Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
14231
Total
958
Critical
4174
High
4508
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-34746 | HIGH | 7.7 | Payload is a free and open source headless content management system. Prior to version 3.79.1, an authenticated Server-Side Request Forgery (SSRF) vulnerability exists in the … | Apr 01, 2026 |
| CVE-2026-34456 | CRITICAL | 9.1 | Reviactyl is an open-source game server management panel built using Laravel, React, FilamentPHP, Vite, and Go. From version 26.2.0-beta.1 to before version 26.2.0-beta.5, a vulnerability … | Apr 01, 2026 |
| CVE-2026-34455 | UNKNOWN | — | Hi.Events is an open-source event management and ticket selling platform. From version 0.8.0-beta.1 to before version 1.7.1-beta, multiple repository classes pass the user-supplied sort_by query … | Apr 01, 2026 |
| CVE-2025-66442 | MEDIUM | 5.1 | In Mbed TLS through 4.0.0, there is a compiler-induced timing side channel (in RSA and CBC/ECB decryption) that only occurs with LLVM's select-optimize feature. TF-PSA-Crypto … | Apr 01, 2026 |
| CVE-2026-35000 | MEDIUM | 6.5 | ChangeDetection.io versions prior to 0.54.7 contain a protection bypass vulnerability in the SafeXPath3Parser implementation that allows attackers to read arbitrary local files by using unblocked … | Apr 01, 2026 |
| CVE-2026-34874 | HIGH | 7.5 | An issue was discovered in Mbed TLS through 3.6.5 and 4.x through 4.0.0. There is a NULL pointer dereference in distinguished name parsing that allows … | Apr 01, 2026 |
| CVE-2026-34871 | MEDIUM | 6.7 | An issue was discovered in Mbed TLS before 3.6.6 and 4.x before 4.1.0 and TF-PSA-Crypto before 1.1.0. There is a Predictable Seed in a Pseudo-Random … | Apr 01, 2026 |
| CVE-2026-25835 | HIGH | 7.7 | Mbed TLS before 3.6.6 and TF-PSA-Crypto before 1.1.0 misuse seeds in a Pseudo-Random Number Generator (PRNG). | Apr 01, 2026 |
| CVE-2026-25833 | HIGH | 7.5 | Mbed TLS 3.5.0 to 3.6.5 fixed in 3.6.6 and 4.1.0 has a buffer overflow in the x509_inet_pton_ipv6() function | Apr 01, 2026 |
| CVE-2026-5199 | UNKNOWN | — | A writer role user in an attacker-controlled namespace could signal, delete, and reset workflows or activities in a victim namespace on the same cluster. Exploitation … | Apr 01, 2026 |
| CVE-2026-34875 | CRITICAL | 9.8 | An issue was discovered in Mbed TLS through 3.6.5 and TF-PSA-Crypto 1.0.0. A buffer overflow can occur in public key export for FFDH keys. | Apr 01, 2026 |
| CVE-2026-34751 | CRITICAL | 9.1 | Payload is a free and open source headless content management system. Prior to version 3.79.1 in @payloadcms/graphql and payload, a vulnerability in the password recovery … | Apr 01, 2026 |
| CVE-2026-34447 | MEDIUM | 5.5 | Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. Prior to version 1.21.0, there is a symlink traversal vulnerability in external … | Apr 01, 2026 |
| CVE-2026-34446 | MEDIUM | 4.7 | Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. Prior to version 1.21.0, there is an issue in onnx.load, the code … | Apr 01, 2026 |
| CVE-2026-34445 | HIGH | 8.6 | Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. Prior to version 1.21.0, the ExternalDataInfo class in ONNX was using Python’s … | Apr 01, 2026 |
| CVE-2026-34397 | MEDIUM | 6.3 | Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From versions 2.0.0-alpha to before 2.3.9 and 3.0.0-alpha to before 3.1.1, there is … | Apr 01, 2026 |
| CVE-2026-34376 | HIGH | 7.5 | PdfDing is a selfhosted PDF manager, viewer and editor offering a seamless user experience on multiple devices. Prior to version 1.7.0, an access-control vulnerability allows … | Apr 01, 2026 |
| CVE-2026-34236 | HIGH | 8.2 | Auth0-PHP is a PHP SDK for Auth0 Authentication and Management APIs. From version 8.0.0 to before version 8.19.0, in applications built with the Auth0 PHP … | Apr 01, 2026 |
| CVE-2026-34222 | HIGH | 7.7 | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.11, there is a broken access control vulnerability in … | Apr 01, 2026 |
| CVE-2026-34159 | CRITICAL | 9.8 | llama.cpp is an inference of several LLM models in C/C++. Prior to version b8492, the RPC backend's deserialize_tensor() skips all bounds validation when a tensor's … | Apr 01, 2026 |
| CVE-2026-34076 | HIGH | 7.4 | Clerk JavaScript is the official JavaScript repository for Clerk authentication. In @clerk/hono from versions 0.1.0 to before 0.1.5, @clerk/express from versions 2.0.0 to before 2.0.7, … | Apr 01, 2026 |
| CVE-2026-34072 | HIGH | 8.3 | Cr*nMaster (cronmaster) is a Cronjob management UI with human readable syntax, live logging and log history for cronjobs. Prior to version 2.2.0, an authentication bypass … | Apr 01, 2026 |
| CVE-2026-27489 | UNKNOWN | — | Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. Prior to version 1.21.0, a path traversal vulnerability via symlink allows to … | Apr 01, 2026 |
| CVE-2026-25834 | MEDIUM | 6.5 | Mbed TLS v3.3.0 up to 3.6.5 and 4.0.0 allows Algorithm Downgrade. | Apr 01, 2026 |
| CVE-2026-5310 | LOW | 2.5 | A vulnerability was identified in Enter Software Iperius Backup up to 8.7.2. This impacts an unknown function of the file IperiusAccounts.ini. Such manipulation leads to … | Apr 01, 2026 |