| CVE-2026-41702 |
TOCTOU local privilege escalation vulnerability |
15.05.2026 |
7.8 |
| CVE-2026-4094 |
FOX – Currency Switcher Professional for WooCommerce <= 1.4.5 - Missing Authorization to Authenticated (Contributor+) Configuration Deletion |
15.05.2026 |
8.1 |
| CVE-2026-6646 |
The7 <= 14.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode 'link' Parameter |
15.05.2026 |
6.4 |
| CVE-2026-8654 |
|
15.05.2026 |
|
| CVE-2026-24662 |
|
15.05.2026 |
|
| CVE-2026-28761 |
|
15.05.2026 |
|
| CVE-2026-43490 |
ksmbd: validate inherited ACE SID length |
15.05.2026 |
|
| CVE-2024-21950 |
|
15.05.2026 |
|
| CVE-2024-36323 |
|
15.05.2026 |
|
| CVE-2024-36333 |
|
15.05.2026 |
|
| CVE-2024-36334 |
|
15.05.2026 |
|
| CVE-2025-52532 |
|
15.05.2026 |
|
| CVE-2025-54518 |
|
15.05.2026 |
|
| CVE-2026-0481 |
|
15.05.2026 |
|
| CVE-2021-26380 |
|
15.05.2026 |
|
| CVE-2022-23826 |
|
15.05.2026 |
|
| CVE-2023-31309 |
|
15.05.2026 |
|
| CVE-2023-31316 |
|
15.05.2026 |
|
| CVE-2023-31317 |
|
15.05.2026 |
|
| CVE-2024-21962 |
|
15.05.2026 |
|
| CVE-2024-36332 |
|
15.05.2026 |
|
| CVE-2025-0028 |
|
15.05.2026 |
|
| CVE-2025-0040 |
|
15.05.2026 |
|
| CVE-2025-0044 |
|
15.05.2026 |
|
| CVE-2025-29935 |
|
15.05.2026 |
|
| CVE-2025-29936 |
|
15.05.2026 |
|
| CVE-2025-29937 |
|
15.05.2026 |
|
| CVE-2025-29938 |
|
15.05.2026 |
|
| CVE-2025-29944 |
|
15.05.2026 |
|
| CVE-2025-48513 |
|
15.05.2026 |
|
| CVE-2025-48516 |
|
15.05.2026 |
|
| CVE-2025-54511 |
|
15.05.2026 |
|
| CVE-2025-54517 |
|
15.05.2026 |
|
| CVE-2025-66660 |
|
15.05.2026 |
|
| CVE-2025-66664 |
|
15.05.2026 |
|
| CVE-2026-0427 |
|
15.05.2026 |
|
| CVE-2026-0428 |
|
15.05.2026 |
|
| CVE-2026-2652 |
Authentication Bypass in mlflow/mlflow |
15.05.2026 |
|
| CVE-2026-7373 |
Metasploit Pro on Windows: Local Privilege Escalation via OpenSSL Configuration File Loading |
15.05.2026 |
|
| CVE-2024-36345 |
|
15.05.2026 |
|
| CVE-2025-0045 |
|
15.05.2026 |
|
| CVE-2025-48512 |
|
15.05.2026 |
|
| CVE-2025-48519 |
|
15.05.2026 |
|
| CVE-2025-48520 |
|
15.05.2026 |
|
| CVE-2025-48521 |
|
15.05.2026 |
|
| CVE-2025-52540 |
|
15.05.2026 |
|
| CVE-2026-0432 |
|
15.05.2026 |
|
| CVE-2026-0438 |
|
15.05.2026 |
|
| CVE-2026-8612 |
WWW::Mechanize::Cached versions before 2.00 for Perl deserialize cached HTTP responses from a world-writable on-disk cache, enabling local response forgery and code execution |
15.05.2026 |
|
| CVE-2026-44427 |
MCP Registry: Open Redirect |
14.05.2026 |
|
| CVE-2026-44428 |
MCP Registry: GitHub OIDC tokens replayable across registry deployments due to shared audience |
14.05.2026 |
|
| CVE-2026-44671 |
ZITADEL: LDAP Filter Injection in Login Flow |
14.05.2026 |
7.5 |
| CVE-2026-45248 |
Hedera Guardian Authentication Bypass Information Disclosure |
14.05.2026 |
|
| CVE-2026-6811 |
PHP Stack Exhaustion |
14.05.2026 |
|
| CVE-2026-42847 |
ClipBucket: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') |
14.05.2026 |
|
| CVE-2026-44212 |
PrestaShop: Stored XSS executable in customer service view |
14.05.2026 |
9.3 |
| CVE-2026-44429 |
MCP Registry: Stored XSS in catalogue UI via attribute-quote breakout in publisher-controlled `websiteUrl` |
14.05.2026 |
|
| CVE-2026-44430 |
MCP Registry: Unauthenticated SSRF: HTTP namespace verification dials 6to4 / NAT64 / site-local IPv6 addresses, bypassing private-address allowlist |
14.05.2026 |
|
| CVE-2026-44678 |
Tuist: IDOR in preview deletion API allows cross-tenant deletion of any preview by UUID |
14.05.2026 |
|
| CVE-2026-44700 |
Elixir WebRTC: Missing DTLS peer fingerprint validation in ex_webrtc client-role handshake |
14.05.2026 |
|
| CVE-2026-45781 |
MCP Registry: OCI ownership validation fails open on upstream rate limits, allowing attacker-controlled package claims |
14.05.2026 |
3.5 |
| CVE-2026-42327 |
rust-openssl: undefined behavior in X509Ref::ocsp_responders for certificates with non-UTF-8 OCSP URLs |
14.05.2026 |
|
| CVE-2026-44647 |
OneDev: Path Traversal (read capability via Git LFS pointer resolution) |
14.05.2026 |
|
| CVE-2026-44661 |
python-utcp: SSRF via attacker-controlled OpenAPI servers[0].url in HTTP communication protocol |
14.05.2026 |
4.7 |
| CVE-2026-44662 |
rust-openssl: Heap buffer overflow when encrypting with AES key-wrap-with-padding |
14.05.2026 |
|
| CVE-2026-44666 |
HRConvert2: Missing Sanitization enables Unauthenticated Remote Command Execution |
14.05.2026 |
|
| CVE-2026-44673 |
libyang: lyb_read_string() integer overflow → heap buffer overflow |
14.05.2026 |
7.5 |
| CVE-2026-44679 |
Tuist: Forgot password flow lacks throttling for reset email delivery |
14.05.2026 |
|
| CVE-2026-45369 |
python-utcp: Command Injection via Unsanitized Argument Substitution in CLI Communication Protocol |
14.05.2026 |
8.3 |
| CVE-2026-45370 |
python-utcp: Full Process Environment Exposed to CLI Subprocess - Secrets Leakage via Command Injection |
14.05.2026 |
7.7 |
| CVE-2026-44636 |
libsixel: integer overflow in encoder |
14.05.2026 |
7.4 |
| CVE-2026-44637 |
libsixel: integer overflow in parser |
14.05.2026 |
7.1 |
| CVE-2026-44638 |
libsixel: NULL pointer dereference |
14.05.2026 |
2.5 |
| CVE-2026-8509 |
|
15.05.2026 |
|
| CVE-2026-8510 |
|
15.05.2026 |
|
| CVE-2026-8511 |
|
15.05.2026 |
|
| CVE-2026-8512 |
|
15.05.2026 |
|
| CVE-2026-8513 |
|
15.05.2026 |
|
| CVE-2026-8514 |
|
15.05.2026 |
|
| CVE-2026-8515 |
|
15.05.2026 |
|
| CVE-2026-8516 |
|
14.05.2026 |
|
| CVE-2026-8517 |
|
14.05.2026 |
|
| CVE-2026-8518 |
|
15.05.2026 |
|
| CVE-2026-8519 |
|
15.05.2026 |
|
| CVE-2026-8520 |
|
15.05.2026 |
|
| CVE-2026-8521 |
|
15.05.2026 |
|
| CVE-2026-8522 |
|
15.05.2026 |
|
| CVE-2026-8523 |
|
15.05.2026 |
|
| CVE-2026-8524 |
|
15.05.2026 |
|
| CVE-2026-8525 |
|
15.05.2026 |
|
| CVE-2026-8526 |
|
15.05.2026 |
|
| CVE-2026-8527 |
|
15.05.2026 |
|
| CVE-2026-8528 |
|
14.05.2026 |
|
| CVE-2026-8529 |
|
15.05.2026 |
|
| CVE-2026-8530 |
|
15.05.2026 |
|
| CVE-2026-8531 |
|
15.05.2026 |
|
| CVE-2026-8532 |
|
15.05.2026 |
|
| CVE-2026-8533 |
|
15.05.2026 |
|
| CVE-2026-8534 |
|
15.05.2026 |
|
| CVE-2026-8535 |
|
14.05.2026 |
|
| CVE-2026-8536 |
|
14.05.2026 |
|
| CVE-2026-8537 |
|
14.05.2026 |
|
| CVE-2026-8538 |
|
14.05.2026 |
|
| CVE-2026-8539 |
|
14.05.2026 |
|
| CVE-2026-8540 |
|
15.05.2026 |
|
| CVE-2026-8541 |
|
14.05.2026 |
|
| CVE-2026-8542 |
|
15.05.2026 |
|
| CVE-2026-8543 |
|
14.05.2026 |
|
| CVE-2026-8544 |
|
15.05.2026 |
|
| CVE-2026-8545 |
|
14.05.2026 |
|
| CVE-2026-8546 |
|
14.05.2026 |
|
| CVE-2026-8547 |
|
15.05.2026 |
|
| CVE-2026-8548 |
|
15.05.2026 |
|
| CVE-2026-8549 |
|
15.05.2026 |
|
| CVE-2026-8550 |
|
14.05.2026 |
|
| CVE-2026-8551 |
|
15.05.2026 |
|
| CVE-2026-8552 |
|
14.05.2026 |
|
| CVE-2026-8553 |
|
14.05.2026 |
|
| CVE-2026-8554 |
|
14.05.2026 |
|
| CVE-2026-8555 |
|
15.05.2026 |
|
| CVE-2026-8556 |
|
14.05.2026 |
|
| CVE-2026-8557 |
|
15.05.2026 |
|
| CVE-2026-8558 |
|
15.05.2026 |
|
| CVE-2026-8559 |
|
14.05.2026 |
|
| CVE-2026-8560 |
|
14.05.2026 |
|
| CVE-2026-8561 |
|
14.05.2026 |
|
| CVE-2026-8562 |
|
14.05.2026 |
|
| CVE-2026-8563 |
|
14.05.2026 |
|
| CVE-2026-8564 |
|
14.05.2026 |
|
| CVE-2026-8565 |
|
14.05.2026 |
|
| CVE-2026-8566 |
|
14.05.2026 |
|
| CVE-2026-8567 |
|
14.05.2026 |
|
| CVE-2026-8568 |
|
14.05.2026 |
|
| CVE-2026-8569 |
|
15.05.2026 |
|
| CVE-2026-8570 |
|
14.05.2026 |
|
| CVE-2026-8571 |
|
15.05.2026 |
|
| CVE-2026-8572 |
|
14.05.2026 |
|
| CVE-2026-8573 |
|
15.05.2026 |
|
| CVE-2026-8574 |
|
15.05.2026 |
|
| CVE-2026-8575 |
|
15.05.2026 |
|
| CVE-2026-8576 |
|
14.05.2026 |
|
| CVE-2026-8577 |
|
15.05.2026 |
|
| CVE-2026-8578 |
|
14.05.2026 |
|
| CVE-2026-8579 |
|
14.05.2026 |
|
| CVE-2026-8580 |
|
15.05.2026 |
|
| CVE-2026-8581 |
|
15.05.2026 |
|
| CVE-2026-8582 |
|
14.05.2026 |
|
| CVE-2026-8583 |
|
14.05.2026 |
|
| CVE-2026-8584 |
|
14.05.2026 |
|
| CVE-2026-8585 |
|
14.05.2026 |
|
| CVE-2026-8586 |
|
14.05.2026 |
|
| CVE-2026-8587 |
|
15.05.2026 |
|
| CVE-2026-8596 |
Cleartext storage of HMAC signing key in Amazon SageMaker Python SDK ModelBuilder/Serve path |
14.05.2026 |
7.2 |
| CVE-2026-8597 |
Missing integrity verification in Triton inference handler in Amazon SageMaker Python SDK |
14.05.2026 |
7.2 |
| CVE-2026-24000 |
Fleet has a rate limiting bypass via untrusted client IP headers |
14.05.2026 |
|
| CVE-2026-24899 |
Fleet Windows MDM Azure AD JWT Authentication Bypass |
14.05.2026 |
|
| CVE-2026-26062 |
Fleet server may terminate unexpectedly when handling certain gRPC requests |
14.05.2026 |
|
| CVE-2026-26191 |
Fleet vulnerable to OS command injection in software packages |
14.05.2026 |
|
| CVE-2026-3290 |
Timing limitations of the HRNG in RS9116 when power save mode is enabled results in predictable values |
14.05.2026 |
|
| CVE-2026-43903 |
OpenImageIO: SGI RLE decoder heap buffer overflow OIIO_DASSERT bounds checks are no-ops in release builds |
14.05.2026 |
|
| CVE-2026-43904 |
OpenImageIO: Softimage PIC RLE decoder heap buffer overflow — longCount not clamped to image width |
14.05.2026 |
|
| CVE-2026-43905 |
OpenImageIO: JPEG2000 (OpenJPH) signed integer overflow in buffer allocation |
14.05.2026 |
|
| CVE-2026-43906 |
OpenImageIO: HEIF Heap overflow |
14.05.2026 |
|
| CVE-2026-43907 |
OpenImageIO: Integer overflow in QueryRGBBufferSizeInternal leads to heap out-of-bounds write in DPX decoder (kCbYCr and kABGR) |
14.05.2026 |
8.3 |
| CVE-2026-43908 |
OpenImageIO: Signed integer overflow in ConvertCbYCrYToRGB leads to heap out-of-bounds write in DPX 4:2:2 decoder |
14.05.2026 |
8.8 |
| CVE-2026-43909 |
OpenImageIO: Signed integer overflow in SwapRGBABytes loop index leads to out-of-bounds read/write in DPX ABGR decoder |
14.05.2026 |
8.8 |
| CVE-2026-43996 |
OpenImageIO: Integer wraparound in bounds check of decode_pixel leads to out-of-bounds read in TGA paletted image decoder |
14.05.2026 |
5.5 |
| CVE-2026-46356 |
Fleet: IP spoofing allows bypassing API rate limiting |
14.05.2026 |
|
| CVE-2026-8629 |
Crabbox < v0.12.0 Privilege Escalation via Agent Ticket Endpoints |
14.05.2026 |
|
| CVE-2026-8634 |
Crabbox < v0.12.0 Environment Variable Information Disclosure |
14.05.2026 |
|
| CVE-2025-64526 |
Strapi has a rate limit bypass on users-permissions plugin via attacker-controlled email keying |
14.05.2026 |
|
| CVE-2026-22599 |
Strapi Vulnerable to SQL Injection in Content Type Builder |
14.05.2026 |
|
| CVE-2026-22706 |
Strapi: Password Reset Does Not Revoke Existing Refresh Sessions |
14.05.2026 |
|
| CVE-2026-22707 |
Strapi Upload Plugin MIME Validation Bypass via Content API |
14.05.2026 |
|
| CVE-2026-23998 |
Fleet has a Windows MDM management endpoint authentication bypass |
14.05.2026 |
|
| CVE-2026-27680 |
CSS Injection vulnerability in SAP NetWeaver Application Server ABAP |
14.05.2026 |
3.1 |
| CVE-2026-27886 |
Strapi may leak sensitive data via relational filtering due to lack of query sanitization |
14.05.2026 |
|
| CVE-2026-38740 |
|
14.05.2026 |
|
| CVE-2026-41315 |
mdserver-web: Missing Authorization and Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') |
14.05.2026 |
|
| CVE-2026-44522 |
Note Mark: Arbitrary File Write via Path Traversal in Asset Names Leading to Remote Code Execution |
14.05.2026 |
|
| CVE-2026-44523 |
Note Mark: JWT Secret Weakness allows Full Account Takeover via token forgery |
14.05.2026 |
10 |
| CVE-2026-44586 |
SiYuan: Bazaar marketplace renders unescaped package author metadata, allowing XSS and Electron code execution |
14.05.2026 |
8.3 |
| CVE-2026-44588 |
SiYuan: URL-encoded title bypasses `escapeAriaLabel`, decoded by `decodeURIComponent` into a tooltip-XSS |
14.05.2026 |
|
| CVE-2026-44589 |
nuxt-og-image SSRF — bypass of GHSA-pqhr-mp3f-hrpp / v6.2.5 fix (IPv6 + redirect) |
14.05.2026 |
3.7 |
| CVE-2026-44592 |
Gradient: Unauthenticated worker on /proto → arbitrary NAR write / cache poisoning |
14.05.2026 |
9.4 |
| CVE-2026-44633 |
Live Helper Chat: REST API chat update accepts arbitrary chat fields across department boundaries |
14.05.2026 |
8.1 |
| CVE-2026-44670 |
SiYuan: Stored XSS via Attribute View name to Electron renderer RCE in SiYuan |
14.05.2026 |
|
| CVE-2026-45147 |
SiYuan: Broken access control in SiYuan `/api/tag/getTag` — Reader role can mutate `Conf.Tag.Sort` and persist to disk |
14.05.2026 |
4.3 |
| CVE-2026-45148 |
SiYuan: Broken access control in SiYuan publish-mode Readers can enumerate metadata |
14.05.2026 |
4.3 |
| CVE-2026-45371 |
SiYuan: SiYuan publish-mode Reader can mutate Conf and SQL index via 8 ungated APIs |
14.05.2026 |
|
| CVE-2026-45375 |
SiYuan: Bazaar marketplace renders unescaped package `name` and `version` metadata, allowing stored XSS and Electron code execution |
14.05.2026 |
9 |
| CVE-2026-8621 |
Crabbox < v0.12.0 Authentication Bypass via Header Spoofing |
14.05.2026 |
|
| CVE-2025-15023 |
Improper Access Control in Yordam Informatics' Library Automation System |
14.05.2026 |
8.8 |
| CVE-2025-15024 |
RCE in Yordam Informatics' Library Automation System |
14.05.2026 |
8.8 |
| CVE-2026-42334 |
Mongoose: Improper Sanitization of $nor in sanitizeFilter May Allow NoSQL Injection |
14.05.2026 |
7.5 |
| CVE-2026-42598 |
Pode: Directory Traversal is possible on Static Routes |
14.05.2026 |
|
| CVE-2026-44544 |
gittuf: Policy can be rolled back to prior valid version |
14.05.2026 |
|
| CVE-2026-46469 |
|
14.05.2026 |
4 |
| CVE-2026-46470 |
|
14.05.2026 |
4 |
| CVE-2026-41615 |
Microsoft Authenticator Information Disclosure Vulnerability |
15.05.2026 |
9.6 |
| CVE-2026-41888 |
Distribution: Tag deletion bypasses `storage.delete.enabled` configuration |
14.05.2026 |
|
| CVE-2026-42572 |
Hatchet: Cross-tenant information disclosure in `listTasksByDAGIds` |
14.05.2026 |
5.3 |
| CVE-2026-42897 |
Microsoft Exchange Server Spoofing Vulnerability |
15.05.2026 |
8.1 |
| CVE-2026-44283 |
etcd: Read access via PrevKv in etcd transactions may bypass RBAC authorization checks |
14.05.2026 |
0 |
| CVE-2026-44520 |
Docling-Graph: SSRF via Missing Internal IP Validation in URLInputHandler |
14.05.2026 |
5.7 |
| CVE-2026-44542 |
FileBrowser Quantum: Unauthenticated Path Traversal in Public Share Delete Allows Arbitrary File Deletion |
14.05.2026 |
9.1 |
| CVE-2026-6332 |
Clear Text Storage of Sensitive Information on EcoStruxure™ Machine Expert HVAC |
14.05.2026 |
|
| CVE-2025-62305 |
HCL AION is affected by a vulnerability where certain operations may trigger out-of-band interactions |
14.05.2026 |
5.1 |
| CVE-2025-62308 |
HCL AION is affected by a vulnerability where sensitive backend infrastructure details may be exposed |
14.05.2026 |
5.1 |
| CVE-2025-62309 |
HCL AION is affected by a vulnerability where auto-complete functionality is enabled for certain input fields. |
14.05.2026 |
2.6 |
| CVE-2025-62310 |
HCL AION is affected by a vulnerability where encryption is not enforced for certain data transmissions or operations |
14.05.2026 |
5.4 |
| CVE-2025-62311 |
HCL AION is affected by a vulnerability where backend service details may be transmitted over insecure HTTP channels. |
14.05.2026 |
4.3 |
| CVE-2025-62312 |
HCL AION is affected by a vulnerability where basic authorization tokens are used for authentication |
14.05.2026 |
3 |
| CVE-2025-62313 |
HCL AION is affected by a vulnerability where adequate protections against brute-force attempts are not enforced. |
14.05.2026 |
5.4 |
| CVE-2025-62316 |
HCL AION is affected by a vulnerability where certain security-related HTTP response headers are not properly configured |
14.05.2026 |
2.3 |
| CVE-2025-62317 |
HCL AION is affected by a vulnerability where sensitive information may be included in URL parameters. |
14.05.2026 |
2.6 |
| CVE-2026-20182 |
Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability |
15.05.2026 |
10 |
| CVE-2026-20209 |
Cisco Catalyst SD-WAN Manager Privilege Escalation Vulnerability |
15.05.2026 |
5.4 |
| CVE-2026-20210 |
Cisco Catalyst SD-WAN Manager Privilege Escalation Vulnerability |
15.05.2026 |
5.4 |
| CVE-2026-20224 |
Cisco Catalyst SD-WAN Manager XML External Entity Injection Vulnerability |
14.05.2026 |
8.6 |
| CVE-2026-42555 |
Valtimo: SpEL injection via StandardEvaluationContext allows Remote Code Execution by admin users |
14.05.2026 |
9.1 |
| CVE-2026-44312 |
css_parser allows to MITM included https css urls |
14.05.2026 |
5.8 |
| CVE-2026-44348 |
PoDoFo: Double-free vulnerability in compute_hash_to_sign() |
14.05.2026 |
2.5 |
| CVE-2026-44511 |
Katalyst Koi: Session cookies can be replayed after user logout |
14.05.2026 |
7.4 |
| CVE-2026-44513 |
Diffusers: `trust_remote_code` bypass via `custom_pipeline` and local custom components |
14.05.2026 |
8.8 |
| CVE-2026-44514 |
Kubetail: Cross-Site WebSocket Hijacking allows attacker to read Kubernetes logs from authenticated users |
14.05.2026 |
6.5 |
| CVE-2026-44515 |
Nextcloud News: Authenticated blind SSRF via feed URL |
14.05.2026 |
|
| CVE-2026-44516 |
Valtimo: Sensitive data exposure through HTTP request/response logging in LoggingRestClientCustomizer |
14.05.2026 |
7.6 |
| CVE-2026-44827 |
Diffusers: None.py Trust Remote Code Bypass |
14.05.2026 |
8.8 |
| CVE-2026-45448 |
ntopng - CWE-601: URL Redirection to Untrusted Site ('Open Redirect') |
14.05.2026 |
4.3 |
| CVE-2026-6923 |
Nuvoton - CWE-1300: Improper Protection of Physical Side Channels |
14.05.2026 |
3.8 |
| CVE-2026-7805 |
|
14.05.2026 |
|
| CVE-2026-40893 |
Gotenberg: ExifTool Dangerous Tag Blocklist Bypass via Group-Prefixed Tag Names Allows Arbitrary File Rename and Move |
14.05.2026 |
8.2 |
| CVE-2026-42159 |
Flowsint: Stored XSS in description of node |
14.05.2026 |
|
| CVE-2026-42281 |
MagicMirror²: Unauthenticated SSRF via /cors endpoint |
14.05.2026 |
|
| CVE-2026-42283 |
DevSpace UI Server WebSocket CheckOrigin does not validate source |
14.05.2026 |
7.7 |
| CVE-2026-42589 |
Gotenberg: Unauthenticated RCE via ExifTool Metadata Key Injection |
14.05.2026 |
9.8 |
| CVE-2026-42590 |
Gotenberg: ExifTool group-prefix syntax bypasses dangerous-tag blocklist |
14.05.2026 |
8.2 |
| CVE-2026-42591 |
Gotenberg: Server-Side Request Forgery (SSRF) in github.com/gotenberg/gotenberg/v8 |
14.05.2026 |
8.2 |
| CVE-2026-42592 |
Gotenberg: DNS rebinding bypasses SSRF validation on Chromium URL conversion routes |
14.05.2026 |
5.3 |
| CVE-2026-42593 |
Gotenberg: Arbitrary PDF read via stampExpression and watermarkExpression in merge, split, and convert routes |
14.05.2026 |
5.3 |
| CVE-2026-42594 |
Gotenberg: Unauthenticated denial of service via echo.Context pool reuse in webhook async goroutine |
14.05.2026 |
7.5 |
| CVE-2026-42595 |
Gotenberg: Server-Side Request Forgery via Chromium URL Endpoint with Redirect-Based Deny-List Bypass |
14.05.2026 |
8.6 |
| CVE-2026-42596 |
Gotenberg: Unauthenticated SSRF via default deny-list bypass in downloadFrom and webhook |
14.05.2026 |
9.4 |
| CVE-2026-42597 |
Gotenberg: Chromium URL conversion routes read arbitrary files under /tmp via file:// scheme |
14.05.2026 |
5.9 |
| CVE-2026-44501 |
DataHub OIDC REDIRECT_URL Cookie Deserialization Vulnerability |
14.05.2026 |
4.3 |
| CVE-2026-44503 |
Kiota abstractions RedirectHandler leaks Cookie/Proxy-Authorization headers on cross-host redirect |
14.05.2026 |
|
| CVE-2026-44504 |
Aegra: Cross-user run injection in /threads/{thread_id}/runs (IDOR) |
14.05.2026 |
|
| CVE-2025-62619 |
|
14.05.2026 |
|
| CVE-2025-62625 |
|
14.05.2026 |
|
| CVE-2025-62628 |
|
15.05.2026 |
|
| CVE-2025-69443 |
|
14.05.2026 |
|
| CVE-2026-41932 |
Vvveb < 1.0.8.3 Stored XSS via Signup Controller |
14.05.2026 |
|
| CVE-2026-41933 |
Vvveb < 1.0.8.3 Directory Listing Information Disclosure |
14.05.2026 |
|
| CVE-2026-41935 |
Vvveb < 1.0.8.3 Uncontrolled Recursion Denial of Service |
14.05.2026 |
|
| CVE-2026-41937 |
Vvveb < 1.0.8.3 Unrestricted File Upload RCE via Plugin Upload |
14.05.2026 |
|
| CVE-2026-42186 |
OpenBao's Namespace Deletion May Not Delete Data Properly |
14.05.2026 |
|
| CVE-2026-42457 |
vCluster Platform: Stored XSS can lead to privilege escalation |
14.05.2026 |
9 |
| CVE-2026-42559 |
RMCP: DNS rebinding vulnerability in rmcp Streamable HTTP server transport |
14.05.2026 |
8.8 |
| CVE-2026-42881 |
STIGQter: Arbitrary File Write leading to Local Code Execution via Export HTML |
14.05.2026 |
|
| CVE-2026-44216 |
Wasmtime: Panic when allocating a table exceeding the size of the host's address space |
14.05.2026 |
|
| CVE-2026-44308 |
Spring Cloud AWS: Missing SNS message signature verification allows spoofing of HTTP/HTTPS endpoint notifications |
14.05.2026 |
|
| CVE-2026-44371 |
Open OnDemand: Specially crafted filenames can execute javascript in the file browser |
14.05.2026 |
|
| CVE-2026-44374 |
Backstage: Catalog unprocessed read endpoints allow authenticated cross-owner data access without permission checks |
14.05.2026 |
4.3 |
| CVE-2026-44375 |
Nerdbank.MessagePack: Attacker-controlled stackalloc in DateTime decoding causes process-terminating StackOverflowException |
14.05.2026 |
7.5 |
| CVE-2026-44482 |
soundcloud-rpc: Remote Code Execution via XSS in Track Title |
14.05.2026 |
9.6 |
| CVE-2026-44484 |
Compromise of PyTorch Lightning PyPi Package Versions |
14.05.2026 |
|
| CVE-2026-21730 |
Stored XSS in Verba |
14.05.2026 |
|
| CVE-2026-24710 |
|
14.05.2026 |
|
| CVE-2026-24711 |
|
14.05.2026 |
|
| CVE-2026-24712 |
|
14.05.2026 |
|
| CVE-2025-15025 |
IDOR in Yordam Informatics' Library Automation System |
14.05.2026 |
8.8 |
| CVE-2026-1630 |
Reflected XSS in WEBCON BPS |
14.05.2026 |
|
| CVE-2026-6472 |
PostgreSQL CREATE TYPE does not check multirange schema CREATE privilege |
14.05.2026 |
5.4 |
| CVE-2026-6473 |
PostgreSQL server undersizes allocations, via integer wraparound |
15.05.2026 |
8.8 |
| CVE-2026-6474 |
PostgreSQL timeofday() can disclose portions of server memory |
14.05.2026 |
4.3 |
| CVE-2026-6475 |
PostgreSQL pg_basebackup and pg_rewind can overwrite unrelated files of origin superuser choice |
15.05.2026 |
8.8 |
| CVE-2026-6476 |
PostgreSQL pg_createsubscriber allows SQL injection via subscription name |
15.05.2026 |
7.2 |
| CVE-2026-6477 |
PostgreSQL libpq lo_* functions let server superuser overwrite client stack memory |
15.05.2026 |
8.8 |
| CVE-2026-6478 |
PostgreSQL discloses MD5-hashed passwords via covert timing channel |
14.05.2026 |
6.5 |
| CVE-2026-6479 |
PostgreSQL SSL/GSS init causes denial of service, via uncontrolled recursion |
14.05.2026 |
7.5 |
| CVE-2026-6575 |
PostgreSQL pg_restore_attribute_stats accepts values that cause query planning to read past end of stats array |
14.05.2026 |
4.3 |
| CVE-2026-6637 |
PostgreSQL refint allows stack buffer overflow and SQL injection |
15.05.2026 |
8.8 |
| CVE-2026-6638 |
PostgreSQL REFRESH PUBLICATION allows SQL injection via table name |
14.05.2026 |
3.7 |
| CVE-2025-12008 |
IDOR in APPYAP's Yaay Social Media App |
14.05.2026 |
8.8 |
| CVE-2026-43644 |
podinfo 6.11.2 Reflected XSS via /echo Endpoint |
14.05.2026 |
|
| CVE-2026-4029 |
Database Backup for WordPress <= 2.5.2 - Missing Authorization to Unauthenticated Database Export |
14.05.2026 |
7.5 |
| CVE-2026-4030 |
Database Backup for WordPress <= 2.5.2 - Missing Authorization to Unauthenticated Arbitrary File Read and Deletion |
14.05.2026 |
8.1 |
| CVE-2026-4031 |
Database Backup for WordPress <= 2.5.2 - Missing Authorization to Unauthenticated Database Backup Interception |
14.05.2026 |
7.5 |
| CVE-2026-5790 |
Stored Cross-Site Scripting (XSS) vulnerability in Stel Order |
14.05.2026 |
|
| CVE-2026-5798 |
Unsafe Object Reference (IDOR) vulnerability in Stel Order |
14.05.2026 |
|
| CVE-2026-6008 |
IDOR in Im Park's DijiDemi |
14.05.2026 |
6.8 |
| CVE-2026-45205 |
Apache Commons Configuration: StackOverflowError for YAML input with cycles |
14.05.2026 |
|
| CVE-2025-68420 |
Privilege Escalation in Comarch ERP Optima |
14.05.2026 |
|
| CVE-2025-68421 |
Hardcoded credentials in Comarch ERP Optima |
14.05.2026 |
|
| CVE-2026-8295 |
Integer overflow in simdjson |
14.05.2026 |
|
| CVE-2026-8468 |
Unbounded buffer accumulation in multipart header parsing causes denial of service in plug |
15.05.2026 |
|