Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
13965
Total
913
Critical
4065
High
4299
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-23412 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: netfilter: bpf: defer hook memory release until rcu readers are done Yiming Qian reports UaF … | Apr 02, 2026 |
| CVE-2026-5326 | MEDIUM | 5.3 | A vulnerability was identified in SourceCodester Leave Application System 1.0. Impacted is an unknown function of the file /index.php?page=manage_user of the component User Information Handler. … | Apr 02, 2026 |
| CVE-2026-32145 | UNKNOWN | — | Allocation of Resources Without Limits or Throttling vulnerability in gleam-wisp wisp allows a denial of service via multipart form body parsing. The multipart_body function bypasses … | Apr 02, 2026 |
| CVE-2026-5246 | MEDIUM | 5.6 | A vulnerability was determined in Cesanta Mongoose up to 7.20. Affected is the function mg_tls_verify_cert_signature of the file mongoose.c of the component P-384 Public Key … | Apr 02, 2026 |
| CVE-2026-5245 | MEDIUM | 5.6 | A vulnerability was found in Cesanta Mongoose up to 7.20. This impacts the function handle_mdns_record of the file mongoose.c of the component mDNS Record Handler. … | Apr 02, 2026 |
| CVE-2026-33617 | MEDIUM | 5.3 | An unauthenticated remote attacker can access a configuration file containing database credentials. This can result in a some loss of confidentiality, but there is no … | Apr 02, 2026 |
| CVE-2026-33616 | HIGH | 7.5 | An unauthenticated remote attacker can exploit an unauthenticated blind SQL Injection vulnerability in the mb24api endpoint due to improper neutralization of special elements in a … | Apr 02, 2026 |
| CVE-2026-33615 | CRITICAL | 9.1 | An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the setinfo endpoint due to improper neutralization of special elements in a SQL … | Apr 02, 2026 |
| CVE-2026-33614 | HIGH | 7.5 | An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getinfo endpoint due to improper neutralization of special elements in a SQL … | Apr 02, 2026 |
| CVE-2026-33613 | HIGH | 7.2 | Due to the improper neutralisation of special elements used in an OS command, a remote attacker can exploit an RCE vulnerability in the generateSrpArray function, … | Apr 02, 2026 |
| CVE-2026-29144 | UNKNOWN | — | SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to bypass subject sanitization and forge security tags using Unicode lookalike characters. | Apr 02, 2026 |
| CVE-2026-29143 | UNKNOWN | — | SEPPmail Secure Email Gateway before version 15.0.3 does not properly authenticate the inner message of S/MIME-encrypted MIME entities, allowing an attacker to control trusted headers. | Apr 02, 2026 |
| CVE-2026-29142 | UNKNOWN | — | SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to forge a GINA-encrypted email. | Apr 02, 2026 |
| CVE-2026-29141 | UNKNOWN | — | SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to bypass subject sanitization and forge tags such as [signed OK]. | Apr 02, 2026 |
| CVE-2026-29140 | UNKNOWN | — | SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to cause attacker-controlled certificates to be used for future encryption to a victim by adding … | Apr 02, 2026 |
| CVE-2026-29139 | UNKNOWN | — | SEPPmail Secure Email Gateway before version 15.0.3 allows account takeover by abusing GINA account initialization to reset a victim account password. | Apr 02, 2026 |
| CVE-2026-29138 | UNKNOWN | — | SEPPmail Secure Email Gateway before version 15.0.3 allows attackers with a specially crafted email address to claim another user's PGP signature as their own. | Apr 02, 2026 |
| CVE-2026-29137 | UNKNOWN | — | SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to hide security tags from users by crafting a long subject. | Apr 02, 2026 |
| CVE-2026-29136 | UNKNOWN | — | SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to inject HTML into notification emails about new CA certificates. | Apr 02, 2026 |
| CVE-2026-29135 | UNKNOWN | — | SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to craft a password-tag that bypasses subject sanitization. | Apr 02, 2026 |
| CVE-2026-29134 | UNKNOWN | — | SEPPmail Secure Email Gateway before version 15.0.3 allows an external user to modify GINA webdomain metadata and bypass per-domain restrictions. | Apr 02, 2026 |
| CVE-2026-29133 | UNKNOWN | — | SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to upload PGP keys with UIDs that do not match their email address. | Apr 02, 2026 |
| CVE-2026-29132 | UNKNOWN | — | SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker with access to a victim's GINA account to bypass a second-password check and read protected … | Apr 02, 2026 |
| CVE-2026-29131 | UNKNOWN | — | SEPPmail Secure Email Gateway before version 15.0.3 allows attackers with a specially crafted email address to read the contents of emails encrypted for other users. | Apr 02, 2026 |
| CVE-2026-0634 | HIGH | 7.8 | Code execution in AssistFeedbackService of TECNO Pova7 Pro 5G on Android allows local apps to execute arbitrary code as system via command injection. | Apr 02, 2026 |