Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
14094
Total
949
Critical
4140
High
4452
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-34447 | MEDIUM | 5.5 | Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. Prior to version 1.21.0, there is a symlink traversal vulnerability in external … | Apr 01, 2026 |
| CVE-2026-34446 | MEDIUM | 4.7 | Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. Prior to version 1.21.0, there is an issue in onnx.load, the code … | Apr 01, 2026 |
| CVE-2026-34445 | HIGH | 8.6 | Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. Prior to version 1.21.0, the ExternalDataInfo class in ONNX was using Python’s … | Apr 01, 2026 |
| CVE-2026-34397 | MEDIUM | 6.3 | Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From versions 2.0.0-alpha to before 2.3.9 and 3.0.0-alpha to before 3.1.1, there is … | Apr 01, 2026 |
| CVE-2026-34376 | HIGH | 7.5 | PdfDing is a selfhosted PDF manager, viewer and editor offering a seamless user experience on multiple devices. Prior to version 1.7.0, an access-control vulnerability allows … | Apr 01, 2026 |
| CVE-2026-34236 | HIGH | 8.2 | Auth0-PHP is a PHP SDK for Auth0 Authentication and Management APIs. From version 8.0.0 to before version 8.19.0, in applications built with the Auth0 PHP … | Apr 01, 2026 |
| CVE-2026-34222 | HIGH | 7.7 | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.11, there is a broken access control vulnerability in … | Apr 01, 2026 |
| CVE-2026-34159 | CRITICAL | 9.8 | llama.cpp is an inference of several LLM models in C/C++. Prior to version b8492, the RPC backend's deserialize_tensor() skips all bounds validation when a tensor's … | Apr 01, 2026 |
| CVE-2026-34076 | HIGH | 7.4 | Clerk JavaScript is the official JavaScript repository for Clerk authentication. In @clerk/hono from versions 0.1.0 to before 0.1.5, @clerk/express from versions 2.0.0 to before 2.0.7, … | Apr 01, 2026 |
| CVE-2026-34072 | HIGH | 8.3 | Cr*nMaster (cronmaster) is a Cronjob management UI with human readable syntax, live logging and log history for cronjobs. Prior to version 2.2.0, an authentication bypass … | Apr 01, 2026 |
| CVE-2026-27489 | UNKNOWN | — | Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. Prior to version 1.21.0, a path traversal vulnerability via symlink allows to … | Apr 01, 2026 |
| CVE-2026-25834 | MEDIUM | 6.5 | Mbed TLS v3.3.0 up to 3.6.5 and 4.0.0 allows Algorithm Downgrade. | Apr 01, 2026 |
| CVE-2026-5310 | LOW | 2.5 | A vulnerability was identified in Enter Software Iperius Backup up to 8.7.2. This impacts an unknown function of the file IperiusAccounts.ini. Such manipulation leads to … | Apr 01, 2026 |
| CVE-2026-34604 | HIGH | 7.1 | Tina is a headless content management system. Prior to version 2.2.2, @tinacms/graphql uses string-based path containment checks in FilesystemBridge. That blocks plain ../ traversal, but … | Apr 01, 2026 |
| CVE-2026-34603 | HIGH | 7.1 | Tina is a headless content management system. Prior to version 2.2.2, @tinacms/cli recently added lexical path-traversal checks to the dev media routes, but the implementation … | Apr 01, 2026 |
| CVE-2026-33990 | UNKNOWN | — | Docker Model Runner (DMR) is software used to manage, run, and deploy AI models using Docker. Prior to version 1.1.25, Docker Model Runner contains an … | Apr 01, 2026 |
| CVE-2026-33978 | MEDIUM | 5.4 | Notesnook is a note-taking app focused on user privacy & ease of use. Prior to version 3.3.17, a stored XSS vulnerability exists in the mobile … | Apr 01, 2026 |
| CVE-2026-33949 | HIGH | 8.1 | Tina is a headless content management system. Prior to version 2.2.2, a path traversal vulnerability in @tinacms/graphql allows unauthenticated users to write and overwrite arbitrary … | Apr 01, 2026 |
| CVE-2026-30643 | CRITICAL | 9.8 | An issue was discovered in DedeCMS 5.7.118 allowing attackers to execute code via crafted setup tag values in a module upload. | Apr 01, 2026 |
| CVE-2026-30273 | HIGH | 7.3 | pandas-ai v3.0.0 was discovered to contain a SQL injection vulnerability via the pandasai.agent.base._execute_sql_query component. | Apr 01, 2026 |
| CVE-2026-2265 | MEDIUM | 6.5 | An unauthenticated remote code execution (RCE) vulnerability exists in applications that use the Replicator node package manager (npm) version 1.0.5 to deserialize untrusted user input … | Apr 01, 2026 |
| CVE-2026-20174 | MEDIUM | 4.9 | A vulnerability in the Metadata update feature of Cisco Nexus Dashboard Insights could allow an authenticated, remote attacker to write arbitrary files to an affected … | Apr 01, 2026 |
| CVE-2026-20160 | CRITICAL | 9.8 | A vulnerability in Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system … | Apr 01, 2026 |
| CVE-2026-20155 | HIGH | 8.0 | A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker with low privileges to access … | Apr 01, 2026 |
| CVE-2026-20151 | HIGH | 7.3 | A vulnerability in the web interface of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an authenticated, remote attacker to elevate privileges on an … | Apr 01, 2026 |