NVD Vulnerabilities

Severity Distribution

Publication Trend

Vulnerability Database

CVE ID	Description	Published	Base Score	Attack Vector	Severity	Actions
CVE-2026-39413	LightRAG provides simple and fast retrieval-augmented generation. Prior to 1.4.14, the LightRAG API is vulnerable to a JWT algorithm confusion attack ...	2026-04-08	4.2	NETWORK	MEDIUM	NVD
CVE-2026-39412	LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.25.4, the sort_natural filter bypasses the ownProperty...	2026-04-08	5.3	NETWORK	MEDIUM	NVD
CVE-2026-39411	LobeHub is a work-and-lifestyle space to find, build, and collaborate with agent teammates that grow with you. Prior to 2.1.48, the webapi authenticat...	2026-04-08	5.0	NETWORK	MEDIUM	NVD
CVE-2026-39362	InvenTree is an Open Source Inventory Management System. Prior to 1.2.7 and 1.3.0, when INVENTREE_DOWNLOAD_FROM_URL is enabled (opt-in), authenticated...	2026-04-08	5.3	NETWORK	MEDIUM	NVD
CVE-2026-35525	LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.25.3, for {% include %}, {% render %}, and {% layout %...	2026-04-08	7.5	NETWORK	HIGH	NVD
CVE-2026-35479	InvenTree is an Open Source Inventory Management System. Prior to 1.2.7 and 1.3.0, any users who have staff access permissions can install plugins via...	2026-04-08	6.6	NETWORK	MEDIUM	NVD
CVE-2026-35478	InvenTree is an Open Source Inventory Management System. From 0.16.0 to before 1.2.7, any authenticated InvenTree user can create a valid API token at...	2026-04-08	8.3	NETWORK	HIGH	NVD
CVE-2026-35477	InvenTree is an Open Source Inventory Management System. From 1.2.3 to 1.2.6, the fix for CVE-2026-27629 upgraded the PART_NAME_FORMAT validator to us...	2026-04-08	5.5	NETWORK	MEDIUM	NVD
CVE-2026-35476	InvenTree is an Open Source Inventory Management System. Prior to 1.2.7 and 1.3.0, a non-staff authenticated user can elevate their account to a staff...	2026-04-08	7.2	NETWORK	HIGH	NVD
CVE-2026-23869	A denial of service vulnerability exists in React Server Components, affecting the following packages: react-server-dom-parcel, react-server-dom-turbo...	2026-04-08	7.5	NETWORK	HIGH	NVD
CVE-2026-39851	Saleor is an e-commerce platform. From 2.10.0 to before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, the requestEmailChange() mutation was revealing the ...	2026-04-08	5.3	NETWORK	MEDIUM	NVD
CVE-2026-35455	immich is a high performance self-hosted photo and video management solution. Prior to 2.7.0, sStored Cross-Site Scripting (XSS) in the 360° panorama ...	2026-04-08	7.3	LOCAL	HIGH	NVD
CVE-2026-35446	LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provides data- and project-management for neuroimaging r...	2026-04-08	7.7	NETWORK	HIGH	NVD
CVE-2026-35407	Saleor is an e-commerce platform. From 2.10.0 to before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, a business-logic and authorization flaw was found in...	2026-04-08	6.5	NETWORK	MEDIUM	NVD
CVE-2026-35403	LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provides data- and project-management for neuroimaging r...	2026-04-08	6.5	NETWORK	MEDIUM	NVD

Loading vulnerability details...

Description

EPSS Score

N/A

Exploit Prediction Scoring System

Dates

Published:

Last Modified:

CVSS v3.1 metrics not available for this vulnerability.

CVSS v4.0 metrics not available for this vulnerability.

CVSS v2.0 metrics not available for this vulnerability.

Weakness Information (CWE)

No CWE information available for this vulnerability.

Affected Products

No affected product information available for this vulnerability.

References

No references available for this vulnerability.