Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
14231
Total
958
Critical
4174
High
4508
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2024-40489 | CRITICAL | 9.8 | There is an injection vulnerability in jeecg boot versions 3.0.0 to 3.5.3 due to lax character filtering, which allows attackers to execute arbitrary code on … | Apr 01, 2026 |
| CVE-2026-5175 | MEDIUM | 5.0 | Improper access control in the multi-factor authentication (MFA) management API in Devolutions Server allows an authenticated attacker to delete their own configured MFA factors and … | Apr 01, 2026 |
| CVE-2026-4989 | MEDIUM | 4.3 | Improper input validation in the gateway health check feature in Devolutions Server allows a low-privileged authenticated user to perform server-side request forgery (SSRF), potentially leading … | Apr 01, 2026 |
| CVE-2026-4927 | MEDIUM | 6.5 | Exposure of sensitive information in the users MFA feature in Devolutions Server allows users with user management privileges to obtain other users OTP keys via … | Apr 01, 2026 |
| CVE-2026-4925 | MEDIUM | 5.0 | Improper access control in the users MFA feature in Devolutions Server allows an authenticated user to bypass administrator-enforced restrictions and remove their own multi-factor authentication … | Apr 01, 2026 |
| CVE-2026-4924 | HIGH | 8.2 | Improper authentication in the two-factor authentication (2FA) feature in Devolutions Server 2026.1.11 and earlier allows a remote attacker with valid credentials to bypass multifactor authentication … | Apr 01, 2026 |
| CVE-2026-4829 | MEDIUM | 5.4 | Improper authentication in the external OAuth authentication flow in Devolutions Server 2026.1.11 and earlier allows an authenticated user to authenticate as other users, including administrators, … | Apr 01, 2026 |
| CVE-2026-4828 | HIGH | 8.2 | Improper authentication in the OAuth login functionality in Devolutions Server 2026.1.11 and earlier allows a remote attacker with valid credentials to bypass multi-factor authentication via … | Apr 01, 2026 |
| CVE-2026-35099 | HIGH | 7.4 | Lakeside SysTrack Agent 11 before 11.5.0.15 has a race condition with resultant local privilege escalation to SYSTEM. The fixed versions are 11.2.1.28, 11.3.0.38, 11.4.0.24, and … | Apr 01, 2026 |
| CVE-2026-34510 | MEDIUM | 5.3 | OpenClaw before 2026.3.22 contains a path traversal vulnerability in Windows media loaders that accepts remote-host file URLs and UNC-style paths before local-path validation. Attackers can … | Apr 01, 2026 |
| CVE-2026-31027 | CRITICAL | 9.8 | TOTOlink A3600R v5.9c.4959 contains a buffer overflow vulnerability in the setAppEasyWizardConfig interface of /lib/cste_modules/app.so. The vulnerability occurs because the rootSsid parameter is not properly validated … | Apr 01, 2026 |
| CVE-2025-67807 | MEDIUM | 4.7 | The login mechanism of Sage DPW 2025_06_004 displays distinct responses for valid and invalid usernames, allowing enumeration of existing accounts in versions before 2021_06_000. On-premise … | Apr 01, 2026 |
| CVE-2025-67806 | LOW | 3.7 | The login mechanism of Sage DPW 2021_06_004 displays distinct responses for valid and invalid usernames, allowing enumeration of existing accounts in versions before 2021_06_000. On-premise … | Apr 01, 2026 |
| CVE-2025-67805 | MEDIUM | 5.9 | A non-default configuration in Sage DPW 2025_06_004 allows unauthenticated access to diagnostic endpoints within the Database Monitor feature, exposing sensitive information such as hashes and … | Apr 01, 2026 |
| CVE-2026-30573 | HIGH | 7.5 | A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0. The vulnerability is located in the add-sales.php file. The application fails to validate … | Apr 01, 2026 |
| CVE-2026-30526 | MEDIUM | 6.1 | A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Zoo Management System v1.0. The vulnerability is located in the login page, specifically within the msg … | Apr 01, 2026 |
| CVE-2026-30523 | MEDIUM | 6.5 | A Business Logic vulnerability exists in SourceCodester Loan Management System v1.0 due to the lack of proper input validation. The application allows administrators to define … | Apr 01, 2026 |
| CVE-2026-30292 | HIGH | 8.4 | An arbitrary file overwrite vulnerability in Docudepot PDF Reader: PDF Viewer APP v1.0.34 allows attackers to overwrite critical internal files via the file import process, … | Apr 01, 2026 |
| CVE-2026-30291 | HIGH | 8.4 | An arbitrary file overwrite vulnerability in Ora Tools PDF Reader ' Reader & Editor APPv4.3.5 allows attackers to overwrite critical internal files via the file … | Apr 01, 2026 |
| CVE-2026-29598 | MEDIUM | 5.4 | Multiple stored cross-site scripting (XSS) vulnerabilities in the submit_add_user.asp endpoint of DDSN Interactive Acora CMS v10.7.1 allow attackers to execute arbitrary web scripts or HTML … | Apr 01, 2026 |
| CVE-2025-13535 | MEDIUM | 6.4 | The King Addons for Elementor plugin for WordPress is vulnerable to multiple Contributor+ DOM-Based Stored Cross-Site Scripting vulnerabilities in all versions up to, and including, … | Apr 01, 2026 |
| CVE-2026-5271 | UNKNOWN | — | pymanager included the current working directory in sys.path meaning modules could be shadowed by modules in the current working directory. As a result, if a … | Apr 01, 2026 |
| CVE-2026-3877 | UNKNOWN | — | A reflected cross-site scripting (XSS) vulnerability in the dashboard search functionality of the VertiGIS FM solution allows attackers to craft a malicious URL, that if … | Apr 01, 2026 |
| CVE-2026-35094 | LOW | 3.3 | A flaw was found in libinput. An attacker capable of deploying a Lua plugin file in specific system directories can exploit a dangling pointer vulnerability. … | Apr 01, 2026 |
| CVE-2026-35093 | HIGH | 8.8 | A flaw was found in libinput. A local attacker who can place a specially crafted Lua bytecode file in certain system or user configuration directories … | Apr 01, 2026 |