Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
14253
Total
958
Critical
4178
High
4523
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-30556 | UNKNOWN | — | A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the index.php file via the "msg" … | Mar 30, 2026 |
| CVE-2026-2287 | UNKNOWN | — | CrewAI does not properly check that Docker is still running during runtime, and will fall back to a sandbox setting that allows for RCE exploitation. | Mar 30, 2026 |
| CVE-2026-2286 | UNKNOWN | — | CrewAI contains a server-side request forgery vulnerability that enables content acquisition from internal and cloud services, facilitated by the RAG search tools not properly validating … | Mar 30, 2026 |
| CVE-2026-2285 | UNKNOWN | — | CrewAI contains a arbitrary local file read vulnerability in the JSON loader tool that reads files without path validation, enabling access to files on the … | Mar 30, 2026 |
| CVE-2026-2275 | UNKNOWN | — | The CrewAI CodeInterpreter tool falls back to SandboxPython when it cannot reach Docker, which can enable RCE through arbitrary C function calling. | Mar 30, 2026 |
| CVE-2026-29953 | HIGH | 7.4 | SQL Injection vulnerability in SchemaHero 0.23.0 via the column parameter to the columnAsInsert function in file plugins/postgres/lib/column.go. | Mar 30, 2026 |
| CVE-2026-29597 | MEDIUM | 6.5 | Incorrect access control in the file_details.asp endpoint of DDSN Interactive Acora CMS v10.7.1 allows attackers with editor privileges to access sensitive files via crafted requests. | Mar 30, 2026 |
| CVE-2026-21712 | MEDIUM | 5.7 | A flaw in Node.js URL processing causes an assertion failure in native code when `url.format()` is called with a malformed internationalized domain name (IDN) containing … | Mar 30, 2026 |
| CVE-2026-5165 | MEDIUM | 6.7 | A flaw was found in virtio-win, specifically within the VirtIO Block (BLK) device. When the device undergoes a reset, it fails to properly manage memory, … | Mar 30, 2026 |
| CVE-2026-5164 | MEDIUM | 6.7 | A flaw was found in virtio-win. The `RhelDoUnMap()` function does not properly validate the number of descriptors provided by a user during an unmap request. … | Mar 30, 2026 |
| CVE-2026-5122 | LOW | 3.7 | A security flaw has been discovered in osrg GoBGP up to 4.3.0. This affects the function DecodeFromBytes of the file pkg/packet/bgp/bgp.go of the component BGP … | Mar 30, 2026 |
| CVE-2026-33373 | UNKNOWN | — | An issue was discovered in Zimbra Collaboration (ZCS) 10.0 and 10.1. A Cross-Site Request Forgery (CSRF) vulnerability exists in Zimbra Web Client due to the … | Mar 30, 2026 |
| CVE-2026-30566 | MEDIUM | 6.1 | A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the view_customers.php file via the "limit" … | Mar 30, 2026 |
| CVE-2026-30565 | MEDIUM | 6.1 | A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the view_supplier.php file via the "limit" … | Mar 30, 2026 |
| CVE-2026-30564 | MEDIUM | 6.1 | A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the view_payments.php file via the "limit" … | Mar 30, 2026 |
| CVE-2026-30563 | MEDIUM | 6.1 | A Stored Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the update_details.php file. The application fails … | Mar 30, 2026 |
| CVE-2026-30082 | MEDIUM | 6.1 | Multiple stored cross-site scripting (XSS) vulnerabilities in the Edit feature of the Software Package List page of IngEstate Server v11.14.0 allow attackers to execute arbitrary … | Mar 30, 2026 |
| CVE-2026-3321 | UNKNOWN | — | A vulnerability of authorization bypass through user-controlled key in the 'console-survey/api/v1/answer/{EVENTID}/{TIMESTAMP}/' endpoint. Exploiting this vulnerability would allow an unauthenticated attacker to enumerate event IDs and … | Mar 30, 2026 |
| CVE-2026-28528 | MEDIUM | 4.6 | BlueKitchen BTstack versions prior to 1.8.1 contain an out-of-bounds read vulnerability in the AVRCP Browsing Target GET_FOLDER_ITEMS handler that fails to validate packet boundaries and … | Mar 30, 2026 |
| CVE-2026-28527 | LOW | 3.5 | BlueKitchen BTstack versions prior to 1.8.1 contain an out-of-bounds read vulnerability in the AVRCP Controller GET_PLAYER_APPLICATION_SETTING_ATTRIBUTE_TEXT and GET_PLAYER_APPLICATION_SETTING_VALUE_TEXT handlers that allows nearby attackers to read … | Mar 30, 2026 |
| CVE-2026-28526 | LOW | 3.5 | BlueKitchen BTstack versions prior to 1.8.1 contain an out-of-bounds read vulnerability in the AVRCP Controller LIST_PLAYER_APPLICATION_SETTING_ATTRIBUTES and LIST_PLAYER_APPLICATION_SETTING_VALUES handlers that allows attackers to read beyond … | Mar 30, 2026 |
| CVE-2026-4315 | UNKNOWN | — | A Cross-Site Request Forgery (CSRF) vulnerability in the WatchGuard Fireware OS WebUI could allow a remote attacker to trigger a denial-of-service (DoS) condition in the … | Mar 30, 2026 |
| CVE-2026-4266 | UNKNOWN | — | An Insecure Deserialization vulnerability in WatchGuard Fireware OS allows an attacker that has obtained write access to the local filesystem through another vulnerability to execute … | Mar 30, 2026 |
| CVE-2026-4425 | UNKNOWN | — | Rejected reason: Reserved for EastLink case, but no need for CVE anymore | Mar 30, 2026 |
| CVE-2019-25655 | MEDIUM | 6.2 | Device Monitoring Studio 8.10.00.8925 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string to … | Mar 30, 2026 |