CVE Field Guide

Critical CVEs

CVE Title Updated Score
CVE-2026-23652 Microsoft Power Pages Remote Code Execution Vulnerability 22.05.2026 10
CVE-2026-33843 Microsoft Azure Active Directory B2C Elevation of Privilege Vulnerability 22.05.2026 9.1
CVE-2026-40411 Azure Virtual Network Gateway Remote Code Execution Vulnerability 22.05.2026 9.9
CVE-2026-40412 Azure Orbital Spatio Remote Code Execution Vulnerability 22.05.2026 10
CVE-2026-41090 Microsoft Copilot Tampering Vulnerability 22.05.2026 9.3
CVE-2026-41104 Microsoft Planetary Computer Pro Information Disclosure Vulnerability 22.05.2026 10
CVE-2026-42901 Microsoft Entra ID Elevation of Privilege Vulnerability 23.05.2026 10
CVE-2026-47280 Azure Resource Manager Elevation of Privilege Vulnerability 22.05.2026 10
CVE-2026-48700 22.05.2026 9.3
CVE-2026-32253 Sunshine: Authentication bypass via improper client certificate validation 22.05.2026 9.8
CVE-2026-33712 TypeBot: Unauthenticated SSRF via isolated-vm fetch in preview chat endpoint bypasses SSRF controls 22.05.2026 10
CVE-2026-9256 NGINX ngx_http_rewrite_module vulnerability 23.05.2026 9.2
CVE-2026-8670 Insecure session handling on metrics web server 22.05.2026 9.6
CVE-2026-9277 shell-quote `quote()` does not validate object-token shapes, allowing command injection via line terminators in `.op` 23.05.2026 9.2
CVE-2026-9054 Invalid IP packets cause a kernel panic 22.05.2026 9.2
CVE-2026-33000 23.05.2026 9.1
CVE-2026-34908 23.05.2026 10
CVE-2026-34909 22.05.2026 10
CVE-2026-34910 23.05.2026 10
CVE-2026-6960 BookingPress Pro <= 5.6 - Unauthenticated Arbitrary File Upload via Signature Custom Field 22.05.2026 9.8
CVE-2026-8134 Concrete CMS 9.5.0 and below is vulnerable to Authenticated RCE via Composer customTemplate Path Traversal leading to PHP File Inclusion 22.05.2026 9.4
CVE-2026-48241 Open ISES Tickets < 3.44.2 Hardcoded MySQL Database Credentials in loader.php 21.05.2026 9.2
CVE-2026-48242 Open ISES Tickets < 3.44.2 Hardcoded MySQL Database Credentials in import_mdb.php 23.05.2026 9.2
CVE-2026-39531 WordPress WP Directory Kit plugin <= 1.5.0 - SQL Injection vulnerability 21.05.2026 9.3
CVE-2025-71210 21.05.2026 9.8
CVE-2025-71211 21.05.2026 9.8
CVE-2026-5118 Divi Form Builder <= 5.1.2 - Unauthenticated Privilege Escalation via 'role' 21.05.2026 9.8
CVE-2026-5433 Improper Sanitization in CNM Web Interface 21.05.2026 9.1
CVE-2026-44050 Heap buffer overflow in CNID daemon comm_rcv() 22.05.2026 9.9
CVE-2026-6279 Avada (Fusion) Builder <= 3.15.2 - Unauthenticated Remote Code Execution via PHP Function Injection via 'render_logics' Shortcode Attribute via Widget AJAX Handler 21.05.2026 9.8
CVE-2026-48172 22.05.2026 10
CVE-2026-9152 Unauthenticated SOAP Endpoint in Altium 365 SearchService Allows Cross-Tenant Data Exfiltration and Index Destruction 21.05.2026 10
CVE-2026-8631 HP Linux Imaging and Printing Software – Potential Escalation of Privilege and Arbitrary Code Execution 21.05.2026 9.3
CVE-2026-39405 Frappe has Path Transversal via SCORM 21.05.2026 9.4
CVE-2026-9139 Taiko AG1000-01A Rev 7.3/8 Hard-coded Credentials via login.zhtml 21.05.2026 9.3
CVE-2026-9141 Taiko AG1000-01A Rev 7.3/8 Authentication Bypass via Web Interface 21.05.2026 9.3
CVE-2026-23734 XWiki Platform: Path traversal via resources parameter in ssx and jsx endpoints when using leading slash 21.05.2026 9.3
CVE-2026-33137 XWiki Platform has an Unauthenticated XAR Import via REST /wikis/{wikiName} 21.05.2026 9.3
CVE-2026-45444 WordPress Gift Cards For WooCommerce Pro plugin <= 4.2.6 - Arbitrary File Upload vulnerability 21.05.2026 10
CVE-2026-9082 Drupal core - Highly critical - SQL injection - SA-CORE-2026-004 23.05.2026 9.8
CVE-2026-9102 Path Traversal in Altium Enterprise Server ComparisonService Allows Arbitrary File Write 20.05.2026 9.4
CVE-2026-9129 Path Traversal in Altium Enterprise Server Viewer StorageController Allows Arbitrary File Read 20.05.2026 9.4
CVE-2026-20223 Cisco Secure Workload Unauthorized API Access Vulnerability 21.05.2026 10
CVE-2026-8598 Unauthenticated Export Service in ZKTeco CCTV Cameras 20.05.2026 9.1
CVE-2026-8467 Unauthenticated remote code execution via HEEx template injection in phoenix_storybook playground 22.05.2026 9.5
CVE-2026-22314 20.05.2026 9
CVE-2026-33278 Possible arbitrary code execution during DNSSEC validation 20.05.2026 9.1
CVE-2026-9059 NextGEN Gallery - SQL Injection 20.05.2026 9.3
CVE-2026-9065 Surecart - SQL Injection 20.05.2026 9.3
CVE-2026-24207 20.05.2026 9.8
CVE-2026-7637 Boost <= 2.0.3 - Unauthenticated PHP Object Injection via STYXKEY-BOOST_USER_LOCATION Cookie 20.05.2026 9.8
CVE-2026-6555 ProSolution WP Client <= 2.0.0 - Unauthenticated Arbitrary File Upload via 'files' 20.05.2026 9.8
CVE-2026-7284 Easy Elements for Elementor <= 1.4.4 - Unauthenticated Privilege Escalation via easyel_handle_register 20.05.2026 9.8
CVE-2026-34234 CtrlPanel: Unauthenticated RCE using installer script 20.05.2026 10
CVE-2026-33642 Kitty has a Heap Buffer Over-Read/Write via Integer Overflow in compose_rectangles Bounds Check 19.05.2026 9.9
CVE-2026-47357 19.05.2026 9.3
CVE-2026-47358 19.05.2026 9.3
CVE-2026-2586 20.05.2026 9.1
CVE-2026-2587 20.05.2026 9.6
CVE-2026-44159 Tyler Identity Local (TID-L) default administrative credentials 19.05.2026 9.3
CVE-2026-8711 NGINX JavaScript vulnerability 21.05.2026 9.2
CVE-2026-42097 Authentication Bypass in Sparx Pro Cloud Server 19.05.2026 9.3
CVE-2026-43633 HestiaCP 1.9.0-1.9.4 Deserialization RCE via Web Terminal 19.05.2026 9.5
CVE-2026-4883 Piotnet Forms <= 2.1.40 - Unauthenticated Arbitrary File Upload via Form File Upload 19.05.2026 9.8
CVE-2026-43493 crypto: pcrypt - Fix handling of MAY_BACKLOG requests 20.05.2026 9.8
CVE-2026-2611 Improper Origin Validation in mlflow/mlflow 19.05.2026 9.6
CVE-2026-46725 Remote Code Execution in extension "Content Element Selector" (ceselector) 19.05.2026 9.2
CVE-2026-4885 Piotnet Addons for Elementor Pro <= 7.1.70 - Unauthenticated Arbitrary File Upload via Form File Upload 19.05.2026 9.8
CVE-2026-27130 Dokploy has Command Injection in its Service Operations 19.05.2026 9.9
CVE-2026-25244 WebdriverIO has Command Injection in the BrowserStack Service 19.05.2026 9.8
CVE-2026-8838 Remote Code Execution via eval() Injection in amazon-redshift-python-driver 19.05.2026 9.3
CVE-2026-8836 lwIP snmpv3 USM snmp_msg.c snmp_parse_inbound_frame stack-based overflow 23.05.2026 9.3
CVE-2026-42822 Azure Local Disconnected Operations (ALDO) Elevation of Privilege Vulnerability 22.05.2026 10
CVE-2026-45829 19.05.2026 10
CVE-2026-41947 Dify v1.14.1 Authorization Bypass via Trace Configuration Endpoints 18.05.2026 9.1
CVE-2026-41948 Dify v1.14.1 Path Traversal via Plugin Daemon Internal API Access 18.05.2026 9.2
CVE-2026-4320 Authorization Bypass in ICMS Content Management by Creartia Internet Consulting 18.05.2026 9.3
CVE-2018-25320 ACL Analytics 11.x - 13.0.0.579 Arbitrary Code Execution 18.05.2026 9.3
CVE-2018-25332 GitBucket 4.23.1 Unauthenticated Remote Code Execution 18.05.2026 9.3
CVE-2018-25335 WordPress Plugin Peugeot Music 1.0 Arbitrary File Upload 18.05.2026 9.3

Latest Updates

CVE Title Updated Score
CVE-2026-9306 QuantumNous new-api Midjourney Image Relay Endpoint relay-router.go GetByOnlyMJId authorization 23.05.2026
CVE-2026-9305 QuantumNous new-api self Endpoint topup.go SearchAllTopUps sql injection 23.05.2026
CVE-2026-9303 calcom cal.diy cross-site request forgery 23.05.2026
CVE-2026-9304 calcom cal.diy Logo API route.ts validateUrlForSSRF server-side request forgery 23.05.2026
CVE-2026-9301 omec-project amf NGReset Message memory corruption 23.05.2026
CVE-2026-9302 546669204 vps-inventory-monitoring VpsTest Console VpsTest.php eval code injection 23.05.2026
CVE-2026-43503 net: skbuff: propagate shared-frag marker through frag-transfer helpers 23.05.2026
CVE-2026-46300 net: skbuff: preserve shared-frag marker during coalescing 23.05.2026
CVE-2026-9300 omec-project amf NGSetupRequest memory corruption 23.05.2026
CVE-2026-9299 omec-project amf handler.go PDUSessionResourceModifyIndication memory corruption 23.05.2026
CVE-2026-9297 Edimax BR-6428NS POST Request formWlbasic command injection 23.05.2026
CVE-2026-9298 omec-project amf PathSwitchRequest memory corruption 23.05.2026
CVE-2026-9296 Edimax BR-6428NS POST Request formWlanM system command injection 23.05.2026
CVE-2026-9294 Edimax BR-6428NS POST Request formWanTcpipSetup buffer overflow 23.05.2026
CVE-2026-9295 Edimax BR-6428NS POST Request formWirelessTbl buffer overflow 23.05.2026
CVE-2026-6419 Wishlist Member <= 3.30.1 - Missing Authorization to Authenticated (Subscriber+) API Secret Key Disclosure and Privilege Escalation via 'wlm3_get_screen' AJAX action 23.05.2026 8.8
CVE-2026-6895 Wishlist Member <= 3.30.1 - Missing Authorization to Authenticated (Subscriber+) API Secret Key Disclosure and Privilege Escalation via 'wlm3_export_settings' AJAX Action 23.05.2026 8.8
CVE-2026-6897 Wishlist Member <= 3.30.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Options Update via 'wishlistmember_team_accounts_save_settings' AJAX action 23.05.2026 8.8
CVE-2026-6898 WishList Member <= 3.30.1 - Missing Authorization to Authenticated (Subscriber+) Generate API Secret Key via 'wlm3_generate_api_key' AJAX action 23.05.2026 8.8
CVE-2026-9284 WooCommerce PayPal Payments <= 4.0.1 - Missing Authorization to Unauthenticated Order Manipulation and Information Disclosure 23.05.2026 8.2
CVE-2026-41149 Mermaid: Improper sanitization of `classDef` in state diagrams leads to HTML injection 23.05.2026
CVE-2026-23652 Microsoft Power Pages Remote Code Execution Vulnerability 22.05.2026 10
CVE-2026-23663 Microsoft Global Secure Access (GSA) Information Disclosure Vulnerability 22.05.2026 7.5
CVE-2026-26147 Azure Stack HCI Information Disclosure Vulnerability 22.05.2026 7.7
CVE-2026-33843 Microsoft Azure Active Directory B2C Elevation of Privilege Vulnerability 22.05.2026 9.1
CVE-2026-35430 Azure Privileged Identity Management (PIM) Elevation of Privilege Vulnerability 23.05.2026 8.8
CVE-2026-40411 Azure Virtual Network Gateway Remote Code Execution Vulnerability 22.05.2026 9.9
CVE-2026-40412 Azure Orbital Spatio Remote Code Execution Vulnerability 22.05.2026 10
CVE-2026-41090 Microsoft Copilot Tampering Vulnerability 22.05.2026 9.3
CVE-2026-41104 Microsoft Planetary Computer Pro Information Disclosure Vulnerability 22.05.2026 10
CVE-2026-41148 Mermaid: Improper sanitization of `classDefs` in diagrams leads to CSS injection 22.05.2026
CVE-2026-42827 M365 Copilot Information Disclosure Vulnerability 22.05.2026 6.5
CVE-2026-42901 Microsoft Entra ID Elevation of Privilege Vulnerability 23.05.2026 10
CVE-2026-45659 Microsoft SharePoint Remote Code Execution Vulnerability 22.05.2026 8.8
CVE-2026-47280 Azure Resource Manager Elevation of Privilege Vulnerability 22.05.2026 10
CVE-2026-41076 RT: LDAP authentication bypass via empty password 22.05.2026 8.1
CVE-2026-41147 NukeViet CMS: Stored Cross-Site Scripting (XSS) via insufficient server-side input sanitization in Request class 22.05.2026 8.7
CVE-2026-41071 libheif: Heap buffer over-read in SampleAuxInfoReader via crafted HEIF sequence file with mismatched saiz sample count 22.05.2026
CVE-2026-41073 RT: Spreadsheet downloads vulnerable to CSV/formula injection in Microsoft Excel and similar apps 23.05.2026 4.6
CVE-2026-41074 RT has broken CSRF protection for authenticated users 22.05.2026 7.1
CVE-2026-41075 RT: SQL injection via entry_aggregator parameter in JSON search 22.05.2026 8.8
CVE-2026-3294 Authentication Logic Vulnerability on Multiple TP-Link Range Extenders 22.05.2026
CVE-2026-41069 libheif allows Out-of-bounds vector access leading to invalid dereference (DoS) 22.05.2026 6.5
CVE-2026-40864 JupyterHub: Cross-origin form POSTs bypass XSRF 22.05.2026 5.4
CVE-2026-39824 Invoking integer overflow in NewNTUnicodeString in golang.org/x/sys/windows 22.05.2026
CVE-2026-40295 Devise: Open Redirect via Unvalidated `request.referrer` in Timeoutable Session Timeout Handler 22.05.2026 6.1
CVE-2026-40596 MantisBT is vulnerable to XSS and potential account takeover via user font family preference update 22.05.2026
CVE-2026-40597 MantisBT has a Content Security Policy bypass via attachments 22.05.2026
CVE-2026-40598 MantisBT has Potential Referer-Based Reflected HTML Injection / XSS in Tag Update Page 23.05.2026
CVE-2026-40607 MantisBT is Vulnerable to Stored XSS Through its Saved-Filter Owner Column 22.05.2026
CVE-2026-40610 BentoML has Information Disclosure in `bentoml build` via symlink traversal in the build context 22.05.2026 5.5
CVE-2026-5817 Docker Model Runner container-to-host code execution via unsandboxed trust_remote_code in Python inference backends 22.05.2026
CVE-2026-5843 Docker Model Runner container-to-host code execution via MLX-LM model_file importlib loading 22.05.2026
CVE-2026-39969 TypeBot: WhatsApp Webhook Endpoint Missing Signature Verification 23.05.2026 6.5
CVE-2026-40166 authentik: Non-admin user can retrieve confidential OAuth client_secret via /api/v3/oauth2/access_tokens/ 22.05.2026
CVE-2026-40172 authentik: Privilege Escalation via User PATCH: Superuser Group Assignment Bypasses enable_group_superuser 22.05.2026 8.1
CVE-2026-48700 22.05.2026