Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10671
Total
727
Critical
3077
High
3393
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-42150 | MEDIUM | 5.1 | wlc is a Weblate command-line client using Weblate's REST API. Prior to version 2.0.0, the HTML output format in wlc embeds API response data into … | May 08, 2026 |
| CVE-2026-41900 | HIGH | 8.8 | OpenLearnX is an open-source, decentralized learning and assessment platform. Prior to version 2.0.3, a remote code execution (RCE) vulnerability was identified in the OpenLearnX code … | May 08, 2026 |
| CVE-2026-41646 | MEDIUM | 5.5 | Nuclei is a vulnerability scanner built on a simple YAML-based DSL. From version 3.0.0 to before version 3.8.0, a vulnerability in Nuclei's JavaScript protocol runtime … | May 08, 2026 |
| CVE-2026-41645 | MEDIUM | 5.3 | Nuclei is a vulnerability scanner built on a simple YAML-based DSL. From version 3.0.0 to before version 3.8.0, a vulnerability in Nuclei's expression evaluation engine … | May 08, 2026 |
| CVE-2026-41501 | CRITICAL | 9.8 | electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to version 3.3.8, a command injection vulnerability exists in github.com/elcterm/electerm/npm/install.js:130. The runLinux() function appends attacker-controlled remote version strings … | May 08, 2026 |
| CVE-2026-41500 | CRITICAL | 9.8 | electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to version 3.3.8, a command injection vulnerability exists in github.com/elcterm/electerm/npm/install.js:150. The runMac() function appends attacker-controlled remote releaseInfo.name directly … | May 08, 2026 |
| CVE-2026-41498 | LOW | 3.3 | Kimai is an open-source time tracking application. Prior to version 2.54.0, the Team API endpoints use #[IsGranted('edit_team')] instead of #[IsGranted('edit', 'team')], causing Symfony TeamVoter to … | May 08, 2026 |
| CVE-2026-8128 | HIGH | 7.3 | A vulnerability was found in SourceCodester SUP Online Shopping 1.0. The affected element is an unknown function of the file /admin/viewmsg.php. Performing a manipulation of … | May 08, 2026 |
| CVE-2026-8127 | MEDIUM | 6.3 | A vulnerability has been found in eladmin up to 2.7. Impacted is the function checkLevel of the file /rest/UserController.java of the component Users API Endpoint. … | May 08, 2026 |
| CVE-2026-8126 | HIGH | 7.3 | A flaw has been found in SourceCodester Comment System 1.0. This issue affects some unknown processing of the file post_comment.php. This manipulation of the argument … | May 08, 2026 |
| CVE-2026-6737 | UNKNOWN | — | An Exposed IOCTL with Insufficient Access Control vulnerability in AsusPTPFilter allows a local user to bypass driver security mechanisms and obtain restricted touchpad information or … | May 08, 2026 |
| CVE-2026-3508 | UNKNOWN | — | An Out-of-bounds Read vulnerability in the IOCTL handler in ASUS System Control Interface allows a local user to cause system crash (BSOD) via a read … | May 08, 2026 |
| CVE-2026-8125 | MEDIUM | 6.3 | A vulnerability was detected in code-projects Simple Chat System 1.0. This vulnerability affects unknown code of the file sendMessage.php. The manipulation of the argument type/length/business … | May 08, 2026 |
| CVE-2026-8124 | LOW | 3.3 | A security vulnerability has been detected in GPAC up to 26.02.0. This affects the function sidx_box_read of the file src/isomedia/box_code_base.c. The manipulation leads to allocation … | May 08, 2026 |
| CVE-2026-8123 | MEDIUM | 4.3 | A vulnerability was determined in Open5GS up to 2.7.7. This impacts the function ogs_sbi_discovery_option_add_snssais in the library /lib/sbi/message.c of the component NSSF. This manipulation causes … | May 08, 2026 |
| CVE-2026-8122 | MEDIUM | 4.3 | A vulnerability was found in Open5GS up to 2.7.7. This affects the function ogs_sbi_discovery_option_add_service_names in the library /lib/sbi/message.c of the component NSSF. The manipulation results … | May 08, 2026 |
| CVE-2026-8121 | MEDIUM | 4.3 | A vulnerability has been found in Open5GS up to 2.7.7. The impacted element is the function ogs_sbi_parse_plmn_list in the library /lib/sbi/conv.c of the component NSSF. … | May 08, 2026 |
| CVE-2026-8120 | MEDIUM | 4.3 | A flaw has been found in Open5GS up to 2.7.7. The affected element is the function nssf_nnrf_nsselection_handle_get_from_amf_or_vnssf of the file /src/nssf/nnssf-handler.c of the component NSSF. … | May 08, 2026 |
| CVE-2026-8119 | LOW | 3.3 | A vulnerability was detected in Open5GS up to 2.7.7. Impacted is the function ogs_sbi_stream_find_by_id in the library /lib/sbi/nghttp2-server.c of the component NSSF. Performing a manipulation … | May 08, 2026 |
| CVE-2026-8117 | MEDIUM | 4.3 | A security vulnerability has been detected in SourceCodester Pizzafy Ecommerce System 1.0. This issue affects some unknown processing of the file /admin/index.php. Such manipulation of … | May 08, 2026 |
| CVE-2026-8116 | MEDIUM | 6.3 | A weakness has been identified in huangjunsen0406 xiaozhi-mcphub up to 1.0.3. This vulnerability affects unknown code of the file src/controllers/dxtController.ts. This manipulation of the argument … | May 08, 2026 |
| CVE-2026-8115 | MEDIUM | 5.3 | A security flaw has been discovered in gyoridavid short-video-maker up to 1.3.4. This affects an unknown part of the file src/server/routers/rest.ts of the component REST … | May 07, 2026 |
| CVE-2026-6411 | HIGH | 7.3 | This vulnerability, in the MAXHUB Pivot client application versions prior to v1.36.2, may allow an attacker to obtain encrypted tenant email addresses and related metadata … | May 07, 2026 |
| CVE-2026-42880 | CRITICAL | 9.6 | Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. From versions 3.2.0 to before 3.2.11 and 3.3.0 to before 3.3.9, there is a … | May 07, 2026 |
| CVE-2026-2710 | UNKNOWN | — | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | May 07, 2026 |