Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
13269
Total
878
Critical
3860
High
4207
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-35400 | LOW | 3.5 | LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provides data- and project-management for neuroimaging research. From 20.0.0 to before 27.0.3 … | Apr 08, 2026 |
| CVE-2026-35169 | HIGH | 8.7 | LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provides data- and project-management for neuroimaging research. From to before 27.0.3 and … | Apr 08, 2026 |
| CVE-2026-35165 | MEDIUM | 6.3 | LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provides data- and project-management for neuroimaging research. From 21.0.0 to before 27.0.3 … | Apr 08, 2026 |
| CVE-2026-34985 | MEDIUM | 6.3 | LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provides data- and project-management for neuroimaging research. From 16.1.0 to before 27.0.3 … | Apr 08, 2026 |
| CVE-2026-34837 | UNKNOWN | — | Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1, he REST endpoint POST /api/v1/ai_assistance/text_tools/:id contains an authorization failure. Context data (e.g., … | Apr 08, 2026 |
| CVE-2026-34782 | UNKNOWN | — | Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the REST endpoint POST /api/v1/ai_assistance/text_tools/:id was not checking if a … | Apr 08, 2026 |
| CVE-2026-34724 | UNKNOWN | — | Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1, a server-side template injection vulnerability which leads to RCE via AI Agent … | Apr 08, 2026 |
| CVE-2026-34723 | UNKNOWN | — | Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, unauthenticated remote attackers were able to access the getting started … | Apr 08, 2026 |
| CVE-2026-34722 | UNKNOWN | — | Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the used endpoint for ticket creation was missing authorization if … | Apr 08, 2026 |
| CVE-2026-34721 | UNKNOWN | — | Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the OAuth callback endpoints for Microsoft, Google, and Facebook external … | Apr 08, 2026 |
| CVE-2026-34720 | UNKNOWN | — | Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the SSO mechanism in Zammad was not verifying the header … | Apr 08, 2026 |
| CVE-2026-34719 | UNKNOWN | — | Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the webhook model was missing a proper validation for loop … | Apr 08, 2026 |
| CVE-2026-34718 | UNKNOWN | — | Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the HTML sanitizer for ticket articles was missing proper sanitization … | Apr 08, 2026 |
| CVE-2026-34392 | HIGH | 7.5 | LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provides data- and project-management for neuroimaging research. From 20.0.0 to before 27.0.3 … | Apr 08, 2026 |
| CVE-2026-34248 | UNKNOWN | — | Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1, customers in shared organizations (means they can see each other's tickets) could … | Apr 08, 2026 |
| CVE-2026-34166 | LOW | 3.7 | LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.25.3, the replace filter in LiquidJS incorrectly accounts for memory … | Apr 08, 2026 |
| CVE-2026-33350 | HIGH | 7.5 | LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provides data- and project-management for neuroimaging research. Prior to 27.0.3 and 28.0.1, … | Apr 08, 2026 |
| CVE-2026-30818 | UNKNOWN | — | An OS command injection vulnerability in the dnsmasq module of TP-Link Archer AX53 v1.0 allows an authenticated adjacent attacker to execute arbitrary code when a … | Apr 08, 2026 |
| CVE-2026-30817 | UNKNOWN | — | An external configuration control vulnerability in the OpenVPN module of TP-Link AX53 v1.0 allows an authenticated adjacent attacker to read arbitrary files when a malicious … | Apr 08, 2026 |
| CVE-2026-30816 | UNKNOWN | — | An external control of configuration vulnerability in the OpenVPN module of TP-Link AX53 v1.0 allows an authenticated adjacent attacker to read arbitrary file when a … | Apr 08, 2026 |
| CVE-2026-30815 | UNKNOWN | — | An OS command injection vulnerability in the OpenVPN module of TP-Link Archer AX53 v1.0 allows an authenticated adjacent attacker to execute system commands when a … | Apr 08, 2026 |
| CVE-2026-30814 | UNKNOWN | — | A stack-based buffer overflow in the tmpServer module of TP-Link Archer AX53 v1.0 allows an authenticated adjacent attacker to trigger a segmentation fault and potentially … | Apr 08, 2026 |
| CVE-2026-2942 | CRITICAL | 9.8 | The ProSolution WP Client plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'proSol_fileUploadProcess' function in all … | Apr 08, 2026 |
| CVE-2026-27806 | HIGH | 7.8 | Fleet is open source device management software. Prior to 4.81.1, the Orbit agent's FileVault disk encryption key rotation flow on collects a local user's password … | Apr 08, 2026 |
| CVE-2026-20709 | MEDIUM | 6.6 | Use of Default Cryptographic Key in the hardware for some Intel(R) Pentium(R) Processor Silver Series, Intel(R) Celeron(R) Processor J Series, Intel(R) Celeron(R) Processor N Series … | Apr 08, 2026 |