Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10066
Total
679
Critical
2903
High
3164
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-47307 | MEDIUM | 5.5 | NULL pointer dereference vulnerability in Samsung Open Source Walrus allows an attacker to cause a denial of service via a crafted WebAssembly module containing deeply … | May 19, 2026 |
| CVE-2026-33565 | LOW | 3.3 | in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS. | May 19, 2026 |
| CVE-2026-28751 | LOW | 3.3 | in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS. | May 19, 2026 |
| CVE-2026-28733 | MEDIUM | 6.5 | in OpenHarmony v6.0 and prior versions allow a local attacker arbitrary code execution. | May 19, 2026 |
| CVE-2026-27781 | LOW | 3.3 | in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS. | May 19, 2026 |
| CVE-2026-27766 | MEDIUM | 5.5 | in OpenHarmony v6.0 and prior versions allow a local attacker cause information leak. | May 19, 2026 |
| CVE-2026-27648 | HIGH | 8.8 | in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps. | May 19, 2026 |
| CVE-2026-25850 | MEDIUM | 5.5 | in OpenHarmony v6.0 and prior versions allow a local attacker cause information leak | May 19, 2026 |
| CVE-2026-25781 | HIGH | 8.4 | in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS and it cannot be recovered. | May 19, 2026 |
| CVE-2026-25110 | LOW | 3.3 | in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS. | May 19, 2026 |
| CVE-2026-24792 | HIGH | 8.1 | in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps. | May 19, 2026 |
| CVE-2026-22069 | HIGH | 7.3 | A local privilege escalation vulnerability exists in O+ Connect because it fails to validate the identity of the caller on the pipe interface. | May 19, 2026 |
| CVE-2026-33514 | UNKNOWN | — | Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1, an authenticated user on a Discourse instance with the form … | May 19, 2026 |
| CVE-2026-33234 | MEDIUM | 5.0 | AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. In versions 0.1.0 through 0.6.51, SendEmailBlock in autogpt_platform/backend/backend/blocks/email_block.py accepts a … | May 19, 2026 |
| CVE-2026-33233 | HIGH | 7.6 | AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. In versions 0.6.34 through 0.6.51, the backend deserializes Redis cache … | May 19, 2026 |
| CVE-2026-33232 | HIGH | 7.5 | AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Versions 0.4.2 through 0.6.51 are vulnerable to an unauthenticated Denial … | May 19, 2026 |
| CVE-2026-33052 | UNKNOWN | — | Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions 2.28.0 and 2.28.1 allow a low-privileged authenticated user assigned the "add_profile_threshold" permission to create … | May 19, 2026 |
| CVE-2026-32323 | HIGH | 7.3 | Mullvad VPN is a VPN client app for desktop and mobile. When using macOS with versions 2026.1 and below, Mullvad VPN may allow local privilege … | May 19, 2026 |
| CVE-2026-32312 | UNKNOWN | — | GLPI is a free asset and IT management software package. In versions 11.0.0 through 11.0.6, an authenticated user with forms READ permission can export the … | May 19, 2026 |
| CVE-2026-32244 | MEDIUM | 5.3 | Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1, outdated cached AI summaries can leak removed content to anonymous … | May 19, 2026 |
| CVE-2026-30950 | HIGH | 7.1 | AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Versions 0.6.36 through 0.6.50 are vulnerable to Authenticated Session Hijacking … | May 18, 2026 |
| CVE-2026-27964 | LOW | 3.9 | FacturaScripts is an open source accounting and invoicing software. Versions 2025.7 and prior contain a Reflected Cross-Site Scripting (XSS) vulnerability through the fsNick cookie parameter. … | May 18, 2026 |
| CVE-2026-27892 | MEDIUM | 6.5 | FacturaScripts is an open source accounting and invoicing software. In versions prior to 2026, the Library module stores and serves uploaded images byte-for-byte, without stripping … | May 18, 2026 |
| CVE-2026-27891 | HIGH | 7.2 | FacturaScripts is an open source accounting and invoicing software. Versions 2026 and below contain a critical vulnerability in the Plugins::add() function. The system fails to … | May 18, 2026 |
| CVE-2026-27737 | MEDIUM | 6.5 | BigBlueButton is an open-source virtual classroom. In versions prior to 3.0.19, the recording playback (presentation format) was not sanitizing user's input in public chat. This … | May 18, 2026 |