.9 to before … | Apr 09, 2026 |