Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10671
Total
727
Critical
3077
High
3393
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-8086 | MEDIUM | 5.3 | A vulnerability was identified in OSGeo gdal up to 3.13.0dev-4. This issue affects the function SWnentries of the file frmts/hdf4/hdf-eos/SWapi.c. Such manipulation of the argument … | May 07, 2026 |
| CVE-2026-8084 | LOW | 3.3 | A vulnerability was determined in OSGeo gdal up to 3.13.0dev-4. This vulnerability affects the function memmove of the file frmts/hdf4/hdf-eos/SWapi.c of the component HDF-EOS Grid … | May 07, 2026 |
| CVE-2026-8083 | HIGH | 7.3 | A vulnerability was found in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects an unknown part of the file /ajax.php?action=save_user. The manipulation of the … | May 07, 2026 |
| CVE-2026-44742 | HIGH | 7.2 | Postorius through 1.3.13 does not escape HTML in the message subject when rendering it in the Held messages pop-up, as exploited in the wild in … | May 07, 2026 |
| CVE-2026-44244 | HIGH | 7.8 | GitPython is a python library used to interact with Git repositories. Prior to version 3.1.49, GitConfigParser.set_value() passes values to Python's configparser without validating for newlines. … | May 07, 2026 |
| CVE-2026-44243 | HIGH | 7.1 | GitPython is a python library used to interact with Git repositories. Prior to version 3.1.48, a vulnerability in GitPython allows attackers who can supply a … | May 07, 2026 |
| CVE-2026-42284 | HIGH | 8.1 | GitPython is a python library used to interact with Git repositories. Prior to version 3.1.47, _clone() validates multi_options as the original list, then executes shlex.split(" … | May 07, 2026 |
| CVE-2026-42215 | HIGH | 8.8 | GitPython is a python library used to interact with Git repositories. From version 3.1.30 to before version 3.1.47, GitPython blocks dangerous Git options such as … | May 07, 2026 |
| CVE-2026-42214 | HIGH | 7.8 | Notepad Next is a cross-platform, reimplementation of Notepad++. Prior to version 0.14, NotepadNext's detectLanguageFromExtension() function interpolates a file's extension directly into a Lua script without … | May 07, 2026 |
| CVE-2026-41906 | HIGH | 7.1 | FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.214, the Change Customer modal correctly hides out-of-scope … | May 07, 2026 |
| CVE-2026-41905 | HIGH | 7.7 | FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, Helper::sanitizeRemoteUrl() in app/Misc/Helper.php follows HTTP redirects via … | May 07, 2026 |
| CVE-2026-41904 | HIGH | 7.6 | FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, a user with updateAutoReply permission can store … | May 07, 2026 |
| CVE-2026-41903 | MEDIUM | 5.4 | FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, a user holding the PERM_EDIT_USERS permission (intended … | May 07, 2026 |
| CVE-2026-41902 | CRITICAL | 9.1 | FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, the /user-setup/{hash} endpoint accepts a 60-character random … | May 07, 2026 |
| CVE-2026-41653 | UNKNOWN | — | BentoPDF is a client-side PDF toolkit that is self hostable. Prior to version 2.8.3, a cross-site scripting vulnerability was identified in BentoPD. An attacker may … | May 07, 2026 |
| CVE-2026-8081 | MEDIUM | 6.3 | A vulnerability has been found in router-for-me CLIProxyAPI 6.9.29. Affected by this issue is some unknown functionality of the file internal/api/handlers/management/api_tools.go of the component API … | May 07, 2026 |
| CVE-2026-37709 | CRITICAL | 9.8 | Insecure Permissions vulnerability in grokability snipe-it v.8.4.0 and before and fixed after 2026-03-10 commit 676a9958 allows a remote attacker to execute arbitrary code via the … | May 07, 2026 |
| CVE-2026-7415 | CRITICAL | 9.8 | The MQTT broker embedded in Yarbo firmware v2.3.9 is configured to allow anonymous connections with no topic-level read or write ACLs. Any host on the … | May 07, 2026 |
| CVE-2026-7414 | CRITICAL | 9.8 | Yarbo firmware v2.3.9 contains hardcoded administrative credentials embedded in the firmware image. These credentials are identical across all devices running this firmware and cannot be … | May 07, 2026 |
| CVE-2026-7413 | HIGH | 7.2 | A hidden, persistent backdoor was found in Yarbo firmware v2.3.9 that provides remote, unauthenticated (or weakly authenticated) access to privileged functionality. The backdoor is undocumented, … | May 07, 2026 |
| CVE-2026-7821 | HIGH | 7.4 | Improper certificate validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to enroll a device belonging to a restricted … | May 07, 2026 |
| CVE-2026-6973 | HIGH | 7.2 | An Improper Input Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remotely authenticated user with administrative access to achieve remote code … | May 07, 2026 |
| CVE-2026-5788 | HIGH | 7.0 | An Improper Access Control in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to invoke arbitrary methods. | May 07, 2026 |
| CVE-2026-5787 | HIGH | 8.9 | An Improper Certificate Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to impersonate registered Sentry hosts and obtain … | May 07, 2026 |
| CVE-2026-5786 | HIGH | 8.8 | An Improper Access Control vulnerability in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote authenticated attacker to gain administrative access. | May 07, 2026 |