Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2025-31974 | LOW | 3.9 | HCL BigFix Service Management (SM) is susceptible to a Root File System Not Mounted as Read-Only. An improperly configured root file system may allow unintended … | May 06, 2026 |
| CVE-2025-31960 | MEDIUM | 5.3 | HCL BigFix Service Management (SM) is vulnerable to information exposure due to improper error handling within its reporting module. It was observed that supplying an … | May 06, 2026 |
| CVE-2024-30151 | HIGH | 8.3 | HCL BigFix Service Management (SX) is affected by a Broken Access Control vulnerability leading to privilege escalation. This could allow unauthorized users to gain elevated … | May 06, 2026 |
| CVE-2026-33079 | UNKNOWN | — | In versions 3.0.0a1 through 3.2.0 of Mistune, there is a ReDoS (Regular Expression Denial of Service) vulnerability in `LINK_TITLE_RE` that allows an attacker who can … | May 06, 2026 |
| CVE-2026-29090 | UNKNOWN | — | ### Summary A SQL injection vulnerability exists in Rucio versions 1.30.0 and later before 35.8.5, 38.5.5, 39.4.2, and 40.1.1, in `FilterEngine.create_postgres_query()`. This allows any authenticated … | May 06, 2026 |
| CVE-2026-7875 | HIGH | 8.8 | NanoClaw contains a host/container filesystem boundary vulnerability in outbound attachment handling and outbox cleanup that allows a compromised or prompt-injected container to read files outside … | May 06, 2026 |
| CVE-2026-42503 | HIGH | 8.8 | gopls by default communicates via pipe. However, -port and -listen flags are supported as means of debugging. If -listen is given a value without an … | May 06, 2026 |
| CVE-2026-29080 | UNKNOWN | — | A SQL injection vulnerability in `FilterEngine.create_sqla_query()` allows any authenticated Rucio user to execute arbitrary SQL against the backend database through the DID search endpoint (`GET … | May 06, 2026 |
| CVE-2026-23870 | HIGH | 7.5 | A denial of service vulnerability could be triggered by sending specially crafted HTTP requests to server function endpoints, this could lead to server crashes, out-of-memory … | May 06, 2026 |
| CVE-2026-21661 | UNKNOWN | — | Uncontrolled Search Path Element vulnerability in JohnsonControls AC2000 on Windows allows Leveraging/Manipulating Configuration File Search Paths. This issue affects AC2000: from 10.6 before release 10, … | May 06, 2026 |
| CVE-2026-20219 | MEDIUM | 5.4 | A vulnerability in the REST API of Cisco Slido could have allowed an authenticated, remote attacker to access the social profile data of other users … | May 06, 2026 |
| CVE-2026-20195 | MEDIUM | 5.3 | A vulnerability in an identity management API endpoint of Cisco ISE could allow an unauthenticated, remote attacker to enumerate valid user accounts on an affected … | May 06, 2026 |
| CVE-2026-20193 | MEDIUM | 4.3 | A vulnerability in the RADIUS Policy API endpoints of Cisco ISE could allow an authenticated, remote attacker with read-only Administrator privileges to gain unauthorized access to … | May 06, 2026 |
| CVE-2026-20189 | MEDIUM | 4.3 | A vulnerability in the log file download functionality of Cisco Prime Infrastructure could allow an authenticated, remote attacker to download arbitrary log files from the server. … | May 06, 2026 |
| CVE-2026-20188 | HIGH | 7.5 | A vulnerability in the connection-handling mechanism of Cisco Crosswork Network Controller (CNC) and Cisco Network Services Orchestrator (NSO) could allow an unauthenticated, remote attacker to … | May 06, 2026 |
| CVE-2026-20185 | HIGH | 7.7 | A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco 350 Series Managed Switches (SG350) and Cisco 350X Series Stackable Managed Switches (SG350X) firmware could … | May 06, 2026 |
| CVE-2026-20172 | MEDIUM | 4.3 | A vulnerability in the Lite Agent feature of Cisco Enterprise Chat and Email (ECE) could allow an authenticated, remote attacker to conduct browser-based attacks. To … | May 06, 2026 |
| CVE-2026-20169 | MEDIUM | 6.4 | A vulnerability in the web-based management interface of Cisco IoT Field Network Director could allow an authenticated, remote attacker with low privileges to access files … | May 06, 2026 |
| CVE-2026-20168 | MEDIUM | 6.5 | A vulnerability in the web-based management interface of Cisco IoT Field Network Director could allow an authenticated, remote attacker with low privileges to retrieve files … | May 06, 2026 |
| CVE-2026-20167 | HIGH | 7.7 | A vulnerability in the web-based management interface of Cisco IoT Field Network Director could allow an authenticated, remote attacker with low privileges to cause a … | May 06, 2026 |
| CVE-2026-20035 | HIGH | 7.2 | A vulnerability in the web UI of Cisco Unity Connection Web Inbox could allow an unauthenticated, remote attacker to conduct SSRF attacks through an affected … | May 06, 2026 |
| CVE-2026-20034 | HIGH | 8.8 | A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authenticated, remote attacker to execute arbitrary code on an affected device. … | May 06, 2026 |
| CVE-2026-6863 | MEDIUM | 6.8 | Velociraptor versions prior to 0.76.4 contain a cross organization authorization bypass in the HTTP API. A user with only the reader role in the root … | May 06, 2026 |
| CVE-2026-6788 | UNKNOWN | — | Uncontrolled Search Path Element vulnerability in WatchGuard Agent on Windows allows Using Malicious Files.This issue affects WatchGuard Agent before 1.25.03.0000. | May 06, 2026 |
| CVE-2026-6787 | UNKNOWN | — | Use of Hard-coded Cryptographic Key vulnerability in WatchGuard Agent on Windows allows Inclusion of Code in Existing Process.This issue affects WatchGuard Agent: before 1.25.03.0000. | May 06, 2026 |