Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
226
Total
14
Critical
71
High
67
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-4968 | MEDIUM | 4.3 | A vulnerability was determined in SourceCodester Diary App 1.0. The affected element is an unknown function of the file diary.php. Executing a manipulation can lead … | Mar 27, 2026 |
| CVE-2026-4966 | MEDIUM | 6.3 | A flaw has been found in itsourcecode Free Hotel Reservation System 1.0. Impacted is an unknown function of the file /admin/mod_room/index.php?view=edit. Executing a manipulation of … | Mar 27, 2026 |
| CVE-2026-4965 | HIGH | 7.3 | A vulnerability was detected in letta-ai letta 0.16.4. This issue affects the function resolve_type of the file letta/functions/ast_parsers.py of the component Incomplete Fix CVE-2025-6101. Performing … | Mar 27, 2026 |
| CVE-2026-34368 | MEDIUM | 5.3 | WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `transferBalance()` method in `plugin/YPTWallet/YPTWallet.php` contains a Time-of-Check-Time-of-Use (TOCTOU) race … | Mar 27, 2026 |
| CVE-2026-34364 | MEDIUM | 5.3 | WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `categories.json.php` endpoint, which serves the category listing API, fails … | Mar 27, 2026 |
| CVE-2026-30568 | MEDIUM | 4.8 | A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Inventory System 1.0 in in the view_purchase.php file via the "limit" parameter. The application fails to … | Mar 27, 2026 |
| CVE-2026-30567 | UNKNOWN | — | A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Inventory System 1.0 in the view_product.php file via the "limit" parameter. The application fails to sanitize … | Mar 27, 2026 |
| CVE-2025-15617 | MEDIUM | 6.5 | Wazuh version 4.12.0 contains an exposure vulnerability in GitHub Actions workflow artifacts that allows attackers to extract the GITHUB_TOKEN from uploaded artifacts. Attackers can use … | Mar 27, 2026 |
| CVE-2026-4964 | MEDIUM | 6.3 | A security vulnerability has been detected in letta-ai letta 0.16.4. This vulnerability affects the function _convert_message_create_to_message of the file letta/helpers/message_helper.py of the component File URL … | Mar 27, 2026 |
| CVE-2026-4963 | MEDIUM | 6.3 | A weakness has been identified in huggingface smolagents 1.25.0.dev0. This affects the function evaluate_augassign/evaluate_call/evaluate_with of the file src/smolagents/local_python_executor.py of the component Incomplete Fix CVE-2025-9959. This … | Mar 27, 2026 |
| CVE-2026-4962 | HIGH | 7.0 | A security flaw has been discovered in UltraVNC up to 1.6.4.0. Affected by this issue is some unknown functionality in the library version.dll of the … | Mar 27, 2026 |
| CVE-2026-4961 | HIGH | 8.8 | A vulnerability was identified in Tenda AC6 15.03.05.16. Affected by this vulnerability is the function formQuickIndex of the file /goform/QuickIndex of the component POST Request … | Mar 27, 2026 |
| CVE-2026-4960 | HIGH | 8.8 | A vulnerability was determined in Tenda AC6 15.03.05.16. Affected is the function fromWizardHandle of the file /goform/WizardHandle of the component POST Request Handler. Executing a … | Mar 27, 2026 |
| CVE-2026-34411 | MEDIUM | 5.3 | Appsmith versions prior to 1.98 expose sensitive instance management API endpoints without authentication. Unauthenticated attackers can query endpoints like /api/v1/consolidated-api/view and /api/v1/tenants/current to retrieve configuration … | Mar 27, 2026 |
| CVE-2026-34362 | MEDIUM | 5.4 | WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `verifyTokenSocket()` function in `plugin/YPTSocket/functions.php` has its token timeout validation … | Mar 27, 2026 |
| CVE-2026-34247 | MEDIUM | 5.4 | WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `plugin/Live/uploadPoster.php` endpoint allows any authenticated user to overwrite the … | Mar 27, 2026 |
| CVE-2026-34245 | MEDIUM | 6.3 | WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `plugin/PlayLists/View/Playlists_schedules/add.json.php` endpoint allows any authenticated user with streaming permission … | Mar 27, 2026 |
| CVE-2026-33867 | UNKNOWN | — | WWBN AVideo is an open source video platform. In versions up to and including 26.0, AVideo allows content owners to password-protect individual videos. The video … | Mar 27, 2026 |
| CVE-2026-33770 | UNKNOWN | — | WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `fixCleanTitle()` static method in `objects/category.php` constructs a SQL SELECT … | Mar 27, 2026 |
| CVE-2026-33767 | UNKNOWN | — | WWBN AVideo is an open source video platform. In versions up to and including 26.0, in `objects/like.php`, the `getLike()` method constructs a SQL query using … | Mar 27, 2026 |
| CVE-2026-30576 | HIGH | 7.5 | A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0 in the add-stock.php file. The application fails to validate the "txtprice" and "txttotalcost" … | Mar 27, 2026 |
| CVE-2026-30575 | HIGH | 7.5 | A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0 in the add-stock.php file. The application fails to validate the "txtqty" parameter during … | Mar 27, 2026 |
| CVE-2026-30574 | HIGH | 7.5 | A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0 in the add-sales.php file. The application fails to verify if the requested sales … | Mar 27, 2026 |
| CVE-2026-30571 | UNKNOWN | — | A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Inventory System 1.0 in the view_category.php file via the "limit" parameter. The application fails to sanitize … | Mar 27, 2026 |
| CVE-2026-30570 | UNKNOWN | — | A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Inventory System 1.0 in the view_sales.php file via the "limit" parameter. The application fails to sanitize … | Mar 27, 2026 |