Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
13269
Total
878
Critical
3860
High
4207
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2025-50647 | UNKNOWN | — | A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1, specifically in the handling of the wans parameter in the qos.asp endpoint. | Apr 08, 2026 |
| CVE-2025-50646 | UNKNOWN | — | A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to insufficient input validation on the name parameter in the /qos_type_asp.asp endpoint. | Apr 08, 2026 |
| CVE-2025-50645 | UNKNOWN | — | A vulnerability has been discovered in D-Link DI-8003 16.07.26A1, which can lead to a buffer overflow when the s parameter in the pppoe_list_opt.asp endpoint is … | Apr 08, 2026 |
| CVE-2025-50644 | UNKNOWN | — | A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper validation of user input in the qj.asp endpoint. | Apr 08, 2026 |
| CVE-2025-30650 | MEDIUM | 6.7 | A Missing Authentication for Critical Function vulnerability in command processing of Juniper Networks Junos OS allows a privileged local attacker to gain access to line … | Apr 08, 2026 |
| CVE-2026-33756 | HIGH | 7.5 | Saleor is an e-commerce platform. From 2.0.0 to before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, Saleor supports query batching by submitting multiple GraphQL operations in a … | Apr 08, 2026 |
| CVE-2026-33466 | HIGH | 8.1 | Improper Limitation of a Pathname to a Restricted Directory (CWE-22) in Logstash can lead to arbitrary file write and potentially remote code execution via Relative … | Apr 08, 2026 |
| CVE-2026-33459 | MEDIUM | 6.5 | Uncontrolled Resource Consumption (CWE-400) in Kibana can lead to denial of service via Excessive Allocation (CAPEC-130). An authenticated user with access to the automatic import … | Apr 08, 2026 |
| CVE-2026-33458 | MEDIUM | 6.3 | Server-Side Request Forgery (CWE-918) in Kibana One Workflow can lead to information disclosure. An authenticated user with workflow creation and execution privileges can bypass host … | Apr 08, 2026 |
| CVE-2026-32591 | MEDIUM | 5.2 | A flaw was found in Red Hat Quay's Proxy Cache configuration feature. When an organization administrator configures an upstream registry for proxy caching, Quay makes … | Apr 08, 2026 |
| CVE-2026-32590 | HIGH | 7.1 | A flaw was found in Red Hat Quay's handling of resumable container image layer uploads. The upload process stores intermediate data in the database using … | Apr 08, 2026 |
| CVE-2026-32589 | HIGH | 7.1 | A flaw was found in Red Hat Quay's container image upload process. An authenticated user with push access to any repository on the registry can … | Apr 08, 2026 |
| CVE-2025-52222 | UNKNOWN | — | D-Link DI-8003 v16.07.26A1, DI-8500 v16.07.26A1; DI-8003G v17.12.21A1, DI-8200G v17.12.20A1, DI-8200 v16.07.26A1, DI-8400 v16.07.26A1, DI-8004w v16.07.26A1, DI-8100 v16.07.26A1, and DI-8100G v17.12.20A1 were discovered to contain a … | Apr 08, 2026 |
| CVE-2025-52221 | UNKNOWN | — | Tenda AC6 15.03.05.16_multi is vulnerable to Buffer Overflow in the formSetCfm function via the funcname, funcpara1, and funcpara2 parameters. | Apr 08, 2026 |
| CVE-2025-45059 | UNKNOWN | — | D-Link DI-8300 v16.07.26A1 was discovered to contain a buffer overflow via the fn parameter in the tgfile_htm function. This vulnerability allows attackers to cause a … | Apr 08, 2026 |
| CVE-2025-45058 | UNKNOWN | — | D-Link DI-8300 v16.07.26A1 was discovered to contain a buffer overflow via the fx parameter in the jingx_asp function. This vulnerability allows attackers to cause a … | Apr 08, 2026 |
| CVE-2025-45057 | UNKNOWN | — | D-Link DI-8300 v16.07.26A1 was discovered to contain a buffer overflow via the ip parameter in the ip_position_asp function. This vulnerability allows attackers to cause a … | Apr 08, 2026 |
| CVE-2026-4837 | MEDIUM | 6.6 | An eval() injection vulnerability in the Rapid7 Insight Agent beaconing logic for Linux versions could theoretically allow an attacker to achieve remote code execution as … | Apr 08, 2026 |
| CVE-2026-4498 | HIGH | 7.7 | Execution with Unnecessary Privileges (CWE-250) in Kibana’s Fleet plugin debug route handlers can lead reading index data beyond their direct Elasticsearch RBAC scope via Privilege … | Apr 08, 2026 |
| CVE-2026-33461 | HIGH | 7.7 | Incorrect Authorization (CWE-863) in Kibana can lead to information disclosure via Privilege Abuse (CAPEC-122). A user with limited Fleet privileges can exploit an internal API … | Apr 08, 2026 |
| CVE-2026-33460 | MEDIUM | 4.3 | Incorrect Authorization (CWE-863) in Kibana can lead to cross-space information disclosure via Privilege Abuse (CAPEC-122). A user with Fleet agent management privileges in one Kibana … | Apr 08, 2026 |
| CVE-2026-31017 | UNKNOWN | — | A Server-Side Request Forgery (SSRF) vulnerability exists in the Print Format functionality of ERPNext v16.0.1 and Frappe Framework v16.1.1, where user-supplied HTML is insufficiently sanitized … | Apr 08, 2026 |
| CVE-2026-30080 | UNKNOWN | — | OpenAirInterface v2.2.0 accepts Security Mode Complete without any integrity protection. Configuration has supported integrity NIA1 and NIA2. But if an UE sends initial registration request … | Apr 08, 2026 |
| CVE-2026-30075 | UNKNOWN | — | OpenAirInterface Version 2.2.0 has a Buffer Overflow vulnerability in processing UplinkNASTransport containing Authentication Response containing a NAS PDU with oversize response (For example 100 byte). … | Apr 08, 2026 |
| CVE-2026-2377 | MEDIUM | 6.5 | A flaw was found in mirror-registry. Authenticated users can exploit the log export feature by providing a specially crafted web address (URL). This allows the … | Apr 08, 2026 |