Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
14240
Total
958
Critical
4175
High
4515
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-1579 | CRITICAL | 9.8 | The MAVLink communication protocol does not require cryptographic authentication by default. When MAVLink 2.0 message signing is not enabled, any message -- including SERIAL_CONTROL, which … | Mar 31, 2026 |
| CVE-2026-5211 | HIGH | 8.8 | A flaw has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, … | Mar 31, 2026 |
| CVE-2026-4800 | HIGH | 8.1 | Impact: The fix for CVE-2021-23337 (https://github.com/advisories/GHSA-35jh-r3h4-6jhm) added validation for the variable option in _.template but did not apply the same validation to options.imports key names. … | Mar 31, 2026 |
| CVE-2026-34784 | UNKNOWN | — | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.71 and 9.7.1-alpha.1, file … | Mar 31, 2026 |
| CVE-2026-34365 | HIGH | 7.6 | InvoiceShelf is an open-source web & mobile app that helps track expenses, payments and create professional invoices and estimates. Prior to version 2.2.0, a Server-Side … | Mar 31, 2026 |
| CVE-2026-34215 | UNKNOWN | — | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.63 and 9.7.0-alpha.7, the … | Mar 31, 2026 |
| CVE-2026-34206 | MEDIUM | 6.1 | Captcha Protect is a Traefik middleware to add an anti-bot challenge to individual IPs in a subnet when traffic spikes are detected from that subnet. … | Mar 31, 2026 |
| CVE-2026-34204 | UNKNOWN | — | MinIO is a high-performance object storage system. Prior to version RELEASE.2026-03-26T21-24-40Z, a flaw in extractMetadataFromMime() allows any authenticated user with s3:PutObject permission to inject internal … | Mar 31, 2026 |
| CVE-2026-34203 | LOW | 2.7 | Nautobot is a Network Source of Truth and Network Automation Platform. Prior to versions 2.4.30 and 3.0.10, user creation and editing via the REST API … | Mar 31, 2026 |
| CVE-2026-30290 | UNKNOWN | — | An arbitrary file overwrite vulnerability in InTouch Contacts & Caller ID APP v6.38.1 allows attackers to overwrite critical internal files via the file import process, … | Mar 31, 2026 |
| CVE-2026-30285 | UNKNOWN | — | An arbitrary file overwrite vulnerability in Zora: Post, Trade, Earn Crypto v2.60.0 allows attackers to overwrite critical internal files via the file import process, leading … | Mar 31, 2026 |
| CVE-2026-30280 | MEDIUM | 5.3 | An arbitrary file overwrite vulnerability in RAREPROB SOLUTIONS PRIVATE LIMITED Video player Play All Videos v1.0.135 allows attackers to overwrite critical internal files via the … | Mar 31, 2026 |
| CVE-2026-2950 | MEDIUM | 6.5 | Impact: Lodash versions 4.17.23 and earlier are vulnerable to prototype pollution in the _.unset and _.omit functions. The fix for (CVE-2025-13465: https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg) only guards against … | Mar 31, 2026 |
| CVE-2026-5210 | HIGH | 7.3 | A vulnerability was detected in SourceCodester Leave Application System 1.0. This affects an unknown part. Performing a manipulation of the argument page results in file … | Mar 31, 2026 |
| CVE-2026-5209 | LOW | 2.4 | A security vulnerability has been detected in SourceCodester Leave Application System 1.0. Affected by this issue is some unknown functionality of the component User Management … | Mar 31, 2026 |
| CVE-2026-3356 | UNKNOWN | — | The MS27102A Remote Spectrum Monitor is vulnerable to an authentication bypass that allows unauthorized users to access and manipulate its management interface. Because the device … | Mar 31, 2026 |
| CVE-2026-30521 | UNKNOWN | — | A Business Logic vulnerability exists in SourceCodester Loan Management System v1.0 due to improper server-side validation. The application allows administrators to create "Loan Plans" with … | Mar 31, 2026 |
| CVE-2026-5206 | MEDIUM | 6.3 | A security vulnerability has been detected in code-projects Simple Gym Management System 1.0. This vulnerability affects unknown code of the component Payment Handler. The manipulation … | Mar 31, 2026 |
| CVE-2026-5190 | HIGH | 7.5 | Out-of-bounds write in the streaming decoder component in aws-c-event-stream before 0.6.0 might allow a third party operating a server to cause memory corruption leading to … | Mar 31, 2026 |
| CVE-2026-33415 | UNKNOWN | — | Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, an authenticated moderator-level user … | Mar 31, 2026 |
| CVE-2026-33300 | UNKNOWN | — | Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, an authorization bypass in … | Mar 31, 2026 |
| CVE-2026-33185 | UNKNOWN | — | Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, the group email settings … | Mar 31, 2026 |
| CVE-2026-33074 | UNKNOWN | — | Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, a user may be … | Mar 31, 2026 |
| CVE-2026-33073 | UNKNOWN | — | Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, the discourse-subscriptions plugin leaks … | Mar 31, 2026 |
| CVE-2026-32951 | MEDIUM | 4.3 | Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, an authenticated user can … | Mar 31, 2026 |