Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
14261
Total
958
Critical
4182
High
4527
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-33750 | MEDIUM | 6.5 | The brace-expansion library generates arbitrary strings containing a common prefix and suffix. Prior to versions 5.0.5, 3.0.2, 2.0.3, and 1.1.13, a brace pattern with a … | Mar 27, 2026 |
| CVE-2026-33748 | UNKNOWN | — | BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, insufficient validation of … | Mar 27, 2026 |
| CVE-2026-33433 | UNKNOWN | — | Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.42, 3.6.11, and 3.7.0-ea.3, when `headerField` is configured with a non-canonical HTTP header … | Mar 27, 2026 |
| CVE-2026-33284 | UNKNOWN | — | GlobaLeaks is free and open-source whistleblowing software. Prior to version 5.0.89, the /api/support endpoint of GlobaLeaks performs minimal validation on user-submitted support requests. As a … | Mar 27, 2026 |
| CVE-2026-33206 | UNKNOWN | — | calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.6.0, a path traversal vulnerability exists in Calibre' handling … | Mar 27, 2026 |
| CVE-2026-33205 | UNKNOWN | — | calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.6.0, a Server-Side Request Forgery vulnerability in the background-image … | Mar 27, 2026 |
| CVE-2026-30689 | HIGH | 7.5 | A blog.admin v.8.0 and before system's getinfobytoken API interface contains an improper access control which leads to sensitive data exposure. Unauthorized parties can obtain sensitive … | Mar 27, 2026 |
| CVE-2026-30637 | HIGH | 7.5 | Server-Side Request Forgery (SSRF) vulnerability exists in the AnnounContent of the /admin/read.php in OTCMS V7.66 and before. The vulnerability allows remote attackers to craft HTTP … | Mar 27, 2026 |
| CVE-2026-30407 | UNKNOWN | — | Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by its CNA. Further investigation showed that it was not … | Mar 27, 2026 |
| CVE-2026-30304 | CRITICAL | 9.6 | In its design for automatic terminal command execution, AI Code offers two options: Execute safe commands and execute all commands. The description for the former … | Mar 27, 2026 |
| CVE-2026-30303 | CRITICAL | 9.8 | The command auto-approval module in Axon Code contains an OS Command Injection vulnerability, rendering its whitelist security mechanism ineffective. The vulnerability stems from the incorrect … | Mar 27, 2026 |
| CVE-2026-29871 | HIGH | 7.5 | A path traversal vulnerability exists in the awesome-llm-apps project in commit e46690f99c3f08be80a9877fab52acacf7ab8251 (2026-01-19) in the Beifong AI News and Podcast Agent backend in FastAPI backend, … | Mar 27, 2026 |
| CVE-2026-28375 | MEDIUM | 6.5 | A testdata data-source can be used to trigger out-of-memory crashes in Grafana. | Mar 27, 2026 |
| CVE-2026-27880 | HIGH | 7.5 | The OpenFeature feature toggle evaluation endpoint reads unbounded values into memory, which can cause out-of-memory crashes. | Mar 27, 2026 |
| CVE-2026-27879 | MEDIUM | 6.5 | A resample query can be used to trigger out-of-memory crashes in Grafana. | Mar 27, 2026 |
| CVE-2026-27877 | MEDIUM | 6.5 | When using public dashboards and direct data-sources, all direct data-sources' passwords are exposed despite not being used in dashboards. No passwords of proxied data-sources are … | Mar 27, 2026 |
| CVE-2026-27876 | CRITICAL | 9.1 | A chained attack via SQL Expressions and a Grafana Enterprise plugin can lead to a remote arbitrary code execution impact (RCE). This is enabled by … | Mar 27, 2026 |
| CVE-2026-1496 | UNKNOWN | — | Vulnerable versions of Coverity Connect lack an error handler in the authentication logic for command line tooling that makes it vulnerable to an authentication bypass. … | Mar 27, 2026 |
| CVE-2025-69988 | MEDIUM | 6.5 | BS Producten Petcam 33.1.0.0818 is vulnerable to Incorrect Access Control. An unauthenticated attacker in physical proximity can associate with this open network. Once connected, the … | Mar 27, 2026 |
| CVE-2025-69986 | HIGH | 7.2 | A buffer overflow vulnerability exists in the ONVIF GetStreamUri function of LSC Indoor Camera V7.6.32. The application fails to validate the length of the Protocol … | Mar 27, 2026 |
| CVE-2025-61190 | UNKNOWN | — | A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in DSpace JSPUI 6.5 within the search/discover filtering functionality. The vulnerability exists due to improper sanitization … | Mar 27, 2026 |
| CVE-2024-11604 | UNKNOWN | — | Insertion of Sensitive Information into Log File vulnerability in the SCIM Driver module in OpenText IDM Driver and Extensions on Windows, Linux, 64 bit allows … | Mar 27, 2026 |
| CVE-2026-32859 | MEDIUM | 5.4 | ByteDance Deer-Flow versions prior to commit 5dbb362 contain a stored cross-site scripting vulnerability in the artifacts API that allows attackers to execute arbitrary scripts by … | Mar 27, 2026 |
| CVE-2026-32695 | UNKNOWN | — | Traefik is an HTTP reverse proxy and load balancer. Prior to versions 3.6.11 and 3.7.0-ea.2, Traefik's Knative provider builds router rules by interpolating user-controlled values … | Mar 27, 2026 |
| CVE-2025-13478 | UNKNOWN | — | Cache misconfiguration vulnerability in OpenText Identity Manager on Windows, Linux allows remote authenticated users to obtain another user's session data via insecure application cache handling. … | Mar 27, 2026 |