Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
13928
Total
911
Critical
4061
High
4296
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-34760 | MEDIUM | 5.9 | vLLM is an inference and serving engine for large language models (LLMs). From version 0.5.5 to before version 0.18.0, Librosa defaults to using numpy.mean for … | Apr 02, 2026 |
| CVE-2024-14034 | CRITICAL | 9.8 | Hirschmann HiEOS devices versions prior to 01.1.00 contain an authentication bypass vulnerability in the HTTP(S) management module that allows unauthenticated remote attackers to gain administrative … | Apr 02, 2026 |
| CVE-2023-7343 | HIGH | 7.8 | HiSecOS web server versions 05.0.00 to 08.3.01 prior to 08.3.02 contains a privilege escalation vulnerability that allows authenticated users with operator or auditor roles to … | Apr 02, 2026 |
| CVE-2026-5429 | HIGH | 7.8 | Unsanitized input during web page generation in the Kiro Agent webview in Kiro IDE before version 0.8.140 allows a remote unauthenticated threat actor to execute … | Apr 02, 2026 |
| CVE-2026-5418 | HIGH | 7.3 | A vulnerability was identified in appsmithorg appsmith up to 1.97. Impacted is the function computeDisallowedHosts of the file app/server/appsmith-interfaces/src/main/java/com/appsmith/util/WebClientUtils.java of the component Dashboard. Such manipulation … | Apr 02, 2026 |
| CVE-2026-5417 | MEDIUM | 4.7 | A vulnerability was determined in Dataease SQLbot up to 1.6.0. This issue affects the function get_es_data_by_http of the file backend/apps/db/es_engine.py of the component Elasticsearch Handler. … | Apr 02, 2026 |
| CVE-2026-34759 | UNKNOWN | — | OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, multiple notification API endpoints are registered without authentication middleware, while sibling endpoints in … | Apr 02, 2026 |
| CVE-2026-34758 | CRITICAL | 9.1 | OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, unauthenticated access to Notification test and Phone Number management endpoints allows SMS/Call/Email/WhatsApp abuse … | Apr 02, 2026 |
| CVE-2026-34752 | UNKNOWN | — | Haraka is a Node.js mail server. Prior to version 3.1.4, sending an email with __proto__: as a header name crashes the Haraka worker process. This … | Apr 02, 2026 |
| CVE-2026-34745 | CRITICAL | 9.1 | Fireshare facilitates self-hosted media and link sharing. Prior to version 1.5.3, the fix for CVE-2026-33645 was applied to the authenticated /api/uploadChunked endpoint but was not … | Apr 02, 2026 |
| CVE-2026-34743 | UNKNOWN | — | XZ Utils provide a general-purpose data-compression library plus command-line tools. Prior to version 5.8.3, if lzma_index_decoder() was used to decode an Index that contained no … | Apr 02, 2026 |
| CVE-2026-34742 | UNKNOWN | — | The Go MCP SDK used Go's standard encoding/json. Prior to version 1.4.0, the Model Context Protocol (MCP) Go SDK does not enable DNS rebinding protection … | Apr 02, 2026 |
| CVE-2026-34736 | MEDIUM | 5.3 | Open edX Platform enables the authoring and delivery of online learning at any scale. From the maple release to before the ulmo release, an unauthenticated … | Apr 02, 2026 |
| CVE-2026-34735 | UNKNOWN | — | The Hytale Modding Wiki is a free service for Hytale mods to host their documentation & wikis. In version 1.2.0 and prior, the quickUpload() endpoint … | Apr 02, 2026 |
| CVE-2026-34730 | MEDIUM | 5.5 | Copier is a library and CLI app for rendering project templates. Prior to version 9.14.1, Copier's _external_data feature allows a template to load YAML files … | Apr 02, 2026 |
| CVE-2026-34726 | MEDIUM | 4.4 | Copier is a library and CLI app for rendering project templates. Prior to version 9.14.1, Copier's _subdirectory setting is documented as the subdirectory to use … | Apr 02, 2026 |
| CVE-2026-34581 | HIGH | 8.1 | goshs is a SimpleHTTPServer written in Go. From version 1.1.0 to before version 2.0.0-beta.2, when using the Share Token it is possible to bypass the … | Apr 02, 2026 |
| CVE-2026-34426 | HIGH | 7.6 | OpenClaw versions prior to commit b57b680 contain an approval bypass vulnerability due to inconsistent environment variable normalization between approval and execution paths, allowing attackers to … | Apr 02, 2026 |
| CVE-2026-34425 | MEDIUM | 5.4 | OpenClaw versions prior to commit 8aceaf5 contain a preflight validation bypass vulnerability in shell-bleed protection that allows attackers to execute blocked script content by using … | Apr 02, 2026 |
| CVE-2025-43264 | HIGH | 8.8 | The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.6. Processing a maliciously crafted image may corrupt process memory. | Apr 02, 2026 |
| CVE-2025-43257 | HIGH | 8.7 | This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15.6. An app may be able to break out … | Apr 02, 2026 |
| CVE-2025-43238 | MEDIUM | 6.2 | An integer overflow was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app … | Apr 02, 2026 |
| CVE-2025-43236 | LOW | 3.3 | A type confusion issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An … | Apr 02, 2026 |
| CVE-2025-43219 | HIGH | 8.8 | The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.6. Processing a maliciously crafted image may corrupt process memory. | Apr 02, 2026 |
| CVE-2025-43210 | MEDIUM | 6.3 | An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, macOS Sequoia 15.6, … | Apr 02, 2026 |