Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
13326
Total
883
Critical
3881
High
4214
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-5669 | HIGH | 7.3 | A vulnerability has been found in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. This vulnerability affects unknown code of the file /login.php of the component Parameter Handler. … | Apr 06, 2026 |
| CVE-2026-5668 | LOW | 2.4 | A flaw has been found in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. This affects an unknown part of the file /admin/Add%20notice/add%20notice.php. This manipulation of the argument … | Apr 06, 2026 |
| CVE-2026-35042 | HIGH | 7.5 | fast-jwt provides fast JSON Web Token (JWT) implementation. In 6.1.0 and earlier, fast-jwt does not validate the crit (Critical) Header Parameter defined in RFC 7515 … | Apr 06, 2026 |
| CVE-2026-35039 | CRITICAL | 9.1 | fast-jwt provides fast JSON Web Token (JWT) implementation. From 0.0.1 to before 6.1.0, setting up a custom cacheKeyBuilder method which does not properly create unique … | Apr 06, 2026 |
| CVE-2026-35037 | HIGH | 7.2 | Ech0 is an open-source, self-hosted publishing platform for personal idea sharing. Prior to 4.2.8, the GET /api/website/title endpoint accepts an arbitrary URL via the website_url … | Apr 06, 2026 |
| CVE-2026-35036 | HIGH | 7.5 | Ech0 is an open-source, self-hosted publishing platform for personal idea sharing. Prior to 4.2.8, Ech0 implements link preview (editor fetches a page title) through GET … | Apr 06, 2026 |
| CVE-2026-35035 | HIGH | 7.2 | CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 0.31.2.0 , the application … | Apr 06, 2026 |
| CVE-2026-35030 | CRITICAL | 9.1 | LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1.83.0, when JWT authentication is enabled (enable_jwt_auth: … | Apr 06, 2026 |
| CVE-2026-35029 | UNKNOWN | — | LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1.83.0, the /config/update endpoint does not enforce … | Apr 06, 2026 |
| CVE-2026-34992 | UNKNOWN | — | Antrea is a Kubernetes networking solution intended to be Kubernetes native. Prior to 2.4.5 and 2.5.2, a missing encryption vulnerability affects inter-Node Pod traffic. In … | Apr 06, 2026 |
| CVE-2026-34989 | UNKNOWN | — | CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 31.0.0.0, the application fails … | Apr 06, 2026 |
| CVE-2026-34986 | HIGH | 7.5 | Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption (JWE), JSON … | Apr 06, 2026 |
| CVE-2026-34981 | MEDIUM | 5.8 | The whisperX API is a tool for enhancing and analyzing audio content. From 0.3.1 to 0.5.0, FileService.download_from_url() in app/services/file_service.py calls requests.get(url) with zero URL validation. … | Apr 06, 2026 |
| CVE-2026-34977 | UNKNOWN | — | Aperi'Solve is an open-source steganalysis web platform. Prior to 3.2.1, when uploading a JPEG, a user can specify an optional password to accompany the JPEG. … | Apr 06, 2026 |
| CVE-2026-34976 | CRITICAL | 10.0 | Dgraph is an open source distributed GraphQL database. Prior to 25.3.1, the restoreTenant admin mutation is missing from the authorization middleware config (admin.go), making it … | Apr 06, 2026 |
| CVE-2026-34975 | HIGH | 8.5 | Plunk is an open-source email platform built on top of AWS SES. Prior to 0.8.0, a CRLF header injection vulnerability was discovered in SESService.ts, where … | Apr 06, 2026 |
| CVE-2026-34841 | CRITICAL | 9.8 | Bruno is an open source IDE for exploring and testing APIs. Prior to 3.2.1, Bruno was affected by a supply chain attack involving compromised versions … | Apr 06, 2026 |
| CVE-2026-34783 | HIGH | 8.1 | Ferret is a declarative system for working with web data. Prior to 2.0.0-alpha.4, a path traversal vulnerability in Ferret's IO::FS::WRITE standard library function allows a … | Apr 06, 2026 |
| CVE-2026-31313 | UNKNOWN | — | An authenticated stored cross-site scripting (XSS) vulnerability in the creation/editing module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via … | Apr 06, 2026 |
| CVE-2026-5704 | MEDIUM | 5.0 | A flaw was found in tar. A remote attacker could exploit this vulnerability by crafting a malicious archive, leading to hidden file injection with fully … | Apr 06, 2026 |
| CVE-2026-5666 | MEDIUM | 5.3 | A vulnerability was detected in code-projects Online FIR System 1.0. Affected by this issue is some unknown functionality of the file /complaints.sql of the component … | Apr 06, 2026 |
| CVE-2026-5665 | HIGH | 7.3 | A security vulnerability has been detected in code-projects Online FIR System 1.0. Affected by this vulnerability is an unknown functionality of the file /Login/checklogin.php of … | Apr 06, 2026 |
| CVE-2026-34982 | HIGH | 8.2 | Vim is an open source, command line text editor. Prior to version 9.2.0276, a modeline sandbox bypass in Vim allows arbitrary OS command execution when … | Apr 06, 2026 |
| CVE-2026-34969 | UNKNOWN | — | Nhost is an open source Firebase alternative with GraphQL. Prior to 0.48.0, the auth service's OAuth provider callback flow places the refresh token directly into … | Apr 06, 2026 |
| CVE-2026-34951 | UNKNOWN | — | Workbench is a suite of tools for administrators and developers to interact with Salesforce.com organizations via the Force.com APIs. Prior to 65.0.0, Workbench contains a … | Apr 06, 2026 |