Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
8.3 HIGH
CVE-2026-35595 — Vikunja Affected by Privilege Escalation via Project Reparenting

Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the CanUpdate check at pkg/models/project_permissions.go:139-148 only requires CanWrite on the new parent project when …

vikunja | Remote | Authorization
Apr 10, 2026 Apr 10, 2026
Apr 10, 2026
Apr 10, 2026
0.0 NA
CVE-2026-22560 — Rocket.Chat Open Redirect Vulnerability

An open redirect vulnerability in Rocket.Chat versions prior to 8.4.0 allows users to be redirected to arbitrary URLs by manipulating parameters within a SAML endpoint.

rocket.chat | Misconfiguration
Apr 10, 2026 Apr 10, 2026
Apr 10, 2026
Apr 10, 2026
2.9 LOW
CVE-2026-40228 — systemd Journald ANSI Escape Sequence Injection Vulnerability

In systemd 259, systemd-journald can send ANSI escape sequences to the terminals of arbitrary users when a "logger -p emerg" command is executed, if ForwardToWall=yes is set.

systemd | Misconfiguration
Apr 10, 2026 Apr 10, 2026
Apr 10, 2026
Apr 10, 2026
6.2 MEDIUM
CVE-2026-40227 — Systemd Null Pointer Vulnerability

In systemd 260 before 261, a local unprivileged user can trigger an assert via an IPC API call with an array or map that has a null element.

systemd | Denial of Service
Apr 10, 2026 Apr 10, 2026
Apr 10, 2026
Apr 10, 2026
6.4 MEDIUM
CVE-2026-40226 — systemd nspawn Escape-to-Host Vulnerability

In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted optional config file.

systemd | Misconfiguration
Apr 10, 2026 Apr 10, 2026
Apr 10, 2026
Apr 10, 2026
6.4 MEDIUM
CVE-2026-40225 — "Systemd Udev Kernel Output Execution Vulnerability"

In udev in systemd before 260, local root execution can occur via malicious hardware devices and unsanitized kernel output.

systemd | Misconfiguration
Apr 10, 2026 Apr 10, 2026
Apr 10, 2026
Apr 10, 2026
6.7 MEDIUM
CVE-2026-40224 — "Systemd Machined Varlink Privilege Escalation"

In systemd 259 before 260, there is local privilege escalation in systemd-machined because varlink can be used to reach the root namespace.

systemd | Authorization
Apr 10, 2026 Apr 10, 2026
Apr 10, 2026
Apr 10, 2026
4.7 MEDIUM
CVE-2026-40223 — Systemd Assert Vulnerability

In systemd 258 before 260, a local unprivileged user can trigger an assert when a Delegate=yes and User=<unset> unit exists and is running.

systemd | Misconfiguration
Apr 10, 2026 Apr 10, 2026
Apr 10, 2026
Apr 10, 2026
6.3 MEDIUM
CVE-2026-40023 — Apache Log4cxx, Apache Log4cxx (Conan), Apache Log4cxx (Brew): Silent log event loss in X…

Apache Log4cxx's XMLLayout https://logging.apache.org/log4cxx/1.7.0/classlog4cxx_1_1xml_1_1XMLLayout.html , in versions before 1.7.0, fails to sanitize characters forbidden by the XML 1.0 specifica…

log4cxx | Remote | Misconfiguration
Apr 10, 2026 Apr 10, 2026
Apr 10, 2026
Apr 10, 2026
6.3 MEDIUM
CVE-2026-40021 — Apache Log4net: Silent log event loss in XmlLayout and XmlLayoutSchemaLog4J due to unesca…

Apache Log4net's XmlLayout https://logging.apache.org/log4net/manual/configuration/layouts.html#layout-list and XmlLayoutSchemaLog4J https://logging.apache.org/log4net/manual/configuration/layouts…

log4net | Remote | Misconfiguration
Apr 10, 2026 Apr 10, 2026
Apr 10, 2026
Apr 10, 2026
6.5 MEDIUM
CVE-2026-35594 — Vikunja Link Share JWT tokens remain valid for 72 hours after share deletion or permissio…

Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, Vikunja's link share authentication (GetLinkShareFromClaims in pkg/models/link_sharing.go) constructs authorization obj…

vikunja | Remote | Authentication
Apr 10, 2026 Apr 10, 2026
Apr 10, 2026
Apr 10, 2026
7.4 HIGH
CVE-2026-34727 — Vikunja ahs a TOTP Two-Factor Authentication Bypass via OIDC Login Path

Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the OIDC callback handler issues a full JWT token without checking whether the matched user has TOTP two-factor authent…

vikunja | Remote | Authentication
Apr 10, 2026 Apr 10, 2026
Apr 10, 2026
Apr 10, 2026
6.3 MEDIUM
CVE-2026-34481 — Apache Log4j JSON Template Layout: Improper serialization of non-finite floating-point va…

Apache Log4j's JsonTemplateLayout https://logging.apache.org/log4j/2.x/manual/json-template-layout.html , in versions up to and including 2.25.3, produces invalid JSON output when log events contain…

log4j_layout_template_json | Remote | Misconfiguration
Apr 10, 2026 Apr 10, 2026
Apr 10, 2026
Apr 10, 2026
6.9 MEDIUM
CVE-2026-34480 — Apache Log4j Core: Silent log event loss in XmlLayout due to unescaped XML 1.0 forbidden …

Apache Log4j Core's XmlLayout https://logging.apache.org/log4j/2.x/manual/layouts.html#XmlLayout , in versions up to and including 2.25.3, fails to sanitize characters forbidden by the XML 1.0 spec…

log4j | Remote | Misconfiguration
Apr 10, 2026 Apr 10, 2026
Apr 10, 2026
Apr 10, 2026
6.9 MEDIUM
CVE-2026-34479 — Apache Log4j 1 to Log4j 2 bridge: Silent log event loss in Log4j1XmlLayout due to unescap…

The Log4j1XmlLayout from the Apache Log4j 1-to-Log4j 2 bridge fails to escape characters forbidden by the XML 1.0 standard, producing malformed XML output. Conforming XML parsers are required to reje…

log4j_1_2_api | Remote | Misconfiguration
Apr 10, 2026 Apr 10, 2026
Apr 10, 2026
Apr 10, 2026
6.9 MEDIUM
CVE-2026-34478 — Apache Log4j Core: Log injection in Rfc5424Layout due to silent configuration incompatibi…

Apache Log4j Core's Rfc5424Layout https://logging.apache.org/log4j/2.x/manual/layouts.html#RFC5424Layout , in versions 2.21.0 through 2.25.3, is vulnerable to log injection via CRLF sequences due to…

log4j | Remote | Injection
Apr 10, 2026 Apr 10, 2026
Apr 10, 2026
Apr 10, 2026
6.3 MEDIUM
CVE-2026-34477 — Apache Log4j Core: verifyHostName attribute silently ignored in TLS configuration, allowi…

The fix for CVE-2025-68161 https://logging.apache.org/security.html#CVE-2025-68161 was incomplete: it addressed hostname verification only when enabled via the log4j2.sslVerifyHostName https://log…

log4j | Remote | Misconfiguration
Apr 10, 2026 Apr 10, 2026
Apr 10, 2026
Apr 10, 2026
5.5 MEDIUM
CVE-2026-29043 — HDF5 H5T__ref_mem_setnull Heap Buffer Overflow

HDF5 is software for managing data. In 1.14.1-2 and earlier, an attacker who can control an h5 file parsed by HDF5 can trigger a write-based heap buffer overflow condition in the H5T__ref_mem_setnull…

hdf5 | Memory Corruption
Apr 10, 2026 Apr 10, 2026
Apr 10, 2026
Apr 10, 2026
7.2 HIGH
CVE-2026-29002 — CouchCMS Privilege Escalation via f_k_levels_list Parameter

CouchCMS contains a privilege escalation vulnerability that allows authenticated Admin-level users to create SuperAdmin accounts by tampering with the f_k_levels_list parameter in user creation reque…

couchcms | Remote | Authorization
Apr 10, 2026 Apr 10, 2026
Apr 10, 2026
Apr 10, 2026
0.0 NA
CVE-2026-23781 — BMC Control-M/MFT Insecure Default Credentials Vulnerability

An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. A set of default debug user credentials is hardcoded in cleartext within the application package. If left unchanged, these credenti…

| Authentication
Apr 10, 2026 Apr 10, 2026
Apr 10, 2026
Apr 10, 2026
Showing 20 of 6402 Results