2162 items
Unread (2162) All Dismissed
HIGH
CVE-2021-47961 (CVSS 8.1) — A plaintext storage of a password vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows ...
NVD CVE-2021-47961 58d ago
MEDIUM
CVE-2026-5525 (CVSS 6) — A stack-based buffer overflow vulnerability exists in Notepad++ version 8.9.3 in the file drop handl...
NVD CVE-2026-5525 58d ago
CRITICAL
CVE-2026-5194 (CVSS 9.1) — Missing hash/digest size and OID checks allow digests smaller than allowed when verifying ECDSA cert...
NVD CVE-2026-5194 58d ago
HIGH
CVE-2026-40072 (CVSS 7.2) — web3.py allows you to interact with the Ethereum blockchain using Python. From 6.0.0b3 to before 7.1...
NVD CVE-2026-40072 58d ago
MEDIUM
CVE-2026-4878 (CVSS 6.7) — A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TO...
NVD CVE-2026-4878 58d ago
CRITICAL
CVE-2025-62718 (CVSS 9.9) — Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.31.0, Axios ...
NVD CVE-2025-62718 58d ago
HIGH
CVE-2026-5883 (CVSS 8.8) — Use after free in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute...
NVD CVE-2026-5883 59d ago
HIGH
CVE-2026-32590 (CVSS 7.1) — A flaw was found in Red Hat Quay's handling of resumable container image layer uploads. The upload p...
NVD CVE-2026-32590 59d ago
MEDIUM
CVE-2026-4837 (CVSS 6.6) — An eval() injection vulnerability in the Rapid7 Insight Agent beaconing logic for Linux versions cou...
NVD CVE-2026-4837 59d ago
INFO
Russia Hacked Routers to Steal Microsoft Office Tokens
Krebs breachesthreat-actorsnation-state 60d ago
MEDIUM
CVE-2026-4931 (CVSS 6.8) — Smart contract Marginal v1 performs unsafe downcast, allowing attackers to settle a large debt posit...
NVD CVE-2026-4931 60d ago
HIGH
Germany Doxes “UNKN,” Head of RU Ransomware Gangs REvil, GandCrab
Krebs breachesthreat-actorsransomware 62d ago
HIGH
CVE-2026-34769 (CVSS 7.7) — Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and C...
NVD CVE-2026-34769 64d ago
HIGH
CVE-2026-31399 (CVSS 7.8) — In the Linux kernel, the following vulnerability has been resolved: nvdimm/bus: Fix potential use a...
NVD CVE-2026-31399 64d ago
HIGH
CVE-2026-31395 (CVSS 7.1) — In the Linux kernel, the following vulnerability has been resolved: bnxt_en: fix OOB access in DBG_...
NVD CVE-2026-31395 64d ago
HIGH
CVE-2026-23454 (CVSS 7) — In the Linux kernel, the following vulnerability has been resolved: net: mana: fix use-after-free i...
NVD CVE-2026-23454 64d ago
HIGH
CVE-2026-23448 (CVSS 7.8) — In the Linux kernel, the following vulnerability has been resolved: net: usb: cdc_ncm: add ndpoffse...
NVD CVE-2026-23448 64d ago
HIGH
CVE-2026-5463 (CVSS 8.6) — Command injection vulnerability in console.run_module_with_output() in pymetasploit3 through version...
NVD CVE-2026-5463 65d ago
HIGH
CVE-2026-35535 (CVSS 7.4) — In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgroups call, during a ...
NVD CVE-2026-35535 65d ago
HIGH
CVE-2025-15620 (CVSS 8.6) — HiOS Switch Platform versions 09.1.00 through 09.4.04 and 10.0.00 through 10.3.00 contain a denial-o...
NVD CVE-2025-15620 65d ago
HIGH
CVE-2026-32145 (CVSS 0) — Allocation of Resources Without Limits or Throttling vulnerability in gleam-wisp wisp allows a denia...
NVD CVE-2026-32145 66d ago
MEDIUM
CVE-2026-34531 (CVSS 6.5) — Flask-HTTPAuth provides Basic, Digest and Token HTTP authentication for Flask routes. Prior to versi...
NVD CVE-2026-34531 66d ago
HIGH
CVE-2026-34072 (CVSS 8.3) — Cr*nMaster (cronmaster) is a Cronjob management UI with human readable syntax, live logging and log ...
NVD CVE-2026-34072 66d ago
MEDIUM
CVE-2026-5119 (CVSS 5.9) — A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensit...
NVD CVE-2026-5119 69d ago
CRITICAL
CVE-2026-33728 (CVSS 9.8) — dd-trace-java is a Datadog APM client for Java. In versions of dd-trace-java 0.40.0 through prior to...
NVD CVE-2026-33728 72d ago
HIGH
CVE-2026-34352 (CVSS 8.5) — In TigerVNC before 1.16.2, Image.cxx in x0vncserver allows other users to observe or manipulate the ...
NVD CVE-2026-34352 72d ago
MEDIUM
CVE-2026-2100 (CVSS 5.3) — A flaw was found in p11-kit. A remote attacker could exploit this vulnerability by calling the C_Der...
NVD CVE-2026-2100 72d ago
HIGH
CVE-2026-0966 (CVSS 8.2) — A flaw was found in libssh. The API function `ssh_get_hexa()` is vulnerable to a denial of service w...
NVD CVE-2026-0966 72d ago
CRITICAL
CVE-2026-26213 (CVSS 9.8) — thingino-firmware versions up to the firmware-2026-03-16 release contains an unauthenticated os comm...
NVD CVE-2026-26213 72d ago
HIGH
CVE-2026-32846 (CVSS 7.5) — OpenClaw before 2026.3.28 contains a path traversal vulnerability in media parsing that allows attac...
NVD CVE-2026-32846 72d ago
MEDIUM
CVE-2026-4887 (CVSS 6.1) — A flaw was found in GIMP. This issue is a heap buffer over-read in GIMP PCX file loader due to an of...
NVD CVE-2026-4887 73d ago
HIGH
CVE-2026-3104 (CVSS 7.5) — A specially crafted domain can be used to cause a memory leak in a BIND resolver simply by querying ...
NVD CVE-2026-3104 73d ago
HIGH
CVE-2026-23327 (CVSS 7.1) — In the Linux kernel, the following vulnerability has been resolved: cxl/mbox: validate payload size...
NVD CVE-2026-23327 74d ago
HIGH
CVE-2026-23305 (CVSS 7.1) — In the Linux kernel, the following vulnerability has been resolved: accel/rocket: fix unwinding in ...
NVD CVE-2026-23305 74d ago
HIGH
CVE-2026-23281 (CVSS 7.8) — In the Linux kernel, the following vulnerability has been resolved: wifi: libertas: fix use-after-f...
NVD CVE-2026-23281 74d ago
CRITICAL
CVE-2026-4698 (CVSS 9.8) — JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox ...
NVD CVE-2026-4698 75d ago
HIGH
CVE-2019-25634 (CVSS 8.4) — Base64 Decoder 1.1.2 contains a stack-based buffer overflow vulnerability that allows local attacker...
NVD CVE-2019-25634 75d ago
INFO
‘CanisterWorm’ Springs Wiper Attack Targeting Iran
Krebs breachesthreat-actors 75d ago
INFO
CVE-2026-32067 (CVSS 3.7) — OpenClaw versions prior to 2026.2.26 contain an authorization bypass vulnerability in the pairing-st...
NVD CVE-2026-32067 78d ago
CRITICAL
CVE-2026-33017 (CVSS 9.8) — Langflow is a tool for building and deploying AI-powered agents and workflows. In versions prior to ...
NVD CVE-2026-33017CVE-2025-3248 79d ago
INFO
Feds Disrupt IoT Botnets Behind Huge DDoS Attacks
Krebs breachesthreat-actors 79d ago
HIGH
CVE-2026-4342 (CVSS 8.8) — A security issue was discovered in ingress-nginx where a combination of Ingress annotations can be u...
NVD CVE-2026-4342 79d ago
HIGH
CVE-2025-69720 (CVSS 7.3) — The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in an...
NVD CVE-2025-69720 79d ago
HIGH
CVE-2026-23262 (CVSS 0) — In the Linux kernel, the following vulnerability has been resolved: gve: Fix stats report corruptio...
NVD CVE-2026-23262 80d ago
HIGH
CVE-2026-23244 (CVSS 7.1) — In the Linux kernel, the following vulnerability has been resolved: nvme: fix memory allocation in ...
NVD CVE-2026-23244 81d ago
MEDIUM
CVE-2026-4271 (CVSS 5.3) — A flaw was found in libsoup, a library for handling HTTP requests. This vulnerability, known as a Us...
NVD CVE-2026-4271 82d ago
CRITICAL
CVE-2026-4312 (CVSS 9.8) — GCB/FCB Audit Software developed by DrangSoft has a Missing Authentication vulnerability, allowing u...
NVD CVE-2026-4312 82d ago
HIGH
CVE-2026-4224 (CVSS 7.5) — When an Expat parser with a registered ElementDeclHandler parses an inline document type definition ...
NVD CVE-2026-4224 82d ago
HIGH
CVE-2026-3644 (CVSS 7.5) — The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete....
NVD CVE-2026-3644CVE-2026-0672 82d ago
CRITICAL
CVE-2026-23941 (CVSS 9.4) — Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in Erlang OTP ...
NVD CVE-2026-23941 85d ago
HIGH NVD Fri, 10 Apr 2026 10:16:03 UTC
CVE-2021-47961 (CVSS 8.1) — A plaintext storage of a password vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows ...
https://nvd.nist.gov/vuln/detail/CVE-2021-47961
TL;DR
A plaintext storage of a password vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows remote attackers to access or influence the user's PIN code due to insecure storage. This may lead to unauthorized VPN configuration and potential interception of subsequent VPN traffic when combined with user interaction.
CVE-2021-47961
Read full story ↗