Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10671
Total
727
Critical
3077
High
3393
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-8114 | MEDIUM | 6.3 | A vulnerability was identified in JeecgBoot up to 3.9.1. Affected by this issue is some unknown functionality of the file /sys/dict/loadTreeData of the component JSON … | May 07, 2026 |
| CVE-2026-8113 | MEDIUM | 4.3 | A vulnerability was determined in 8421bit MiniClaw up to 43905b934cf76489ab28e4d17da28ee97970f91f. Affected by this vulnerability is the function isPathInside of the file src/kernel.ts of the component … | May 07, 2026 |
| CVE-2026-8112 | MEDIUM | 6.3 | A vulnerability was found in 8421bit MiniClaw up to 223c16a1088e138838dcbd18cd65a37c35ac5a84. Affected is the function executeCognitivePulse of the file src/kernel.ts. Performing a manipulation results in os … | May 07, 2026 |
| CVE-2026-8106 | UNKNOWN | — | A reflected HTML injection vulnerability was identified in the GitHub Enterprise Server Management Console login page that could allow credential theft. The redirect_to query parameter … | May 07, 2026 |
| CVE-2026-8034 | UNKNOWN | — | A server-side request forgery (SSRF) vulnerability was identified in the GitHub Enterprise Server notebook viewer that allowed an attacker to access internal services by exploiting … | May 07, 2026 |
| CVE-2026-7891 | UNKNOWN | — | The VerySecureApp made by DIVD using Mendix Studio Pro 11.8.0 Beta allows unintended data exposure due to authorization misconfiguration. The VerySecureApp allows anonymous users of … | May 07, 2026 |
| CVE-2026-7541 | UNKNOWN | — | A denial of service vulnerability was identified in GitHub Enterprise Server that allowed an unauthenticated attacker to cause service disruption by sending crafted requests with … | May 07, 2026 |
| CVE-2026-6736 | UNKNOWN | — | An authentication bypass vulnerability was identified in GitHub Enterprise Server that allowed an unauthenticated attacker to create a local user account, bypassing the configured external … | May 07, 2026 |
| CVE-2026-42826 | CRITICAL | 10.0 | Exposure of sensitive information to an unauthorized actor in Azure DevOps allows an unauthorized attacker to disclose information over a network. | May 07, 2026 |
| CVE-2026-41929 | MEDIUM | 6.1 | Vvveb before 1.0.8.2 contains an unauthenticated reflected cross-site scripting vulnerability in the visual editor preview renderer that allows attackers to execute arbitrary JavaScript by manipulating … | May 07, 2026 |
| CVE-2026-41928 | MEDIUM | 5.3 | Vvveb before 1.0.8.2 contains an information disclosure vulnerability in the cron controller that allows unauthenticated attackers to retrieve the application's secret cron key. Attackers can … | May 07, 2026 |
| CVE-2026-41105 | HIGH | 8.1 | Server-side request forgery (ssrf) in Azure Notification Service allows an authorized attacker to elevate privileges over a network. | May 07, 2026 |
| CVE-2026-40214 | MEDIUM | 6.3 | In OpenStack Cyborg before 16.0.1, the Accelerator Request (ARQ) API does not enforce project ownership at any layer. The project_id column in the database is … | May 07, 2026 |
| CVE-2026-40213 | HIGH | 7.4 | OpenStack Cyborg before 16.0.1 uses rule:allow (check_str='@') as the default policy for multiple API endpoints. This unconditionally authorizes any request carrying a valid Keystone token … | May 07, 2026 |
| CVE-2026-35435 | HIGH | 8.6 | Improper access control in Azure AI Foundry M365 published agents allows an unauthorized attacker to elevate privileges over a network. | May 07, 2026 |
| CVE-2026-35428 | CRITICAL | 9.6 | Improper neutralization of special elements used in a command ('command injection') in Azure Cloud Shell allows an unauthorized attacker to perform spoofing over a network. | May 07, 2026 |
| CVE-2026-34327 | HIGH | 8.2 | Externally controlled reference to a resource in another sphere in Microsoft Partner Center allows an unauthorized attacker to perform spoofing over a network. | May 07, 2026 |
| CVE-2026-33844 | CRITICAL | 9.0 | Improper input validation in Azure Managed Instance for Apache Cassandra allows an authorized attacker to execute code over a network. | May 07, 2026 |
| CVE-2026-33823 | CRITICAL | 9.6 | Improper authorization in Microsoft Teams allows an authorized attacker to disclose information over a network. | May 07, 2026 |
| CVE-2026-33111 | HIGH | 7.5 | Improper neutralization of special elements used in a command ('command injection') in Copilot Chat (Microsoft Edge) allows an unauthorized attacker to disclose information over a … | May 07, 2026 |
| CVE-2026-33109 | CRITICAL | 9.9 | Improper access control in Azure Managed Instance for Apache Cassandra allows an authorized attacker to execute code over a network. | May 07, 2026 |
| CVE-2026-32207 | HIGH | 8.8 | Improper neutralization of input during web page generation ('cross-site scripting') in Azure Machine Learning allows an unauthorized attacker to perform spoofing over a network. | May 07, 2026 |
| CVE-2026-26164 | HIGH | 7.5 | Improper neutralization of special elements in output used by a downstream component ('injection') in M365 Copilot allows an unauthorized attacker to disclose information over a … | May 07, 2026 |
| CVE-2026-26129 | HIGH | 7.5 | Improper neutralization of special elements in M365 Copilot allows an unauthorized attacker to disclose information over a network. | May 07, 2026 |
| CVE-2026-8098 | HIGH | 7.3 | A security vulnerability has been detected in code-projects Feedback System 1.0. Impacted is an unknown function of the file /admin/checklogin.php. Such manipulation of the argument … | May 07, 2026 |