Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
13594
Total
907
Critical
3956
High
4292
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-5332 | LOW | 3.5 | A vulnerability was identified in Xiaopi Panel 1.0.0. This vulnerability affects unknown code of the file /demo.php of the component WAF Firewall. The manipulation of … | Apr 02, 2026 |
| CVE-2026-3692 | UNKNOWN | — | In Progress Flowmon versions prior to 12.5.8, a vulnerability exists whereby an authenticated low-privileged user may craft a request during the report generation process that … | Apr 02, 2026 |
| CVE-2026-35168 | HIGH | 8.8 | OpenSTAManager is an open source management software for technical assistance and invoicing. Prior to version 2.10.2, the Aggiornamenti (Updates) module in OpenSTAManager contains a database … | Apr 02, 2026 |
| CVE-2026-31933 | HIGH | 7.5 | Suricata is a network IDS, IPS and NSM engine. Prior to versions 7.0.15 and 8.0.4, specially crafted traffic can cause Suricata to slow down, affecting … | Apr 02, 2026 |
| CVE-2026-31932 | HIGH | 7.5 | Suricata is a network IDS, IPS and NSM engine. Prior to versions 7.0.15 and 8.0.4, inefficiency in KRB5 buffering can lead to performance degradation. This … | Apr 02, 2026 |
| CVE-2026-31931 | HIGH | 7.5 | Suricata is a network IDS, IPS and NSM engine. From version 8.0.0 to before version 8.0.4, use of the "tls.alpn" rule keyword can cause Suricata … | Apr 02, 2026 |
| CVE-2026-30867 | MEDIUM | 5.7 | CocoaMQTT is a MQTT 5.0 client library for iOS and macOS written in Swift. Prior to version 2.2.2, a vulnerability exists in the packet parsing … | Apr 02, 2026 |
| CVE-2026-2737 | UNKNOWN | — | A vulnerability exists in Progress Flowmon versions prior to 12.5.8 and 13.0.6, whereby an administrator who clicks a malicious link provided by an attacker may … | Apr 02, 2026 |
| CVE-2026-2701 | CRITICAL | 9.1 | Authenticated user can upload a malicious file to the server and execute it, which leads to remote code execution. | Apr 02, 2026 |
| CVE-2026-2699 | CRITICAL | 9.8 | Customer Managed ShareFile Storage Zones Controller (SZC) allows an unauthenticated attacker to access restricted configuration pages. This leads to changing system configuration and potential remote … | Apr 02, 2026 |
| CVE-2026-29782 | HIGH | 7.2 | OpenSTAManager is an open source management software for technical assistance and invoicing. Prior to version 2.10.2, the oauth2.php file in OpenSTAManager is an unauthenticated endpoint … | Apr 02, 2026 |
| CVE-2026-28805 | HIGH | 8.8 | OpenSTAManager is an open source management software for technical assistance and invoicing. Prior to version 2.10.2, multiple AJAX select handlers in OpenSTAManager are vulnerable to … | Apr 02, 2026 |
| CVE-2026-26928 | UNKNOWN | — | SzafirHost downloads necessary files in the context of the initiating web page. When called, SzafirHost updates its dynamic library. JAR files are correctly verified based … | Apr 02, 2026 |
| CVE-2026-26927 | UNKNOWN | — | Szafir SDK Web is a browser plug-in that can run SzafirHost application which download the necessary files when launched. In Szafir SDK Web it is … | Apr 02, 2026 |
| CVE-2026-5331 | MEDIUM | 4.7 | A vulnerability was determined in OpenCart 4.1.0.3. This affects an unknown part of the file installer.php of the component Extension Installer Page. Executing a manipulation … | Apr 02, 2026 |
| CVE-2026-5330 | MEDIUM | 6.5 | A vulnerability was found in SourceCodester/mayuri_k Best Courier Management System 1.0. Affected by this issue is some unknown functionality of the file /ajax.php?action=delete_user of the … | Apr 02, 2026 |
| CVE-2026-5328 | MEDIUM | 6.3 | A weakness has been identified in shsuishang modulithshop up to 829bac71f507e84684c782b9b062b8bf3b5585d6. The impacted element is the function listItem of the file src/main/java/com/suisung/shopsuite/pt/service/impl/ProductIndexServiceImpl.java of the component … | Apr 02, 2026 |
| CVE-2026-4636 | HIGH | 8.1 | A flaw was found in Keycloak. An authenticated user with the uma_protection role can bypass User-Managed Access (UMA) policy validation. This allows the attacker to … | Apr 02, 2026 |
| CVE-2026-4634 | HIGH | 7.5 | A flaw was found in Keycloak. An unauthenticated attacker can exploit this vulnerability by sending a specially crafted POST request with an excessively long scope … | Apr 02, 2026 |
| CVE-2026-4325 | MEDIUM | 5.3 | A flaw was found in Keycloak. The SingleUseObjectProvider, a global key-value store, lacks proper type and namespace isolation. This vulnerability allows an attacker to delete … | Apr 02, 2026 |
| CVE-2026-4282 | HIGH | 7.4 | A flaw was found in Keycloak. The SingleUseObjectProvider, a global key-value store, lacks proper type and namespace isolation. This vulnerability allows an unauthenticated attacker to … | Apr 02, 2026 |
| CVE-2026-3872 | HIGH | 7.3 | A flaw was found in Keycloak. This issue allows an attacker, who controls another path on the same web server, to bypass the allowed path … | Apr 02, 2026 |
| CVE-2026-34890 | MEDIUM | 6.5 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mark O’Donnell MSTW League Manager allows DOM-Based XSS.This issue affects MSTW League Manager: … | Apr 02, 2026 |
| CVE-2026-5327 | MEDIUM | 6.3 | A security flaw has been discovered in efforthye fast-filesystem-mcp up to 3.5.1. The affected element is the function handleGetDiskUsage of the file src/index.ts. Performing a … | Apr 02, 2026 |
| CVE-2026-23417 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: bpf: Fix constant blinding for PROBE_MEM32 stores BPF_ST | BPF_PROBE_MEM32 immediate stores are not handled … | Apr 02, 2026 |