Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
14240
Total
958
Critical
4175
High
4515
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-32726 | HIGH | 8.1 | SciTokens C++ is a minimal library for creating and using SciTokens from C or C++. Prior to version 1.4.1, scitokens-cpp is vulnerable to an authorization … | Mar 31, 2026 |
| CVE-2026-32725 | HIGH | 8.3 | SciTokens C++ is a minimal library for creating and using SciTokens from C or C++. Prior to version 1.4.1, scitokens-cpp is vulnerable to an authorization … | Mar 31, 2026 |
| CVE-2026-32620 | UNKNOWN | — | Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, non-staff users could access … | Mar 31, 2026 |
| CVE-2026-32619 | UNKNOWN | — | Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, users who lost access … | Mar 31, 2026 |
| CVE-2026-32618 | MEDIUM | 4.3 | Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, there is possible channel … | Mar 31, 2026 |
| CVE-2026-32615 | UNKNOWN | — | Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, category group moderators could … | Mar 31, 2026 |
| CVE-2026-32607 | UNKNOWN | — | Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, when the hidden prioritize_full_name_in_ux … | Mar 31, 2026 |
| CVE-2026-32273 | MEDIUM | 5.4 | Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, updating a category description … | Mar 31, 2026 |
| CVE-2026-32243 | UNKNOWN | — | Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, an attacker with the … | Mar 31, 2026 |
| CVE-2026-32143 | UNKNOWN | — | Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, moderators could export CSV … | Mar 31, 2026 |
| CVE-2026-32113 | UNKNOWN | — | Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, the enter action in … | Mar 31, 2026 |
| CVE-2026-30520 | MEDIUM | 4.8 | A Blind SQL Injection vulnerability exists in SourceCodester Loan Management System v1.0. The vulnerability is located in the ajax.php file (specifically the save_loan action). The … | Mar 31, 2026 |
| CVE-2026-30286 | UNKNOWN | — | An arbitrary file overwrite vulnerability in Funambol, Inc. Zefiro Cloud v32.0.2026011614 allows attackers to overwrite critical internal files via the file import process, leading to … | Mar 31, 2026 |
| CVE-2026-30283 | UNKNOWN | — | An arbitrary file overwrite vulnerability in PEAKSEL D.O.O. NIS Animal Sounds and Ringtones v1.3.0 allows attackers to overwrite critical internal files via the file import … | Mar 31, 2026 |
| CVE-2026-30282 | CRITICAL | 9.0 | An arbitrary file overwrite vulnerability in UXGROUP LLC Cast to TV Screen Mirroring v2.2.77 allows attackers to overwrite critical internal files via the file import … | Mar 31, 2026 |
| CVE-2026-30279 | UNKNOWN | — | An arbitrary file overwrite vulnerability in Squareapps LLC My Location Travel Timeline v11.80 allows attackers to overwrite critical internal files via the file import process, … | Mar 31, 2026 |
| CVE-2026-30278 | UNKNOWN | — | An arbitrary file overwrite vulnerability in FLY is FUN Aviation Navigation v35.33 allows attackers to overwrite critical internal files via the file import process, leading … | Mar 31, 2026 |
| CVE-2026-30277 | UNKNOWN | — | An arbitrary file overwrite vulnerability in PDF Reader App : TA/UTAX Mobile Print v3.7.2.251001 allows attackers to overwrite critical internal files via the file import … | Mar 31, 2026 |
| CVE-2026-2123 | UNKNOWN | — | A security audit identified a privilege escalation vulnerability in Operations Agent(<=OA 12.29) on Windows. Under specific conditions Operations Agent may run executables from specific writeable … | Mar 31, 2026 |
| CVE-2025-62184 | UNKNOWN | — | Pega Platform versions 8.1.0 through 25.1.0 are affected by a Stored Cross-site Scripting vulnerability in a user interface component. Requires an administrative user and given … | Mar 31, 2026 |
| CVE-2026-5205 | MEDIUM | 6.3 | A vulnerability was identified in chatwoot up to 4.11.2. Affected by this vulnerability is the function Webhooks::Trigger in the library lib/webhooks/trigger.rb of the component Webhook … | Mar 31, 2026 |
| CVE-2026-34361 | CRITICAL | 9.3 | HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. Prior to version 6.9.4, the FHIR Validator HTTP service … | Mar 31, 2026 |
| CVE-2026-34360 | MEDIUM | 5.8 | HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. Prior to version 6.9.4, the /loadIG HTTP endpoint in … | Mar 31, 2026 |
| CVE-2026-34359 | HIGH | 7.4 | HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. Prior to version 6.9.4, ManagedWebAccessUtils.getServer() uses String.startsWith() to match … | Mar 31, 2026 |
| CVE-2026-24165 | HIGH | 7.8 | NVIDIA BioNeMo contains a vulnerability where a user could cause a deserialization of untrusted data. A successful exploit of this vulnerability might lead to code … | Mar 31, 2026 |