Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
13965
Total
913
Critical
4065
High
4299
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-34230 | MEDIUM | 5.3 | Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Utils.select_best_encoding processes Accept-Encoding values with quadratic time complexity when the … | Apr 02, 2026 |
| CVE-2026-34083 | MEDIUM | 6.1 | Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.24.0, SignalK Server contains a code-level … | Apr 02, 2026 |
| CVE-2026-33951 | UNKNOWN | — | Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.24.0-beta.1, the SignalK Server exposes an … | Apr 02, 2026 |
| CVE-2026-33950 | CRITICAL | 9.4 | Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.24.0-beta.4, there is a privilege escalation … | Apr 02, 2026 |
| CVE-2026-30603 | MEDIUM | 6.8 | An issue in the firmware update mechanism of Qianniao QN-L23PA0904 v20250721.1640 allows attackers to gain root access, install backdoors, and exfiltrate data via supplying a … | Apr 02, 2026 |
| CVE-2026-26961 | LOW | 3.7 | Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Multipart::Parser extracts the boundary parameter from multipart/form-data using a greedy … | Apr 02, 2026 |
| CVE-2026-26895 | MEDIUM | 5.3 | User enumeration vulnerability in /pwreset.php in osTicket v1.18.2 allows remote attackers to enumerate valid usernames registered in the platform. | Apr 02, 2026 |
| CVE-2026-25212 | CRITICAL | 9.9 | An issue was discovered in Percona PMM before 3.7. Because an internal database user retains specific superuser privileges, an attacker with pmm-admin rights can abuse … | Apr 02, 2026 |
| CVE-2025-65114 | HIGH | 7.5 | Apache Traffic Server allows request smuggling if chunked messages are malformed. This issue affects Apache Traffic Server: from 9.0.0 through 9.2.12, from 10.0.0 through 10.1.1. … | Apr 02, 2026 |
| CVE-2025-58136 | HIGH | 7.5 | A bug in POST request handling causes a crash under a certain condition. This issue affects Apache Traffic Server: from 10.0.0 through 10.1.1, from 9.0.0 … | Apr 02, 2026 |
| CVE-2026-5351 | MEDIUM | 6.3 | A weakness has been identified in Trendnet TEW-657BRM 1.00.1. This affects the function add_wps_client of the file /setup.cgi. This manipulation of the argument wl_enrolee_pin causes … | Apr 02, 2026 |
| CVE-2026-5350 | HIGH | 8.8 | A security flaw has been discovered in Trendnet TEW-657BRM 1.00.1. The impacted element is the function update_pcdb of the file /setup.cgi. The manipulation of the … | Apr 02, 2026 |
| CVE-2026-5349 | HIGH | 8.8 | A vulnerability was identified in Trendnet TEW-657BRM 1.00.1. The affected element is the function add_apcdb of the file /setup.cgi. The manipulation of the argument mac_pc_dba … | Apr 02, 2026 |
| CVE-2026-34876 | HIGH | 7.5 | An issue was discovered in Mbed TLS 3.x before 3.6.6. An out-of-bounds read vulnerability in mbedtls_ccm_finish() in library/ccm.c allows attackers to obtain adjacent CCM context … | Apr 02, 2026 |
| CVE-2026-33746 | CRITICAL | 9.8 | Convoy is a KVM server management panel for hosting businesses. From version 3.9.0-beta to before version 4.5.1, the JWTService::decode() method did not verify the cryptographic … | Apr 02, 2026 |
| CVE-2026-33691 | MEDIUM | 6.8 | The OWASP core rule set (CRS) is a set of generic attack detection rules for use with compatible web application firewalls. Prior to versions 3.3.9 … | Apr 02, 2026 |
| CVE-2026-30332 | HIGH | 7.5 | A Time-of-Check to Time-of-Use (TOCTOU) race condition vulnerability in Balena Etcher for Windows prior to v2.1.4 allows attackers to escalate privileges and execute arbitrary code … | Apr 02, 2026 |
| CVE-2026-5346 | HIGH | 7.3 | A vulnerability was determined in huimeicloud hm_editor up to 2.2.3. Impacted is the function client.get of the file src/mcp-server.js of the component image-to-base64 Endpoint. Executing … | Apr 02, 2026 |
| CVE-2026-5344 | MEDIUM | 6.3 | A security vulnerability has been detected in Textpattern up to 4.9.1. Affected by this vulnerability is the function mt_uploadImage of the file rpc/TXP_RPCServer.php of the … | Apr 02, 2026 |
| CVE-2026-5342 | MEDIUM | 5.3 | A flaw has been found in LibRaw up to 0.22.0. This affects the function LibRaw::nikon_load_padded_packed_raw of the file src/decoders/decoders_libraw.cpp of the component TIFF/NEF. Executing a … | Apr 02, 2026 |
| CVE-2026-5339 | MEDIUM | 4.7 | A vulnerability was detected in Tenda G103 1.0.0.5. The impacted element is the function action_set_net_settings of the file gpon.lua of the component Setting Handler. Performing … | Apr 02, 2026 |
| CVE-2026-35002 | UNKNOWN | — | Agno versions prior to 2.3.24 contain an arbitrary code execution vulnerability in the model execution component that allows attackers to execute arbitrary Python code by … | Apr 02, 2026 |
| CVE-2026-34974 | MEDIUM | 5.4 | phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, the regex-based SVG sanitizer in phpMyFAQ (SvgSanitizer.php) can be bypassed using HTML entity … | Apr 02, 2026 |
| CVE-2026-34973 | UNKNOWN | — | phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, the searchCustomPages() method in phpmyfaq/src/phpMyFAQ/Search.php uses real_escape_string() (via escape()) to sanitize the search … | Apr 02, 2026 |
| CVE-2026-34823 | MEDIUM | 6.4 | Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /manage/password/web/. An authenticated attacker can inject arbitrary JavaScript that … | Apr 02, 2026 |