Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10671
Total
727
Critical
3077
High
3393
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2022-26523 | MEDIUM | 5.3 | The socket connection handler in aswArPot.sys in the Avast and AVG Windows Anti Rootkit driver before 22.1 allows local attackers to execute arbitrary code in … | May 08, 2026 |
| CVE-2022-26522 | HIGH | 7.8 | The socket connection handler in aswArPot.sys in the Avast and AVG Windows Anti Rootkit driver before 22.1 allows local attackers to execute arbitrary code in … | May 08, 2026 |
| CVE-2022-23961 | MEDIUM | 6.1 | In Thruk Monitoring through 2.46.3, the login field of the login form is vulnerable to reflected XSS. This vulnerability can be exploited by unauthenticated remote … | May 08, 2026 |
| CVE-2026-8136 | LOW | 2.4 | A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects an unknown part of the file /index.php?page=users. Executing a manipulation … | May 08, 2026 |
| CVE-2026-8133 | HIGH | 7.3 | A security vulnerability has been detected in zyx0814 FilePress up to 2.2.0. Affected by this vulnerability is an unknown functionality of the file dzz/shares/admin.php of … | May 08, 2026 |
| CVE-2026-8132 | HIGH | 7.3 | A weakness has been identified in CodeAstro Leave Management System 1.0. Affected is an unknown function of the file /login.php. This manipulation of the argument … | May 08, 2026 |
| CVE-2026-8131 | HIGH | 7.3 | A security flaw has been discovered in SourceCodester SUP Online Shopping 1.0. This impacts an unknown function of the file /admin/replymsg.php. The manipulation of the … | May 08, 2026 |
| CVE-2026-8130 | HIGH | 7.3 | A vulnerability was identified in SourceCodester SUP Online Shopping 1.0. This affects an unknown function of the file /admin/message.php. The manipulation of the argument seenid … | May 08, 2026 |
| CVE-2026-8129 | HIGH | 7.3 | A vulnerability was determined in SourceCodester SUP Online Shopping 1.0. The impacted element is an unknown function of the file wishlist.php. Executing a manipulation of … | May 08, 2026 |
| CVE-2026-44298 | MEDIUM | 4.1 | Kimai is an open-source time tracking application. From version 2.32.0 to before version 2.56.0, users with the role System-Admin (ROLE_SYSTE_ADMIN) and the permission upload_invoice_template can … | May 08, 2026 |
| CVE-2026-43944 | UNKNOWN | — | electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. From versions 3.0.6 to before 3.8.15, electerm is vulnerable to arbitrary local code execution via deep links, CLI --opts, … | May 08, 2026 |
| CVE-2026-43943 | HIGH | 7.8 | electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to version 3.7.9, a code execution (RCE) vulnerability exists in electerm's SFTP open with system editor or "Edit … | May 08, 2026 |
| CVE-2026-43942 | MEDIUM | 5.5 | electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. In versions 3.8.15 and prior, the getConstants() IPC handler in src/app/lib/ipc-sync.js serialises the entire process.env object and sends it … | May 08, 2026 |
| CVE-2026-43941 | CRITICAL | 9.6 | electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. In versions 3.8.15 and prior, Electerm's terminal hyperlink handler passes any URL clicked in the terminal directly to shell.openExternal … | May 08, 2026 |
| CVE-2026-43940 | HIGH | 8.4 | electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to version 3.7.16, the runWidget function in src/app/widgets/load-widget.js constructs a file path by directly concatenating user‑supplied widget identifiers … | May 08, 2026 |
| CVE-2026-42275 | HIGH | 8.7 | zrok is software for sharing web services, files, and network resources. Prior to version 2.0.2, the zrok WebDAV drive backend (davServer.Dir) restricts path traversal through … | May 08, 2026 |
| CVE-2026-42274 | UNKNOWN | — | Heimdall is a cloud native Identity Aware Proxy and Access Control Decision service. Prior to version 0.17.14, Heimdall performs rule matching on the raw (non-normalized) … | May 08, 2026 |
| CVE-2026-42273 | UNKNOWN | — | Heimdall is a cloud native Identity Aware Proxy and Access Control Decision service. Prior to version 0.17.14, Heimdall performs host matching in a case-sensitive manner, … | May 08, 2026 |
| CVE-2026-42272 | UNKNOWN | — | Heimdall is a cloud native Identity Aware Proxy and Access Control Decision service. Prior to version 0.17.14, Heimdall handles URL-encoded slashes (%2F) in a case-sensitive … | May 08, 2026 |
| CVE-2026-42271 | UNKNOWN | — | LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1.74.2 to before version 1.83.7, two endpoints … | May 08, 2026 |
| CVE-2026-42267 | UNKNOWN | — | Kimai is an open-source time tracking application. From version 2.27.0 to before version 2.54.0, any ROLE_USER can create a tag with a formula string as … | May 08, 2026 |
| CVE-2026-42264 | HIGH | 7.4 | Axios is a promise based HTTP client for the browser and Node.js. From version 1.0.0 to before version 1.15.2, fFive config properties (auth, baseURL, socketPath, … | May 08, 2026 |
| CVE-2026-42261 | HIGH | 7.1 | PromptHub is an all-in-one AI toolbox for prompt, skill, and agent management. From version 0.4.9 to before version 0.5.4, apps/web/src/routes/skills.ts exposes an authenticated endpoint POST … | May 08, 2026 |
| CVE-2026-42208 | UNKNOWN | — | LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1.81.16 to before version 1.83.7, a database … | May 08, 2026 |
| CVE-2026-42203 | UNKNOWN | — | LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1.80.5 to before version 1.83.7, the POST … | May 08, 2026 |