Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
14261
Total
958
Critical
4182
High
4527
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-33559 | MEDIUM | 5.4 | WordPress Plugin "OpenStreetMap" provided by MiKa contains a cross-site scripting vulnerability. On the site with the affected version of the plugin enabled, a logged-in user … | Mar 27, 2026 |
| CVE-2026-33366 | MEDIUM | 5.3 | Missing authentication for critical function vulnerability in BUFFALO Wi-Fi router products may allow an attacker to forcibly reboot the product without authentication. | Mar 27, 2026 |
| CVE-2026-33280 | HIGH | 7.2 | Hidden functionality issue exists in BUFFALO Wi-Fi router products, which may allow an attacker to gain access to the product’s debugging functionality, resulting in the … | Mar 27, 2026 |
| CVE-2026-32678 | HIGH | 7.5 | Authentication bypass issue exists in BUFFALO Wi-Fi router products, which may allow an attacker to alter critical configuration settings without authentication. | Mar 27, 2026 |
| CVE-2026-32669 | HIGH | 8.8 | Code injection vulnerability exists in BUFFALO Wi-Fi router products. If this vulnerability is exploited, an arbitrary code may be executed on the products. | Mar 27, 2026 |
| CVE-2026-27650 | HIGH | 8.8 | OS Command Injection vulnerability exists in BUFFALO Wi-Fi router products. If this vulnerability is exploited, an arbitrary OS command may be executed on the products. | Mar 27, 2026 |
| CVE-2026-22744 | HIGH | 7.5 | In RedisFilterExpressionConverter of spring-ai-redis-store, when a user-controlled string is passed as a filter value for a TAG field, stringValue() inserts the value directly into the … | Mar 27, 2026 |
| CVE-2026-22743 | HIGH | 7.5 | Spring AI's spring-ai-neo4j-store contains a Cypher injection vulnerability in Neo4jVectorFilterExpressionConverter. When a user-controlled string is passed as a filter expression key in Neo4jVectorFilterExpressionConverter of spring-ai-neo4j-store, … | Mar 27, 2026 |
| CVE-2026-22742 | HIGH | 8.6 | Spring AI's spring-ai-bedrock-converse contains a Server-Side Request Forgery (SSRF) vulnerability in BedrockProxyChatModel when processing multimodal messages that include user-supplied media URLs. Insufficient validation of those … | Mar 27, 2026 |
| CVE-2026-22738 | CRITICAL | 9.8 | In Spring AI, a SpEL injection vulnerability exists in SimpleVectorStore when a user-supplied value is used as a filter expression key. A malicious actor could … | Mar 27, 2026 |
| CVE-2024-14028 | MEDIUM | 6.5 | Use after free vulnerability in Softing smartLink HW-DP or smartLink HW-PN webserver allows HTTP DoS. This issue affects: smartLink HW-DP: through 1.31 smartLink HW-PN: before … | Mar 27, 2026 |