Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
14261
Total
958
Critical
4182
High
4527
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-34387 | UNKNOWN | — | Fleet is open source device management software. Prior to 4.81.1, a command injection vulnerability in Fleet's software installer pipeline allows an attacker to achieve arbitrary … | Mar 27, 2026 |
| CVE-2026-34386 | UNKNOWN | — | Fleet is open source device management software. Prior to 4.81.0, a SQL injection vulnerability in Fleet's MDM bootstrap package configuration allows an authenticated user with … | Mar 27, 2026 |
| CVE-2026-34385 | UNKNOWN | — | Fleet is open source device management software. Prior to 4.81.0, a second-order SQL injection vulnerability in Fleet's Apple MDM profile delivery pipeline could allow an … | Mar 27, 2026 |
| CVE-2026-34375 | HIGH | 8.2 | WWBN AVideo is an open source video platform. In versions up to and including 26.0, the YPTWallet Stripe payment confirmation page directly echoes the `$_REQUEST['plugin']` … | Mar 27, 2026 |
| CVE-2026-34374 | CRITICAL | 9.1 | WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `Live_schedule::keyExists()` method constructs a SQL query by interpolating a … | Mar 27, 2026 |
| CVE-2026-34369 | MEDIUM | 5.3 | WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `get_api_video_file` and `get_api_video` API endpoints in AVideo return full … | Mar 27, 2026 |
| CVE-2026-29180 | UNKNOWN | — | Fleet is open source device management software. Prior to 4.81.1, a broken access control vulnerability in Fleet's host transfer API allows a team maintainer to … | Mar 27, 2026 |
| CVE-2026-26061 | UNKNOWN | — | Fleet is open source device management software. Prior to 4.81.0, Fleet contained multiple unauthenticated HTTP endpoints that read request bodies without enforcing a size limit. … | Mar 27, 2026 |
| CVE-2026-26060 | UNKNOWN | — | Fleet is open source device management software. Prior to 4.81.0, a vulnerability in Fleet’s password management logic could allow previously issued password reset tokens to … | Mar 27, 2026 |
| CVE-2025-15612 | MEDIUM | 4.8 | Wazuh provisioning scripts and Dockerfiles contain an insecure transport vulnerability where curl is invoked with the -k/--insecure flag, disabling SSL/TLS certificate validation. Attackers with network … | Mar 27, 2026 |
| CVE-2026-4968 | MEDIUM | 4.3 | A vulnerability was determined in SourceCodester Diary App 1.0. The affected element is an unknown function of the file diary.php. Executing a manipulation can lead … | Mar 27, 2026 |
| CVE-2026-4966 | MEDIUM | 6.3 | A flaw has been found in itsourcecode Free Hotel Reservation System 1.0. Impacted is an unknown function of the file /admin/mod_room/index.php?view=edit. Executing a manipulation of … | Mar 27, 2026 |
| CVE-2026-4965 | HIGH | 7.3 | A vulnerability was detected in letta-ai letta 0.16.4. This issue affects the function resolve_type of the file letta/functions/ast_parsers.py of the component Incomplete Fix CVE-2025-6101. Performing … | Mar 27, 2026 |
| CVE-2026-34368 | MEDIUM | 5.3 | WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `transferBalance()` method in `plugin/YPTWallet/YPTWallet.php` contains a Time-of-Check-Time-of-Use (TOCTOU) race … | Mar 27, 2026 |
| CVE-2026-34364 | MEDIUM | 5.3 | WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `categories.json.php` endpoint, which serves the category listing API, fails … | Mar 27, 2026 |
| CVE-2026-30568 | MEDIUM | 4.8 | A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Inventory System 1.0 in in the view_purchase.php file via the "limit" parameter. The application fails to … | Mar 27, 2026 |
| CVE-2026-30567 | UNKNOWN | — | A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Inventory System 1.0 in the view_product.php file via the "limit" parameter. The application fails to sanitize … | Mar 27, 2026 |
| CVE-2025-15617 | MEDIUM | 6.5 | Wazuh version 4.12.0 contains an exposure vulnerability in GitHub Actions workflow artifacts that allows attackers to extract the GITHUB_TOKEN from uploaded artifacts. Attackers can use … | Mar 27, 2026 |
| CVE-2026-4964 | MEDIUM | 6.3 | A security vulnerability has been detected in letta-ai letta 0.16.4. This vulnerability affects the function _convert_message_create_to_message of the file letta/helpers/message_helper.py of the component File URL … | Mar 27, 2026 |
| CVE-2026-4963 | MEDIUM | 6.3 | A weakness has been identified in huggingface smolagents 1.25.0.dev0. This affects the function evaluate_augassign/evaluate_call/evaluate_with of the file src/smolagents/local_python_executor.py of the component Incomplete Fix CVE-2025-9959. This … | Mar 27, 2026 |
| CVE-2026-4962 | HIGH | 7.0 | A security flaw has been discovered in UltraVNC up to 1.6.4.0. Affected by this issue is some unknown functionality in the library version.dll of the … | Mar 27, 2026 |
| CVE-2026-4961 | HIGH | 8.8 | A vulnerability was identified in Tenda AC6 15.03.05.16. Affected by this vulnerability is the function formQuickIndex of the file /goform/QuickIndex of the component POST Request … | Mar 27, 2026 |
| CVE-2026-4960 | HIGH | 8.8 | A vulnerability was determined in Tenda AC6 15.03.05.16. Affected is the function fromWizardHandle of the file /goform/WizardHandle of the component POST Request Handler. Executing a … | Mar 27, 2026 |
| CVE-2026-34411 | MEDIUM | 5.3 | Appsmith versions prior to 1.98 expose sensitive instance management API endpoints without authentication. Unauthenticated attackers can query endpoints like /api/v1/consolidated-api/view and /api/v1/tenants/current to retrieve configuration … | Mar 27, 2026 |
| CVE-2026-34362 | MEDIUM | 5.4 | WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `verifyTokenSocket()` function in `plugin/YPTSocket/functions.php` has its token timeout validation … | Mar 27, 2026 |