CVE Field Guide

Critical CVEs

CVE	Title	Updated	Score
CVE-2026-0481		15.05.2026	9.2
CVE-2026-44212	PrestaShop: Stored XSS executable in customer service view	14.05.2026	9.3
CVE-2026-44666	HRConvert2: Missing Sanitization enables Unauthenticated Remote Command Execution	14.05.2026	9.3
CVE-2026-8634	Crabbox < v0.12.0 Environment Variable Information Disclosure	14.05.2026	9.3
CVE-2026-22599	Strapi Vulnerable to SQL Injection in Content Type Builder	14.05.2026	9.3
CVE-2026-27886	Strapi may leak sensitive data via relational filtering due to lack of query sanitization	14.05.2026	9.2
CVE-2026-41315	mdserver-web: Missing Authorization and Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')	14.05.2026	9.3
CVE-2026-44523	Note Mark: JWT Secret Weakness allows Full Account Takeover via token forgery	14.05.2026	10
CVE-2026-44588	SiYuan: URL-encoded title bypasses `escapeAriaLabel`, decoded by `decodeURIComponent` into a tooltip-XSS	14.05.2026	9.4
CVE-2026-44592	Gradient: Unauthenticated worker on /proto → arbitrary NAR write / cache poisoning	14.05.2026	9.4
CVE-2026-44670	SiYuan: Stored XSS via Attribute View name to Electron renderer RCE in SiYuan	14.05.2026	9.4
CVE-2026-45375	SiYuan: Bazaar marketplace renders unescaped package `name` and `version` metadata, allowing stored XSS and Electron code execution	14.05.2026	9
CVE-2026-41615	Microsoft Authenticator Information Disclosure Vulnerability	15.05.2026	9.6
CVE-2026-44542	FileBrowser Quantum: Unauthenticated Path Traversal in Public Share Delete Allows Arbitrary File Deletion	14.05.2026	9.1
CVE-2026-20182	Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability	15.05.2026	10
CVE-2026-42555	Valtimo: SpEL injection via StandardEvaluationContext allows Remote Code Execution by admin users	14.05.2026	9.1
CVE-2026-42281	MagicMirror²: Unauthenticated SSRF via /cors endpoint	14.05.2026	9.2
CVE-2026-42589	Gotenberg: Unauthenticated RCE via ExifTool Metadata Key Injection	14.05.2026	9.8
CVE-2026-42596	Gotenberg: Unauthenticated SSRF via default deny-list bypass in downloadFrom and webhook	14.05.2026	9.4
CVE-2026-42457	vCluster Platform: Stored XSS can lead to privilege escalation	14.05.2026	9
CVE-2026-44482	soundcloud-rpc: Remote Code Execution via XSS in Track Title	14.05.2026	9.6
CVE-2026-44484	Compromise of PyTorch Lightning PyPi Package Versions	14.05.2026	9.3
CVE-2025-11024	SQLi in Akıllı Ticaret's E-Commerce Pack	14.05.2026	9.8
CVE-2026-2347	IDOR in Akıllı Ticaret's E-Commerce Pack	14.05.2026	9.8
CVE-2026-6512	InfusedWoo Pro <= 5.1.2 - Unauthenticated Missing Authorization to Arbitrary Post Deletion via Multiple Parameters	14.05.2026	9.1
CVE-2026-6271	Career Section <= 1.7 - Unauthenticated Arbitrary File Upload	14.05.2026	9.8
CVE-2026-6510	InfusedWoo Pro <= 5.1.2 - Unauthenticated Missing Authorization to Privilege Escalation via 'iwar_save_recipe'	14.05.2026	9.8
CVE-2026-8181	Burst Statistics 3.4.0 - 3.4.1.1 - Authentication Bypass to Admin Account Takeover	14.05.2026	9.8
CVE-2026-44193	OPNsense: RCE via XMLRPC endpoint using `opnsense.restore_config_section` method	14.05.2026	9.1
CVE-2026-44194	OPNsense: RCE on user managment	14.05.2026	9.1
CVE-2026-45158	OPNsense: Command Injection via Attacker-Controlled DHCP Config	14.05.2026	9.1
CVE-2026-44442	ERPNext: Unauthorised Document modification due to missing validation	14.05.2026	9.9
CVE-2026-44377	CubeCart: Server-Side Template Injection (SSTI) in Smarty Templates leading to RCE	14.05.2026	9.1
CVE-2026-44381	MISP: SQL injection via unvalidated ordering parameters in event and shadow attribute listings	14.05.2026	9.3
CVE-2026-45053	CubeCart: Authenticated Arbitrary File Upload to RCE in REST Files API	13.05.2026	9.1
CVE-2026-45714	CubeCart: Server-Side Template Injection (SSTI) in Smarty Templates leading to RCE	14.05.2026	9.1
CVE-2026-44351	fast-jwt: Empty HMAC secret accepted via async key resolver - JWT auth bypass	14.05.2026	9.1
CVE-2026-44364	misp-modules website - Missing CSRF protection in the website home blueprint	14.05.2026	9.3
CVE-2026-43997	vm2: Sandbox Escape	14.05.2026	10
CVE-2026-43999	vm2: NodeVM builtin allowlist bypass via `module` builtin's `Module._load` allows sandbox escape	15.05.2026	9.9
CVE-2026-44005	vm2: Sandbox escape	15.05.2026	10
CVE-2026-44006	vm2: Sandbox Escape	15.05.2026	10
CVE-2026-44007	vm2: nesting: true bypasses require: false, allowing sandbox escape to arbitrary OS command execution	15.05.2026	9.1
CVE-2026-44008	vm2: Snabox breakout via `neutralizeArraySpeciesBatch`	15.05.2026	9.8
CVE-2026-44009	vm2: Sandbox Breakout Through Null Proto Exception	15.05.2026	9.8
CVE-2026-45411	vm2: Sandbox Breakout Using Async Generator	15.05.2026	9.8
CVE-2020-37168	Ecommerce Systempay 1.0 Production Key Brute Force	14.05.2026	9.3
CVE-2026-42945	NGINX ngx_http_rewrite_module vulnerability	14.05.2026	9.2
CVE-2026-40621		13.05.2026	9.3
CVE-2026-42062		13.05.2026	9.3
CVE-2026-41050	Helm impersonation bypass of `RESTClientGetter` retains `cluster-admin` during template rendering	14.05.2026	9.9
CVE-2025-11159	Hitachi Vantara Pentaho Data Integration & Analytics - Dependency on Vulnerable Third-Party Component	13.05.2026	9.1
CVE-2026-32661		13.05.2026	9.3
CVE-2026-41901	Thymeleaf: Improper recognition of unauthorized syntax patterns in sandboxed Thymeleaf expressions	13.05.2026	9
CVE-2026-42288	ChurchCRM: Incomplete fix for CVE-2026-39337: Unauthenticated RCE in Setup Wizard via unsanitized DB_PASSWORD	12.05.2026	10
CVE-2026-44547	ChurchCRM: Incomplete fix for CVE-2026-40582: public API login still bypasses 2FA and account lockout in ChurchCRM 7.2.2	13.05.2026	9.6
CVE-2026-42854	arduino-esp32: Stack buffer overflow in WebServer multipart boundary parsing leads to remote crash potential RCE	13.05.2026	9.8
CVE-2026-42196	django-s3file: Relative path traversal	13.05.2026	9.9
CVE-2026-43948	wger: cross-tenant password reset and plaintext disclosure via gym=None bypass	13.05.2026	9.9
CVE-2026-44257	efw4.X: RCE via zipslip	12.05.2026	9.3
CVE-2026-44258	efw4.X: Path Traversal via Unchecked dst Parameter leads to Remote Code Execution	14.05.2026	9.3
CVE-2026-44262	Scramble: Remote code execution via evaluation of user-controlled input in validation rules	13.05.2026	9.4
CVE-2026-42889	Relay Server WebSocket authentication bypass when token is omitted	13.05.2026	9.1
CVE-2026-44221	ArcadeDB: Cross-database authorization bypass and unsecured newly-created databases	13.05.2026	9
CVE-2026-44225	Pulpy: Incomplete filesystem sandbox in pulpy.fs bridge allows packaged web apps to read arbitrary user files	14.05.2026	9.3
CVE-2026-45185		14.05.2026	9.8
CVE-2026-34659	Adobe Connect \| Deserialization of Untrusted Data (CWE-502)	13.05.2026	9.6
CVE-2026-34660	Adobe Connect \| Incorrect Authorization (CWE-863)	13.05.2026	9.3
CVE-2026-8430	SPIP < 4.4.14 Remote Code Execution via nginx	14.05.2026	9.2
CVE-2026-8431	Ops Manager RCE via webhook body	12.05.2026	9.4
CVE-2026-29204		12.05.2026	9.1
CVE-2026-42048	Langflow: Path Traversal in Langflow Knowledge Bases API	13.05.2026	9.6
CVE-2026-42300	DevGuard: Unauthenticated identity assertion via `X-Admin-Token` header	13.05.2026	9.3
CVE-2026-44183	Cleanuparr: X-Forwarded-For leftmost parsing allows remote unauthenticated admin takeover when reverse-proxy mode is enabled	13.05.2026	9.8
CVE-2026-44196	Pingvin Share X: TOTP Authentication Bypass via Password-only Login	14.05.2026	9.1
CVE-2026-26083		13.05.2026	9.1
CVE-2026-33117	Azure SDK for Java Security Feature Bypass Vulnerability	14.05.2026	9.1
CVE-2026-40379	Microsoft Enterprise Security Token Service (ESTS) Spoofing Vulnerability	14.05.2026	9.3
CVE-2026-40402	Windows Hyper-V Elevation of Privilege Vulnerability	14.05.2026	9.3
CVE-2026-41089	Windows Netlogon Remote Code Execution Vulnerability	14.05.2026	9.8
CVE-2026-41096	Windows DNS Client Remote Code Execution Vulnerability	14.05.2026	9.8
CVE-2026-41103	Microsoft SSO Plugin for Jira & Confluence Elevation of Privilege Vulnerability	14.05.2026	9.1
CVE-2026-42823	Azure Logic Apps Elevation of Privilege Vulnerability	14.05.2026	9.9
CVE-2026-42833	Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability	14.05.2026	9.1
CVE-2026-42898	Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability	14.05.2026	9.9
CVE-2026-44277		13.05.2026	9.1
CVE-2026-44343	WGDashboard: Critical Vulnerability in 4.3.2	12.05.2026	9.3
CVE-2026-20794		13.05.2026	9.3
CVE-2026-43992	JunoClaw: MCP write tools exposed raw BIP-39 mnemonic as a tool-call parameter	13.05.2026	9.8
CVE-2026-30805	Insecure Default Initialization in API Authentication leads to Authentication Bypass	12.05.2026	9.1
CVE-2026-8043		12.05.2026	9.6
CVE-2026-45091	sealed-env: TOTP secret embedded in unseal token payload (enterprise mode)	12.05.2026	9.1
CVE-2025-6577	SQLi in Akilli Commerce's E-Commerce Website	12.05.2026	9.8
CVE-2026-8072	Insecure generation of SAT access credentials in Ingecon EMS Board	12.05.2026	9.2
CVE-2026-25786		12.05.2026	9.3
CVE-2026-25787		12.05.2026	9.3
CVE-2026-41551		12.05.2026	9.3
CVE-2026-7428	Insecure default administrative credentials in AlloyDB for PostgreSQL	12.05.2026	9.2
CVE-2026-41872		12.05.2026	9.1
CVE-2026-34260	SQL injection vulnerability in SAP S/4HANA (SAP Enterprise Search for ABAP)	12.05.2026	9.6
CVE-2026-34263	Missing authentication check in SAP Commerce cloud configuration	12.05.2026	9.6
CVE-2026-45321	Malware in 42 @tanstack/* packages exfiltrates cloud credentials, GitHub tokens, and SSH keys	12.05.2026	9.6
CVE-2026-43899	DeepChat: Incomplete Fix for CVE-2025-55733 leads to Remote Code Execution via Markdown Links bypassing `isValidExternalUrl`	12.05.2026	9.6
CVE-2026-43900	DeepChat: Persistent DOM XSS via HTML Entity Encoding in `<antArtifact>` SVG Rendering (Bypass of `svgSanitizer.ts`)	12.05.2026	9.3
CVE-2026-42882	oxyno-zeta/s3-proxy: Security Issues in Resource Path Matching	13.05.2026	9.4
CVE-2026-42869	SOCFortress CoPilot: Hardcoded JWT secret allows unauthenticated full admin compromise and lateral movement into all integrated SOC tools	12.05.2026	10
CVE-2026-42864	FireFighter: Unauthenticated SSRF in Raid jira_bot endpoint allows IAM credential theft	11.05.2026	9.9
CVE-2026-42607	Grav: Remote Code Execution (RCE) via Malicious Plugin ZIP Upload in Direct Install Feature	12.05.2026	9.1
CVE-2026-42613	Grav: Privilege Escalation via Missing Server-Side Validation of groups/access	12.05.2026	9.4
CVE-2026-44643	Angular Expressions - Remote Code Execution using filters	11.05.2026	9.3
CVE-2026-7813	pgAdmin 4: Cross-user data access and shared-server privilege escalation in server mode	11.05.2026	9.4
CVE-2026-40636		12.05.2026	9.8
CVE-2021-47923	OpenCart 3.0.3.8 Session Fixation via OCSESSID Cookie	11.05.2026	9.3
CVE-2021-47932	WordPress TheCartPress 1.5.3.6 Privilege Escalation Unauthenticated	11.05.2026	9.3
CVE-2021-47933	WordPress MStore API 2.0.6 Arbitrary File Upload	11.05.2026	9.3
CVE-2021-47936	OpenCATS 0.9.4 Remote Code Execution via Resume Upload	11.05.2026	9.3
CVE-2021-47940	WordPress Download From Files 1.48 Arbitrary File Upload	11.05.2026	9.3
CVE-2026-6722	Use-After-Free in SOAP using Apache map	12.05.2026	9.5
CVE-2026-42569	phpvms: /importer authorization bypass causing full database wipe	12.05.2026	9.4
CVE-2026-42571	Privilege Escalation Attack affecting Pelican Web UI	12.05.2026	9
CVE-2026-42601	ArchiveBox Vulnerable to RCE via unvalidated per-crawl config overrides in AddView	11.05.2026	9.3
CVE-2026-42560	auth: Patreon provider assigns the same local user ID to every authenticated Patreon account, enabling cross‑user impersonation	11.05.2026	9.1
CVE-2026-44313	LinkWarden: Server-Side Request Forgery (SSRF) in Link Creation via fetchTitleAndHeaders Function	11.05.2026	9.1
CVE-2026-42354	Sentry: Improper authentication on SAML SSO process allows user identity linking	11.05.2026	9.1
CVE-2026-42454	Termix: OS Command Injection in Docker Container Management Endpoints	14.05.2026	9.9
CVE-2026-42298	Postiz: Arbitrary Code Execution and Token Exfiltration in pr-docker-build.yml via untrusted Dockerfile.dev	11.05.2026	10
CVE-2026-42302	FastGPT: Unauthenticated Remote Code Execution (RCE) via code-server Misconfiguration in agent-sandbox	12.05.2026	9.8
CVE-2026-42287	Emlog: SQL Injection Vulnerability in log_model.php within addLog() and updateLog() Functions	11.05.2026	10
CVE-2026-42193	Plunk: SNS webhook forgery	11.05.2026	9.1
CVE-2026-42160	Data Space Portal: Incorrect Authorization and Client-Side Enforcement of Server-Side Security in ghcr.io/sovity/ds-portal-ce-backend	11.05.2026	10
CVE-2026-8178	Remote Code Execution via Unsafe Class Loading in Amazon Redshift JDBC Driver	08.05.2026	9.2
CVE-2026-42072	Nornicdb: Improper Network Binding in NornicDB Bolt Server allows unauthorized remote access	12.05.2026	9.8
CVE-2026-41070	openvpn-auth-oauth2 returns FUNC_SUCCESS on client-deny, allowing unauthenticated VPN access	08.05.2026	10
CVE-2026-41574	Nhost Vulnerable to Account Takeover via OAuth Email Verification Bypass	08.05.2026	9.3
CVE-2026-41583	ZEBRA: Consensus Divergence in Transparent Sighash Hash-Type Handling	08.05.2026	9.3
CVE-2026-41584	ZEBRA: rk Identity Point Panic in Transaction Verification	08.05.2026	9.2
CVE-2026-41588	RELATE: Timing Attack Vulnerability in course/auth.py — check_sign_in_key()	08.05.2026	9
CVE-2026-44497	ZEBRA: Consensus Divergence in Transparent Sighash Hash-Type Handling due to Stale Buffer	08.05.2026	9.3
CVE-2026-44498	ZEBRA: Block Validator Undercounts Coinbase and P2SH Sigops	14.05.2026	9.2
CVE-2026-43376	ksmbd: fix use-after-free by using call_rcu() for oplock_info	11.05.2026	9.8
CVE-2026-43379	ksmbd: fix use-after-free in smb_lazy_parent_lease_break_close()	11.05.2026	9.8
CVE-2026-43383	net/tcp-md5: Fix MAC comparison to be constant-time	11.05.2026	9.4
CVE-2026-43384	net/tcp-ao: Fix MAC comparison to be constant-time	11.05.2026	9.8
CVE-2026-43402	kthread: consolidate kthread exit paths to prevent use-after-free	11.05.2026	9.8
CVE-2026-43406	libceph: prevent potential out-of-bounds reads in process_message_header()	11.05.2026	9.1
CVE-2026-43407	libceph: Fix potential out-of-bounds access in ceph_handle_auth_reply()	11.05.2026	9.1
CVE-2026-43414	scsi: qla2xxx: Completely fix fcport double free	11.05.2026	9.8
CVE-2026-43465	net/mlx5e: RX, Fix XDP multi-buf frag counting for striding RQ	11.05.2026	9.8
CVE-2026-41497	Incomplete fix for CVE-2026-34935: Command Injection in MervinPraison/PraisonAI	08.05.2026	9.8
CVE-2026-41507	Remote Code Execution (RCE) via String Literal Injection into math-codegen	08.05.2026	9.8
CVE-2026-41512	Remote code execution via JavaScript injection in `BrowserAutomation::PlaywrightService`	08.05.2026	9.9
CVE-2026-43341	net/ipv6: ioam6: prevent schema length wraparound in trace fill	11.05.2026	9.8
CVE-2026-44126	Insecure deserialization	13.05.2026	9.2
CVE-2026-44336	PraisonAI MCP `tools/call` path-traversal and RCE via Python `.pth` injection	11.05.2026	9.4
CVE-2026-43304	libceph: define and enforce CEPH_MAX_KEY_LEN	11.05.2026	9.8
CVE-2026-44125	Missing Authorization in GINAv2	13.05.2026	9.3
CVE-2026-44128	Unauthenticated Remote Code Execution	13.05.2026	9.3
CVE-2022-50994	DrayTek Vigor 2960 < 1.5.1.4 OS Command Injection via mainfunction.cgi	08.05.2026	9.2
CVE-2026-8076	Weak credentials vulnerability in the CashDro 3 web administration panel	08.05.2026	9.3
CVE-2026-8153	Command injection in Dashboard Server interface	11.05.2026	9.8

Latest Updates

CVE	Title	Updated	Score
CVE-2026-41702	TOCTOU local privilege escalation vulnerability	15.05.2026	7.8
CVE-2026-4094	FOX – Currency Switcher Professional for WooCommerce <= 1.4.5 - Missing Authorization to Authenticated (Contributor+) Configuration Deletion	15.05.2026	8.1
CVE-2026-6646	The7 <= 14.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode 'link' Parameter	15.05.2026	6.4
CVE-2026-8654		15.05.2026
CVE-2026-24662		15.05.2026
CVE-2026-28761		15.05.2026
CVE-2026-43490	ksmbd: validate inherited ACE SID length	15.05.2026
CVE-2024-21950		15.05.2026
CVE-2024-36323		15.05.2026
CVE-2024-36333		15.05.2026
CVE-2024-36334		15.05.2026
CVE-2025-52532		15.05.2026
CVE-2025-54518		15.05.2026
CVE-2026-0481		15.05.2026
CVE-2021-26380		15.05.2026
CVE-2022-23826		15.05.2026
CVE-2023-31309		15.05.2026
CVE-2023-31316		15.05.2026
CVE-2023-31317		15.05.2026
CVE-2024-21962		15.05.2026
CVE-2024-36332		15.05.2026
CVE-2025-0028		15.05.2026
CVE-2025-0040		15.05.2026
CVE-2025-0044		15.05.2026
CVE-2025-29935		15.05.2026
CVE-2025-29936		15.05.2026
CVE-2025-29937		15.05.2026
CVE-2025-29938		15.05.2026
CVE-2025-29944		15.05.2026
CVE-2025-48513		15.05.2026
CVE-2025-48516		15.05.2026
CVE-2025-54511		15.05.2026
CVE-2025-54517		15.05.2026
CVE-2025-66660		15.05.2026
CVE-2025-66664		15.05.2026
CVE-2026-0427		15.05.2026
CVE-2026-0428		15.05.2026
CVE-2026-2652	Authentication Bypass in mlflow/mlflow	15.05.2026
CVE-2026-7373	Metasploit Pro on Windows: Local Privilege Escalation via OpenSSL Configuration File Loading	15.05.2026
CVE-2024-36345		15.05.2026
CVE-2025-0045		15.05.2026
CVE-2025-48512		15.05.2026
CVE-2025-48519		15.05.2026
CVE-2025-48520		15.05.2026
CVE-2025-48521		15.05.2026
CVE-2025-52540		15.05.2026
CVE-2026-0432		15.05.2026
CVE-2026-0438		15.05.2026
CVE-2026-8612	WWW::Mechanize::Cached versions before 2.00 for Perl deserialize cached HTTP responses from a world-writable on-disk cache, enabling local response forgery and code execution	15.05.2026
CVE-2026-44427	MCP Registry: Open Redirect	14.05.2026
CVE-2026-44428	MCP Registry: GitHub OIDC tokens replayable across registry deployments due to shared audience	14.05.2026
CVE-2026-44671	ZITADEL: LDAP Filter Injection in Login Flow	14.05.2026	7.5
CVE-2026-45248	Hedera Guardian Authentication Bypass Information Disclosure	14.05.2026
CVE-2026-6811	PHP Stack Exhaustion	14.05.2026
CVE-2026-42847	ClipBucket: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')	14.05.2026
CVE-2026-44212	PrestaShop: Stored XSS executable in customer service view	14.05.2026	9.3
CVE-2026-44429	MCP Registry: Stored XSS in catalogue UI via attribute-quote breakout in publisher-controlled `websiteUrl`	14.05.2026
CVE-2026-44430	MCP Registry: Unauthenticated SSRF: HTTP namespace verification dials 6to4 / NAT64 / site-local IPv6 addresses, bypassing private-address allowlist	14.05.2026
CVE-2026-44678	Tuist: IDOR in preview deletion API allows cross-tenant deletion of any preview by UUID	14.05.2026
CVE-2026-44700	Elixir WebRTC: Missing DTLS peer fingerprint validation in ex_webrtc client-role handshake	14.05.2026
CVE-2026-45781	MCP Registry: OCI ownership validation fails open on upstream rate limits, allowing attacker-controlled package claims	14.05.2026	3.5
CVE-2026-42327	rust-openssl: undefined behavior in X509Ref::ocsp_responders for certificates with non-UTF-8 OCSP URLs	14.05.2026
CVE-2026-44647	OneDev: Path Traversal (read capability via Git LFS pointer resolution)	14.05.2026
CVE-2026-44661	python-utcp: SSRF via attacker-controlled OpenAPI servers[0].url in HTTP communication protocol	14.05.2026	4.7
CVE-2026-44662	rust-openssl: Heap buffer overflow when encrypting with AES key-wrap-with-padding	14.05.2026
CVE-2026-44666	HRConvert2: Missing Sanitization enables Unauthenticated Remote Command Execution	14.05.2026
CVE-2026-44673	libyang: lyb_read_string() integer overflow → heap buffer overflow	14.05.2026	7.5
CVE-2026-44679	Tuist: Forgot password flow lacks throttling for reset email delivery	14.05.2026
CVE-2026-45369	python-utcp: Command Injection via Unsanitized Argument Substitution in CLI Communication Protocol	14.05.2026	8.3
CVE-2026-45370	python-utcp: Full Process Environment Exposed to CLI Subprocess - Secrets Leakage via Command Injection	14.05.2026	7.7
CVE-2026-44636	libsixel: integer overflow in encoder	14.05.2026	7.4
CVE-2026-44637	libsixel: integer overflow in parser	14.05.2026	7.1
CVE-2026-44638	libsixel: NULL pointer dereference	14.05.2026	2.5
CVE-2026-8509		15.05.2026
CVE-2026-8510		15.05.2026
CVE-2026-8511		15.05.2026
CVE-2026-8512		15.05.2026
CVE-2026-8513		15.05.2026
CVE-2026-8514		15.05.2026
CVE-2026-8515		15.05.2026
CVE-2026-8516		14.05.2026
CVE-2026-8517		14.05.2026
CVE-2026-8518		15.05.2026
CVE-2026-8519		15.05.2026
CVE-2026-8520		15.05.2026
CVE-2026-8521		15.05.2026
CVE-2026-8522		15.05.2026
CVE-2026-8523		15.05.2026
CVE-2026-8524		15.05.2026
CVE-2026-8525		15.05.2026
CVE-2026-8526		15.05.2026
CVE-2026-8527		15.05.2026
CVE-2026-8528		14.05.2026
CVE-2026-8529		15.05.2026
CVE-2026-8530		15.05.2026
CVE-2026-8531		15.05.2026
CVE-2026-8532		15.05.2026
CVE-2026-8533		15.05.2026
CVE-2026-8534		15.05.2026
CVE-2026-8535		14.05.2026
CVE-2026-8536		14.05.2026
CVE-2026-8537		14.05.2026
CVE-2026-8538		14.05.2026
CVE-2026-8539		14.05.2026
CVE-2026-8540		15.05.2026
CVE-2026-8541		14.05.2026
CVE-2026-8542		15.05.2026
CVE-2026-8543		14.05.2026
CVE-2026-8544		15.05.2026
CVE-2026-8545		14.05.2026
CVE-2026-8546		14.05.2026
CVE-2026-8547		15.05.2026
CVE-2026-8548		15.05.2026
CVE-2026-8549		15.05.2026
CVE-2026-8550		14.05.2026
CVE-2026-8551		15.05.2026
CVE-2026-8552		14.05.2026
CVE-2026-8553		14.05.2026
CVE-2026-8554		14.05.2026
CVE-2026-8555		15.05.2026
CVE-2026-8556		14.05.2026
CVE-2026-8557		15.05.2026
CVE-2026-8558		15.05.2026
CVE-2026-8559		14.05.2026
CVE-2026-8560		14.05.2026
CVE-2026-8561		14.05.2026
CVE-2026-8562		14.05.2026
CVE-2026-8563		14.05.2026
CVE-2026-8564		14.05.2026
CVE-2026-8565		14.05.2026
CVE-2026-8566		14.05.2026
CVE-2026-8567		14.05.2026
CVE-2026-8568		14.05.2026
CVE-2026-8569		15.05.2026
CVE-2026-8570		14.05.2026
CVE-2026-8571		15.05.2026
CVE-2026-8572		14.05.2026
CVE-2026-8573		15.05.2026
CVE-2026-8574		15.05.2026
CVE-2026-8575		15.05.2026
CVE-2026-8576		14.05.2026
CVE-2026-8577		15.05.2026
CVE-2026-8578		14.05.2026
CVE-2026-8579		14.05.2026
CVE-2026-8580		15.05.2026
CVE-2026-8581		15.05.2026
CVE-2026-8582		14.05.2026
CVE-2026-8583		14.05.2026
CVE-2026-8584		14.05.2026
CVE-2026-8585		14.05.2026
CVE-2026-8586		14.05.2026
CVE-2026-8587		15.05.2026
CVE-2026-8596	Cleartext storage of HMAC signing key in Amazon SageMaker Python SDK ModelBuilder/Serve path	14.05.2026	7.2
CVE-2026-8597	Missing integrity verification in Triton inference handler in Amazon SageMaker Python SDK	14.05.2026	7.2
CVE-2026-24000	Fleet has a rate limiting bypass via untrusted client IP headers	14.05.2026
CVE-2026-24899	Fleet Windows MDM Azure AD JWT Authentication Bypass	14.05.2026
CVE-2026-26062	Fleet server may terminate unexpectedly when handling certain gRPC requests	14.05.2026
CVE-2026-26191	Fleet vulnerable to OS command injection in software packages	14.05.2026
CVE-2026-3290	Timing limitations of the HRNG in RS9116 when power save mode is enabled results in predictable values	14.05.2026
CVE-2026-43903	OpenImageIO: SGI RLE decoder heap buffer overflow OIIO_DASSERT bounds checks are no-ops in release builds	14.05.2026
CVE-2026-43904	OpenImageIO: Softimage PIC RLE decoder heap buffer overflow — longCount not clamped to image width	14.05.2026
CVE-2026-43905	OpenImageIO: JPEG2000 (OpenJPH) signed integer overflow in buffer allocation	14.05.2026
CVE-2026-43906	OpenImageIO: HEIF Heap overflow	14.05.2026
CVE-2026-43907	OpenImageIO: Integer overflow in QueryRGBBufferSizeInternal leads to heap out-of-bounds write in DPX decoder (kCbYCr and kABGR)	14.05.2026	8.3
CVE-2026-43908	OpenImageIO: Signed integer overflow in ConvertCbYCrYToRGB leads to heap out-of-bounds write in DPX 4:2:2 decoder	14.05.2026	8.8
CVE-2026-43909	OpenImageIO: Signed integer overflow in SwapRGBABytes loop index leads to out-of-bounds read/write in DPX ABGR decoder	14.05.2026	8.8
CVE-2026-43996	OpenImageIO: Integer wraparound in bounds check of decode_pixel leads to out-of-bounds read in TGA paletted image decoder	14.05.2026	5.5
CVE-2026-46356	Fleet: IP spoofing allows bypassing API rate limiting	14.05.2026
CVE-2026-8629	Crabbox < v0.12.0 Privilege Escalation via Agent Ticket Endpoints	14.05.2026
CVE-2026-8634	Crabbox < v0.12.0 Environment Variable Information Disclosure	14.05.2026
CVE-2025-64526	Strapi has a rate limit bypass on users-permissions plugin via attacker-controlled email keying	14.05.2026
CVE-2026-22599	Strapi Vulnerable to SQL Injection in Content Type Builder	14.05.2026
CVE-2026-22706	Strapi: Password Reset Does Not Revoke Existing Refresh Sessions	14.05.2026
CVE-2026-22707	Strapi Upload Plugin MIME Validation Bypass via Content API	14.05.2026
CVE-2026-23998	Fleet has a Windows MDM management endpoint authentication bypass	14.05.2026
CVE-2026-27680	CSS Injection vulnerability in SAP NetWeaver Application Server ABAP	14.05.2026	3.1
CVE-2026-27886	Strapi may leak sensitive data via relational filtering due to lack of query sanitization	14.05.2026
CVE-2026-38740		14.05.2026
CVE-2026-41315	mdserver-web: Missing Authorization and Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')	14.05.2026
CVE-2026-44522	Note Mark: Arbitrary File Write via Path Traversal in Asset Names Leading to Remote Code Execution	14.05.2026
CVE-2026-44523	Note Mark: JWT Secret Weakness allows Full Account Takeover via token forgery	14.05.2026	10
CVE-2026-44586	SiYuan: Bazaar marketplace renders unescaped package author metadata, allowing XSS and Electron code execution	14.05.2026	8.3
CVE-2026-44588	SiYuan: URL-encoded title bypasses `escapeAriaLabel`, decoded by `decodeURIComponent` into a tooltip-XSS	14.05.2026
CVE-2026-44589	nuxt-og-image SSRF — bypass of GHSA-pqhr-mp3f-hrpp / v6.2.5 fix (IPv6 + redirect)	14.05.2026	3.7
CVE-2026-44592	Gradient: Unauthenticated worker on /proto → arbitrary NAR write / cache poisoning	14.05.2026	9.4
CVE-2026-44633	Live Helper Chat: REST API chat update accepts arbitrary chat fields across department boundaries	14.05.2026	8.1
CVE-2026-44670	SiYuan: Stored XSS via Attribute View name to Electron renderer RCE in SiYuan	14.05.2026
CVE-2026-45147	SiYuan: Broken access control in SiYuan `/api/tag/getTag` — Reader role can mutate `Conf.Tag.Sort` and persist to disk	14.05.2026	4.3
CVE-2026-45148	SiYuan: Broken access control in SiYuan publish-mode Readers can enumerate metadata	14.05.2026	4.3
CVE-2026-45371	SiYuan: SiYuan publish-mode Reader can mutate Conf and SQL index via 8 ungated APIs	14.05.2026
CVE-2026-45375	SiYuan: Bazaar marketplace renders unescaped package `name` and `version` metadata, allowing stored XSS and Electron code execution	14.05.2026	9
CVE-2026-8621	Crabbox < v0.12.0 Authentication Bypass via Header Spoofing	14.05.2026
CVE-2025-15023	Improper Access Control in Yordam Informatics' Library Automation System	14.05.2026	8.8
CVE-2025-15024	RCE in Yordam Informatics' Library Automation System	14.05.2026	8.8
CVE-2026-42334	Mongoose: Improper Sanitization of $nor in sanitizeFilter May Allow NoSQL Injection	14.05.2026	7.5
CVE-2026-42598	Pode: Directory Traversal is possible on Static Routes	14.05.2026
CVE-2026-44544	gittuf: Policy can be rolled back to prior valid version	14.05.2026
CVE-2026-46469		14.05.2026	4
CVE-2026-46470		14.05.2026	4
CVE-2026-41615	Microsoft Authenticator Information Disclosure Vulnerability	15.05.2026	9.6
CVE-2026-41888	Distribution: Tag deletion bypasses `storage.delete.enabled` configuration	14.05.2026
CVE-2026-42572	Hatchet: Cross-tenant information disclosure in `listTasksByDAGIds`	14.05.2026	5.3
CVE-2026-42897	Microsoft Exchange Server Spoofing Vulnerability	15.05.2026	8.1
CVE-2026-44283	etcd: Read access via PrevKv in etcd transactions may bypass RBAC authorization checks	14.05.2026	0
CVE-2026-44520	Docling-Graph: SSRF via Missing Internal IP Validation in URLInputHandler	14.05.2026	5.7
CVE-2026-44542	FileBrowser Quantum: Unauthenticated Path Traversal in Public Share Delete Allows Arbitrary File Deletion	14.05.2026	9.1
CVE-2026-6332	Clear Text Storage of Sensitive Information on EcoStruxure™ Machine Expert HVAC	14.05.2026
CVE-2025-62305	HCL AION is affected by a vulnerability where certain operations may trigger out-of-band interactions	14.05.2026	5.1
CVE-2025-62308	HCL AION is affected by a vulnerability where sensitive backend infrastructure details may be exposed	14.05.2026	5.1
CVE-2025-62309	HCL AION is affected by a vulnerability where auto-complete functionality is enabled for certain input fields.	14.05.2026	2.6
CVE-2025-62310	HCL AION is affected by a vulnerability where encryption is not enforced for certain data transmissions or operations	14.05.2026	5.4
CVE-2025-62311	HCL AION is affected by a vulnerability where backend service details may be transmitted over insecure HTTP channels.	14.05.2026	4.3
CVE-2025-62312	HCL AION is affected by a vulnerability where basic authorization tokens are used for authentication	14.05.2026	3
CVE-2025-62313	HCL AION is affected by a vulnerability where adequate protections against brute-force attempts are not enforced.	14.05.2026	5.4
CVE-2025-62316	HCL AION is affected by a vulnerability where certain security-related HTTP response headers are not properly configured	14.05.2026	2.3
CVE-2025-62317	HCL AION is affected by a vulnerability where sensitive information may be included in URL parameters.	14.05.2026	2.6
CVE-2026-20182	Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability	15.05.2026	10
CVE-2026-20209	Cisco Catalyst SD-WAN Manager Privilege Escalation Vulnerability	15.05.2026	5.4
CVE-2026-20210	Cisco Catalyst SD-WAN Manager Privilege Escalation Vulnerability	15.05.2026	5.4
CVE-2026-20224	Cisco Catalyst SD-WAN Manager XML External Entity Injection Vulnerability	14.05.2026	8.6
CVE-2026-42555	Valtimo: SpEL injection via StandardEvaluationContext allows Remote Code Execution by admin users	14.05.2026	9.1
CVE-2026-44312	css_parser allows to MITM included https css urls	14.05.2026	5.8
CVE-2026-44348	PoDoFo: Double-free vulnerability in compute_hash_to_sign()	14.05.2026	2.5
CVE-2026-44511	Katalyst Koi: Session cookies can be replayed after user logout	14.05.2026	7.4
CVE-2026-44513	Diffusers: `trust_remote_code` bypass via `custom_pipeline` and local custom components	14.05.2026	8.8
CVE-2026-44514	Kubetail: Cross-Site WebSocket Hijacking allows attacker to read Kubernetes logs from authenticated users	14.05.2026	6.5
CVE-2026-44515	Nextcloud News: Authenticated blind SSRF via feed URL	14.05.2026
CVE-2026-44516	Valtimo: Sensitive data exposure through HTTP request/response logging in LoggingRestClientCustomizer	14.05.2026	7.6
CVE-2026-44827	Diffusers: None.py Trust Remote Code Bypass	14.05.2026	8.8
CVE-2026-45448	ntopng - CWE-601: URL Redirection to Untrusted Site ('Open Redirect')	14.05.2026	4.3
CVE-2026-6923	Nuvoton - CWE-1300: Improper Protection of Physical Side Channels	14.05.2026	3.8
CVE-2026-7805		14.05.2026
CVE-2026-40893	Gotenberg: ExifTool Dangerous Tag Blocklist Bypass via Group-Prefixed Tag Names Allows Arbitrary File Rename and Move	14.05.2026	8.2
CVE-2026-42159	Flowsint: Stored XSS in description of node	14.05.2026
CVE-2026-42281	MagicMirror²: Unauthenticated SSRF via /cors endpoint	14.05.2026
CVE-2026-42283	DevSpace UI Server WebSocket CheckOrigin does not validate source	14.05.2026	7.7
CVE-2026-42589	Gotenberg: Unauthenticated RCE via ExifTool Metadata Key Injection	14.05.2026	9.8
CVE-2026-42590	Gotenberg: ExifTool group-prefix syntax bypasses dangerous-tag blocklist	14.05.2026	8.2
CVE-2026-42591	Gotenberg: Server-Side Request Forgery (SSRF) in github.com/gotenberg/gotenberg/v8	14.05.2026	8.2
CVE-2026-42592	Gotenberg: DNS rebinding bypasses SSRF validation on Chromium URL conversion routes	14.05.2026	5.3
CVE-2026-42593	Gotenberg: Arbitrary PDF read via stampExpression and watermarkExpression in merge, split, and convert routes	14.05.2026	5.3
CVE-2026-42594	Gotenberg: Unauthenticated denial of service via echo.Context pool reuse in webhook async goroutine	14.05.2026	7.5
CVE-2026-42595	Gotenberg: Server-Side Request Forgery via Chromium URL Endpoint with Redirect-Based Deny-List Bypass	14.05.2026	8.6
CVE-2026-42596	Gotenberg: Unauthenticated SSRF via default deny-list bypass in downloadFrom and webhook	14.05.2026	9.4
CVE-2026-42597	Gotenberg: Chromium URL conversion routes read arbitrary files under /tmp via file:// scheme	14.05.2026	5.9
CVE-2026-44501	DataHub OIDC REDIRECT_URL Cookie Deserialization Vulnerability	14.05.2026	4.3
CVE-2026-44503	Kiota abstractions RedirectHandler leaks Cookie/Proxy-Authorization headers on cross-host redirect	14.05.2026
CVE-2026-44504	Aegra: Cross-user run injection in /threads/{thread_id}/runs (IDOR)	14.05.2026
CVE-2025-62619		14.05.2026
CVE-2025-62625		14.05.2026
CVE-2025-62628		15.05.2026
CVE-2025-69443		14.05.2026
CVE-2026-41932	Vvveb < 1.0.8.3 Stored XSS via Signup Controller	14.05.2026
CVE-2026-41933	Vvveb < 1.0.8.3 Directory Listing Information Disclosure	14.05.2026
CVE-2026-41935	Vvveb < 1.0.8.3 Uncontrolled Recursion Denial of Service	14.05.2026
CVE-2026-41937	Vvveb < 1.0.8.3 Unrestricted File Upload RCE via Plugin Upload	14.05.2026
CVE-2026-42186	OpenBao's Namespace Deletion May Not Delete Data Properly	14.05.2026
CVE-2026-42457	vCluster Platform: Stored XSS can lead to privilege escalation	14.05.2026	9
CVE-2026-42559	RMCP: DNS rebinding vulnerability in rmcp Streamable HTTP server transport	14.05.2026	8.8
CVE-2026-42881	STIGQter: Arbitrary File Write leading to Local Code Execution via Export HTML	14.05.2026
CVE-2026-44216	Wasmtime: Panic when allocating a table exceeding the size of the host's address space	14.05.2026
CVE-2026-44308	Spring Cloud AWS: Missing SNS message signature verification allows spoofing of HTTP/HTTPS endpoint notifications	14.05.2026
CVE-2026-44371	Open OnDemand: Specially crafted filenames can execute javascript in the file browser	14.05.2026
CVE-2026-44374	Backstage: Catalog unprocessed read endpoints allow authenticated cross-owner data access without permission checks	14.05.2026	4.3
CVE-2026-44375	Nerdbank.MessagePack: Attacker-controlled stackalloc in DateTime decoding causes process-terminating StackOverflowException	14.05.2026	7.5
CVE-2026-44482	soundcloud-rpc: Remote Code Execution via XSS in Track Title	14.05.2026	9.6
CVE-2026-44484	Compromise of PyTorch Lightning PyPi Package Versions	14.05.2026
CVE-2026-21730	Stored XSS in Verba	14.05.2026
CVE-2026-24710		14.05.2026
CVE-2026-24711		14.05.2026
CVE-2026-24712		14.05.2026
CVE-2025-15025	IDOR in Yordam Informatics' Library Automation System	14.05.2026	8.8
CVE-2026-1630	Reflected XSS in WEBCON BPS	14.05.2026
CVE-2026-6472	PostgreSQL CREATE TYPE does not check multirange schema CREATE privilege	14.05.2026	5.4
CVE-2026-6473	PostgreSQL server undersizes allocations, via integer wraparound	15.05.2026	8.8
CVE-2026-6474	PostgreSQL timeofday() can disclose portions of server memory	14.05.2026	4.3
CVE-2026-6475	PostgreSQL pg_basebackup and pg_rewind can overwrite unrelated files of origin superuser choice	15.05.2026	8.8
CVE-2026-6476	PostgreSQL pg_createsubscriber allows SQL injection via subscription name	15.05.2026	7.2
CVE-2026-6477	PostgreSQL libpq lo_* functions let server superuser overwrite client stack memory	15.05.2026	8.8
CVE-2026-6478	PostgreSQL discloses MD5-hashed passwords via covert timing channel	14.05.2026	6.5
CVE-2026-6479	PostgreSQL SSL/GSS init causes denial of service, via uncontrolled recursion	14.05.2026	7.5
CVE-2026-6575	PostgreSQL pg_restore_attribute_stats accepts values that cause query planning to read past end of stats array	14.05.2026	4.3
CVE-2026-6637	PostgreSQL refint allows stack buffer overflow and SQL injection	15.05.2026	8.8
CVE-2026-6638	PostgreSQL REFRESH PUBLICATION allows SQL injection via table name	14.05.2026	3.7
CVE-2025-12008	IDOR in APPYAP's Yaay Social Media App	14.05.2026	8.8
CVE-2026-43644	podinfo 6.11.2 Reflected XSS via /echo Endpoint	14.05.2026
CVE-2026-4029	Database Backup for WordPress <= 2.5.2 - Missing Authorization to Unauthenticated Database Export	14.05.2026	7.5
CVE-2026-4030	Database Backup for WordPress <= 2.5.2 - Missing Authorization to Unauthenticated Arbitrary File Read and Deletion	14.05.2026	8.1
CVE-2026-4031	Database Backup for WordPress <= 2.5.2 - Missing Authorization to Unauthenticated Database Backup Interception	14.05.2026	7.5
CVE-2026-5790	Stored Cross-Site Scripting (XSS) vulnerability in Stel Order	14.05.2026
CVE-2026-5798	Unsafe Object Reference (IDOR) vulnerability in Stel Order	14.05.2026
CVE-2026-6008	IDOR in Im Park's DijiDemi	14.05.2026	6.8
CVE-2026-45205	Apache Commons Configuration: StackOverflowError for YAML input with cycles	14.05.2026
CVE-2025-68420	Privilege Escalation in Comarch ERP Optima	14.05.2026
CVE-2025-68421	Hardcoded credentials in Comarch ERP Optima	14.05.2026
CVE-2026-8295	Integer overflow in simdjson	14.05.2026
CVE-2026-8468	Unbounded buffer accumulation in multipart header parsing causes denial of service in plug	15.05.2026