Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
226
Total
14
Critical
71
High
67
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-30569 | UNKNOWN | — | A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Inventory System 1.0. The vulnerability is located in the view_stock_availability.php file via the "limit" parameter. The … | Mar 27, 2026 |
| CVE-2026-28369 | HIGH | 8.7 | A flaw was found in Undertow. When Undertow receives an HTTP request where the first header line starts with one or more spaces, it incorrectly … | Mar 27, 2026 |
| CVE-2026-28368 | HIGH | 8.7 | A flaw was found in Undertow. This vulnerability allows a remote attacker to construct specially crafted requests where header names are parsed differently by Undertow … | Mar 27, 2026 |
| CVE-2026-28367 | HIGH | 8.7 | A flaw was found in Undertow. A remote attacker can exploit this vulnerability by sending `\r\r\r` as a header block terminator. This can be used … | Mar 27, 2026 |
| CVE-2025-15616 | MEDIUM | 6.7 | Wazuh wazuh-agent and wazuh-manager versions 2.1.0 before 4.8.0 contain multiple shell injection and untrusted search path vulnerabilities that allow attackers to execute arbitrary commands through … | Mar 27, 2026 |
| CVE-2025-15615 | MEDIUM | 5.8 | Wazuh Manager authd service in wazuh-manager packages through version 4.7.3 contains an improper restriction of client-initiated SSL/TLS renegotiation vulnerability that allows remote attackers to cause … | Mar 27, 2026 |
| CVE-2025-15381 | HIGH | 8.1 | In the latest version of mlflow/mlflow, when the `basic-auth` app is enabled, tracing and assessment endpoints are not protected by permission validators. This allows any … | Mar 27, 2026 |
| CVE-2026-4959 | HIGH | 7.3 | A vulnerability was found in OpenBMB XAgent 1.0.0. This impacts the function check_user of the file XAgentServer/application/websockets/share.py of the component ShareServer WebSocket Endpoint. Performing a … | Mar 27, 2026 |
| CVE-2026-4958 | LOW | 3.1 | A vulnerability has been found in OpenBMB XAgent 1.0.0. This affects the function ReplayServer.on_connect/ReplayServer.send_data of the file XAgentServer/application/websockets/replayer.py of the component WebSocket Endpoint. Such manipulation … | Mar 27, 2026 |
| CVE-2026-32984 | LOW | 3.5 | Wazuh authd contains a heap-buffer overflow vulnerability that allows attackers to cause memory corruption and malformed heap data by sending specially crafted input. Attackers can … | Mar 27, 2026 |
| CVE-2026-32983 | MEDIUM | 5.8 | Wazuh Manager authd service in wazuh-manager packages through version 4.7.3 contains an improper restriction of client-initiated SSL/TLS renegotiation vulnerability that allows remote attackers to cause … | Mar 27, 2026 |
| CVE-2026-30534 | HIGH | 8.3 | A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in admin/manage_category.php via the "id" parameter. | Mar 27, 2026 |
| CVE-2026-30533 | CRITICAL | 9.8 | A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the admin/manage_product.php file via the "id" parameter. | Mar 27, 2026 |
| CVE-2026-30532 | CRITICAL | 9.8 | A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the admin/view_product.php file via the "id" parameter. | Mar 27, 2026 |
| CVE-2026-30531 | HIGH | 8.8 | A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Actions.php file (specifically the save_category action). The application fails to properly … | Mar 27, 2026 |
| CVE-2026-30530 | CRITICAL | 9.8 | A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Actions.php file (specifically the save_customer action). The application fails to properly … | Mar 27, 2026 |
| CVE-2026-30529 | HIGH | 8.8 | A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Actions.php file (specifically the save_user action). The application fails to properly … | Mar 27, 2026 |
| CVE-2026-30527 | UNKNOWN | — | A Stored Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Category management module within the admin panel. The application … | Mar 27, 2026 |
| CVE-2026-30302 | CRITICAL | 10.0 | The command auto-approval module in CodeRider-Kilo contains an OS Command Injection vulnerability, rendering its whitelist security mechanism ineffective. The vulnerability stems from the incorrect use … | Mar 27, 2026 |
| CVE-2023-7340 | LOW | 3.5 | Wazuh authd contains a heap-buffer overflow vulnerability that allows attackers to cause memory corruption and malformed heap data by sending specially crafted input. Attackers can … | Mar 27, 2026 |
| CVE-2026-5027 | HIGH | 8.8 | The 'POST /api/v2/files' endpoint does not sanitize the 'filename' parameter from the multipart form data, allowing an attacker to write files to arbitrary locations on … | Mar 27, 2026 |
| CVE-2026-5026 | UNKNOWN | — | The '/api/v1/files/images/{flow_id}/{file_name}' endpoint serves SVG files with the 'image/svg+xml' content type without sanitizing their content. Since SVG files can contain embedded JavaScript, an attacker can … | Mar 27, 2026 |
| CVE-2026-5025 | MEDIUM | 6.5 | The '/logs' and '/logs-stream' endpoints in the log router allow any authenticated user to read the full application log buffer. These endpoints only require basic … | Mar 27, 2026 |
| CVE-2026-5022 | UNKNOWN | — | The '/api/v1/files/images/{flow_id}/{file_name}' endpoint does not enforce any authentication or authorization checks, allowing any unauthenticated user to download images belonging to any flow by knowing (or … | Mar 27, 2026 |
| CVE-2026-5010 | UNKNOWN | — | A reflected Cross-Site Scripting (XSS) vulnerability has been discovered in Clickedu. This vulnerability allows an attacker to execute JavaScript code in the victim’s browser by … | Mar 27, 2026 |