Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
13965
Total
913
Critical
4065
High
4299
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-31932 | HIGH | 7.5 | Suricata is a network IDS, IPS and NSM engine. Prior to versions 7.0.15 and 8.0.4, inefficiency in KRB5 buffering can lead to performance degradation. This … | Apr 02, 2026 |
| CVE-2026-31931 | HIGH | 7.5 | Suricata is a network IDS, IPS and NSM engine. From version 8.0.0 to before version 8.0.4, use of the "tls.alpn" rule keyword can cause Suricata … | Apr 02, 2026 |
| CVE-2026-30867 | MEDIUM | 5.7 | CocoaMQTT is a MQTT 5.0 client library for iOS and macOS written in Swift. Prior to version 2.2.2, a vulnerability exists in the packet parsing … | Apr 02, 2026 |
| CVE-2026-2737 | UNKNOWN | — | A vulnerability exists in Progress Flowmon versions prior to 12.5.8 and 13.0.6, whereby an administrator who clicks a malicious link provided by an attacker may … | Apr 02, 2026 |
| CVE-2026-2701 | CRITICAL | 9.1 | Authenticated user can upload a malicious file to the server and execute it, which leads to remote code execution. | Apr 02, 2026 |
| CVE-2026-2699 | CRITICAL | 9.8 | Customer Managed ShareFile Storage Zones Controller (SZC) allows an unauthenticated attacker to access restricted configuration pages. This leads to changing system configuration and potential remote … | Apr 02, 2026 |
| CVE-2026-29782 | HIGH | 7.2 | OpenSTAManager is an open source management software for technical assistance and invoicing. Prior to version 2.10.2, the oauth2.php file in OpenSTAManager is an unauthenticated endpoint … | Apr 02, 2026 |
| CVE-2026-28805 | HIGH | 8.8 | OpenSTAManager is an open source management software for technical assistance and invoicing. Prior to version 2.10.2, multiple AJAX select handlers in OpenSTAManager are vulnerable to … | Apr 02, 2026 |
| CVE-2026-26928 | UNKNOWN | — | SzafirHost downloads necessary files in the context of the initiating web page. When called, SzafirHost updates its dynamic library. JAR files are correctly verified based … | Apr 02, 2026 |
| CVE-2026-26927 | UNKNOWN | — | Szafir SDK Web is a browser plug-in that can run SzafirHost application which download the necessary files when launched. In Szafir SDK Web it is … | Apr 02, 2026 |
| CVE-2026-5331 | MEDIUM | 4.7 | A vulnerability was determined in OpenCart 4.1.0.3. This affects an unknown part of the file installer.php of the component Extension Installer Page. Executing a manipulation … | Apr 02, 2026 |
| CVE-2026-5330 | MEDIUM | 6.5 | A vulnerability was found in SourceCodester/mayuri_k Best Courier Management System 1.0. Affected by this issue is some unknown functionality of the file /ajax.php?action=delete_user of the … | Apr 02, 2026 |
| CVE-2026-5328 | MEDIUM | 6.3 | A weakness has been identified in shsuishang modulithshop up to 829bac71f507e84684c782b9b062b8bf3b5585d6. The impacted element is the function listItem of the file src/main/java/com/suisung/shopsuite/pt/service/impl/ProductIndexServiceImpl.java of the component … | Apr 02, 2026 |
| CVE-2026-4636 | HIGH | 8.1 | A flaw was found in Keycloak. An authenticated user with the uma_protection role can bypass User-Managed Access (UMA) policy validation. This allows the attacker to … | Apr 02, 2026 |
| CVE-2026-4634 | HIGH | 7.5 | A flaw was found in Keycloak. An unauthenticated attacker can exploit this vulnerability by sending a specially crafted POST request with an excessively long scope … | Apr 02, 2026 |
| CVE-2026-4325 | MEDIUM | 5.3 | A flaw was found in Keycloak. The SingleUseObjectProvider, a global key-value store, lacks proper type and namespace isolation. This vulnerability allows an attacker to delete … | Apr 02, 2026 |
| CVE-2026-4282 | HIGH | 7.4 | A flaw was found in Keycloak. The SingleUseObjectProvider, a global key-value store, lacks proper type and namespace isolation. This vulnerability allows an unauthenticated attacker to … | Apr 02, 2026 |
| CVE-2026-3872 | HIGH | 7.3 | A flaw was found in Keycloak. This issue allows an attacker, who controls another path on the same web server, to bypass the allowed path … | Apr 02, 2026 |
| CVE-2026-34890 | MEDIUM | 6.5 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mark O’Donnell MSTW League Manager allows DOM-Based XSS.This issue affects MSTW League Manager: … | Apr 02, 2026 |
| CVE-2026-5327 | MEDIUM | 6.3 | A security flaw has been discovered in efforthye fast-filesystem-mcp up to 3.5.1. The affected element is the function handleGetDiskUsage of the file src/index.ts. Performing a … | Apr 02, 2026 |
| CVE-2026-23417 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: bpf: Fix constant blinding for PROBE_MEM32 stores BPF_ST | BPF_PROBE_MEM32 immediate stores are not handled … | Apr 02, 2026 |
| CVE-2026-23416 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: mm/mseal: update VMA end correctly on merge Previously we stored the end of the current … | Apr 02, 2026 |
| CVE-2026-23415 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: futex: Fix UaF between futex_key_to_node_opt() and vma_replace_policy() During futex_key_to_node_opt() execution, vma->vm_policy is read under speculative … | Apr 02, 2026 |
| CVE-2026-23414 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: tls: Purge async_hold in tls_decrypt_async_wait() The async_hold queue pins encrypted input skbs while the AEAD … | Apr 02, 2026 |
| CVE-2026-23413 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: clsact: Fix use-after-free in init/destroy rollback asymmetry Fix a use-after-free in the clsact qdisc upon … | Apr 02, 2026 |