Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-41586 | UNKNOWN | — | Hyperledger Fabric is an enterprise-grade permissioned distributed ledger framework for developing solutions and applications. From versions 1.0.0 to 2.2.26, Channel.java implements readObject() and exposes deSerializeChannel() … | May 07, 2026 |
| CVE-2026-41413 | MEDIUM | 5.0 | Istio is an open platform to connect, manage, and secure microservices. Prior to versions 1.28.6 and 1.29.2, when a RequestAuthentication resource is created with a … | May 07, 2026 |
| CVE-2026-41143 | HIGH | 8.8 | YesWiki is a wiki system written in PHP. Prior to version 4.6.1, YesWiki bazar module contains a SQL injection vulnerability in tools/bazar/services/EntryManager.php at line 704. … | May 07, 2026 |
| CVE-2026-41139 | HIGH | 8.8 | Math.js is an extensive math library for JavaScript and Node.js. From version 13.1.0 to before version 15.2.0, arbitrary JavaScript can be executed via the expression … | May 07, 2026 |
| CVE-2026-6214 | MEDIUM | 6.5 | The Forminator Forms plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.53.0. This is due to the listen_for_saving_export_schedule() function … | May 07, 2026 |
| CVE-2026-44603 | LOW | 3.7 | Tor before 0.4.9.7 has an out-of-bounds read by one byte via a malformed BEGIN cell, aka TROVE-2026-007. | May 07, 2026 |
| CVE-2026-44602 | LOW | 3.7 | Tor before 0.4.9.7 has a NULL pointer dereference when a CERT cell is received out of order, aka TROVE-2026-006. | May 07, 2026 |
| CVE-2026-44601 | LOW | 3.7 | Tor before 0.4.9.7, when circuit queue memory pressure exists, can experience a client crash because of a double close of a circuit, aka TROVE-2026-009. | May 07, 2026 |
| CVE-2026-42217 | UNKNOWN | — | OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From versions 3.0.0 to … | May 07, 2026 |
| CVE-2026-42216 | UNKNOWN | — | OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From versions 3.0.0 to … | May 07, 2026 |
| CVE-2026-42194 | MEDIUM | 6.8 | Admidio is an open-source user management solution. Prior to version 5.0.9, the incomplete SSRF fix in Admidio's fetch_metadata.php validates the resolved IP address but passes … | May 07, 2026 |
| CVE-2026-41891 | UNKNOWN | — | CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. From version 0.26.0 to before version … | May 07, 2026 |
| CVE-2026-41890 | UNKNOWN | — | CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. From version 0.31.1.0 to before version … | May 07, 2026 |
| CVE-2026-41675 | UNKNOWN | — | xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) `DOMParser` and `XMLSerializer` module. In @xmldom/xmldom prior to versions 0.9.10 and 0.8.13 and … | May 07, 2026 |
| CVE-2026-41674 | UNKNOWN | — | xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) `DOMParser` and `XMLSerializer` module. In @xmldom/xmldom prior to versions 0.9.10 and 0.8.13 and … | May 07, 2026 |
| CVE-2026-41673 | UNKNOWN | — | xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) `DOMParser` and `XMLSerializer` module. In @xmldom/xmldom prior to versions 0.9.10 and 0.8.13 and … | May 07, 2026 |
| CVE-2026-41672 | UNKNOWN | — | xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) `DOMParser` and `XMLSerializer` module. In @xmldom/xmldom prior to versions 0.9.10 and 0.8.13 and … | May 07, 2026 |
| CVE-2026-41671 | MEDIUM | 6.8 | Admidio is an open-source user management solution. Prior to version 5.0.9, the OIDC token introspection endpoint (/modules/sso/index.php/oidc/introspect) always returns {"active": true} for every request, regardless … | May 07, 2026 |
| CVE-2026-41670 | HIGH | 8.2 | Admidio is an open-source user management solution. Prior to version 5.0.9, the SAML IdP implementation in Admidio's SSO module uses the AssertionConsumerServiceURL value directly from … | May 07, 2026 |
| CVE-2026-41669 | HIGH | 8.2 | Admidio is an open-source user management solution. Prior to version 5.0.9, the Admidio SAML Identity Provider implementation discards the return value of its validateSignature() method … | May 07, 2026 |
| CVE-2026-41663 | LOW | 3.5 | Admidio is an open-source user management solution. Prior to version 5.0.9, several administrative operations in Admidio's preferences module (database backup, test email, htaccess generation) fire … | May 07, 2026 |
| CVE-2026-41662 | MEDIUM | 5.2 | Admidio is an open-source user management solution. Prior to version 5.0.9, Role::stopMembership() does not verify whether removing a user from the administrator role leaves zero … | May 07, 2026 |
| CVE-2026-41661 | MEDIUM | 6.1 | Admidio is an open-source user management solution. Prior to version 5.0.9, an unauthenticated attacker can execute arbitrary JavaScript in any Admidio user's browser through a … | May 07, 2026 |
| CVE-2026-41660 | HIGH | 7.1 | Admidio is an open-source user management solution. Prior to version 5.0.9, a logic error in Admidio's two-factor authentication reset inverts the authorization check. Non-admin users … | May 07, 2026 |
| CVE-2026-41659 | LOW | 2.7 | Admidio is an open-source user management solution. Prior to version 5.0.9, the member assignment DataTables endpoint (members_assignment_data.php) includes hidden profile fields (BIRTHDAY, STREET, CITY, POSTCODE, … | May 07, 2026 |