Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
13551
Total
895
Critical
3928
High
4272
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-25773 | HIGH | 8.1 | ** UNSUPPORTED WHEN ASSIGNED ** Focalboard version 8.0 fails to sanitize category IDs before incorporating them into dynamic SQL statements when reordering categories. An attacker … | Apr 03, 2026 |
| CVE-2026-23426 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: drm/logicvc: Fix device node reference leak in logicvc_drm_config_parse() The logicvc_drm_config_parse() function calls of_get_child_by_name() to find … | Apr 03, 2026 |
| CVE-2026-23425 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Fix ID register initialization for non-protected pKVM guests In protected mode, the hypervisor … | Apr 03, 2026 |
| CVE-2026-23424 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Validate command buffer payload count The count field in the command header is used … | Apr 03, 2026 |
| CVE-2026-23423 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: btrfs: free pages on error in btrfs_uring_read_extent() In this function the 'pages' object is never … | Apr 03, 2026 |
| CVE-2026-23422 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: dpaa2-switch: Fix interrupt storm after receiving bad if_id in IRQ handler Commit 31a7a0bbeb00 ("dpaa2-switch: add … | Apr 03, 2026 |
| CVE-2026-23421 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: drm/xe/configfs: Free ctx_restore_mid_bb in release ctx_restore_mid_bb memory is allocated in wa_bb_store(), but xe_config_device_release() only frees … | Apr 03, 2026 |
| CVE-2026-23420 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: wifi: wlcore: Fix a locking bug Make sure that wl->mutex is locked before it is … | Apr 03, 2026 |
| CVE-2026-23419 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: net/rds: Fix circular locking dependency in rds_tcp_tune syzbot reported a circular locking dependency in rds_tcp_tune() … | Apr 03, 2026 |
| CVE-2026-23418 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: drm/xe/reg_sr: Fix leak on xa_store failure Free the newly allocated entry when xa_store() fails to … | Apr 03, 2026 |
| CVE-2026-27655 | HIGH | 7.3 | Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Permissions Based on Mailboxes report. | Apr 03, 2026 |
| CVE-2026-5467 | MEDIUM | 4.3 | A vulnerability was identified in Casdoor 2.356.0. Affected by this issue is some unknown functionality of the component OAuth Authorization Request Handler. Such manipulation of … | Apr 03, 2026 |
| CVE-2026-4108 | HIGH | 7.3 | Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Non-Owner Mailbox Permission report. | Apr 03, 2026 |
| CVE-2026-4107 | HIGH | 7.3 | Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Folder Message Count and Size report. | Apr 03, 2026 |
| CVE-2026-3880 | HIGH | 7.3 | Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Public Folder Client Permissions report. | Apr 03, 2026 |
| CVE-2026-3879 | HIGH | 7.3 | Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Equipment Mailbox Details report. | Apr 03, 2026 |
| CVE-2026-28703 | HIGH | 7.3 | Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Mails Exchanged Between Users report. | Apr 03, 2026 |
| CVE-2026-28756 | HIGH | 7.3 | Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Permissions based on Distribution Groups report. | Apr 03, 2026 |
| CVE-2026-28754 | HIGH | 7.3 | Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Distribution Lists report. | Apr 03, 2026 |
| CVE-2026-5462 | LOW | 3.3 | A vulnerability was identified in Wahoo Fitness SYSTM App up to 7.2.1 on Android. Impacted is an unknown function of the file com/WahooFitness/SYSTM/BuildConfig.java of the … | Apr 03, 2026 |
| CVE-2026-4350 | HIGH | 8.1 | The Perfmatters plugin for WordPress is vulnerable to arbitrary file deletion via path traversal in all versions up to, and including, 2.5.9.1. This is due … | Apr 03, 2026 |
| CVE-2025-7024 | HIGH | 7.3 | Incorrect Default Permissions vulnerability in AIRBUS PSS TETRA Connectivity Server on Windows Server OS allows Privilege Abuse. An attacker may execute arbitrary code with SYSTEM … | Apr 03, 2026 |
| CVE-2026-5458 | LOW | 3.3 | A weakness has been identified in Noelse Individuals & Pro App up to 2.1.7 on Android. This impacts an unknown function of the file com/reactnative/antelop/BuildConfig.java … | Apr 03, 2026 |
| CVE-2026-5457 | LOW | 3.3 | A security flaw has been discovered in PropertyGuru AgentNet Singapore App up to 23.7.10 on Android. This affects an unknown function of the file com/allproperty/android/agentnet/BuildConfig.java … | Apr 03, 2026 |
| CVE-2026-5456 | LOW | 3.3 | A vulnerability was identified in Align Technology My Invisalign App 3.12.4 on Android. The impacted element is an unknown function of the file com/aligntech/myinvisalign/BuildConfig.java of … | Apr 03, 2026 |