CVE Field Guide

Critical CVEs

CVE	Title	Updated	Score
CVE-2026-44050	Heap buffer overflow in CNID daemon comm_rcv()	21.05.2026	9.9
CVE-2026-6279	Avada (Fusion) Builder <= 3.15.2 - Unauthenticated Remote Code Execution via PHP Function Injection via 'render_logics' Shortcode Attribute via Widget AJAX Handler	21.05.2026	9.8
CVE-2026-48172		21.05.2026	10
CVE-2026-9152	Unauthenticated SOAP Endpoint in Altium 365 SearchService Allows Cross-Tenant Data Exfiltration and Index Destruction	21.05.2026	10
CVE-2026-8631	HP Linux Imaging and Printing Software – Potential Escalation of Privilege and Arbitrary Code Execution	21.05.2026	9.3
CVE-2026-39405	Frappe has Path Transversal via SCORM	20.05.2026	9.4
CVE-2026-9139	Taiko AG1000-01A Rev 7.3/8 Hard-coded Credentials via login.zhtml	20.05.2026	9.3
CVE-2026-9141	Taiko AG1000-01A Rev 7.3/8 Authentication Bypass via Web Interface	20.05.2026	9.3
CVE-2026-23734	XWiki Platform: Path traversal via resources parameter in ssx and jsx endpoints when using leading slash	20.05.2026	9.3
CVE-2026-33137	XWiki Platform has an Unauthenticated XAR Import via REST /wikis/{wikiName}	20.05.2026	9.3
CVE-2026-45444	WordPress Gift Cards For WooCommerce Pro plugin <= 4.2.6 - Arbitrary File Upload vulnerability	20.05.2026	10
CVE-2026-9102	Path Traversal in Altium Enterprise Server ComparisonService Allows Arbitrary File Write	20.05.2026	9.4
CVE-2026-9129	Path Traversal in Altium Enterprise Server Viewer StorageController Allows Arbitrary File Read	20.05.2026	9.4
CVE-2026-20223	Cisco Secure Workload Unauthorized API Access Vulnerability	21.05.2026	10
CVE-2026-8598	Unauthenticated Export Service in ZKTeco CCTV Cameras	20.05.2026	9.1
CVE-2026-8467	Unauthenticated remote code execution via HEEx template injection in phoenix_storybook playground	20.05.2026	9.5
CVE-2026-22314		20.05.2026	9
CVE-2026-33278	Possible arbitrary code execution during DNSSEC validation	20.05.2026	9.1
CVE-2026-9059	NextGEN Gallery - SQL Injection	20.05.2026	9.3
CVE-2026-9065	Surecart - SQL Injection	20.05.2026	9.3
CVE-2026-24207		20.05.2026	9.8
CVE-2026-7637	Boost <= 2.0.3 - Unauthenticated PHP Object Injection via STYXKEY-BOOST_USER_LOCATION Cookie	20.05.2026	9.8
CVE-2026-6555	ProSolution WP Client <= 2.0.0 - Unauthenticated Arbitrary File Upload via 'files'	20.05.2026	9.8
CVE-2026-7284	Easy Elements for Elementor <= 1.4.4 - Unauthenticated Privilege Escalation via easyel_handle_register	20.05.2026	9.8
CVE-2026-34234	CtrlPanel: Unauthenticated RCE using installer script	20.05.2026	10
CVE-2026-33642	Kitty has a Heap Buffer Over-Read/Write via Integer Overflow in compose_rectangles Bounds Check	19.05.2026	9.9
CVE-2026-47357		19.05.2026	9.3
CVE-2026-47358		19.05.2026	9.3
CVE-2026-2586		20.05.2026	9.1
CVE-2026-2587		20.05.2026	9.6
CVE-2026-44159	Tyler Identity Local (TID-L) default administrative credentials	19.05.2026	9.3
CVE-2026-8711	NGINX JavaScript vulnerability	20.05.2026	9.2
CVE-2026-42097	Authentication Bypass in Sparx Pro Cloud Server	19.05.2026	9.3
CVE-2026-43633	HestiaCP 1.9.0-1.9.4 Deserialization RCE via Web Terminal	19.05.2026	9.5
CVE-2026-4883	Piotnet Forms <= 2.1.40 - Unauthenticated Arbitrary File Upload via Form File Upload	19.05.2026	9.8
CVE-2026-43493	crypto: pcrypt - Fix handling of MAY_BACKLOG requests	20.05.2026	9.8
CVE-2026-2611	Improper Origin Validation in mlflow/mlflow	19.05.2026	9.6
CVE-2026-46725	Remote Code Execution in extension "Content Element Selector" (ceselector)	19.05.2026	9.2
CVE-2026-4885	Piotnet Addons for Elementor Pro <= 7.1.70 - Unauthenticated Arbitrary File Upload via Form File Upload	19.05.2026	9.8
CVE-2026-27130	Dokploy has Command Injection in its Service Operations	19.05.2026	9.9
CVE-2026-25244	WebdriverIO has Command Injection in the BrowserStack Service	19.05.2026	9.8
CVE-2026-8838	Remote Code Execution via eval() Injection in amazon-redshift-python-driver	19.05.2026	9.3
CVE-2026-8836	lwIP snmpv3 USM snmp_msg.c snmp_parse_inbound_frame stack-based overflow	18.05.2026	9.3
CVE-2026-42822	Azure Local Disconnected Operations (ALDO) Elevation of Privilege Vulnerability	20.05.2026	10
CVE-2026-45829		19.05.2026	10
CVE-2026-41947	Dify v1.14.1 Authorization Bypass via Trace Configuration Endpoints	18.05.2026	9.1
CVE-2026-41948	Dify v1.14.1 Path Traversal via Plugin Daemon Internal API Access	18.05.2026	9.2
CVE-2026-4320	Authorization Bypass in ICMS Content Management by Creartia Internet Consulting	18.05.2026	9.3
CVE-2018-25320	ACL Analytics 11.x - 13.0.0.579 Arbitrary Code Execution	18.05.2026	9.3
CVE-2018-25332	GitBucket 4.23.1 Unauthenticated Remote Code Execution	18.05.2026	9.3
CVE-2018-25335	WordPress Plugin Peugeot Music 1.0 Arbitrary File Upload	18.05.2026	9.3
CVE-2020-37228	iDS6 DSSPro Digital Signage System 6.2 CAPTCHA Security Bypass	18.05.2026	9.3
CVE-2020-37239	libbabl 0.1.62 Broken Double Free Detection Memory Safety	18.05.2026	9.3
CVE-2021-47952	python jsonpickle 2.0.0 Remote Code Execution via py/repr	18.05.2026	9.3
CVE-2026-44551	Open WebUI: LDAP Empty Password Authentication Bypass	19.05.2026	9.1
CVE-2021-47965	WordPress Plugin WP Super Edit 2.5.4 Unrestricted File Upload	15.05.2026	9.3
CVE-2026-45010	phpMyFAQ - Unauthenticated Two-Factor Authentication Brute-Force via /admin/check Endpoint	15.05.2026	9.1
CVE-2026-46364	phpMyFAQ - SQL Injection via User-Agent Header in BuiltinCaptcha	15.05.2026	9.8
CVE-2026-42155	Magento LTS: Weak API Session ID — Predictable MD5 of Time-Derived Inputs	15.05.2026	9.3
CVE-2026-44717	MCP Calculate Server: Prompt Injection to RCE	15.05.2026	9.8
CVE-2026-45035	Tabby: RCE via `tabby://run` URL Scheme	21.05.2026	9.4
CVE-2026-41258	OpenMRS: Stored Velocity SSTI to RCE via ConceptReferenceRange	15.05.2026	9.1
CVE-2026-44699	LibJWT: Algorithm confusion allows JWT forgery with RSA JWK as empty-key HMAC	15.05.2026	9.1
CVE-2026-2031	Google Cloud Application Integration: Exposed internal APIs allow Information Disclosure and Remote Code Execution.	15.05.2026	10
CVE-2026-41552	Path Traversal in PDF Export Module	15.05.2026	9.2
CVE-2026-41553	Remote Code Execution in PDF Export Module	15.05.2026	10
CVE-2026-7182	Path Traversal in Diagram	15.05.2026	9.2
CVE-2026-5229	Receive Notifications After Form Submitting – Form Notify for Any Forms <= 1.1.10 - Unauthenticated Authentication Bypass via LINE OAuth Callback	15.05.2026	9.8
CVE-2026-8398		16.05.2026	9.3
CVE-2026-0481		15.05.2026	9.2
CVE-2026-44212	PrestaShop: Stored XSS executable in customer service view	15.05.2026	9.3
CVE-2026-44666	HRConvert2: Missing Sanitization enables Unauthenticated Remote Command Execution	15.05.2026	9.3
CVE-2026-8634	Crabbox < v0.12.0 Environment Variable Information Disclosure	15.05.2026	9.3
CVE-2026-22599	Strapi Vulnerable to SQL Injection in Content Type Builder	14.05.2026	9.3
CVE-2026-27886	Strapi may leak sensitive data via relational filtering due to lack of query sanitization	14.05.2026	9.2
CVE-2026-41315	mdserver-web: Missing Authorization and Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')	16.05.2026	9.3
CVE-2026-44523	Note Mark: JWT Secret Weakness allows Full Account Takeover via token forgery	15.05.2026	10
CVE-2026-44588	SiYuan: URL-encoded title bypasses `escapeAriaLabel`, decoded by `decodeURIComponent` into a tooltip-XSS	15.05.2026	9.4
CVE-2026-44592	Gradient: Unauthenticated worker on /proto → arbitrary NAR write / cache poisoning	16.05.2026	9.4
CVE-2026-44670	SiYuan: Stored XSS via Attribute View name to Electron renderer RCE in SiYuan	15.05.2026	9.4
CVE-2026-45375	SiYuan: Bazaar marketplace renders unescaped package `name` and `version` metadata, allowing stored XSS and Electron code execution	16.05.2026	9
CVE-2026-41615	Microsoft Authenticator Information Disclosure Vulnerability	20.05.2026	9.6
CVE-2026-44542	FileBrowser Quantum: Unauthenticated Path Traversal in Public Share Delete Allows Arbitrary File Deletion	15.05.2026	9.1
CVE-2026-20182	Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability	15.05.2026	10
CVE-2026-42555	Valtimo: SpEL injection via StandardEvaluationContext allows Remote Code Execution by admin users	14.05.2026	9.1
CVE-2026-42281	MagicMirror²: Unauthenticated SSRF via /cors endpoint	14.05.2026	9.2

Latest Updates

CVE	Title	Updated	Score
CVE-2026-44047	SQL injection in MySQL CNID backend	21.05.2026	8.8
CVE-2026-44048	Stack buffer overflow via UCS-2 type confusion in convert_charset()	21.05.2026	8.8
CVE-2026-44049	Out-of-bounds write in convert_charset() null termination	21.05.2026	7.5
CVE-2026-44050	Heap buffer overflow in CNID daemon comm_rcv()	21.05.2026	9.9
CVE-2026-44051	Arbitrary file read via attacker-controlled symlink creation	21.05.2026	8.1
CVE-2026-44052	LDAP simple-bind password exposure in log output	21.05.2026	7.5
CVE-2026-44053	Weak cryptography in DHCAST128 UAM	21.05.2026	7.4
CVE-2026-44054	Predictable afpd session token	21.05.2026	6.5
CVE-2026-44055	Bitwise OR logic bug enables shell injection	21.05.2026	7.5
CVE-2026-44056	Stack buffer overflow in desktop.c	21.05.2026	6
CVE-2026-44058	Authentication bypass via admin auth user	21.05.2026	6.4
CVE-2026-44059	Non-reentrant privilege toggle	21.05.2026	3.9
CVE-2026-44060	Integer underflow in dsi_writeinit() leads to denial of service	21.05.2026	7.5
CVE-2026-44061	DES-ECB auth with timing side channel	21.05.2026	5.9
CVE-2026-44062	Missing o_len bounds check in pull_charset_flags()	21.05.2026	7.5
CVE-2026-44063	LDAP filter injection	21.05.2026	4.2
CVE-2026-44064	ASP session ID out-of-bounds access	21.05.2026	7.1
CVE-2026-44065	Off-by-two in papd lp_write()	21.05.2026	3.7
CVE-2026-44066	Heap out-of-bounds reads in Spotlight RPC unmarshalling	21.05.2026	7.1
CVE-2026-44067	EA header parsing heap over-read	21.05.2026	3.7
CVE-2026-44068	EA path traversal via incomplete sanitization	21.05.2026	7.6
CVE-2026-44069	Integer underflow in volxlate	21.05.2026	3.4
CVE-2026-44070	Unbounded realloc in charset conversion	21.05.2026	3.1
CVE-2026-44072	system() after failed chdir()	21.05.2026	2.5
CVE-2026-44073	seteuid failure ignored in auth modules	21.05.2026	4
CVE-2026-44076	Shell injection via volume path	21.05.2026	6.7
CVE-2026-4055	Insufficient permission validation on cross-team playbook run creation	21.05.2026	4.3
CVE-2026-7835	Format string argument mismatch	21.05.2026	3.1
CVE-2026-7836	hextoint macro uppercase bug	21.05.2026	3.1
CVE-2026-1543	Avada (Fusion) Builder <= 3.15.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Multiple Shortcodes	21.05.2026	6.4
CVE-2026-2734	Authorization Bypass in SearchModelVersions in mlflow/mlflow	21.05.2026
CVE-2026-6279	Avada (Fusion) Builder <= 3.15.2 - Unauthenticated Remote Code Execution via PHP Function Injection via 'render_logics' Shortcode Attribute via Widget AJAX Handler	21.05.2026	9.8
CVE-2026-4811	WPB Floating Menu or Categories – Sticky Floating Side Menu & Categories with Icons <= 1.0.8 - Authenticated (Editor+) Stored Cross-Site Scripting via 'Icon CSS Class' Category Field	21.05.2026	4.9
CVE-2026-1881	Broadstreet <= 1.52.2 - Authenticated (Subscriber+) Private Post Meta Disclosure via get_sponsored_meta	21.05.2026	4.3
CVE-2026-48172		21.05.2026
CVE-2026-9152	Unauthenticated SOAP Endpoint in Altium 365 SearchService Allows Cross-Tenant Data Exfiltration and Index Destruction	21.05.2026
CVE-2026-40165	authentik: SAML NameID XML Comment Injection Enables Authentication Bypass via Identifier Truncation	20.05.2026	8.7
CVE-2026-9149	Libsolv: heap buffer overflow in libsolv repo_add_solv via negative maxsize from crafted .solv file	20.05.2026
CVE-2026-47782		20.05.2026
CVE-2026-9150	Libsolv: stack-based buffer overflow in libsolv's debian metadata parser when handling sha384/sha512 checksums	20.05.2026
CVE-2026-8399		20.05.2026
CVE-2026-40102	Plane: ORM Field Reference Injection via `segment` Parameter in Saved Analytics	20.05.2026	6.5
CVE-2026-47372	Crypt::SaltedHash versions through 0.09 for Perl generate insecure random values for salts	21.05.2026
CVE-2026-39960	MantisBT is Vulnerable to Stored XSS through Custom Field Textarea Values	20.05.2026	5.4
CVE-2026-40092	nimiq-keys: Unchecked Ed25519 signature length in TaggedPublicKey::verify causes remote node panic via DHT	20.05.2026	7.5
CVE-2026-40094	nimiq-blockchain: network-libp2p untrusted peer can crash address book via empty peer contact addresses	20.05.2026	4.3
CVE-2026-47373	Crypt::SaltedHash versions through 0.09 for Perl is susceptible to timing attacks	20.05.2026
CVE-2026-8631	HP Linux Imaging and Printing Software – Potential Escalation of Privilege and Arbitrary Code Execution	21.05.2026
CVE-2026-8632	HP Linux Imaging and Printing Software – Potential Escalation of Privilege and Arbitrary Code Execution	21.05.2026
CVE-2026-35007	Open ISES Tickets < 3.44.2 Reflected XSS via single_unit.php id Parameter	20.05.2026
CVE-2026-35008	Open ISES Tickets < 3.44.2 Reflected XSS via single.php ticket_id Parameter	20.05.2026
CVE-2026-35009	Open ISES Tickets < 3.44.2 Reflected XSS via add_note.php ticket_id Parameter	20.05.2026
CVE-2026-35010	Open ISES Tickets < 3.44.2 Reflected XSS via patient_JF.php ticket_id Parameter	20.05.2026
CVE-2026-35011	Open ISES Tickets < 3.44.2 Reflected XSS via opena.php frm_call Parameter	20.05.2026
CVE-2026-35012	Open ISES Tickets < 3.44.2 Reflected XSS via add_facnote.php ticket_id Parameter	20.05.2026
CVE-2026-35013	Open ISES Tickets < 3.44.2 Reflected XSS via street_view.php thelat and thelng Parameters	20.05.2026
CVE-2026-35014	Open ISES Tickets < 3.44.2 Reflected XSS via routes_nm.php ticket_id Parameter	20.05.2026
CVE-2026-35015	Open ISES Tickets < 3.44.2 Reflected XSS via do_unit_mail.php the_ticket Parameter	20.05.2026
CVE-2026-35016	Open ISES Tickets < 3.44.2 Reflected XSS via search.php frm_query Parameter	20.05.2026
CVE-2026-39352	Frappe has an Arbitrary File Read via Path Traversal in render_include	20.05.2026
CVE-2026-39405	Frappe has Path Transversal via SCORM	20.05.2026
CVE-2026-39850	Yii 2: Local file inclusion via view parameter name collision	21.05.2026	7.4
CVE-2026-9133	Arbitrary file read in rabbitmq-aws plugin	20.05.2026	7.7
CVE-2026-9139	Taiko AG1000-01A Rev 7.3/8 Hard-coded Credentials via login.zhtml	20.05.2026	9.8
CVE-2026-9141	Taiko AG1000-01A Rev 7.3/8 Authentication Bypass via Web Interface	20.05.2026	9.8
CVE-2026-9144	Taiko AG1000-01A Rev 7.3/8 Stored XSS via Web Configuration Interface	20.05.2026	7.6
CVE-2026-23734	XWiki Platform: Path traversal via resources parameter in ssx and jsx endpoints when using leading slash	20.05.2026
CVE-2026-24188		20.05.2026	8.2
CVE-2026-24216		20.05.2026	7.8
CVE-2026-24217		20.05.2026	8.8
CVE-2026-24218		21.05.2026	8.1
CVE-2026-26028	CryptPad: Sanitizer Bypass in Diffmarked.js Allows Arbitrary HTML Injection and Potential XSS	20.05.2026	6.1
CVE-2026-2812	Improper Authentication issue in ArcGIS Server	20.05.2026	5.3
CVE-2026-2813	Unvalidated Redirect in ArcGIS Server	20.05.2026	4.7
CVE-2026-33137	XWiki Platform has an Unauthenticated XAR Import via REST /wikis/{wikiName}	20.05.2026
CVE-2026-39310	Trilium Notes: Authentication Bypass in Clipper API for Electron (Desktop) Builds	20.05.2026	8.6
CVE-2026-39311	Trilium Notes: Stored XSS Leads to Unauthorized Remote Code Execution (RCE) via Unsanitized SVG Attachments	20.05.2026	6.8
CVE-2026-45444	WordPress Gift Cards For WooCommerce Pro plugin <= 4.2.6 - Arbitrary File Upload vulnerability	20.05.2026	10
CVE-2026-47099	TeleJSON < 6.0.0 DOM-based XSS via parse() Function	20.05.2026
CVE-2026-9082	Drupal core - Highly critical - SQL injection - SA-CORE-2026-004	21.05.2026
CVE-2026-9102	Path Traversal in Altium Enterprise Server ComparisonService Allows Arbitrary File Write	20.05.2026
CVE-2026-9110		20.05.2026
CVE-2026-9111		21.05.2026
CVE-2026-9112		21.05.2026
CVE-2026-9113		20.05.2026
CVE-2026-9114		21.05.2026
CVE-2026-9115		20.05.2026
CVE-2026-9116		20.05.2026
CVE-2026-9117		21.05.2026
CVE-2026-9118		21.05.2026
CVE-2026-9119		21.05.2026
CVE-2026-9120		21.05.2026
CVE-2026-9121		21.05.2026
CVE-2026-9122		20.05.2026
CVE-2026-9123		21.05.2026
CVE-2026-9124		20.05.2026
CVE-2026-9126		21.05.2026
CVE-2026-9129	Path Traversal in Altium Enterprise Server Viewer StorageController Allows Arbitrary File Read	20.05.2026
CVE-2026-9136	Unauthorized ShadowAttribute modification in MISP via client-supplied identifier	20.05.2026
CVE-2026-9137	CSP Report Endpoint Log Flooding via Incorrect Size Limit	20.05.2026
CVE-2026-20238	Improper Access Control through Role Inheritance in Splunk AI Toolkit app	20.05.2026	6.5
CVE-2026-20239	Sensitive Information Disclosure through Log Files in Splunk Enterprise	21.05.2026	7.5
CVE-2026-20240	Denial of Service through coldToFrozen.sh Script in Splunk Enterprise	20.05.2026	7.1
CVE-2026-30691		20.05.2026
CVE-2026-20171	Cisco Nexus 3000 and 9000 Series Border Gateway Protocol Denial of Service Vulnerability	20.05.2026	6.8
CVE-2026-20199		21.05.2026	4.7
CVE-2026-20206	Cisco ThousandEyes BrowserBot Command Injection Vulnerability	21.05.2026	6.3
CVE-2026-20223	Cisco Secure Workload Unauthorized API Access Vulnerability	21.05.2026	10
CVE-2026-44923		20.05.2026
CVE-2026-44924		20.05.2026
CVE-2026-44925		20.05.2026
CVE-2026-44926		20.05.2026
CVE-2026-7613	Cost of Goods by PixelYourSite <= 1.2.12 - Unauthenticated Stored Cross-Site Scripting via Cost of Goods Import	20.05.2026	7.2
CVE-2026-8342		20.05.2026
CVE-2026-9087	Keycloak: cross-session email verification proof not bound to upstream identity in first-broker-login	20.05.2026
CVE-2026-9100	Heap memory out of bounds read and crash in C Driver legacy GridFS file reader	20.05.2026
CVE-2026-9101	Prototype pollution in csv parsing	20.05.2026