Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
14094
Total
949
Critical
4140
High
4452
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-28265 | MEDIUM | 4.4 | PowerStore, contains a Path Traversal vulnerability in the Service user. A low privileged attacker with local access could potentially exploit this vulnerability, leading to modification … | Apr 01, 2026 |
| CVE-2026-27101 | MEDIUM | 4.7 | Dell Secure Connect Gateway (SCG) 5.0 Appliance and Application version(s) 5.28.00.xx to 5.32.00.xx, contain(s) an Improper Limitation of a Pathname to a Restricted Directory ('Path … | Apr 01, 2026 |
| CVE-2026-5258 | HIGH | 7.3 | A vulnerability was found in Sanster IOPaint 1.5.3. Impacted is the function _get_file of the file iopaint/file_manager/file_manager.py of the component File Manager. Performing a manipulation … | Apr 01, 2026 |
| CVE-2026-4748 | HIGH | 7.5 | A regression in the way hashes were calculated caused rules containing the address range syntax (x.x.x.x - y.y.y.y) that only differ in the address range(s) … | Apr 01, 2026 |
| CVE-2026-5257 | HIGH | 7.3 | A vulnerability has been found in code-projects Simple Laundry System 1.0. This issue affects some unknown processing of the file /delstaffinfo.php of the component Parameter … | Apr 01, 2026 |
| CVE-2026-5256 | HIGH | 7.3 | A flaw has been found in code-projects Simple Laundry System 1.0. This vulnerability affects unknown code of the file /modify.php of the component Parameter Handler. … | Apr 01, 2026 |
| CVE-2026-5255 | MEDIUM | 4.3 | A vulnerability was detected in code-projects Simple Laundry System 1.0. This affects an unknown part of the file /delstaffinfo.php of the component Parameter Handler. The … | Apr 01, 2026 |
| CVE-2026-2696 | MEDIUM | 5.3 | The Export All URLs WordPress plugin before 5.1 generates CSV filenames containing posts URLS (including private posts) in a predictable pattern using a random 6-digit … | Apr 01, 2026 |
| CVE-2025-15484 | CRITICAL | 9.1 | The Order Notification for WooCommerce WordPress plugin before 3.6.3 overrides WooCommerce's permission checks to grant full access to all unauthenticated requests, enabling complete read/write access … | Apr 01, 2026 |
| CVE-2026-5292 | HIGH | 8.8 | Out of bounds read in WebCodecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to perform an out of bounds memory read via … | Apr 01, 2026 |
| CVE-2026-5291 | MEDIUM | 6.5 | Inappropriate implementation in WebGL in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted … | Apr 01, 2026 |
| CVE-2026-5290 | CRITICAL | 9.6 | Use after free in Compositing in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to potentially perform a … | Apr 01, 2026 |
| CVE-2026-5289 | CRITICAL | 9.6 | Use after free in Navigation in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to potentially perform a … | Apr 01, 2026 |
| CVE-2026-5288 | CRITICAL | 9.6 | Use after free in WebView in Google Chrome on Android prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to potentially … | Apr 01, 2026 |
| CVE-2026-5287 | HIGH | 8.8 | Use after free in PDF in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted … | Apr 01, 2026 |
| CVE-2026-5286 | HIGH | 8.8 | Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium … | Apr 01, 2026 |
| CVE-2026-5285 | HIGH | 8.8 | Use after free in WebGL in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted … | Apr 01, 2026 |
| CVE-2026-5284 | HIGH | 7.5 | Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to execute arbitrary code … | Apr 01, 2026 |
| CVE-2026-5283 | MEDIUM | 6.5 | Inappropriate implementation in ANGLE in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security … | Apr 01, 2026 |
| CVE-2026-5282 | HIGH | 8.1 | Out of bounds read in WebCodecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to perform an out of bounds memory read via … | Apr 01, 2026 |
| CVE-2026-5281 | HIGH | 8.8 | Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to execute arbitrary code … | Apr 01, 2026 |
| CVE-2026-5280 | HIGH | 8.8 | Use after free in WebCodecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted … | Apr 01, 2026 |
| CVE-2026-5279 | HIGH | 8.8 | Object corruption in V8 in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML … | Apr 01, 2026 |
| CVE-2026-5278 | HIGH | 8.8 | Use after free in Web MIDI in Google Chrome on Android prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code via a crafted … | Apr 01, 2026 |
| CVE-2026-5277 | HIGH | 7.5 | Integer overflow in ANGLE in Google Chrome on Windows prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to perform an … | Apr 01, 2026 |