Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
13326
Total
883
Critical
3881
High
4214
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-35485 | HIGH | 7.5 | text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, an unauthenticated path traversal vulnerability in load_grammar() allows reading any file … | Apr 07, 2026 |
| CVE-2026-35484 | MEDIUM | 5.3 | text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, an unauthenticated path traversal vulnerability in load_preset() allows reading any .yaml … | Apr 07, 2026 |
| CVE-2026-35483 | MEDIUM | 5.3 | text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, an unauthenticated path traversal vulnerability in load_template() allows reading files with … | Apr 07, 2026 |
| CVE-2026-35481 | UNKNOWN | — | Rejected reason: Further research determined the issue does not satisfy the assignment rules. | Apr 07, 2026 |
| CVE-2026-35480 | MEDIUM | 6.2 | go-ipld-prime is an implementation of the InterPlanetary Linked Data (IPLD) spec interfaces, a batteries-included codec implementations of IPLD for CBOR and JSON, and tooling for … | Apr 07, 2026 |
| CVE-2026-35464 | HIGH | 7.5 | pyLoad is a free and open-source download manager written in Python. The fix for CVE-2026-33509 added an ADMIN_ONLY_OPTIONS set to block non-admin users from modifying … | Apr 07, 2026 |
| CVE-2026-35463 | HIGH | 8.8 | pyLoad is a free and open-source download manager written in Python. In 0.5.0b3.dev96 and earlier, the ADMIN_ONLY_OPTIONS protection mechanism restricts security-critical configuration values (reconnect scripts, … | Apr 07, 2026 |
| CVE-2026-35462 | MEDIUM | 4.3 | Papra is a minimalistic document management and archiving platform. Prior to 26.4.0, API keys with an expiresAt date are never validated against the current time … | Apr 07, 2026 |
| CVE-2026-35461 | MEDIUM | 5.0 | Papra is a minimalistic document management and archiving platform. Prior to 26.4.0, the Papra webhook system allows authenticated users to register arbitrary URLs as webhook … | Apr 07, 2026 |
| CVE-2026-35460 | MEDIUM | 4.3 | Papra is a minimalistic document management and archiving platform. Prior to 26.4.0, transactional email templates in Papra interpolate user.name directly into HTML without escaping or … | Apr 07, 2026 |
| CVE-2026-35458 | UNKNOWN | — | Gotenberg is an API for converting document formats. In 8.29.1 and earlier, Gotenberg uses dlclark/regexp2 to compile user-supplied scope patterns without setting a proper timeout. … | Apr 07, 2026 |
| CVE-2026-35457 | HIGH | 8.2 | libp2p-rust is the official rust language Implementation of the libp2p networking stack. Prior to 0.17.1, the rendezvous server stores pagination cookies without bounds. An unauthenticated … | Apr 07, 2026 |
| CVE-2026-35405 | HIGH | 7.5 | libp2p-rust is the official rust language Implementation of the libp2p networking stack. Prior to 0.17.1, libp2p-rendezvous server has no limit on how many namespaces a … | Apr 07, 2026 |
| CVE-2026-33034 | HIGH | 7.5 | An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. ASGI requests with a missing or understated `Content-Length` header could … | Apr 07, 2026 |
| CVE-2026-33033 | MEDIUM | 6.5 | An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. `MultiPartParser` allows remote attackers to degrade performance by submitting multipart … | Apr 07, 2026 |
| CVE-2026-30079 | UNKNOWN | — | In OpenAirInterface V2.2.0 AMF, Out of sequence messages causes incorrect state transition during UE registration procedure. This allows authentication to be bypassed completely. If a … | Apr 07, 2026 |
| CVE-2026-24660 | HIGH | 8.1 | A heap-based buffer overflow vulnerability exists in the x3f_load_huffman functionality of LibRaw Commit d20315b. A specially crafted malicious file can lead to a heap buffer … | Apr 07, 2026 |
| CVE-2026-24450 | HIGH | 8.1 | An integer overflow vulnerability exists in the uncompressed_fp_dng_load_raw functionality of LibRaw Commit 8dc68e2. A specially crafted malicious file can lead to a heap buffer overflow. … | Apr 07, 2026 |
| CVE-2026-21413 | CRITICAL | 9.8 | A heap-based buffer overflow vulnerability exists in the lossless_jpeg_load_raw functionality of LibRaw Commit 0b56545 and Commit d20315b. A specially crafted malicious file can lead to … | Apr 07, 2026 |
| CVE-2026-20911 | CRITICAL | 9.8 | A heap-based buffer overflow vulnerability exists in the HuffTable::initval functionality of LibRaw Commit 0b56545 and Commit d20315b. A specially crafted malicious file can lead to … | Apr 07, 2026 |
| CVE-2026-20889 | CRITICAL | 9.8 | A heap-based buffer overflow vulnerability exists in the x3f_thumb_loader functionality of LibRaw Commit d20315b. A specially crafted malicious file can lead to a heap buffer … | Apr 07, 2026 |
| CVE-2026-20884 | HIGH | 8.1 | An integer overflow vulnerability exists in the deflate_dng_load_raw functionality of LibRaw Commit 8dc68e2. A specially crafted malicious file can lead to a heap buffer overflow. … | Apr 07, 2026 |
| CVE-2025-62818 | UNKNOWN | — | An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, … | Apr 07, 2026 |
| CVE-2025-52909 | UNKNOWN | — | An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1280, 1330, 1380, 1480, 1580, W920, W930, … | Apr 07, 2026 |
| CVE-2026-5627 | CRITICAL | 9.1 | A path traversal vulnerability exists in mintplex-labs/anything-llm versions up to and including 1.9.1, within the `AgentFlows` component. The vulnerability arises from improper handling of user … | Apr 07, 2026 |