Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
13326
Total
883
Critical
3881
High
4214
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-33815 | UNKNOWN | — | Memory-safety vulnerability in github.com/jackc/pgx/v5. | Apr 07, 2026 |
| CVE-2026-30460 | UNKNOWN | — | Daylight Studio FuelCMS v1.5.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability in the Blocks module. | Apr 07, 2026 |
| CVE-2026-1079 | UNKNOWN | — | A native messaging host vulnerability in Pega Browser Extension (PBE) affects users of all versions of Pega Robotic Automation who have installed Pega Browser Extension. … | Apr 07, 2026 |
| CVE-2026-1078 | UNKNOWN | — | An arbitrary file-write vulnerability in Pega Browser Extension (PBE) affects Pega Robotic Automation version 22.1 or R25 users who are running automations that work with … | Apr 07, 2026 |
| CVE-2025-52908 | UNKNOWN | — | An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1280, 1330, 1380, 1480, 1580, W920, W930, … | Apr 07, 2026 |
| CVE-2025-24819 | MEDIUM | 5.7 | Nokia MantaRay NM is vulnerable to a Relative Path Traversal vulnerability due to improper validation of input parameter on the file system in Software Manager … | Apr 07, 2026 |
| CVE-2025-24818 | HIGH | 8.0 | Nokia MantaRay NM is vulnerable to an OS command injection vulnerability due to improper neutralization of special elements used in an OS command in Log … | Apr 07, 2026 |
| CVE-2025-24817 | UNKNOWN | — | Nokia MantaRay NM is vulnerable to an OS command injection vulnerability due to improper neutralization of special elements used in an OS command in Symptom … | Apr 07, 2026 |
| CVE-2024-36057 | UNKNOWN | — | Koha Library before 23.05.10 fails to sanitize user-controllable filenames prior to unzipping, leading to remote code execution. The line "qx/unzip $filename -d $dirname/;" in upload-cover-image.pl … | Apr 07, 2026 |
| CVE-2026-5384 | MEDIUM | 5.8 | An issue that could allow a credential to be updated and used for a task from outside of the authorized organization scope has been resolved. … | Apr 07, 2026 |
| CVE-2026-5383 | MEDIUM | 4.4 | An issue that could allow access to Explorer groups from outside of the authorized organization scope has been resolved. This is an instance of CWE-863: … | Apr 07, 2026 |
| CVE-2026-5382 | LOW | 3.0 | An issue that could expose records outside of the authorized organization scope through the MCP endpoints has been resolved. This is an instance of CWE-863: … | Apr 07, 2026 |
| CVE-2026-5381 | LOW | 2.2 | An issue that could expose task information outside of the authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization, and … | Apr 07, 2026 |
| CVE-2026-5380 | MEDIUM | 5.3 | An issue that could allow an authorized user to view the clear-text secrets for a subset of credential types and fields has been resolved. This … | Apr 07, 2026 |
| CVE-2026-5379 | LOW | 3.0 | An issue that allowed MCP agents to access certificate information from outside of their authorized organization scope has been resolved. This is an instance of … | Apr 07, 2026 |
| CVE-2026-5378 | MEDIUM | 5.8 | An issue that allowed administrators to create and update users outside of their authorized organization scope has been resolved. This is an instance of CWE-863: … | Apr 07, 2026 |
| CVE-2026-5376 | MEDIUM | 5.9 | An issue that could prevent session inactivity timeouts from triggering due to automatic page reloading has been resolved. This is an instance of CWE-613: Insufficient … | Apr 07, 2026 |
| CVE-2026-5375 | LOW | 2.7 | An issue that could allow a user with access to a credential to view sensitive fields through an API response has been resolved. This is … | Apr 07, 2026 |
| CVE-2026-5374 | MEDIUM | 5.8 | An issue that allowed MCP agents to access remediation and asset information from outside of the authorized organization scope has been resolved. This is an … | Apr 07, 2026 |
| CVE-2026-5373 | HIGH | 8.1 | An issue that allowed all-organization administrators to promote accounts to superuser status has been resolved. This is an instance of CWE-269: Improper Privilege Management, and … | Apr 07, 2026 |
| CVE-2026-5372 | MEDIUM | 6.4 | An issue that allowed a SQL injection attack vector related to saved queries (introduced in version 4.0.260123.0). This is an instance of CWE-89: Improper Neutralization … | Apr 07, 2026 |
| CVE-2026-4740 | HIGH | 8.2 | A flaw was found in Open Cluster Management (OCM), the technology underlying Red Hat Advanced Cluster Management (ACM). Improper validation of Kubernetes client certificate renewal … | Apr 07, 2026 |
| CVE-2026-4292 | LOW | 2.7 | An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Admin changelist forms using `ModelAdmin.list_editable` incorrectly allowed new instances to … | Apr 07, 2026 |
| CVE-2026-4277 | UNKNOWN | — | An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Add permissions on inline model instances were not validated on … | Apr 07, 2026 |
| CVE-2026-3902 | HIGH | 7.5 | An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. `ASGIRequest` allows a remote attacker to spoof headers by exploiting … | Apr 07, 2026 |