| CVE-2026-30117 |
|
19.05.2026 |
|
| CVE-2026-30118 |
|
19.05.2026 |
|
| CVE-2026-31069 |
|
19.05.2026 |
|
| CVE-2026-31070 |
|
19.05.2026 |
|
| CVE-2026-31071 |
|
19.05.2026 |
|
| CVE-2026-31072 |
|
19.05.2026 |
|
| CVE-2026-37281 |
|
19.05.2026 |
|
| CVE-2026-5804 |
|
19.05.2026 |
|
| CVE-2026-8706 |
Sensitive user data could be leaked to other applications through Reader mode |
19.05.2026 |
|
| CVE-2025-51427 |
|
19.05.2026 |
|
| CVE-2025-70950 |
|
19.05.2026 |
|
| CVE-2026-2586 |
|
19.05.2026 |
9.1 |
| CVE-2026-2587 |
|
19.05.2026 |
9.6 |
| CVE-2026-34883 |
|
19.05.2026 |
|
| CVE-2026-43634 |
HestiaCP 1.2.0-1.9.4 IP Spoofing via CF-Connecting-IP Header |
19.05.2026 |
|
| CVE-2026-44159 |
Tyler Identity Local (TID-L) default administrative credentials |
19.05.2026 |
9.8 |
| CVE-2026-45557 |
Technitium DNS Server excessive DNSSEC requests |
19.05.2026 |
5.8 |
| CVE-2026-47100 |
Funnel Builder for WooCommerce Checkout < 3.15.0.3 Missing Authorization via AJAX |
19.05.2026 |
|
| CVE-2026-8711 |
NGINX JavaScript vulnerability |
19.05.2026 |
8.1 |
| CVE-2025-14575 |
Uncontrolled Search Path Element in Qt Network OpenSSL TLS backend allows rogue CA certificate loading |
19.05.2026 |
|
| CVE-2025-40900 |
Angular template injection in Reports in Guardian/CMC before 26.1.0 |
19.05.2026 |
|
| CVE-2025-40901 |
HTML injection in Credentials Manager in Guardian/CMC before 26.1.0 |
19.05.2026 |
|
| CVE-2025-40902 |
HTML injection in Users in Guardian/CMC before 26.1.0 |
19.05.2026 |
|
| CVE-2025-40903 |
HTML injection in Schedule Restore Archive in Guardian/CMC before 26.1.0 |
19.05.2026 |
|
| CVE-2025-40904 |
HTML injection in Smart Polling in Guardian/CMC before 26.1.0 |
19.05.2026 |
|
| CVE-2026-23557 |
Xenstored DoS via XS_RESET_WATCHES command |
19.05.2026 |
|
| CVE-2026-23558 |
grant table v2 race in status page mapping |
19.05.2026 |
|
| CVE-2026-42096 |
Broken Access Control in Sparx Pro Cloud Server |
19.05.2026 |
|
| CVE-2026-42097 |
Authentication Bypass in Sparx Pro Cloud Server |
19.05.2026 |
|
| CVE-2026-42098 |
Authorization Bypass in Sparx Enterprise Architect |
19.05.2026 |
|
| CVE-2026-42099 |
Race Condition in Sparx Pro Cloud Server |
19.05.2026 |
|
| CVE-2026-42100 |
DoS in Sparx Pro Cloud Server |
19.05.2026 |
|
| CVE-2026-43633 |
HestiaCP 1.9.0-1.9.4 Deserialization RCE via Web Terminal |
19.05.2026 |
|
| CVE-2026-47323 |
Apache Camel: Camel-CXF Message Header Injection via Missing Inbound Filtering |
19.05.2026 |
|
| CVE-2026-6354 |
|
19.05.2026 |
|
| CVE-2026-8945 |
Sandbox escape in Firefox and Firefox Focus for Android |
19.05.2026 |
|
| CVE-2026-8946 |
Incorrect boundary conditions in the Audio/Video: Web Codecs component |
19.05.2026 |
|
| CVE-2026-8947 |
Use-after-free in the DOM: Bindings (WebIDL) component |
19.05.2026 |
|
| CVE-2026-8948 |
Same-origin policy bypass in the DOM: Networking component |
19.05.2026 |
|
| CVE-2026-8949 |
Integer overflow in the Widget: Win32 component |
19.05.2026 |
|
| CVE-2026-8950 |
Same-origin policy bypass in the Networking: HTTP component |
19.05.2026 |
|
| CVE-2026-8951 |
Spoofing issue in the Toolbar component in Firefox for Android |
19.05.2026 |
|
| CVE-2026-8952 |
Privilege escalation in the Application Update component |
19.05.2026 |
|
| CVE-2026-8953 |
Sandbox escape due to use-after-free in the Disability Access APIs component |
19.05.2026 |
|
| CVE-2026-8954 |
Incorrect boundary conditions, integer overflow in the Audio/Video component |
19.05.2026 |
|
| CVE-2026-8955 |
Privilege escalation in the DOM: Workers component |
19.05.2026 |
|
| CVE-2026-8956 |
Integer overflow in the Networking: JAR component |
19.05.2026 |
|
| CVE-2026-8957 |
Privilege escalation in the Enterprise Policies component |
19.05.2026 |
|
| CVE-2026-8958 |
Information disclosure, sandbox escape in the Security: Process Sandboxing component |
19.05.2026 |
|
| CVE-2026-8959 |
Sandbox escape due to incorrect boundary conditions in the Widget: Win32 component |
19.05.2026 |
|
| CVE-2026-8960 |
Spoofing issue in WebExtensions |
19.05.2026 |
|
| CVE-2026-8961 |
Spoofing issue in the Form Autofill component |
19.05.2026 |
|
| CVE-2026-8962 |
Mitigation bypass in the DOM: Security component |
19.05.2026 |
|
| CVE-2026-8963 |
Spoofing issue in the Web Speech component |
19.05.2026 |
|
| CVE-2026-8964 |
Spoofing issue in the Popup Blocker component |
19.05.2026 |
|
| CVE-2026-8965 |
Information disclosure in the DOM: Security component |
19.05.2026 |
|
| CVE-2026-8966 |
Information disclosure in the IP Protection component |
19.05.2026 |
|
| CVE-2026-8967 |
Information disclosure in the Graphics: WebGPU component |
19.05.2026 |
|
| CVE-2026-8968 |
Denial-of-service due to invalid pointer in the Audio/Video: Web Codecs component |
19.05.2026 |
|
| CVE-2026-8969 |
Mitigation bypass in the DOM: Security component |
19.05.2026 |
|
| CVE-2026-8970 |
Privilege escalation in the Security component |
19.05.2026 |
|
| CVE-2026-8971 |
Same-origin policy bypass in the Networking: JAR component |
19.05.2026 |
|
| CVE-2026-8972 |
Privilege escalation in the WebRTC: Audio/Video component |
19.05.2026 |
|
| CVE-2026-8973 |
Memory safety bugs fixed in Firefox 151 |
19.05.2026 |
|
| CVE-2026-8974 |
Memory safety bugs fixed in Firefox ESR 140.11 and Firefox 151 |
19.05.2026 |
|
| CVE-2026-8975 |
Memory safety bugs fixed in Firefox ESR 115.36, Firefox ESR 140.11 and Firefox 151 |
19.05.2026 |
|
| CVE-2026-4883 |
Piotnet Forms <= 2.1.40 - Unauthenticated Arbitrary File Upload via Form File Upload |
19.05.2026 |
9.8 |
| CVE-2026-8912 |
Contest Gallery <= 28.1.6 - Unauthenticated SQL Injection |
19.05.2026 |
7.5 |
| CVE-2026-37978 |
Keycloak: org.keycloak.services: keycloak: information disclosure via evaluate-scopes admin api |
19.05.2026 |
|
| CVE-2026-37979 |
Keycloak: keycloak: information disclosure via oidc token introspection endpoint audience bypass |
19.05.2026 |
|
| CVE-2026-37981 |
Keycloak: org.keycloak.authorization: keycloak: information disclosure via broken access control in user lookup endpoint |
19.05.2026 |
|
| CVE-2026-37982 |
Keycloak: org.keycloak.authentication: keycloak: unauthorized account takeover via webauthn token replay |
19.05.2026 |
|
| CVE-2026-43491 |
net: qrtr: ns: Limit the maximum server registration per node |
19.05.2026 |
|
| CVE-2026-43492 |
lib/crypto: mpi: Fix integer underflow in mpi_read_raw_from_sgl() |
19.05.2026 |
|
| CVE-2026-43493 |
crypto: pcrypt - Fix handling of MAY_BACKLOG requests |
19.05.2026 |
|
| CVE-2026-45442 |
WordPress Presto Player plugin <= 4.1.3 - Broken Access Control vulnerability |
19.05.2026 |
4.3 |
| CVE-2026-4630 |
Keycloak: keycloak: unauthorized resource access and data modification via insecure direct object reference |
19.05.2026 |
|
| CVE-2026-7307 |
Keycloak: keycloak: denial of service via specially crafted saml input |
19.05.2026 |
|
| CVE-2026-7504 |
Org.keycloak/keycloak-services: open redirect when using wildcard valid redirect uris in keycloak |
19.05.2026 |
|
| CVE-2026-7507 |
Org.keycloak/keycloak-services: session fixation in oidc login flow that can lead to account takeover |
19.05.2026 |
|
| CVE-2026-7571 |
Keycloak: keycloak: access token disclosure and implicit flow bypass via forged client data |
19.05.2026 |
|
| CVE-2026-7860 |
Possible information disclosure of environment variables in Vaadin Build Plugins via Failed Frontend Build |
19.05.2026 |
|
| CVE-2026-29207 |
Apache OFBiz: Low-Privilege SSTI Leading to RCE in the Content Component |
19.05.2026 |
|
| CVE-2026-29220 |
Apache OFBiz: Low-Privilege LFI in Content Component |
19.05.2026 |
|
| CVE-2026-29226 |
Apache OFBiz: Low-Privilege SSRF in Content Component |
19.05.2026 |
|
| CVE-2026-2611 |
Improper Origin Validation in mlflow/mlflow |
19.05.2026 |
|
| CVE-2026-31378 |
Apache OFBiz: JSON Attribute Override and URL Allowlist Bypass Leads to Remote Code Execution |
19.05.2026 |
|
| CVE-2026-31379 |
Apache OFBiz: Path Traversal and File Upload Validation Bypass Leading to Arbitrary File Write, Stored XSS and RCE in Catalog Manager |
19.05.2026 |
|
| CVE-2026-31380 |
Apache OFBiz: FreeMarker SSTI via Duplicate Parameter Sanitization Bypass |
19.05.2026 |
|
| CVE-2026-31387 |
Apache OFBiz: Cookie Manipulation Allows Authenticated JWT Forgery and Account Impersonation |
19.05.2026 |
|
| CVE-2026-31388 |
Apache OFBiz: Cross-Tenant Data Exposure via Program Export Feature |
19.05.2026 |
|
| CVE-2026-31906 |
Apache OFBiz: Reflected XSS via Improper HTML Attribute Escaping in Layered-Modal Dialog Parameters |
19.05.2026 |
|
| CVE-2026-31909 |
Apache OFBiz: Unauthenticated Shipment Label Image Disclosure |
19.05.2026 |
|
| CVE-2026-31910 |
Apache OFBiz: Improper Input Validation in UI Factory Classes Leads to SSRF and Blind File Access |
19.05.2026 |
|
| CVE-2026-31986 |
Apache OFBiz: Unauthenticated RCE via Default JWT Signing Key and Widget Template Injection |
19.05.2026 |
|
| CVE-2026-35086 |
Apache OFBiz: Authenticated Remote Code Execution via Unsafe Template Expansion in email services |
19.05.2026 |
|
| CVE-2026-41919 |
Apache OFBiz: Authentication Bypass due to Improper Neutralization of LDAP Special Elements in DN Construction |
19.05.2026 |
|
| CVE-2026-45187 |
Apache OFBiz: Improper Authorization in Scheduled Job Creation Allows Low-Privileged Users to Submit System Jobs |
19.05.2026 |
|
| CVE-2026-45434 |
Apache OFBiz: Authentication Bypass via Password-Change Logic Flaw Leading to RCE |
19.05.2026 |
|
| CVE-2026-46586 |
Apache OFBiz: Improper Validation in traverseContent Service Enables Authenticated Groovy Code Execution |
19.05.2026 |
|
| CVE-2026-46721 |
Broken Access Control in extension "Frontend User Registration" (sf_register) |
19.05.2026 |
|
| CVE-2026-46722 |
XML External Entity Injection in extension "Faceted Search" (ke_search) |
19.05.2026 |
|
| CVE-2026-46723 |
Information Disclosure in extension "Faceted Search" (ke_search) |
19.05.2026 |
|
| CVE-2026-46724 |
Path Traversal in extension "Faceted Search" (ke_search) |
19.05.2026 |
|
| CVE-2026-46725 |
Remote Code Execution in extension "Content Element Selector" (ceselector) |
19.05.2026 |
|
| CVE-2026-8726 |
SQL Injection in extension "News system" (news) |
19.05.2026 |
|
| CVE-2026-8727 |
Remote Code Execution in extension "Site Crawler" (crawler) |
19.05.2026 |
|
| CVE-2026-8827 |
SQL Injection in extension "Address List" (tt_address) |
19.05.2026 |
|
| CVE-2026-44408 |
Unauthorized access vulnerability in ZTE MU5250 |
19.05.2026 |
6.3 |
| CVE-2026-47312 |
|
19.05.2026 |
5.5 |
| CVE-2026-47313 |
|
19.05.2026 |
5.5 |
| CVE-2026-47314 |
|
19.05.2026 |
7.8 |
| CVE-2026-47315 |
|
19.05.2026 |
5.5 |
| CVE-2026-47316 |
|
19.05.2026 |
5.5 |
| CVE-2026-47317 |
|
19.05.2026 |
5.5 |
| CVE-2026-4885 |
Piotnet Addons for Elementor Pro <= 7.1.70 - Unauthenticated Arbitrary File Upload via Form File Upload |
19.05.2026 |
9.8 |
| CVE-2026-8922 |
Org.keycloak/keycloak-services: keycloak: org.keycloak.protocol.oidc: security flaw in org.keycloak/keycloak-services |
19.05.2026 |
|
| CVE-2025-15609 |
Fortis For WooCommerce < 1.3.1 - Sensitive API Key Disclosure |
19.05.2026 |
|
| CVE-2026-47309 |
|
19.05.2026 |
5.5 |
| CVE-2026-47310 |
|
19.05.2026 |
7.8 |
| CVE-2026-47311 |
|
19.05.2026 |
7.8 |
| CVE-2026-8813 |
|
19.05.2026 |
7.5 |
| CVE-2026-8814 |
|
19.05.2026 |
5.3 |
| CVE-2026-8830 |
Keycloak: org.keycloak/keycloak-services: keycloak: policy bypass during webauthn credential registration via client-side javascript manipulation |
19.05.2026 |
|
| CVE-2026-32994 |
|
19.05.2026 |
|
| CVE-2026-47308 |
|
19.05.2026 |
5.5 |