NVD Vulnerabilities

Severity Distribution

Publication Trend

Vulnerability Database

CVE ID	Description	Published	Base Score	Attack Vector	Severity	Actions
CVE-2025-15470	The Eleganzo theme for WordPress is vulnerable to arbitrary directory deletion due to insufficient path validation in the akd_required_plugin_callback...	2026-04-15	6.5	NETWORK	MEDIUM	NVD
CVE-2026-40688	An out-of-bounds write vulnerability [CWE-787] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.0 th...	2026-04-14	7.2	NETWORK	HIGH	NVD
CVE-2026-39399	NuGet Gallery is a package repository that powers nuget.org. A security vulnerability exists in the NuGetGallery backend job’s handling of .nuspec fil...	2026-04-14	9.6	NETWORK	CRITICAL	NVD
CVE-2026-39387	BoidCMS is an open-source, PHP-based flat-file CMS for building simple websites and blogs, using JSON as its database. Versions prior to 2.1.3 are vul...	2026-04-14	7.2	NETWORK	HIGH	NVD
CVE-2026-35589	nanobot is a personal AI assistant. Versions prior to 0.1.5 contain a Cross-Site WebSocket Hijacking (CSWSH) vulnerability exists in the bridge's WebS...	2026-04-14	8.0	NETWORK	HIGH	NVD
CVE-2026-35034	Jellyfin is an open source self hosted media server. Versions prior to 10.11.7 contain a denial of service vulnerability in the SyncPlay group creatio...	2026-04-14	6.5	NETWORK	MEDIUM	NVD
CVE-2026-35033	Jellyfin is an open source self hosted media server. Versions prior to 10.11.7 contain an unauthenticated arbitrary file read vulnerability via ffmpeg...	2026-04-14	9.3	NETWORK	CRITICAL	NVD
CVE-2026-35032	Jellyfin is an open source self hosted media server. Versions prior to 10.11.7 contain a vulnerability chain in the LiveTV M3U tuner endpoint (POST /L...	2026-04-14	8.6	NETWORK	HIGH	NVD
CVE-2026-35031	Jellyfin is an open source self hosted media server. Versions prior to 10.11.7 contain a vulnerability chain in the subtitle upload endpoint (POST /Vi...	2026-04-14	9.9	NETWORK	CRITICAL	NVD
CVE-2026-34457	OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions prior to 7.15.2 contain a configuration-dependent authen...	2026-04-14	9.1	NETWORK	CRITICAL	NVD
CVE-2026-34454	OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. A regression introduced in 7.11.0 prevents OAuth2 Proxy from clea...	2026-04-14	3.5	PHYSICAL	LOW	NVD
CVE-2026-33414	Podman is a tool for managing OCI containers and pods. Versions 4.8.0 through 5.8.1 contain a command injection vulnerability in the HyperV machine ba...	2026-04-14	4.0	LOCAL	MEDIUM	NVD
CVE-2026-33023	libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. In versions 1.8.7 and prior, when built with the --with-gdk-pixbuf2 opt...	2026-04-14	7.8	LOCAL	HIGH	NVD
CVE-2026-33021	libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. Versions 1.8.7 and prior contain a use-after-free vulnerability in sixe...	2026-04-14	7.3	LOCAL	HIGH	NVD
CVE-2026-27301	Adobe Framemaker versions 2022.8 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could lead to memory exposure. An attacke...	2026-04-14	5.5	LOCAL	MEDIUM	NVD

Loading vulnerability details...

Description

EPSS Score

N/A

Exploit Prediction Scoring System

Dates

Published:

Last Modified:

CVSS v3.1 metrics not available for this vulnerability.

CVSS v4.0 metrics not available for this vulnerability.

CVSS v2.0 metrics not available for this vulnerability.

Weakness Information (CWE)

No CWE information available for this vulnerability.

Affected Products

No affected product information available for this vulnerability.

References

No references available for this vulnerability.