Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
14261
Total
958
Critical
4182
High
4527
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-34247 | MEDIUM | 5.4 | WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `plugin/Live/uploadPoster.php` endpoint allows any authenticated user to overwrite the … | Mar 27, 2026 |
| CVE-2026-34245 | MEDIUM | 6.3 | WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `plugin/PlayLists/View/Playlists_schedules/add.json.php` endpoint allows any authenticated user with streaming permission … | Mar 27, 2026 |
| CVE-2026-33867 | UNKNOWN | — | WWBN AVideo is an open source video platform. In versions up to and including 26.0, AVideo allows content owners to password-protect individual videos. The video … | Mar 27, 2026 |
| CVE-2026-33770 | UNKNOWN | — | WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `fixCleanTitle()` static method in `objects/category.php` constructs a SQL SELECT … | Mar 27, 2026 |
| CVE-2026-33767 | UNKNOWN | — | WWBN AVideo is an open source video platform. In versions up to and including 26.0, in `objects/like.php`, the `getLike()` method constructs a SQL query using … | Mar 27, 2026 |
| CVE-2026-30576 | HIGH | 7.5 | A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0 in the add-stock.php file. The application fails to validate the "txtprice" and "txttotalcost" … | Mar 27, 2026 |
| CVE-2026-30575 | HIGH | 7.5 | A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0 in the add-stock.php file. The application fails to validate the "txtqty" parameter during … | Mar 27, 2026 |
| CVE-2026-30574 | HIGH | 7.5 | A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0 in the add-sales.php file. The application fails to verify if the requested sales … | Mar 27, 2026 |
| CVE-2026-30571 | UNKNOWN | — | A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Inventory System 1.0 in the view_category.php file via the "limit" parameter. The application fails to sanitize … | Mar 27, 2026 |
| CVE-2026-30570 | UNKNOWN | — | A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Inventory System 1.0 in the view_sales.php file via the "limit" parameter. The application fails to sanitize … | Mar 27, 2026 |
| CVE-2026-30569 | UNKNOWN | — | A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Inventory System 1.0. The vulnerability is located in the view_stock_availability.php file via the "limit" parameter. The … | Mar 27, 2026 |
| CVE-2026-28369 | HIGH | 8.7 | A flaw was found in Undertow. When Undertow receives an HTTP request where the first header line starts with one or more spaces, it incorrectly … | Mar 27, 2026 |
| CVE-2026-28368 | HIGH | 8.7 | A flaw was found in Undertow. This vulnerability allows a remote attacker to construct specially crafted requests where header names are parsed differently by Undertow … | Mar 27, 2026 |
| CVE-2026-28367 | HIGH | 8.7 | A flaw was found in Undertow. A remote attacker can exploit this vulnerability by sending `\r\r\r` as a header block terminator. This can be used … | Mar 27, 2026 |
| CVE-2025-15616 | MEDIUM | 6.7 | Wazuh wazuh-agent and wazuh-manager versions 2.1.0 before 4.8.0 contain multiple shell injection and untrusted search path vulnerabilities that allow attackers to execute arbitrary commands through … | Mar 27, 2026 |
| CVE-2025-15615 | MEDIUM | 5.8 | Wazuh Manager authd service in wazuh-manager packages through version 4.7.3 contains an improper restriction of client-initiated SSL/TLS renegotiation vulnerability that allows remote attackers to cause … | Mar 27, 2026 |
| CVE-2025-15381 | HIGH | 8.1 | In the latest version of mlflow/mlflow, when the `basic-auth` app is enabled, tracing and assessment endpoints are not protected by permission validators. This allows any … | Mar 27, 2026 |
| CVE-2026-4959 | HIGH | 7.3 | A vulnerability was found in OpenBMB XAgent 1.0.0. This impacts the function check_user of the file XAgentServer/application/websockets/share.py of the component ShareServer WebSocket Endpoint. Performing a … | Mar 27, 2026 |
| CVE-2026-4958 | LOW | 3.1 | A vulnerability has been found in OpenBMB XAgent 1.0.0. This affects the function ReplayServer.on_connect/ReplayServer.send_data of the file XAgentServer/application/websockets/replayer.py of the component WebSocket Endpoint. Such manipulation … | Mar 27, 2026 |
| CVE-2026-32984 | LOW | 3.5 | Wazuh authd contains a heap-buffer overflow vulnerability that allows attackers to cause memory corruption and malformed heap data by sending specially crafted input. Attackers can … | Mar 27, 2026 |
| CVE-2026-32983 | MEDIUM | 5.8 | Wazuh Manager authd service in wazuh-manager packages through version 4.7.3 contains an improper restriction of client-initiated SSL/TLS renegotiation vulnerability that allows remote attackers to cause … | Mar 27, 2026 |
| CVE-2026-30534 | HIGH | 8.3 | A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in admin/manage_category.php via the "id" parameter. | Mar 27, 2026 |
| CVE-2026-30533 | CRITICAL | 9.8 | A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the admin/manage_product.php file via the "id" parameter. | Mar 27, 2026 |
| CVE-2026-30532 | CRITICAL | 9.8 | A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the admin/view_product.php file via the "id" parameter. | Mar 27, 2026 |
| CVE-2026-30531 | HIGH | 8.8 | A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Actions.php file (specifically the save_category action). The application fails to properly … | Mar 27, 2026 |