Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
14231
Total
958
Critical
4174
High
4508
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-34604 | HIGH | 7.1 | Tina is a headless content management system. Prior to version 2.2.2, @tinacms/graphql uses string-based path containment checks in FilesystemBridge. That blocks plain ../ traversal, but … | Apr 01, 2026 |
| CVE-2026-34603 | HIGH | 7.1 | Tina is a headless content management system. Prior to version 2.2.2, @tinacms/cli recently added lexical path-traversal checks to the dev media routes, but the implementation … | Apr 01, 2026 |
| CVE-2026-33990 | UNKNOWN | — | Docker Model Runner (DMR) is software used to manage, run, and deploy AI models using Docker. Prior to version 1.1.25, Docker Model Runner contains an … | Apr 01, 2026 |
| CVE-2026-33978 | MEDIUM | 5.4 | Notesnook is a note-taking app focused on user privacy & ease of use. Prior to version 3.3.17, a stored XSS vulnerability exists in the mobile … | Apr 01, 2026 |
| CVE-2026-33949 | HIGH | 8.1 | Tina is a headless content management system. Prior to version 2.2.2, a path traversal vulnerability in @tinacms/graphql allows unauthenticated users to write and overwrite arbitrary … | Apr 01, 2026 |
| CVE-2026-30643 | CRITICAL | 9.8 | An issue was discovered in DedeCMS 5.7.118 allowing attackers to execute code via crafted setup tag values in a module upload. | Apr 01, 2026 |
| CVE-2026-30273 | HIGH | 7.3 | pandas-ai v3.0.0 was discovered to contain a SQL injection vulnerability via the pandasai.agent.base._execute_sql_query component. | Apr 01, 2026 |
| CVE-2026-2265 | MEDIUM | 6.5 | An unauthenticated remote code execution (RCE) vulnerability exists in applications that use the Replicator node package manager (npm) version 1.0.5 to deserialize untrusted user input … | Apr 01, 2026 |
| CVE-2026-20174 | MEDIUM | 4.9 | A vulnerability in the Metadata update feature of Cisco Nexus Dashboard Insights could allow an authenticated, remote attacker to write arbitrary files to an affected … | Apr 01, 2026 |
| CVE-2026-20160 | CRITICAL | 9.8 | A vulnerability in Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system … | Apr 01, 2026 |
| CVE-2026-20155 | HIGH | 8.0 | A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker with low privileges to access … | Apr 01, 2026 |
| CVE-2026-20151 | HIGH | 7.3 | A vulnerability in the web interface of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an authenticated, remote attacker to elevate privileges on an … | Apr 01, 2026 |
| CVE-2026-20097 | MEDIUM | 6.5 | A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with admin-level privileges to execute arbitrary code as the … | Apr 01, 2026 |
| CVE-2026-20096 | MEDIUM | 6.5 | A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with admin-level privileges to perform command injection attacks on … | Apr 01, 2026 |
| CVE-2026-20095 | MEDIUM | 6.5 | A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with admin-level privileges to perform command injection attacks on … | Apr 01, 2026 |
| CVE-2026-20094 | HIGH | 8.8 | A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with read-only privileges to perform command injection attacks on … | Apr 01, 2026 |
| CVE-2026-20093 | CRITICAL | 9.8 | A vulnerability in the change password functionality of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to bypass authentication and gain access … | Apr 01, 2026 |
| CVE-2026-20090 | MEDIUM | 4.8 | A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with administrative privileges to conduct a stored XSS attack … | Apr 01, 2026 |
| CVE-2026-20089 | MEDIUM | 4.8 | A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with administrative privileges to conduct a stored XSS attack … | Apr 01, 2026 |
| CVE-2026-20088 | MEDIUM | 4.8 | A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with administrative privileges to conduct a stored XSS attack … | Apr 01, 2026 |
| CVE-2026-20087 | MEDIUM | 4.8 | A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with administrative privileges to conduct a stored XSS attack … | Apr 01, 2026 |
| CVE-2026-20085 | MEDIUM | 6.1 | A vulnerability in the web-based management interface of Cisco IMC could allow an unauthenticated, remote attacker to conduct a reflected XSS attack against a user … | Apr 01, 2026 |
| CVE-2026-20042 | MEDIUM | 6.5 | A vulnerability in the configuration backup feature of Cisco Nexus Dashboard could allow an attacker who has the encryption password and access to Full or … | Apr 01, 2026 |
| CVE-2026-20041 | MEDIUM | 6.1 | A vulnerability in Cisco Nexus Dashboard and Cisco Nexus Dashboard Insights could allow an unauthenticated, remote attacker to conduct a server-side request forgery (SSRF) attack … | Apr 01, 2026 |
| CVE-2024-43028 | CRITICAL | 9.8 | A command injection vulnerability in the component /jmreport/show of jeecg boot v3.0.0 to v3.5.3 allows attackers to execute arbitrary code via a crafted HTTP request. | Apr 01, 2026 |