NVD Vulnerabilities

Severity Distribution

Publication Trend

Vulnerability Database

CVE ID	Description	Published	Base Score	Attack Vector	Severity	Actions
CVE-2026-28352	Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. In versions prior to 3.3.11, the API ...	2026-02-27	6.5	NETWORK	MEDIUM	NVD
CVE-2026-28351	pypdf is a free and open-source pure-python PDF library. Prior to version 6.7.4, an attacker who uses this vulnerability can craft a PDF which leads t...	2026-02-27	6.9	NETWORK	MEDIUM	NVD
CVE-2026-28338	PMD is an extensible multilanguage static code analyzer. Prior to version 7.22.0, PMD's `vbhtml` and `yahtml` report formats insert rule violation mes...	2026-02-27	6.8	NETWORK	MEDIUM	NVD
CVE-2026-28288	Dify is an open-source LLM app development platform. Prior to 1.9.0, responses from the Dify API to existing and non-existent accounts differ, allowin...	2026-02-27	5.5	NETWORK	MEDIUM	NVD
CVE-2026-28272	Kiteworks is a private data network (PDN). Prior to version 9.2.0, a vulnerability in Kiteworks Email Protection Gateway allows authenticated administ...	2026-02-27	8.1	NETWORK	HIGH	NVD
CVE-2026-28271	Kiteworks is a private data network (PDN). Prior to version 9.2.0, a vulnerability in Kiteworks configuration functionality allows bypassing of SSRF p...	2026-02-27	6.5	NETWORK	MEDIUM	NVD
CVE-2026-28270	Kiteworks is a private data network (PDN). Prior to version 9.2.0, a vulnerability in Kiteworks configuration allows uploading of arbitrary files with...	2026-02-27	4.9	NETWORK	MEDIUM	NVD
CVE-2026-28268	Vikunja is an open-source self-hosted task management platform. Versions prior to 2.1.0 have a business logic vulnerability exists in the password res...	2026-02-27	9.8	NETWORK	CRITICAL	NVD
CVE-2018-25160	HTTP::Session2 versions through 1.09 for Perl does not validate the format of user provided session ids, enabling code injection or other impact depen...	2026-02-27	N/A	None	None	NVD
CVE-2026-3255	HTTP::Session2 versions before 1.12 for Perl for Perl may generate weak session ids using the rand() function. The HTTP::Session2 session id generato...	2026-02-27	N/A	None	None	NVD
CVE-2026-28354	ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 #59, collection item operations are vulnerable to authorization flaws, ...	2026-02-27	5.7	NETWORK	MEDIUM	NVD
CVE-2026-28231	pillow_heif is a Python library for working with HEIF images and plugin for Pillow. Prior to version 1.3.0, an integer overflow in the encode path buf...	2026-02-27	5.5	NETWORK	MEDIUM	NVD
CVE-2026-27947	Group-Office is an enterprise customer relationship management and groupware tool. Versions prior to 26.0.9, 25.0.87, and 6.8.154 have an authenticate...	2026-02-27	9.4	NETWORK	CRITICAL	NVD
CVE-2026-27836	phpMyFAQ is an open source FAQ web application. Prior to version 4.0.18, the WebAuthn prepare endpoint (`/api/webauthn/prepare`) creates new active us...	2026-02-27	7.5	NETWORK	HIGH	NVD
CVE-2026-27832	Group-Office is an enterprise customer relationship management and groupware tool. Versions prior to 26.0.8, 25.0.87, and 6.8.153 have a SQL Injection...	2026-02-27	7.1	NETWORK	HIGH	NVD

Loading vulnerability details...

Description

EPSS Score

N/A

Exploit Prediction Scoring System

Dates

Published:

Last Modified:

CVSS v3.1 metrics not available for this vulnerability.

CVSS v4.0 metrics not available for this vulnerability.

CVSS v2.0 metrics not available for this vulnerability.

Weakness Information (CWE)

No CWE information available for this vulnerability.

Affected Products

No affected product information available for this vulnerability.

References

No references available for this vulnerability.