Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
13551
Total
895
Critical
3928
High
4272
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-5455 | LOW | 3.3 | A vulnerability was determined in Dialogue App up to 4.3.2 on Android. The affected element is an unknown function of the file file res/raw/config.json of … | Apr 03, 2026 |
| CVE-2026-5463 | HIGH | 8.6 | Command injection vulnerability in console.run_module_with_output() in pymetasploit3 through version 1.0.6 allows attackers to inject newline characters into module options such as RHOSTS. This breaks the … | Apr 03, 2026 |
| CVE-2026-5454 | LOW | 3.3 | A vulnerability was found in GRID Organiser App up to 1.0.5 on Android. Impacted is an unknown function of the file file res/raw/app.json of the … | Apr 03, 2026 |
| CVE-2026-5453 | LOW | 3.3 | A vulnerability has been found in Rico só vantagem pra investir App up to 4.58.32.12421 on Android. This issue affects some unknown processing of the … | Apr 03, 2026 |
| CVE-2026-35549 | MEDIUM | 6.5 | An issue was discovered in MariaDB Server before 11.4.10, 11.5.x through 11.8.x before 11.8.6, and 12.x before 12.2.2. If the caching_sha2_password authentication plugin is installed, … | Apr 03, 2026 |
| CVE-2026-35545 | MEDIUM | 5.3 | An issue was discovered in Roundcube Webmail before 1.5.15 and 1.6.15. The remote image blocking feature can be bypassed via SVG content in an e-mail … | Apr 03, 2026 |
| CVE-2026-35544 | MEDIUM | 5.3 | An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Insufficient Cascading Style Sheets (CSS) sanitization in HTML e-mail messages may lead to a … | Apr 03, 2026 |
| CVE-2026-35543 | MEDIUM | 5.3 | An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. The remote image blocking feature can be bypassed via SVG content (with animate attributes) … | Apr 03, 2026 |
| CVE-2026-35542 | MEDIUM | 5.3 | An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. The remote image blocking feature can be bypassed via a crafted background attribute of … | Apr 03, 2026 |
| CVE-2026-35541 | MEDIUM | 4.2 | An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Incorrect password comparison in the password plugin could lead to type confusion that allows … | Apr 03, 2026 |
| CVE-2026-35540 | MEDIUM | 5.4 | An issue was discovered in Roundcube Webmail 1.6.0 before 1.6.14. Insufficient Cascading Style Sheets (CSS) sanitization in HTML e-mail messages may lead to SSRF or … | Apr 03, 2026 |
| CVE-2026-35539 | MEDIUM | 6.1 | An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. XSS exists because of insufficient HTML attachment sanitization in preview mode. A victim must … | Apr 03, 2026 |
| CVE-2026-35538 | LOW | 3.1 | An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Unsanitized IMAP SEARCH command arguments could lead to IMAP injection or CSRF bypass during … | Apr 03, 2026 |
| CVE-2026-5452 | LOW | 3.3 | A flaw has been found in UCC CampusConnect App up to 14.3.5 on Android. This vulnerability affects unknown code of the file campusconnect/BuildConfig.java of the … | Apr 03, 2026 |
| CVE-2026-35537 | LOW | 3.7 | An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Unsafe deserialization in the redis/memcache session handler may lead to arbitrary file write operations … | Apr 03, 2026 |
| CVE-2026-35536 | HIGH | 7.2 | In Tornado before 6.5.5, cookie attribute injection could occur because the domain, path, and samesite arguments to .RequestHandler.set_cookie were not checked for crafted characters. | Apr 03, 2026 |
| CVE-2026-35535 | HIGH | 7.4 | In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgroups call, during a privilege drop before running the mailer, is not … | Apr 03, 2026 |
| CVE-2026-28815 | HIGH | 7.5 | A remote attacker can supply a short X-Wing HPKE encapsulated key and trigger an out-of-bounds read in the C decapsulation path, potentially causing a crash … | Apr 03, 2026 |
| CVE-2026-35508 | MEDIUM | 5.4 | Shynet before 0.14.0 allows XSS in urldisplay and iconify template filters, | Apr 03, 2026 |
| CVE-2026-35507 | MEDIUM | 6.4 | Shynet before 0.14.0 allows Host header injection in the password reset flow. | Apr 03, 2026 |
| CVE-2026-33107 | CRITICAL | 10.0 | Server-side request forgery (ssrf) in Azure Databricks allows an unauthorized attacker to elevate privileges over a network. | Apr 03, 2026 |
| CVE-2026-33105 | CRITICAL | 10.0 | Improper authorization in Microsoft Azure Kubernetes Service allows an unauthorized attacker to elevate privileges over a network. | Apr 03, 2026 |
| CVE-2026-32213 | CRITICAL | 10.0 | Improper authorization in Azure AI Foundry allows an unauthorized attacker to elevate privileges over a network. | Apr 03, 2026 |
| CVE-2026-32211 | CRITICAL | 9.1 | Missing authentication for critical function in Azure MCP Server allows an unauthorized attacker to disclose information over a network. | Apr 03, 2026 |
| CVE-2026-32173 | HIGH | 8.6 | Improper authentication in Azure SRE Agent allows an unauthorized attacker to disclose information over a network. | Apr 03, 2026 |