Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
13326
Total
883
Critical
3881
High
4214
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-5687 | HIGH | 8.8 | A weakness has been identified in Tenda CX12L 16.03.53.12. This issue affects the function fromNatStaticSetting of the file /goform/NatStaticSetting. This manipulation of the argument page … | Apr 06, 2026 |
| CVE-2026-5686 | HIGH | 8.8 | A security flaw has been discovered in Tenda CX12L 16.03.53.12. This vulnerability affects the function fromRouteStatic of the file /goform/RouteStatic. The manipulation of the argument … | Apr 06, 2026 |
| CVE-2026-5685 | HIGH | 8.8 | A vulnerability was identified in Tenda CX12L 16.03.53.12. This affects the function fromAddressNat of the file /goform/addressNat. The manipulation of the argument page leads to … | Apr 06, 2026 |
| CVE-2026-5684 | HIGH | 8.0 | A vulnerability was determined in Tenda CX12L 16.03.53.12. Affected by this issue is the function fromwebExcptypemanFilter of the file /goform/webExcptypemanFilter. Executing a manipulation of the … | Apr 06, 2026 |
| CVE-2026-35475 | UNKNOWN | — | WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, the redirect parameter is taken directly from $_GET with no URL validation or whitelist … | Apr 06, 2026 |
| CVE-2026-35474 | UNKNOWN | — | WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, open redirect has been found in WeGIA webapp. The redirect parameter is taken directly … | Apr 06, 2026 |
| CVE-2026-35473 | UNKNOWN | — | WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, an Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, … | Apr 06, 2026 |
| CVE-2026-35471 | CRITICAL | 9.8 | goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.3, tdeleteFile() missing return after path traversal check. This vulnerability is fixed in 2.0.0-beta.3. | Apr 06, 2026 |
| CVE-2026-35454 | UNKNOWN | — | The Code Extension Marketplace is an open-source alternative to the VS Code Marketplace. Prior to 2.4.2, Zip Slip vulnerability in coder/code-marketplace allowed a malicious VSIX … | Apr 06, 2026 |
| CVE-2026-35452 | MEDIUM | 5.3 | WWBN AVideo is an open source video platform. In versions 26.0 and prior, the plugin/CloneSite/client.log.php endpoint serves the clone operation log file without any authentication. … | Apr 06, 2026 |
| CVE-2026-35450 | MEDIUM | 5.3 | WWBN AVideo is an open source video platform. In versions 26.0 and prior, the plugin/API/check.ffmpeg.json.php endpoint probes the FFmpeg remote server configuration and returns connectivity … | Apr 06, 2026 |
| CVE-2026-35449 | MEDIUM | 5.3 | WWBN AVideo is an open source video platform. In versions 26.0 and prior, the install/test.php diagnostic script has its CLI-only access guard disabled by commenting … | Apr 06, 2026 |
| CVE-2026-35448 | LOW | 3.7 | WWBN AVideo is an open source video platform. In versions 26.0 and prior, the BlockonomicsYPT plugin's check.php endpoint returns payment order data for any Bitcoin … | Apr 06, 2026 |
| CVE-2026-35444 | HIGH | 7.1 | SDL_image is a library to load images of various formats as SDL surfaces. In do_layer_surface() in src/IMG_xcf.c, pixel index values from decoded XCF tile data … | Apr 06, 2026 |
| CVE-2026-35442 | HIGH | 8.1 | Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, aggregate functions (min, max) applied to fields with the … | Apr 06, 2026 |
| CVE-2026-35441 | MEDIUM | 6.5 | Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, Directus' GraphQL endpoints (/graphql and /graphql/system) did not deduplicate … | Apr 06, 2026 |
| CVE-2026-35413 | MEDIUM | 5.3 | Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.16.1, when GRAPHQL_INTROSPECTION=false is configured, Directus correctly blocks standard GraphQL … | Apr 06, 2026 |
| CVE-2026-35412 | HIGH | 7.1 | Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.16.1, Directus' TUS resumable upload endpoint (/files/tus) allows any authenticated … | Apr 06, 2026 |
| CVE-2026-35411 | MEDIUM | 4.3 | Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.16.1, Directus is vulnerable to an open redirect via the … | Apr 06, 2026 |
| CVE-2026-35410 | MEDIUM | 6.1 | Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.16.1, an open redirect vulnerability exists in the login redirection … | Apr 06, 2026 |
| CVE-2026-35409 | HIGH | 7.7 | Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.16.0, a Server-Side Request Forgery (SSRF) protection bypass has been … | Apr 06, 2026 |
| CVE-2026-35408 | HIGH | 8.7 | Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, Directus's Single Sign-On (SSO) login pages lacked a Cross-Origin-Opener-Policy … | Apr 06, 2026 |
| CVE-2026-35404 | MEDIUM | 4.7 | Open edX Platform enables the authoring and delivery of online learning at any scale. he view_survey endpoint accepts a redirect_url GET parameter that is passed … | Apr 06, 2026 |
| CVE-2026-22675 | MEDIUM | 5.4 | OCS Inventory NG Server version 2.12.3 and prior contain a stored cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript by submitting malicious … | Apr 06, 2026 |
| CVE-2026-5683 | MEDIUM | 5.5 | A vulnerability was found in Tenda CX12L 16.03.53.12. Affected by this vulnerability is the function fromP2pListFilter of the file /goform/P2pListFilter. Performing a manipulation of the … | Apr 06, 2026 |