Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
14247
Total
958
Critical
4177
High
4519
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2025-66215 | LOW | 3.8 | OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, an attacker with physical access to the computer at the time … | Mar 30, 2026 |
| CVE-2025-66038 | LOW | 3.9 | OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, sc_compacttlv_find_tag searches a compact-TLV buffer for a given tag. In compact-TLV, … | Mar 30, 2026 |
| CVE-2025-66037 | LOW | 3.9 | OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, feeding a crafted input to the fuzz_pkcs15_reader harness causes OpenSC to … | Mar 30, 2026 |
| CVE-2025-49010 | LOW | 3.8 | OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, an attacker with physical access to the computer at the time … | Mar 30, 2026 |
| CVE-2026-5124 | LOW | 3.7 | A security vulnerability has been detected in osrg GoBGP up to 4.3.0. Affected is the function BGPHeader.DecodeFromBytes of the file pkg/packet/bgp/bgp.go of the component BGP … | Mar 30, 2026 |
| CVE-2026-29954 | HIGH | 7.6 | In KubePlus 4.1.4, the mutating webhook and kubeconfiggenerator components have an SSRF vulnerability when processing the chartURL field of ResourceComposition resources. The field is only … | Mar 30, 2026 |
| CVE-2026-29909 | MEDIUM | 5.3 | MRCMS V3.1.2 contains an unauthenticated directory enumeration vulnerability in the file management module. The /admin/file/list.do endpoint lacks authentication controls and proper input validation, allowing remote … | Mar 30, 2026 |
| CVE-2026-27508 | MEDIUM | 5.4 | Smoothwall Express versions prior to 3.1 Update 13 contain a reflected cross-site scripting vulnerability in the /redirect.cgi endpoint due to improper sanitation of the url … | Mar 30, 2026 |
| CVE-2026-26352 | MEDIUM | 5.4 | Smoothwall Express versions prior to 3.1 Update 13 contain a stored cross-site scripting vulnerability in the /cgi-bin/vpnmain.cgi script due to improper sanitation of the VPN_IP … | Mar 30, 2026 |
| CVE-2026-5170 | MEDIUM | 5.3 | A user with access to the cluster with a limited set of privilege actions can trigger a crash of a mongod process during the limited … | Mar 30, 2026 |
| CVE-2026-5123 | LOW | 3.7 | A weakness has been identified in osrg GoBGP up to 4.3.0. This impacts the function DecodeFromBytes of the file pkg/packet/bgp/bgp.go. Executing a manipulation of the … | Mar 30, 2026 |
| CVE-2026-34472 | HIGH | 7.1 | Unauthenticated credential disclosure in the wizard interface in ZTE ZXHN H188A V6.0.10P2_TE and V6.0.10P3N3_TE allows unauthenticated attackers on the local network to retrieve sensitive credentials … | Mar 30, 2026 |
| CVE-2026-33643 | HIGH | 7.4 | SQL Injection vulnerability in SchemaHero 0.23.0 via the column parameter to the mysqlColumnAsInsert function in file plugins/mysql/lib/column.go. | Mar 30, 2026 |
| CVE-2026-30562 | CRITICAL | 9.3 | A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the add_stock.php file via the "msg" … | Mar 30, 2026 |
| CVE-2026-30561 | UNKNOWN | — | A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the add_purchase.php file via the "msg" … | Mar 30, 2026 |
| CVE-2026-30560 | UNKNOWN | — | A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the add_supplier.php file via the "msg" … | Mar 30, 2026 |
| CVE-2026-30559 | UNKNOWN | — | A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the add_sales.php file via the "msg" … | Mar 30, 2026 |
| CVE-2026-30558 | UNKNOWN | — | A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the add_customer.php file via the "msg" … | Mar 30, 2026 |
| CVE-2026-30557 | UNKNOWN | — | A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the add_category.php file via the "msg" … | Mar 30, 2026 |
| CVE-2026-30556 | UNKNOWN | — | A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the index.php file via the "msg" … | Mar 30, 2026 |
| CVE-2026-2287 | UNKNOWN | — | CrewAI does not properly check that Docker is still running during runtime, and will fall back to a sandbox setting that allows for RCE exploitation. | Mar 30, 2026 |
| CVE-2026-2286 | UNKNOWN | — | CrewAI contains a server-side request forgery vulnerability that enables content acquisition from internal and cloud services, facilitated by the RAG search tools not properly validating … | Mar 30, 2026 |
| CVE-2026-2285 | UNKNOWN | — | CrewAI contains a arbitrary local file read vulnerability in the JSON loader tool that reads files without path validation, enabling access to files on the … | Mar 30, 2026 |
| CVE-2026-2275 | UNKNOWN | — | The CrewAI CodeInterpreter tool falls back to SandboxPython when it cannot reach Docker, which can enable RCE through arbitrary C function calling. | Mar 30, 2026 |
| CVE-2026-29953 | HIGH | 7.4 | SQL Injection vulnerability in SchemaHero 0.23.0 via the column parameter to the columnAsInsert function in file plugins/postgres/lib/column.go. | Mar 30, 2026 |