Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
13551
Total
895
Critical
3928
High
4272
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2020-37216 | HIGH | 7.5 | Hirschmann HiOS devices versions prior to 08.1.00 and 07.1.01 contain a denial of service vulnerability in the EtherNet/IP stack where improper handling of packet length … | Apr 03, 2026 |
| CVE-2017-20237 | CRITICAL | 9.8 | Hirschmann Industrial HiVision versions prior to 06.0.07 and 07.0.03 contains an authentication bypass vulnerability in the master service that allows unauthenticated remote attackers to execute … | Apr 03, 2026 |
| CVE-2026-5484 | MEDIUM | 5.3 | A weakness has been identified in BookStackApp BookStack up to 26.03. Affected is the function chapterToMarkdown of the file app/Exports/ExportFormatter.php of the component Chapter Export … | Apr 03, 2026 |
| CVE-2026-28798 | CRITICAL | 9.0 | ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. Prior to version 1.5.3, a proxy endpoint (/v1/sys/proxy) … | Apr 03, 2026 |
| CVE-2026-25726 | HIGH | 8.1 | Cloudreve is a self-hosted file management and sharing system. Prior to version 4.13.0, the application uses the weak pseudo-random number generator math/rand seeded with time.Now().UnixNano() … | Apr 03, 2026 |
| CVE-2026-3184 | LOW | 3.7 | A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname … | Apr 03, 2026 |
| CVE-2026-2625 | MEDIUM | 4.0 | A flaw was found in rust-rpm-sequoia. An attacker can exploit this vulnerability by providing a specially crafted Red Hat Package Manager (RPM) file. During the … | Apr 03, 2026 |
| CVE-2026-5476 | MEDIUM | 4.6 | A vulnerability was identified in NASA cFS up to 7.0.0 on 32-bit. Affected is the function CFE_TBL_ValidateCodecLoadSize of the file cfe/modules/tbl/fsw/src/cfe_tbl_passthru_codec.c. The manipulation leads to … | Apr 03, 2026 |
| CVE-2026-5475 | MEDIUM | 5.5 | A vulnerability was determined in NASA cFS up to 7.0.0. This impacts the function CFE_SB_TransmitMsg of the file cfe_sb_priv.c of the component CCSDS Header Size … | Apr 03, 2026 |
| CVE-2026-32186 | MEDIUM | 6.5 | Microsoft Bing Elevation of Privilege Vulnerability | Apr 03, 2026 |
| CVE-2026-0545 | CRITICAL | 9.1 | In mlflow/mlflow, the FastAPI job endpoints under `/ajax-api/3.0/jobs/*` are not protected by authentication or authorization when the `basic-auth` app is enabled. This vulnerability affects the … | Apr 03, 2026 |
| CVE-2026-5474 | MEDIUM | 6.3 | A vulnerability was found in NASA cFS up to 7.0.0. This affects the function CFE_MSG_GetSize of the file apps/to_lab/fsw/src/to_lab_passthru_encode.c of the component CCSDS Packet Header … | Apr 03, 2026 |
| CVE-2026-5473 | MEDIUM | 4.5 | A vulnerability has been found in NASA cFS up to 7.0.0. The impacted element is the function pickle.load of the component Pickle Module. Such manipulation … | Apr 03, 2026 |
| CVE-2026-28373 | CRITICAL | 9.6 | The Stackfield Desktop App before 1.10.2 for macOS and Windows contains a path traversal vulnerability in certain decryption functionality when processing the filePath property. A … | Apr 03, 2026 |
| CVE-2026-5472 | MEDIUM | 6.3 | A flaw has been found in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. The affected element is an unknown function of the file /admin_panel/settings.php of … | Apr 03, 2026 |
| CVE-2026-5471 | LOW | 3.3 | A vulnerability was detected in Investory Toy Planet Trouble App up to 1.5.5 on Android. Impacted is an unknown function of the file assets/google-services-desktop.json of … | Apr 03, 2026 |
| CVE-2026-5470 | MEDIUM | 6.3 | A security vulnerability has been detected in mixelpixx Google-Research-MCP 1e062d7bd887bfe5f6e582b6cc288bb897b35cf2/ca613b736ab787bc926932f59cddc69457185a83. This issue affects the function extractContent of the file src/services/content-extractor.service.ts of the component Model Context … | Apr 03, 2026 |
| CVE-2026-35218 | HIGH | 8.7 | Budibase is an open-source low-code platform. Prior to version 3.32.5, Budibase's Builder Command Palette renders entity names (tables, views, queries, automations) using Svelte's {@html} directive … | Apr 03, 2026 |
| CVE-2026-35216 | CRITICAL | 9.0 | Budibase is an open-source low-code platform. Prior to version 3.33.4, an unauthenticated attacker can achieve Remote Code Execution (RCE) on the Budibase server by triggering … | Apr 03, 2026 |
| CVE-2026-35214 | HIGH | 8.7 | Budibase is an open-source low-code platform. Prior to version 3.33.4, the plugin file upload endpoint (POST /api/plugin/upload) passes the user-supplied filename directly to createTempFolder() without … | Apr 03, 2026 |
| CVE-2026-31818 | CRITICAL | 9.6 | Budibase is an open-source low-code platform. Prior to version 3.33.4, a server-side request forgery (SSRF) vulnerability exists in Budibase's REST datasource connector. The platform's SSRF … | Apr 03, 2026 |
| CVE-2026-31404 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: NFSD: Defer sub-object cleanup in export put callbacks svc_export_put() calls path_put() and auth_domain_put() immediately when … | Apr 03, 2026 |
| CVE-2026-31403 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: NFSD: Hold net reference for the lifetime of /proc/fs/nfs/exports fd The /proc/fs/nfs/exports proc entry is … | Apr 03, 2026 |
| CVE-2026-31402 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache The NFSv4.0 replay cache uses a … | Apr 03, 2026 |
| CVE-2026-31401 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: HID: bpf: prevent buffer overflow in hid_hw_request right now the returned value is considered to … | Apr 03, 2026 |