CVE Field Guide

Critical CVEs

CVE Title Updated Score
CVE-2026-44050 Heap buffer overflow in CNID daemon comm_rcv() 21.05.2026 9.9
CVE-2026-6279 Avada (Fusion) Builder <= 3.15.2 - Unauthenticated Remote Code Execution via PHP Function Injection via 'render_logics' Shortcode Attribute via Widget AJAX Handler 21.05.2026 9.8
CVE-2026-48172 21.05.2026 10
CVE-2026-9152 Unauthenticated SOAP Endpoint in Altium 365 SearchService Allows Cross-Tenant Data Exfiltration and Index Destruction 21.05.2026 10
CVE-2026-8631 HP Linux Imaging and Printing Software – Potential Escalation of Privilege and Arbitrary Code Execution 21.05.2026 9.3
CVE-2026-39405 Frappe has Path Transversal via SCORM 20.05.2026 9.4
CVE-2026-9139 Taiko AG1000-01A Rev 7.3/8 Hard-coded Credentials via login.zhtml 20.05.2026 9.3
CVE-2026-9141 Taiko AG1000-01A Rev 7.3/8 Authentication Bypass via Web Interface 20.05.2026 9.3
CVE-2026-23734 XWiki Platform: Path traversal via resources parameter in ssx and jsx endpoints when using leading slash 20.05.2026 9.3
CVE-2026-33137 XWiki Platform has an Unauthenticated XAR Import via REST /wikis/{wikiName} 20.05.2026 9.3
CVE-2026-45444 WordPress Gift Cards For WooCommerce Pro plugin <= 4.2.6 - Arbitrary File Upload vulnerability 20.05.2026 10
CVE-2026-9102 Path Traversal in Altium Enterprise Server ComparisonService Allows Arbitrary File Write 20.05.2026 9.4
CVE-2026-9129 Path Traversal in Altium Enterprise Server Viewer StorageController Allows Arbitrary File Read 20.05.2026 9.4
CVE-2026-20223 Cisco Secure Workload Unauthorized API Access Vulnerability 21.05.2026 10
CVE-2026-8598 Unauthenticated Export Service in ZKTeco CCTV Cameras 20.05.2026 9.1
CVE-2026-8467 Unauthenticated remote code execution via HEEx template injection in phoenix_storybook playground 20.05.2026 9.5
CVE-2026-22314 20.05.2026 9
CVE-2026-33278 Possible arbitrary code execution during DNSSEC validation 20.05.2026 9.1
CVE-2026-9059 NextGEN Gallery - SQL Injection 20.05.2026 9.3
CVE-2026-9065 Surecart - SQL Injection 20.05.2026 9.3
CVE-2026-24207 20.05.2026 9.8
CVE-2026-7637 Boost <= 2.0.3 - Unauthenticated PHP Object Injection via STYXKEY-BOOST_USER_LOCATION Cookie 20.05.2026 9.8
CVE-2026-6555 ProSolution WP Client <= 2.0.0 - Unauthenticated Arbitrary File Upload via 'files' 20.05.2026 9.8
CVE-2026-7284 Easy Elements for Elementor <= 1.4.4 - Unauthenticated Privilege Escalation via easyel_handle_register 20.05.2026 9.8
CVE-2026-34234 CtrlPanel: Unauthenticated RCE using installer script 20.05.2026 10
CVE-2026-33642 Kitty has a Heap Buffer Over-Read/Write via Integer Overflow in compose_rectangles Bounds Check 19.05.2026 9.9
CVE-2026-47357 19.05.2026 9.3
CVE-2026-47358 19.05.2026 9.3
CVE-2026-2586 20.05.2026 9.1
CVE-2026-2587 20.05.2026 9.6
CVE-2026-44159 Tyler Identity Local (TID-L) default administrative credentials 19.05.2026 9.3
CVE-2026-8711 NGINX JavaScript vulnerability 20.05.2026 9.2
CVE-2026-42097 Authentication Bypass in Sparx Pro Cloud Server 19.05.2026 9.3
CVE-2026-43633 HestiaCP 1.9.0-1.9.4 Deserialization RCE via Web Terminal 19.05.2026 9.5
CVE-2026-4883 Piotnet Forms <= 2.1.40 - Unauthenticated Arbitrary File Upload via Form File Upload 19.05.2026 9.8
CVE-2026-43493 crypto: pcrypt - Fix handling of MAY_BACKLOG requests 20.05.2026 9.8
CVE-2026-2611 Improper Origin Validation in mlflow/mlflow 19.05.2026 9.6
CVE-2026-46725 Remote Code Execution in extension "Content Element Selector" (ceselector) 19.05.2026 9.2
CVE-2026-4885 Piotnet Addons for Elementor Pro <= 7.1.70 - Unauthenticated Arbitrary File Upload via Form File Upload 19.05.2026 9.8
CVE-2026-27130 Dokploy has Command Injection in its Service Operations 19.05.2026 9.9
CVE-2026-25244 WebdriverIO has Command Injection in the BrowserStack Service 19.05.2026 9.8
CVE-2026-8838 Remote Code Execution via eval() Injection in amazon-redshift-python-driver 19.05.2026 9.3
CVE-2026-8836 lwIP snmpv3 USM snmp_msg.c snmp_parse_inbound_frame stack-based overflow 18.05.2026 9.3
CVE-2026-42822 Azure Local Disconnected Operations (ALDO) Elevation of Privilege Vulnerability 20.05.2026 10
CVE-2026-45829 19.05.2026 10
CVE-2026-41947 Dify v1.14.1 Authorization Bypass via Trace Configuration Endpoints 18.05.2026 9.1
CVE-2026-41948 Dify v1.14.1 Path Traversal via Plugin Daemon Internal API Access 18.05.2026 9.2
CVE-2026-4320 Authorization Bypass in ICMS Content Management by Creartia Internet Consulting 18.05.2026 9.3
CVE-2018-25320 ACL Analytics 11.x - 13.0.0.579 Arbitrary Code Execution 18.05.2026 9.3
CVE-2018-25332 GitBucket 4.23.1 Unauthenticated Remote Code Execution 18.05.2026 9.3
CVE-2018-25335 WordPress Plugin Peugeot Music 1.0 Arbitrary File Upload 18.05.2026 9.3
CVE-2020-37228 iDS6 DSSPro Digital Signage System 6.2 CAPTCHA Security Bypass 18.05.2026 9.3
CVE-2020-37239 libbabl 0.1.62 Broken Double Free Detection Memory Safety 18.05.2026 9.3
CVE-2021-47952 python jsonpickle 2.0.0 Remote Code Execution via py/repr 18.05.2026 9.3
CVE-2026-44551 Open WebUI: LDAP Empty Password Authentication Bypass 19.05.2026 9.1
CVE-2021-47965 WordPress Plugin WP Super Edit 2.5.4 Unrestricted File Upload 15.05.2026 9.3
CVE-2026-45010 phpMyFAQ - Unauthenticated Two-Factor Authentication Brute-Force via /admin/check Endpoint 15.05.2026 9.1
CVE-2026-46364 phpMyFAQ - SQL Injection via User-Agent Header in BuiltinCaptcha 15.05.2026 9.8
CVE-2026-42155 Magento LTS: Weak API Session ID — Predictable MD5 of Time-Derived Inputs 15.05.2026 9.3
CVE-2026-44717 MCP Calculate Server: Prompt Injection to RCE 15.05.2026 9.8
CVE-2026-45035 Tabby: RCE via `tabby://run` URL Scheme 21.05.2026 9.4
CVE-2026-41258 OpenMRS: Stored Velocity SSTI to RCE via ConceptReferenceRange 15.05.2026 9.1
CVE-2026-44699 LibJWT: Algorithm confusion allows JWT forgery with RSA JWK as empty-key HMAC 15.05.2026 9.1
CVE-2026-2031 Google Cloud Application Integration: Exposed internal APIs allow Information Disclosure and Remote Code Execution. 15.05.2026 10
CVE-2026-41552 Path Traversal in PDF Export Module 15.05.2026 9.2
CVE-2026-41553 Remote Code Execution in PDF Export Module 15.05.2026 10
CVE-2026-7182 Path Traversal in Diagram 15.05.2026 9.2
CVE-2026-5229 Receive Notifications After Form Submitting – Form Notify for Any Forms <= 1.1.10 - Unauthenticated Authentication Bypass via LINE OAuth Callback 15.05.2026 9.8
CVE-2026-8398 16.05.2026 9.3
CVE-2026-0481 15.05.2026 9.2
CVE-2026-44212 PrestaShop: Stored XSS executable in customer service view 15.05.2026 9.3
CVE-2026-44666 HRConvert2: Missing Sanitization enables Unauthenticated Remote Command Execution 15.05.2026 9.3
CVE-2026-8634 Crabbox < v0.12.0 Environment Variable Information Disclosure 15.05.2026 9.3
CVE-2026-22599 Strapi Vulnerable to SQL Injection in Content Type Builder 14.05.2026 9.3
CVE-2026-27886 Strapi may leak sensitive data via relational filtering due to lack of query sanitization 14.05.2026 9.2
CVE-2026-41315 mdserver-web: Missing Authorization and Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') 16.05.2026 9.3
CVE-2026-44523 Note Mark: JWT Secret Weakness allows Full Account Takeover via token forgery 15.05.2026 10
CVE-2026-44588 SiYuan: URL-encoded title bypasses `escapeAriaLabel`, decoded by `decodeURIComponent` into a tooltip-XSS 15.05.2026 9.4
CVE-2026-44592 Gradient: Unauthenticated worker on /proto → arbitrary NAR write / cache poisoning 16.05.2026 9.4
CVE-2026-44670 SiYuan: Stored XSS via Attribute View name to Electron renderer RCE in SiYuan 15.05.2026 9.4
CVE-2026-45375 SiYuan: Bazaar marketplace renders unescaped package `name` and `version` metadata, allowing stored XSS and Electron code execution 16.05.2026 9
CVE-2026-41615 Microsoft Authenticator Information Disclosure Vulnerability 20.05.2026 9.6
CVE-2026-44542 FileBrowser Quantum: Unauthenticated Path Traversal in Public Share Delete Allows Arbitrary File Deletion 15.05.2026 9.1
CVE-2026-20182 Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability 15.05.2026 10
CVE-2026-42555 Valtimo: SpEL injection via StandardEvaluationContext allows Remote Code Execution by admin users 14.05.2026 9.1
CVE-2026-42281 MagicMirror²: Unauthenticated SSRF via /cors endpoint 14.05.2026 9.2

Latest Updates

CVE Title Updated Score
CVE-2026-44047 SQL injection in MySQL CNID backend 21.05.2026 8.8
CVE-2026-44048 Stack buffer overflow via UCS-2 type confusion in convert_charset() 21.05.2026 8.8
CVE-2026-44049 Out-of-bounds write in convert_charset() null termination 21.05.2026 7.5
CVE-2026-44050 Heap buffer overflow in CNID daemon comm_rcv() 21.05.2026 9.9
CVE-2026-44051 Arbitrary file read via attacker-controlled symlink creation 21.05.2026 8.1
CVE-2026-44052 LDAP simple-bind password exposure in log output 21.05.2026 7.5
CVE-2026-44053 Weak cryptography in DHCAST128 UAM 21.05.2026 7.4
CVE-2026-44054 Predictable afpd session token 21.05.2026 6.5
CVE-2026-44055 Bitwise OR logic bug enables shell injection 21.05.2026 7.5
CVE-2026-44056 Stack buffer overflow in desktop.c 21.05.2026 6
CVE-2026-44058 Authentication bypass via admin auth user 21.05.2026 6.4
CVE-2026-44059 Non-reentrant privilege toggle 21.05.2026 3.9
CVE-2026-44060 Integer underflow in dsi_writeinit() leads to denial of service 21.05.2026 7.5
CVE-2026-44061 DES-ECB auth with timing side channel 21.05.2026 5.9
CVE-2026-44062 Missing o_len bounds check in pull_charset_flags() 21.05.2026 7.5
CVE-2026-44063 LDAP filter injection 21.05.2026 4.2
CVE-2026-44064 ASP session ID out-of-bounds access 21.05.2026 7.1
CVE-2026-44065 Off-by-two in papd lp_write() 21.05.2026 3.7
CVE-2026-44066 Heap out-of-bounds reads in Spotlight RPC unmarshalling 21.05.2026 7.1
CVE-2026-44067 EA header parsing heap over-read 21.05.2026 3.7
CVE-2026-44068 EA path traversal via incomplete sanitization 21.05.2026 7.6
CVE-2026-44069 Integer underflow in volxlate 21.05.2026 3.4
CVE-2026-44070 Unbounded realloc in charset conversion 21.05.2026 3.1
CVE-2026-44072 system() after failed chdir() 21.05.2026 2.5
CVE-2026-44073 seteuid failure ignored in auth modules 21.05.2026 4
CVE-2026-44076 Shell injection via volume path 21.05.2026 6.7
CVE-2026-4055 Insufficient permission validation on cross-team playbook run creation 21.05.2026 4.3
CVE-2026-7835 Format string argument mismatch 21.05.2026 3.1
CVE-2026-7836 hextoint macro uppercase bug 21.05.2026 3.1
CVE-2026-1543 Avada (Fusion) Builder <= 3.15.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Multiple Shortcodes 21.05.2026 6.4
CVE-2026-2734 Authorization Bypass in SearchModelVersions in mlflow/mlflow 21.05.2026
CVE-2026-6279 Avada (Fusion) Builder <= 3.15.2 - Unauthenticated Remote Code Execution via PHP Function Injection via 'render_logics' Shortcode Attribute via Widget AJAX Handler 21.05.2026 9.8
CVE-2026-4811 WPB Floating Menu or Categories – Sticky Floating Side Menu & Categories with Icons <= 1.0.8 - Authenticated (Editor+) Stored Cross-Site Scripting via 'Icon CSS Class' Category Field 21.05.2026 4.9
CVE-2026-1881 Broadstreet <= 1.52.2 - Authenticated (Subscriber+) Private Post Meta Disclosure via get_sponsored_meta 21.05.2026 4.3
CVE-2026-48172 21.05.2026
CVE-2026-9152 Unauthenticated SOAP Endpoint in Altium 365 SearchService Allows Cross-Tenant Data Exfiltration and Index Destruction 21.05.2026
CVE-2026-40165 authentik: SAML NameID XML Comment Injection Enables Authentication Bypass via Identifier Truncation 20.05.2026 8.7
CVE-2026-9149 Libsolv: heap buffer overflow in libsolv repo_add_solv via negative maxsize from crafted .solv file 20.05.2026
CVE-2026-47782 20.05.2026
CVE-2026-9150 Libsolv: stack-based buffer overflow in libsolv's debian metadata parser when handling sha384/sha512 checksums 20.05.2026
CVE-2026-8399 20.05.2026
CVE-2026-40102 Plane: ORM Field Reference Injection via `segment` Parameter in Saved Analytics 20.05.2026 6.5
CVE-2026-47372 Crypt::SaltedHash versions through 0.09 for Perl generate insecure random values for salts 21.05.2026
CVE-2026-39960 MantisBT is Vulnerable to Stored XSS through Custom Field Textarea Values 20.05.2026 5.4
CVE-2026-40092 nimiq-keys: Unchecked Ed25519 signature length in TaggedPublicKey::verify causes remote node panic via DHT 20.05.2026 7.5
CVE-2026-40094 nimiq-blockchain: network-libp2p untrusted peer can crash address book via empty peer contact addresses 20.05.2026 4.3
CVE-2026-47373 Crypt::SaltedHash versions through 0.09 for Perl is susceptible to timing attacks 20.05.2026
CVE-2026-8631 HP Linux Imaging and Printing Software – Potential Escalation of Privilege and Arbitrary Code Execution 21.05.2026
CVE-2026-8632 HP Linux Imaging and Printing Software – Potential Escalation of Privilege and Arbitrary Code Execution 21.05.2026
CVE-2026-35007 Open ISES Tickets < 3.44.2 Reflected XSS via single_unit.php id Parameter 20.05.2026
CVE-2026-35008 Open ISES Tickets < 3.44.2 Reflected XSS via single.php ticket_id Parameter 20.05.2026
CVE-2026-35009 Open ISES Tickets < 3.44.2 Reflected XSS via add_note.php ticket_id Parameter 20.05.2026
CVE-2026-35010 Open ISES Tickets < 3.44.2 Reflected XSS via patient_JF.php ticket_id Parameter 20.05.2026
CVE-2026-35011 Open ISES Tickets < 3.44.2 Reflected XSS via opena.php frm_call Parameter 20.05.2026
CVE-2026-35012 Open ISES Tickets < 3.44.2 Reflected XSS via add_facnote.php ticket_id Parameter 20.05.2026
CVE-2026-35013 Open ISES Tickets < 3.44.2 Reflected XSS via street_view.php thelat and thelng Parameters 20.05.2026
CVE-2026-35014 Open ISES Tickets < 3.44.2 Reflected XSS via routes_nm.php ticket_id Parameter 20.05.2026
CVE-2026-35015 Open ISES Tickets < 3.44.2 Reflected XSS via do_unit_mail.php the_ticket Parameter 20.05.2026
CVE-2026-35016 Open ISES Tickets < 3.44.2 Reflected XSS via search.php frm_query Parameter 20.05.2026
CVE-2026-39352 Frappe has an Arbitrary File Read via Path Traversal in render_include 20.05.2026
CVE-2026-39405 Frappe has Path Transversal via SCORM 20.05.2026
CVE-2026-39850 Yii 2: Local file inclusion via view parameter name collision 21.05.2026 7.4
CVE-2026-9133 Arbitrary file read in rabbitmq-aws plugin 20.05.2026 7.7
CVE-2026-9139 Taiko AG1000-01A Rev 7.3/8 Hard-coded Credentials via login.zhtml 20.05.2026 9.8
CVE-2026-9141 Taiko AG1000-01A Rev 7.3/8 Authentication Bypass via Web Interface 20.05.2026 9.8
CVE-2026-9144 Taiko AG1000-01A Rev 7.3/8 Stored XSS via Web Configuration Interface 20.05.2026 7.6
CVE-2026-23734 XWiki Platform: Path traversal via resources parameter in ssx and jsx endpoints when using leading slash 20.05.2026
CVE-2026-24188 20.05.2026 8.2
CVE-2026-24216 20.05.2026 7.8
CVE-2026-24217 20.05.2026 8.8
CVE-2026-24218 21.05.2026 8.1
CVE-2026-26028 CryptPad: Sanitizer Bypass in Diffmarked.js Allows Arbitrary HTML Injection and Potential XSS 20.05.2026 6.1
CVE-2026-2812 Improper Authentication issue in ArcGIS Server 20.05.2026 5.3
CVE-2026-2813 Unvalidated Redirect in ArcGIS Server 20.05.2026 4.7
CVE-2026-33137 XWiki Platform has an Unauthenticated XAR Import via REST /wikis/{wikiName} 20.05.2026
CVE-2026-39310 Trilium Notes: Authentication Bypass in Clipper API for Electron (Desktop) Builds 20.05.2026 8.6
CVE-2026-39311 Trilium Notes: Stored XSS Leads to Unauthorized Remote Code Execution (RCE) via Unsanitized SVG Attachments 20.05.2026 6.8
CVE-2026-45444 WordPress Gift Cards For WooCommerce Pro plugin <= 4.2.6 - Arbitrary File Upload vulnerability 20.05.2026 10
CVE-2026-47099 TeleJSON < 6.0.0 DOM-based XSS via parse() Function 20.05.2026
CVE-2026-9082 Drupal core - Highly critical - SQL injection - SA-CORE-2026-004 21.05.2026
CVE-2026-9102 Path Traversal in Altium Enterprise Server ComparisonService Allows Arbitrary File Write 20.05.2026
CVE-2026-9110 20.05.2026
CVE-2026-9111 21.05.2026
CVE-2026-9112 21.05.2026
CVE-2026-9113 20.05.2026
CVE-2026-9114 21.05.2026
CVE-2026-9115 20.05.2026
CVE-2026-9116 20.05.2026
CVE-2026-9117 21.05.2026
CVE-2026-9118 21.05.2026
CVE-2026-9119 21.05.2026
CVE-2026-9120 21.05.2026
CVE-2026-9121 21.05.2026
CVE-2026-9122 20.05.2026
CVE-2026-9123 21.05.2026
CVE-2026-9124 20.05.2026
CVE-2026-9126 21.05.2026
CVE-2026-9129 Path Traversal in Altium Enterprise Server Viewer StorageController Allows Arbitrary File Read 20.05.2026
CVE-2026-9136 Unauthorized ShadowAttribute modification in MISP via client-supplied identifier 20.05.2026
CVE-2026-9137 CSP Report Endpoint Log Flooding via Incorrect Size Limit 20.05.2026
CVE-2026-20238 Improper Access Control through Role Inheritance in Splunk AI Toolkit app 20.05.2026 6.5
CVE-2026-20239 Sensitive Information Disclosure through Log Files in Splunk Enterprise 21.05.2026 7.5
CVE-2026-20240 Denial of Service through coldToFrozen.sh Script in Splunk Enterprise 20.05.2026 7.1
CVE-2026-30691 20.05.2026
CVE-2026-20171 Cisco Nexus 3000 and 9000 Series Border Gateway Protocol Denial of Service Vulnerability 20.05.2026 6.8
CVE-2026-20199 21.05.2026 4.7
CVE-2026-20206 Cisco ThousandEyes BrowserBot Command Injection Vulnerability 21.05.2026 6.3
CVE-2026-20223 Cisco Secure Workload Unauthorized API Access Vulnerability 21.05.2026 10
CVE-2026-44923 20.05.2026
CVE-2026-44924 20.05.2026
CVE-2026-44925 20.05.2026
CVE-2026-44926 20.05.2026
CVE-2026-7613 Cost of Goods by PixelYourSite <= 1.2.12 - Unauthenticated Stored Cross-Site Scripting via Cost of Goods Import 20.05.2026 7.2
CVE-2026-8342 20.05.2026
CVE-2026-9087 Keycloak: cross-session email verification proof not bound to upstream identity in first-broker-login 20.05.2026
CVE-2026-9100 Heap memory out of bounds read and crash in C Driver legacy GridFS file reader 20.05.2026
CVE-2026-9101 Prototype pollution in csv parsing 20.05.2026