Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
14094
Total
949
Critical
4140
High
4452
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-24096 | UNKNOWN | — | Insufficient permission validation on multiple REST API Quick Setup endpoints in Checkmk 2.5.0 (beta) before version 2.5.0b2 and 2.4.0 before version 2.4.0p25 allows low-privileged users … | Apr 01, 2026 |
| CVE-2026-0932 | UNKNOWN | — | Blind server-side request forgery (SSRF) vulnerability in legacy connection methods of document co-authoring features in M-Files Server before 26.3 allow an unauthenticated attacker to cause … | Apr 01, 2026 |
| CVE-2026-23899 | UNKNOWN | — | An improper access check allows unauthorized access to webservice endpoints. | Apr 01, 2026 |
| CVE-2026-23898 | UNKNOWN | — | Lack of input validation leads to an arbitrary file deletion vulnerability in the autoupdate server mechanism. | Apr 01, 2026 |
| CVE-2026-21632 | UNKNOWN | — | Lack of output escaping for article titles leads to XSS vectors in various locations. | Apr 01, 2026 |
| CVE-2026-21631 | UNKNOWN | — | Lack of output escaping leads to a XSS vector in the multilingual associations component. | Apr 01, 2026 |
| CVE-2026-21630 | UNKNOWN | — | Improperly built order clauses lead to a SQL injection vulnerability in the articles webservice endpoint. | Apr 01, 2026 |
| CVE-2026-21629 | UNKNOWN | — | The ajax component was excluded from the default logged-in-user check in the administrative area. This behavior was potentially unexpected by 3rd party developers. | Apr 01, 2026 |
| CVE-2026-1879 | MEDIUM | 6.3 | A vulnerability was detected in Harvard University IQSS Dataverse up to 6.8. This affects an unknown function of the file /ThemeAndWidgets.xhtml of the component Theme … | Apr 01, 2026 |
| CVE-2024-53828 | MEDIUM | 5.3 | Ericsson Packet Core Controller (PCC) versions prior to 1.38 contain a vulnerability where an attacker sending a large volume of specially crafted messages may cause … | Apr 01, 2026 |
| CVE-2026-5261 | HIGH | 7.3 | A vulnerability was identified in Shandong Hoteam InforCenter PLM up to 8.3.8. The impacted element is the function uploadFileToIIS of the file /Base/BaseHandler.ashx. The manipulation … | Apr 01, 2026 |
| CVE-2026-4370 | CRITICAL | 10.0 | A vulnerability was identified in Juju from version 3.2.0 until 3.6.19 and from version 4.0 until 4.0.4, where the internal Dqlite database cluster fails to … | Apr 01, 2026 |
| CVE-2026-34889 | MEDIUM | 6.5 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brainstorm Force Ultimate Addons for WPBakery Page Builder allows DOM-Based XSS.This issue affects … | Apr 01, 2026 |
| CVE-2026-23411 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: apparmor: fix race between freeing data and fs accessing it AppArmor was putting the reference … | Apr 01, 2026 |
| CVE-2026-23410 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: apparmor: fix race on rawdata dereference There is a race condition that leads to a … | Apr 01, 2026 |
| CVE-2026-23409 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: apparmor: fix differential encoding verification Differential encoding allows loops to be created if it is … | Apr 01, 2026 |
| CVE-2026-23408 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: apparmor: Fix double free of ns_name in aa_replace_profiles() if ns_name is NULL after 1071 error … | Apr 01, 2026 |
| CVE-2026-23407 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: apparmor: fix missing bounds check on DEFAULT table in verify_dfa() The verify_dfa() function only checks … | Apr 01, 2026 |
| CVE-2026-23406 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: apparmor: fix side-effect bug in match_char() macro usage The match_char() macro evaluates its character parameter … | Apr 01, 2026 |
| CVE-2026-23405 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: apparmor: fix: limit the number of levels of policy namespaces Currently the number of policy … | Apr 01, 2026 |
| CVE-2026-23404 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: apparmor: replace recursive profile removal with iterative approach The profile removal code uses recursion when … | Apr 01, 2026 |
| CVE-2026-23403 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: apparmor: fix memory leak in verify_header The function sets `*ns = NULL` on every call, … | Apr 01, 2026 |
| CVE-2026-23402 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Only WARN in direct MMUs when overwriting shadow-present SPTE Adjust KVM's sanity check … | Apr 01, 2026 |
| CVE-2026-23401 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Drop/zap existing present SPTE even when creating an MMIO SPTE When installing an … | Apr 01, 2026 |
| CVE-2026-5259 | MEDIUM | 6.3 | A vulnerability was determined in AutohomeCorp frostmourne up to 1.0. The affected element is an unknown function of the file frostmourne-monitor/src/main/java/com/autohome/frostmourne/monitor/controller/AlarmController.java of the component Alarm … | Apr 01, 2026 |