Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
14240
Total
958
Critical
4175
High
4515
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-5212 | HIGH | 8.8 | A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, … | Mar 31, 2026 |
| CVE-2026-3470 | LOW | 3.8 | A vulnerability exists in the SonicWall Email Security appliance due to improper input sanitization that may lead to data corruption, allowing a remote authenticated attacker … | Mar 31, 2026 |
| CVE-2026-3469 | LOW | 2.7 | A denial-of-service (DoS) vulnerability exists due to improper input validation in the SonicWall Email Security appliance, allowing a remote authenticated attacker as admin user to … | Mar 31, 2026 |
| CVE-2026-3468 | MEDIUM | 4.8 | A stored Cross-Site Scripting (XSS) vulnerability has been identified in the SonicWall Email Security appliance due to improper neutralization of user-supplied input during web page … | Mar 31, 2026 |
| CVE-2026-34740 | MEDIUM | 6.5 | WWBN AVideo is an open source video platform. In versions 26.0 and prior, the EPG (Electronic Program Guide) link feature in AVideo allows authenticated users … | Mar 31, 2026 |
| CVE-2026-34739 | MEDIUM | 6.1 | WWBN AVideo is an open source video platform. In versions 26.0 and prior, the User_Location plugin's testIP.php page reflects the ip request parameter directly into … | Mar 31, 2026 |
| CVE-2026-34738 | MEDIUM | 4.3 | WWBN AVideo is an open source video platform. In versions 26.0 and prior, AVideo's video processing pipeline accepts an overrideStatus request parameter that allows any … | Mar 31, 2026 |
| CVE-2026-34737 | MEDIUM | 6.5 | WWBN AVideo is an open source video platform. In versions 26.0 and prior, the StripeYPT plugin includes a test.php debug endpoint that is accessible to … | Mar 31, 2026 |
| CVE-2026-34733 | MEDIUM | 6.5 | WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo installation script install/deleteSystemdPrivate.php contains a PHP operator precedence bug in … | Mar 31, 2026 |
| CVE-2026-34732 | MEDIUM | 5.3 | WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo CreatePlugin template for list.json.php does not include any authentication or … | Mar 31, 2026 |
| CVE-2026-34731 | HIGH | 7.5 | WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo on_publish_done.php endpoint in the Live plugin allows unauthenticated users to … | Mar 31, 2026 |
| CVE-2026-34716 | MEDIUM | 6.4 | WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo YPTSocket plugin's caller feature renders incoming call notifications using the … | Mar 31, 2026 |
| CVE-2026-34613 | MEDIUM | 6.5 | WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo endpoint objects/pluginSwitch.json.php allows administrators to enable or disable any installed … | Mar 31, 2026 |
| CVE-2026-34611 | MEDIUM | 6.5 | WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo endpoint objects/emailAllUsers.json.php allows administrators to send HTML emails to every … | Mar 31, 2026 |
| CVE-2026-34586 | MEDIUM | 6.5 | PdfDing is a selfhosted PDF manager, viewer and editor offering a seamless user experience on multiple devices. Prior to version 1.7.1, check_shared_access_allowed() validates only session … | Mar 31, 2026 |
| CVE-2026-34396 | MEDIUM | 6.1 | WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo admin panel renders plugin configuration values in HTML forms without … | Mar 31, 2026 |
| CVE-2026-34395 | MEDIUM | 6.5 | WWBN AVideo is an open source video platform. In versions 26.0 and prior, the plugin/YPTWallet/view/users.json.php endpoint returns all platform users with their personal information and … | Mar 31, 2026 |
| CVE-2026-34394 | HIGH | 8.1 | WWBN AVideo is an open source video platform. In versions 26.0 and prior, AVideo's admin plugin configuration endpoint (admin/save.json.php) lacks any CSRF token validation. There … | Mar 31, 2026 |
| CVE-2026-34384 | MEDIUM | 4.5 | Admidio is an open-source user management solution. Prior to version 5.0.8, the create_user, assign_member, and assign_user action modes in modules/registration.php approve pending user registrations via … | Mar 31, 2026 |
| CVE-2026-34383 | MEDIUM | 4.3 | Admidio is an open-source user management solution. Prior to version 5.0.8, the inventory module's item_save endpoint accepts a user-controllable POST parameter imported that, when set … | Mar 31, 2026 |
| CVE-2026-34382 | MEDIUM | 4.6 | Admidio is an open-source user management solution. From version 5.0.0 to before version 5.0.8, the delete mode handler in mylist_function.php permanently deletes list configurations without … | Mar 31, 2026 |
| CVE-2026-34381 | HIGH | 7.5 | Admidio is an open-source user management solution. From version 5.0.0 to before version 5.0.8, Admidio relies on adm_my_files/.htaccess to deny direct HTTP access to uploaded … | Mar 31, 2026 |
| CVE-2026-34372 | UNKNOWN | — | Sulu is an open-source PHP content management system based on the Symfony framework. From versions 1.0.0 to before 2.6.22, and 3.0.0 to before 3.0.5, a … | Mar 31, 2026 |
| CVE-2026-34367 | HIGH | 7.6 | InvoiceShelf is an open-source web & mobile app that helps track expenses, payments and create professional invoices and estimates. Prior to version 2.2.0, a Server-Side … | Mar 31, 2026 |
| CVE-2026-34366 | HIGH | 7.6 | InvoiceShelf is an open-source web & mobile app that helps track expenses, payments and create professional invoices and estimates. Prior to version 2.2.0, a Server-Side … | Mar 31, 2026 |