Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
14094
Total
949
Critical
4140
High
4452
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-20097 | MEDIUM | 6.5 | A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with admin-level privileges to execute arbitrary code as the … | Apr 01, 2026 |
| CVE-2026-20096 | MEDIUM | 6.5 | A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with admin-level privileges to perform command injection attacks on … | Apr 01, 2026 |
| CVE-2026-20095 | MEDIUM | 6.5 | A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with admin-level privileges to perform command injection attacks on … | Apr 01, 2026 |
| CVE-2026-20094 | HIGH | 8.8 | A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with read-only privileges to perform command injection attacks on … | Apr 01, 2026 |
| CVE-2026-20093 | CRITICAL | 9.8 | A vulnerability in the change password functionality of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to bypass authentication and gain access … | Apr 01, 2026 |
| CVE-2026-20090 | MEDIUM | 4.8 | A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with administrative privileges to conduct a stored XSS attack … | Apr 01, 2026 |
| CVE-2026-20089 | MEDIUM | 4.8 | A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with administrative privileges to conduct a stored XSS attack … | Apr 01, 2026 |
| CVE-2026-20088 | MEDIUM | 4.8 | A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with administrative privileges to conduct a stored XSS attack … | Apr 01, 2026 |
| CVE-2026-20087 | MEDIUM | 4.8 | A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with administrative privileges to conduct a stored XSS attack … | Apr 01, 2026 |
| CVE-2026-20085 | MEDIUM | 6.1 | A vulnerability in the web-based management interface of Cisco IMC could allow an unauthenticated, remote attacker to conduct a reflected XSS attack against a user … | Apr 01, 2026 |
| CVE-2026-20042 | MEDIUM | 6.5 | A vulnerability in the configuration backup feature of Cisco Nexus Dashboard could allow an attacker who has the encryption password and access to Full or … | Apr 01, 2026 |
| CVE-2026-20041 | MEDIUM | 6.1 | A vulnerability in Cisco Nexus Dashboard and Cisco Nexus Dashboard Insights could allow an unauthenticated, remote attacker to conduct a server-side request forgery (SSRF) attack … | Apr 01, 2026 |
| CVE-2024-43028 | CRITICAL | 9.8 | A command injection vulnerability in the component /jmreport/show of jeecg boot v3.0.0 to v3.5.3 allows attackers to execute arbitrary code via a crafted HTTP request. | Apr 01, 2026 |
| CVE-2024-40489 | CRITICAL | 9.8 | There is an injection vulnerability in jeecg boot versions 3.0.0 to 3.5.3 due to lax character filtering, which allows attackers to execute arbitrary code on … | Apr 01, 2026 |
| CVE-2026-5175 | MEDIUM | 5.0 | Improper access control in the multi-factor authentication (MFA) management API in Devolutions Server allows an authenticated attacker to delete their own configured MFA factors and … | Apr 01, 2026 |
| CVE-2026-4989 | MEDIUM | 4.3 | Improper input validation in the gateway health check feature in Devolutions Server allows a low-privileged authenticated user to perform server-side request forgery (SSRF), potentially leading … | Apr 01, 2026 |
| CVE-2026-4927 | MEDIUM | 6.5 | Exposure of sensitive information in the users MFA feature in Devolutions Server allows users with user management privileges to obtain other users OTP keys via … | Apr 01, 2026 |
| CVE-2026-4925 | MEDIUM | 5.0 | Improper access control in the users MFA feature in Devolutions Server allows an authenticated user to bypass administrator-enforced restrictions and remove their own multi-factor authentication … | Apr 01, 2026 |
| CVE-2026-4924 | HIGH | 8.2 | Improper authentication in the two-factor authentication (2FA) feature in Devolutions Server 2026.1.11 and earlier allows a remote attacker with valid credentials to bypass multifactor authentication … | Apr 01, 2026 |
| CVE-2026-4829 | MEDIUM | 5.4 | Improper authentication in the external OAuth authentication flow in Devolutions Server 2026.1.11 and earlier allows an authenticated user to authenticate as other users, including administrators, … | Apr 01, 2026 |
| CVE-2026-4828 | HIGH | 8.2 | Improper authentication in the OAuth login functionality in Devolutions Server 2026.1.11 and earlier allows a remote attacker with valid credentials to bypass multi-factor authentication via … | Apr 01, 2026 |
| CVE-2026-35099 | HIGH | 7.4 | Lakeside SysTrack Agent 11 before 11.5.0.15 has a race condition with resultant local privilege escalation to SYSTEM. The fixed versions are 11.2.1.28, 11.3.0.38, 11.4.0.24, and … | Apr 01, 2026 |
| CVE-2026-34510 | MEDIUM | 5.3 | OpenClaw before 2026.3.22 contains a path traversal vulnerability in Windows media loaders that accepts remote-host file URLs and UNC-style paths before local-path validation. Attackers can … | Apr 01, 2026 |
| CVE-2026-31027 | CRITICAL | 9.8 | TOTOlink A3600R v5.9c.4959 contains a buffer overflow vulnerability in the setAppEasyWizardConfig interface of /lib/cste_modules/app.so. The vulnerability occurs because the rootSsid parameter is not properly validated … | Apr 01, 2026 |
| CVE-2025-67807 | MEDIUM | 4.7 | The login mechanism of Sage DPW 2025_06_004 displays distinct responses for valid and invalid usernames, allowing enumeration of existing accounts in versions before 2021_06_000. On-premise … | Apr 01, 2026 |