Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
13326
Total
883
Critical
3881
High
4214
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-35185 | UNKNOWN | — | HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to 25.0.0, the /server-status endpoint is publicly accessible and exposes sensitive information including … | Apr 06, 2026 |
| CVE-2026-35184 | UNKNOWN | — | EcclesiaCRM is CRM Software for church management. Prior to 8.0.0, there is a SQL injection vulnerability in v2/templates/query/queryview.php via the custom and value parameters. This … | Apr 06, 2026 |
| CVE-2026-35183 | HIGH | 7.1 | Brave CMS is an open-source CMS. Prior to 2.0.6, an Insecure Direct Object Reference (IDOR) vulnerability exists in the article image deletion feature. It is … | Apr 06, 2026 |
| CVE-2026-35182 | HIGH | 8.8 | Brave CMS is an open-source CMS. Prior to 2.0.6, this vulnerability is a missing authorization check found in the update role endpoint at routes/web.php. The … | Apr 06, 2026 |
| CVE-2026-35181 | MEDIUM | 4.3 | WWBN AVideo is an open source video platform. In versions 26.0 and prior, the player skin configuration endpoint at admin/playerUpdate.json.php does not validate CSRF tokens. … | Apr 06, 2026 |
| CVE-2026-35180 | MEDIUM | 4.3 | WWBN AVideo is an open source video platform. In versions 26.0 and prior, the site customization endpoint at admin/customize_settings_nativeUpdate.json.php lacks CSRF token validation and writes … | Apr 06, 2026 |
| CVE-2026-35179 | MEDIUM | 5.3 | WWBN AVideo is an open source video platform. In versions 26.0 and prior, the SocialMediaPublisher plugin exposes a publishInstagram.json.php endpoint that acts as an unauthenticated … | Apr 06, 2026 |
| CVE-2026-35178 | UNKNOWN | — | Workbench is a suite of tools for administrators and developers to interact with Salesforce.com organizations via the Force.com APIs. Prior to 65.0.0, Workbench contains remote … | Apr 06, 2026 |
| CVE-2026-35176 | HIGH | 7.1 | openFPGALoader is a utility for programming FPGAs. In 1.1.1 and earlier, a heap-buffer-overflow read vulnerability exists in POFParser::parseSection() that allows out-of-bounds heap memory access when … | Apr 06, 2026 |
| CVE-2026-35172 | HIGH | 7.5 | Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.0, distribution can restore read access in repo a after an … | Apr 06, 2026 |
| CVE-2026-35170 | HIGH | 7.1 | openFPGALoader is a utility for programming FPGAs. In 1.1.1 and earlier, a heap-buffer-overflow read vulnerability exists in BitParser::parseHeader() that allows out-of-bounds heap memory access when … | Apr 06, 2026 |
| CVE-2026-35022 | CRITICAL | 9.8 | Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection vulnerability in authentication helper execution where helper configuration values are executed using … | Apr 06, 2026 |
| CVE-2026-35021 | HIGH | 7.8 | Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection vulnerability in the prompt editor invocation utility that allows attackers to execute … | Apr 06, 2026 |
| CVE-2026-35020 | HIGH | 8.4 | Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection vulnerability in the command lookup helper and deep-link terminal launcher that allows … | Apr 06, 2026 |
| CVE-2025-57834 | HIGH | 7.5 | An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem (Exynos 980, 850, 990, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, … | Apr 06, 2026 |
| CVE-2025-54602 | HIGH | 7.0 | An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580, W920, … | Apr 06, 2026 |
| CVE-2025-54328 | CRITICAL | 10.0 | An issue was discovered in SMS in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, … | Apr 06, 2026 |
| CVE-2026-5678 | HIGH | 7.3 | A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. The affected element is the function setScheduleCfg of the file /cgi-bin/cstecgi.cgi. Executing a manipulation of the … | Apr 06, 2026 |
| CVE-2026-5677 | HIGH | 7.3 | A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. Impacted is the function CsteSystem of the file /cgi-bin/cstecgi.cgi. Performing a manipulation of the argument … | Apr 06, 2026 |
| CVE-2026-5676 | HIGH | 7.3 | A vulnerability was identified in Totolink A8000R 5.9c.681_B20180413. This issue affects the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument langType leads … | Apr 06, 2026 |
| CVE-2026-33817 | MEDIUM | 6.2 | Index out-of-range when encountering a branch page with zero elements in go.etcd.io/bbolt | Apr 06, 2026 |
| CVE-2026-0049 | MEDIUM | 6.2 | In onHeaderDecoded of LocalImageResolver.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with … | Apr 06, 2026 |
| CVE-2025-58349 | CRITICAL | 9.1 | An issue was discovered in L2 in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, … | Apr 06, 2026 |
| CVE-2025-54324 | HIGH | 7.5 | An issue was discovered in NAS in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, … | Apr 06, 2026 |
| CVE-2025-48651 | UNKNOWN | — | StrongBox in Android before security patch level 2026-04-05 has a vulnerability of High Severity, aka A-434039170, A-467765081, A-467765894, and A-467762899. | Apr 06, 2026 |