NVD Vulnerabilities

Severity Distribution

Publication Trend

Vulnerability Database

CVE ID	Description	Published	Base Score	Attack Vector	Severity	Actions
CVE-2026-40291	Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, an insecure direct object modification vulnerability in the...	2026-04-14	8.8	NETWORK	HIGH	NVD
CVE-2026-39907	Unisys WebPerfect Image Suite versions 3.0.3960.22810 and 3.0.3960.22604 expose an unauthenticated WCF SOAP endpoint on TCP port 1208 that accepts uns...	2026-04-14	7.0	NETWORK	HIGH	NVD
CVE-2026-39906	Unisys WebPerfect Image Suite versions 3.0.3960.22810 and 3.0.3960.22604 expose a deprecated .NET Remoting TCP channel that allows remote unauthentica...	2026-04-14	7.0	NETWORK	HIGH	NVD
CVE-2026-35196	Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, an OS Command Injection vulnerability exists in the main/in...	2026-04-14	8.8	NETWORK	HIGH	NVD
CVE-2026-34631	InCopy versions 20.5.2, 21.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the con...	2026-04-14	7.8	LOCAL	HIGH	NVD
CVE-2026-34619	ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vuln...	2026-04-14	7.7	NETWORK	HIGH	NVD
CVE-2026-34602	Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, the /api/course_rel_users endpoint is vulnerable to Insecur...	2026-04-14	7.1	NETWORK	HIGH	NVD
CVE-2026-34370	Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, the notebook module contains an Insecure Direct Object Refe...	2026-04-14	6.5	NETWORK	MEDIUM	NVD
CVE-2026-34213	Docmost is open-source collaborative wiki and documentation software. Starting in version 0.3.0 and prior to version 0.71.0, improper authorization in...	2026-04-14	5.4	NETWORK	MEDIUM	NVD
CVE-2026-34212	Docmost is open-source collaborative wiki and documentation software. In versions prior to 0.71.0, improper neutralization of attachment URLs in Docmo...	2026-04-14	5.4	NETWORK	MEDIUM	NVD
CVE-2026-33193	Docmost is open-source collaborative wiki and documentation software. Versions prior to 0.70.0 are vulnerable to a stored cross-site scripting (XSS) a...	2026-04-14	4.6	NETWORK	MEDIUM	NVD
CVE-2026-33146	Docmost is open-source collaborative wiki and documentation software. An authorization bypass vulnerability in versions 0.70.0 through 0.70.2 exposes ...	2026-04-14	4.3	NETWORK	MEDIUM	NVD
CVE-2026-33020	libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. Versions 1.8.7 and prior contain an integer overflow which leads to a h...	2026-04-14	7.1	LOCAL	HIGH	NVD
CVE-2026-33019	libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. Versions 1.8.7 and prior contain an integer overflow leading to an out-...	2026-04-14	7.1	LOCAL	HIGH	NVD
CVE-2026-33018	libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. Versions 1.8.7 and prior contain a Use-After-Free vulnerability via the...	2026-04-14	7.0	LOCAL	HIGH	NVD

Loading vulnerability details...

Description

EPSS Score

N/A

Exploit Prediction Scoring System

Dates

Published:

Last Modified:

CVSS v3.1 metrics not available for this vulnerability.

CVSS v4.0 metrics not available for this vulnerability.

CVSS v2.0 metrics not available for this vulnerability.

Weakness Information (CWE)

No CWE information available for this vulnerability.

Affected Products

No affected product information available for this vulnerability.

References

No references available for this vulnerability.