Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
14247
Total
958
Critical
4177
High
4519
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-32794 | MEDIUM | 4.8 | Improper Certificate Validation vulnerability in Apache Airflow Provider for Databricks. Provider code did not validate certificates for connections to Databricks back-end which could result in … | Mar 30, 2026 |
| CVE-2026-5152 | HIGH | 8.8 | A vulnerability was detected in Tenda CH22 1.0.0.1. Impacted is the function formCreateFileName of the file /goform/createFileName. Performing a manipulation of the argument fileNameMit results … | Mar 30, 2026 |
| CVE-2026-4789 | UNKNOWN | — | Kyverno, versions 1.16.0 and later, are vulnerable to SSRF due to unrestricted CEL HTTP functions. | Mar 30, 2026 |
| CVE-2026-34558 | CRITICAL | 9.1 | CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application … | Mar 30, 2026 |
| CVE-2026-34557 | CRITICAL | 9.1 | CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application … | Mar 30, 2026 |
| CVE-2026-32884 | MEDIUM | 5.9 | Botan is a C++ cryptography library. Prior to version 3.11.0, during processing of an X.509 certificate path using name constraints which restrict the set of … | Mar 30, 2026 |
| CVE-2026-32883 | MEDIUM | 5.9 | Botan is a C++ cryptography library. From version 3.0.0 to before version 3.11.0, during X509 path validation, OCSP responses were checked for an appropriate status … | Mar 30, 2026 |
| CVE-2026-32877 | HIGH | 8.2 | Botan is a C++ cryptography library. From version 2.3.0 to before version 3.11.0, during SM2 decryption, the code that checked the authentication code value (C3) … | Mar 30, 2026 |
| CVE-2026-32696 | LOW | 3.1 | NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. In NanoMQ version 0.24.6, after enabling auth.http_auth (HTTP authentication), when a client connects to the … | Mar 30, 2026 |
| CVE-2026-31946 | CRITICAL | 9.8 | OpenOlat is an open source web-based e-learning platform for teaching, learning, assessment and communication. From version 10.5.4 to before version 20.2.5, OpenOLAT's OpenID Connect implicit … | Mar 30, 2026 |
| CVE-2026-30313 | UNKNOWN | — | DSAI-Cline's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on string-based parsing … | Mar 30, 2026 |
| CVE-2026-30308 | UNKNOWN | — | In its design for automatic terminal command execution, HAI Build Code Generator offers two options: Execute safe commands and Execute all commands. The description for … | Mar 30, 2026 |
| CVE-2026-30306 | UNKNOWN | — | In its design for automatic terminal command execution, SakaDev offers two options: Execute safe commands and execute all commands. The description for the former states … | Mar 30, 2026 |
| CVE-2026-28228 | HIGH | 8.8 | OpenOlat is an open source web-based e-learning platform for teaching, learning, assessment and communication. Prior to versions 19.1.31, 20.1.18, and 20.2.5, an authenticated user with … | Mar 30, 2026 |
| CVE-2026-27599 | MEDIUM | 4.7 | CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application … | Mar 30, 2026 |
| CVE-2026-27018 | UNKNOWN | — | Gotenberg is an API for converting document formats. Prior to version 8.29.0, the fix introduced for CVE-2024-21527 can be bypassed using mixed-case or uppercase URL … | Mar 30, 2026 |
| CVE-2026-25627 | MEDIUM | 6.5 | NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. Prior to version 0.24.8, NanoMQ’s MQTT-over-WebSocket transport can be crashed by sending an MQTT packet … | Mar 30, 2026 |
| CVE-2026-5150 | HIGH | 7.3 | A security vulnerability has been detected in code-projects Accounting System 1.0. This issue affects some unknown processing of the file /viewin_costumer.php of the component Parameter … | Mar 30, 2026 |
| CVE-2026-5148 | MEDIUM | 4.7 | A weakness has been identified in YunaiV yudao-cloud up to 2026.01. This vulnerability affects unknown code of the file /admin-api/system/mail-log/page. This manipulation of the argument … | Mar 30, 2026 |
| CVE-2026-33026 | UNKNOWN | — | Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, the nginx-ui backup restore mechanism allows attackers to tamper … | Mar 30, 2026 |
| CVE-2026-32275 | UNKNOWN | — | Tautulli is a Python based monitoring and tracking tool for Plex Media Server. From version 1.3.10 to before version 2.17.0, an unsanitized JSONP callback parameter … | Mar 30, 2026 |
| CVE-2026-31831 | UNKNOWN | — | Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Prior to version 2.17.0, the /newsletter/image/images API endpoint is vulnerable to path … | Mar 30, 2026 |
| CVE-2026-31804 | MEDIUM | 4.0 | Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Prior to version 2.17.0, the /pms_image_proxy endpoint accepts a user-supplied img parameter … | Mar 30, 2026 |
| CVE-2026-31799 | MEDIUM | 4.9 | Tautulli is a Python based monitoring and tracking tool for Plex Media Server. From version 2.14.2 to before version 2.17.0 for parameters "before" and "after" … | Mar 30, 2026 |
| CVE-2026-30307 | UNKNOWN | — | Roo Code's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on fragile … | Mar 30, 2026 |