Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
14094
Total
949
Critical
4140
High
4452
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2025-67806 | LOW | 3.7 | The login mechanism of Sage DPW 2021_06_004 displays distinct responses for valid and invalid usernames, allowing enumeration of existing accounts in versions before 2021_06_000. On-premise … | Apr 01, 2026 |
| CVE-2025-67805 | MEDIUM | 5.9 | A non-default configuration in Sage DPW 2025_06_004 allows unauthenticated access to diagnostic endpoints within the Database Monitor feature, exposing sensitive information such as hashes and … | Apr 01, 2026 |
| CVE-2026-30573 | HIGH | 7.5 | A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0. The vulnerability is located in the add-sales.php file. The application fails to validate … | Apr 01, 2026 |
| CVE-2026-30526 | MEDIUM | 6.1 | A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Zoo Management System v1.0. The vulnerability is located in the login page, specifically within the msg … | Apr 01, 2026 |
| CVE-2026-30523 | MEDIUM | 6.5 | A Business Logic vulnerability exists in SourceCodester Loan Management System v1.0 due to the lack of proper input validation. The application allows administrators to define … | Apr 01, 2026 |
| CVE-2026-30292 | HIGH | 8.4 | An arbitrary file overwrite vulnerability in Docudepot PDF Reader: PDF Viewer APP v1.0.34 allows attackers to overwrite critical internal files via the file import process, … | Apr 01, 2026 |
| CVE-2026-30291 | HIGH | 8.4 | An arbitrary file overwrite vulnerability in Ora Tools PDF Reader ' Reader & Editor APPv4.3.5 allows attackers to overwrite critical internal files via the file … | Apr 01, 2026 |
| CVE-2026-29598 | MEDIUM | 5.4 | Multiple stored cross-site scripting (XSS) vulnerabilities in the submit_add_user.asp endpoint of DDSN Interactive Acora CMS v10.7.1 allow attackers to execute arbitrary web scripts or HTML … | Apr 01, 2026 |
| CVE-2025-13535 | MEDIUM | 6.4 | The King Addons for Elementor plugin for WordPress is vulnerable to multiple Contributor+ DOM-Based Stored Cross-Site Scripting vulnerabilities in all versions up to, and including, … | Apr 01, 2026 |
| CVE-2026-5271 | UNKNOWN | — | pymanager included the current working directory in sys.path meaning modules could be shadowed by modules in the current working directory. As a result, if a … | Apr 01, 2026 |
| CVE-2026-3877 | UNKNOWN | — | A reflected cross-site scripting (XSS) vulnerability in the dashboard search functionality of the VertiGIS FM solution allows attackers to craft a malicious URL, that if … | Apr 01, 2026 |
| CVE-2026-35094 | LOW | 3.3 | A flaw was found in libinput. An attacker capable of deploying a Lua plugin file in specific system directories can exploit a dangling pointer vulnerability. … | Apr 01, 2026 |
| CVE-2026-35093 | HIGH | 8.8 | A flaw was found in libinput. A local attacker who can place a specially crafted Lua bytecode file in certain system or user configuration directories … | Apr 01, 2026 |
| CVE-2026-35092 | HIGH | 7.5 | A flaw was found in Corosync. An integer overflow vulnerability in Corosync's join message sanity validation allows a remote, unauthenticated attacker to send crafted User … | Apr 01, 2026 |
| CVE-2026-35091 | HIGH | 8.2 | A flaw was found in Corosync. A remote unauthenticated attacker can exploit a wrong return value vulnerability in the Corosync membership commit token sanity check … | Apr 01, 2026 |
| CVE-2026-34999 | MEDIUM | 5.3 | OpenViking versions 0.2.5 prior to 0.2.14 contain a missing authentication vulnerability in the bot proxy router that allows remote unauthenticated attackers to access protected bot … | Apr 01, 2026 |
| CVE-2026-34430 | HIGH | 8.8 | ByteDance Deer-Flow versions prior to commit 92c7a20 contain a sandbox escape vulnerability in bash tool handling that allows attackers to execute arbitrary commands on the … | Apr 01, 2026 |
| CVE-2026-30522 | MEDIUM | 6.5 | A Business Logic vulnerability exists in SourceCodester Loan Management System v1.0 due to improper server-side validation. The application allows administrators to create "Loan Plans" with … | Apr 01, 2026 |
| CVE-2026-30289 | HIGH | 8.4 | An arbitrary file overwrite vulnerability in Tinybeans Private Family Album App v5.9.5-prod allows attackers to overwrite critical internal files via the file import process, leading … | Apr 01, 2026 |
| CVE-2026-30287 | HIGH | 8.4 | An arbitrary file overwrite vulnerability in Deep Thought Industries ACE Scanner PDF Scanner v1.4.5 allows attackers to overwrite critical internal files via the file import … | Apr 01, 2026 |
| CVE-2026-0522 | UNKNOWN | — | A local file inclusion vulnerability in the upload/download flow of the VertiGIS FM application allows authenticated attackers to read arbitrary files from the server by … | Apr 01, 2026 |
| CVE-2026-29014 | CRITICAL | 9.8 | MetInfo CMS versions 7.9, 8.0, and 8.1 contain an unauthenticated PHP code injection vulnerability that allows remote attackers to execute arbitrary code by sending crafted … | Apr 01, 2026 |
| CVE-2026-22768 | HIGH | 7.3 | Dell AppSync, version(s) 4.6.0, contain(s) an Incorrect Permission Assignment for Critical Resource vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, … | Apr 01, 2026 |
| CVE-2026-22767 | HIGH | 7.3 | Dell AppSync, version(s) 4.6.0, contain(s) an UNIX Symbolic Link (Symlink) Following vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading … | Apr 01, 2026 |
| CVE-2026-25601 | MEDIUM | 6.4 | A vulnerability was identified in MEPIS RM, an industrial software product developed by Metronik. The application contained a hardcoded cryptographic key within the Mx.Web.ComponentModel.dll component. … | Apr 01, 2026 |