Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
13326
Total
883
Critical
3881
High
4214
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-5675 | MEDIUM | 6.3 | A vulnerability was found in itsourcecode Construction Management System 1.0. This affects an unknown part of the file /borrowed_tool.php of the component Parameter Handler. The … | Apr 06, 2026 |
| CVE-2026-5672 | HIGH | 7.3 | A vulnerability has been found in code-projects Simple IT Discussion Forum 1.0. Affected by this issue is some unknown functionality of the file /edit-category.php of … | Apr 06, 2026 |
| CVE-2026-5671 | MEDIUM | 4.3 | A vulnerability was determined in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. Impacted is an unknown function of the file /admin/class%20schedule/delete_batch.php of the component Class Schedule Deletion … | Apr 06, 2026 |
| CVE-2026-35470 | HIGH | 8.8 | OpenSTAManager is an open source management software for technical assistance and invoicing. Prior to 2.10.2, confronta_righe.php files across different modules in OpenSTAManager contain an SQL … | Apr 06, 2026 |
| CVE-2026-35209 | HIGH | 7.5 | defu is software that allows uers to assign default properties recursively. Prior to version 6.1.5, applications that pass unsanitized user input (e.g. parsed JSON request … | Apr 06, 2026 |
| CVE-2026-35177 | MEDIUM | 4.1 | Vim is an open source, command line text editor. Prior to 9.2.0280, a path traversal bypass in Vim's zip.vim plugin allows overwriting of arbitrary files … | Apr 06, 2026 |
| CVE-2026-35175 | UNKNOWN | — | Ajenti is a Linux and BSD modular server admin panel. Prior to 2.2.15, an authenticated user (using the auth_users plugin authentication method) could install a … | Apr 06, 2026 |
| CVE-2026-35174 | CRITICAL | 9.1 | Chyrp Lite is an ultra-lightweight blogging engine. Prior to 2026.01, a path traversal vulnerability exists in the administration console that allows an administrator or a … | Apr 06, 2026 |
| CVE-2026-35173 | MEDIUM | 6.5 | Chyrp Lite is an ultra-lightweight blogging engine. Prior to 2026.01, an IDOR / Mass Assignment issue exists in the Post model that allows authenticated users … | Apr 06, 2026 |
| CVE-2026-35171 | CRITICAL | 9.8 | Kedro is a toolbox for production-ready data science. Prior to 1.3.0, Kedro allows the logging configuration file path to be set via the KEDRO_LOGGING_CONFIG environment … | Apr 06, 2026 |
| CVE-2026-35167 | HIGH | 7.1 | Kedro is a toolbox for production-ready data science. Prior to 1.3.0, the _get_versioned_path() method in kedro/io/core.py constructs filesystem paths by directly interpolating user-supplied version strings … | Apr 06, 2026 |
| CVE-2026-35166 | UNKNOWN | — | Hugo is a static site generator. From 0.60.0 to before 0.159.2, links and image links in the default markdown to HTML renderer are not properly … | Apr 06, 2026 |
| CVE-2026-35164 | HIGH | 8.8 | Brave CMS is an open-source CMS. Prior to 2.0.6, an unrestricted file upload vulnerability exists in the CKEditor upload functionality. It is found in app/Http/Controllers/Dashboard/CkEditorController.php … | Apr 06, 2026 |
| CVE-2026-35052 | UNKNOWN | — | D-Tale is the combination of a Flask back-end and a React front-end to view & analyze Pandas data structures. Prior to 3.22.0, users hosting D-Tale … | Apr 06, 2026 |
| CVE-2026-35050 | CRITICAL | 9.1 | text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.1.1, users can save extention settings in "py" format and in the … | Apr 06, 2026 |
| CVE-2026-35047 | UNKNOWN | — | Brave CMS is an open-source CMS. Prior to 2.0.6, an Unrestricted File Upload vulnerability in the CKEditor endpoint allows attackers to upload arbitrary files, including … | Apr 06, 2026 |
| CVE-2026-35046 | MEDIUM | 5.4 | Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.4, Tandoor Recipes allows authenticated users to inject arbitrary … | Apr 06, 2026 |
| CVE-2026-35045 | HIGH | 8.1 | Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.4, the PUT /api/recipe/batch_update/ endpoint in Tandoor Recipes allows … | Apr 06, 2026 |
| CVE-2026-35044 | HIGH | 8.8 | BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.38, the Dockerfile generation function generate_containerfile() … | Apr 06, 2026 |
| CVE-2026-35043 | HIGH | 7.8 | BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.38, the cloud deployment path in … | Apr 06, 2026 |
| CVE-2026-30613 | MEDIUM | 4.6 | An information disclosure vulnerability exists in AZIOT 1 Node Smart Switch (16amp)- WiFi/Bluetooth Enabled Software Version: 1.1.9 due to improper access control on the UART … | Apr 06, 2026 |
| CVE-2025-61166 | MEDIUM | 6.1 | An open redirect in Ascertia SigningHub User v10.0 allows attackers to redirect users to a malicious site via a crafted URL. | Apr 06, 2026 |
| CVE-2025-59440 | HIGH | 7.5 | An issue was discovered in USIM in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, … | Apr 06, 2026 |
| CVE-2025-57835 | HIGH | 7.5 | An issue was discovered in RRC in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, … | Apr 06, 2026 |
| CVE-2026-5670 | MEDIUM | 6.3 | A vulnerability was found in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. This issue affects the function move_uploaded_file of the file /AssignmentSection/submission/upload.php. Performing a manipulation of the … | Apr 06, 2026 |