Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10671
Total
727
Critical
3077
High
3393
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-8097 | MEDIUM | 6.3 | A security flaw has been discovered in CodeAstro Online Classroom 1.0. This vulnerability affects unknown code of the file /askquery.php. The manipulation of the argument … | May 07, 2026 |
| CVE-2026-44365 | UNKNOWN | — | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-34429. Reason: This candidate is a duplicate of CVE-2026-34429. Notes: All CVE users … | May 07, 2026 |
| CVE-2026-42449 | HIGH | 8.5 | n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. In versions 2.47.4 through 2.47.13, the SDK embedder … | May 07, 2026 |
| CVE-2026-42047 | HIGH | 8.6 | Inngest is a platform for running event-driven and scheduled background functions with queueing, retries, and step orchestration. Versions 3.22.0 through 3.53.1 contain a vulnerability that … | May 07, 2026 |
| CVE-2026-41692 | MEDIUM | 4.7 | i18nextify is a JavaScript library that adds website internationalization via a script tag, without source code changes. Versions prior to 4.0.8 substitute {{key}} interpolation tokens … | May 07, 2026 |
| CVE-2026-41691 | MEDIUM | 6.5 | Copilot said: i18nextify is a JavaScript library that adds i18nextify is a JavaScript library that adds website internationalization via a script tag, without source code … | May 07, 2026 |
| CVE-2026-8142 | MEDIUM | 6.5 | VINCE versions 3.0.38 and earlier do not properly verify the From address authenticity due to encoding confusion and use the from address for automated actions … | May 07, 2026 |
| CVE-2026-8088 | LOW | 3.3 | A weakness has been identified in OSGeo gdal up to 3.13.0dev-4. The affected element is the function GDfieldinfo of the file frmts/hdf4/hdf-eos/GDapi.c. Executing a manipulation … | May 07, 2026 |
| CVE-2026-8087 | MEDIUM | 5.3 | A security flaw has been discovered in OSGeo gdal up to 3.13.0dev-4. Impacted is the function GDnentries of the file frmts/hdf4/hdf-eos/GDapi.c. Performing a manipulation of … | May 07, 2026 |
| CVE-2026-43510 | HIGH | 7.6 | manage.get.gov is the .gov TLD registrar maintained by CISA. manage.get.gov allows an organization administrator to assign domain manager privileges for domains not already in another … | May 07, 2026 |
| CVE-2026-42501 | HIGH | 7.5 | A malicious module proxy can exploit a flaw in the go command's validation of module checksums to bypass checksum database validation. This vulnerability affects any … | May 07, 2026 |
| CVE-2026-42499 | UNKNOWN | — | Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322. | May 07, 2026 |
| CVE-2026-42259 | UNKNOWN | — | Saltcorn is an extensible, open source, no-code database application builder. Prior to versions 1.4.6, 1.5.6, and 1.6.0-beta.5, Saltcorn validates the post-login dest parameter with a … | May 07, 2026 |
| CVE-2026-42241 | MEDIUM | 5.3 | ParquetSharp is a .NET library for reading and writing Apache Parquet files. From version 18.1.0 to before version 23.0.0.1, DecimalConverter.ReadDecimal makes a stackalloc using what … | May 07, 2026 |
| CVE-2026-42239 | HIGH | 8.1 | Budibase is an open-source low-code platform. Prior to version 3.35.10, the budibase:auth cookie containing the JWT session token is set with httpOnly: false at packages/backend-core/src/utils/utils.ts:218. … | May 07, 2026 |
| CVE-2026-42225 | UNKNOWN | — | PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, on GnuTLS builds, the SIP TLS transport (sip_transport_tls) … | May 07, 2026 |
| CVE-2026-39836 | UNKNOWN | — | The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL (0). | May 07, 2026 |
| CVE-2026-39826 | MEDIUM | 6.1 | If a trusted template author were to write a <script> tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the … | May 07, 2026 |
| CVE-2026-39825 | UNKNOWN | — | ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, … | May 07, 2026 |
| CVE-2026-39823 | MEDIUM | 6.1 | CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a <meta> tag's <content> attribute. If the URL content were to insert … | May 07, 2026 |
| CVE-2026-39820 | HIGH | 7.5 | Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations. | May 07, 2026 |
| CVE-2026-39819 | UNKNOWN | — | The "go bug" command writes to two files with predictable names in the system temporary directory (for example, "/tmp"). An attacker with access to the … | May 07, 2026 |
| CVE-2026-39817 | UNKNOWN | — | The "go tool pack" subcommand (usually used only by the compiler as an internal tool with known-good inputs) does not sanitize output filenames. Extracting a … | May 07, 2026 |
| CVE-2026-33814 | UNKNOWN | — | When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0. | May 07, 2026 |
| CVE-2026-33811 | HIGH | 7.5 | When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash. | May 07, 2026 |