Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2025-66369 | UNKNOWN | — | An issue was discovered in MM in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 2100, 1280, 2200, 1330, 1380, 1480, 2400, … | May 05, 2026 |
| CVE-2025-61669 | UNKNOWN | — | Jupyter Server is the backend for Jupyter web applications. In jupyter_server versions through 2.17.0, the next query parameter in the login flow is insufficiently validated … | May 05, 2026 |
| CVE-2025-52206 | MEDIUM | 4.7 | ISPConfig 3.3.0 is vulnerable to Cross Site Scripting (XSS) via the system status webpage. | May 05, 2026 |
| CVE-2026-7834 | CRITICAL | 9.8 | A security vulnerability has been detected in EFM ipTIME NAS1dual 1.5.24. This issue affects the function get_csrf_whites of the file /cgi/advanced/misc_main.cgi. Such manipulation leads to … | May 05, 2026 |
| CVE-2026-7778 | MEDIUM | 5.0 | An issue that could allow a dashboard configuration to be viewed from outside of the authorized organization scope has been resolved. This is an instance … | May 05, 2026 |
| CVE-2026-4304 | HIGH | 7.5 | The WeePie Cookie Allow plugin for WordPress is vulnerable to SQL Injection via the 'consent' parameter in all versions up to, and including, 3.4.11 due … | May 05, 2026 |
| CVE-2026-36356 | CRITICAL | 9.1 | The GoAhead web server on MeiG Smart FORGE_SLT711 devices (firmware MDM9607.LE.1.0-00110-STD.PROD-1) allows unauthenticated OS command injection via the /action/SetRemoteAccessCfg endpoint. | May 05, 2026 |
| CVE-2026-36355 | HIGH | 7.7 | The rtl8192cd Wi-Fi kernel driver in the Realtek rtl819x Jungle SDK (all known versions through v3.4.14B) does not perform any access control checks on the … | May 05, 2026 |
| CVE-2026-34408 | UNKNOWN | — | An issue was discovered in Gambio 4.9.2.0 (patched in 2024-02 v1.0.0 for GX4 v4.0.0.0 to v4.9.2.0). The password reset function can be bypassed to set … | May 05, 2026 |
| CVE-2026-29168 | HIGH | 7.3 | Allocation of Resources Without Limits or Throttling vulnerability in Apache HTTP Server's mod_md via OCSP response data. This issue affects Apache HTTP Server: from 2.4.30 … | May 05, 2026 |
| CVE-2026-7833 | HIGH | 7.2 | A weakness has been identified in EFM ipTIME C200 up to 1.092. This vulnerability affects the function sub_408F90 of the file /cgi/iux_set.cgi of the component … | May 05, 2026 |
| CVE-2026-7832 | HIGH | 7.0 | A security flaw has been discovered in IObit Advanced SystemCare 19. This affects an unknown part of the file ASC.exe of the component Service. The … | May 05, 2026 |
| CVE-2026-6918 | HIGH | 7.5 | In Eclipse Open9J versions 0.21 to 0.58, a pre-authentication remote attacker can crash JITServer by sending a 32-byte crafted TCP message. | May 05, 2026 |
| CVE-2026-30246 | MEDIUM | 6.5 | Fiber is a web framework for Go. In github.com/gofiber/fiber/v3 versions through 3.1.0, the default key generator in the cache middleware uses only the request path … | May 05, 2026 |
| CVE-2026-28510 | MEDIUM | 5.9 | eLabFTW is an open source electronic lab notebook. In elabftw versions through 5.4.1, the login flow did not reliably preserve the multi-factor authentication state across … | May 05, 2026 |
| CVE-2026-27694 | MEDIUM | 5.4 | Traccar is an open source GPS tracking system. In org.traccar:traccar versions starting at 6.11.1 before 6.13.0, the email notification templates insert user-controlled device, geofence, and … | May 05, 2026 |
| CVE-2026-27693 | MEDIUM | 5.4 | Traccar is an open source GPS tracking system. In org.traccar:traccar versions starting at 6.11.1 before 6.13.0, the KML and GPX export functionality writes device names … | May 05, 2026 |
| CVE-2026-27644 | MEDIUM | 6.5 | Traccar is an open source GPS tracking system. In versions between 6.11.1 and 6.13.0, the CSV export functionality writes position data, including user-controlled device and … | May 05, 2026 |
| CVE-2026-6262 | MEDIUM | 6.5 | The Betheme theme for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and including, 28.4. This is due to the upload_icons() function … | May 05, 2026 |
| CVE-2026-6261 | HIGH | 8.8 | The Betheme theme for WordPress is vulnerable to Arbitrary File Upload in versions up to, and including, 28.4. This is due to the upload_icons() function … | May 05, 2026 |
| CVE-2026-43574 | MEDIUM | 6.5 | OpenClaw before 2026.4.12 contains an improper authorization vulnerability in helper-backed channels where empty resolved approver lists are interpreted as explicit approval authorization. Attackers can resolve … | May 05, 2026 |
| CVE-2026-43573 | HIGH | 7.7 | OpenClaw before 2026.4.10 contains a server-side request forgery policy bypass vulnerability in existing-session browser interaction routes. Attackers can bypass SSRF navigation guards to interact with … | May 05, 2026 |
| CVE-2026-43572 | MEDIUM | 5.3 | OpenClaw versions 2026.4.10 before 2026.4.14 contain a missing authorization vulnerability in the Microsoft Teams SSO invoke handler that fails to apply sender allowlist checks. Attackers … | May 05, 2026 |
| CVE-2026-43571 | HIGH | 8.8 | OpenClaw before 2026.4.10 contains a plugin trust bypass vulnerability that allows channel setup catalog lookups to resolve workspace plugin shadows before bundled channel plugins. Attackers … | May 05, 2026 |
| CVE-2026-43570 | MEDIUM | 6.5 | OpenClaw versions 2026.3.22 before 2026.4.5 contain a symlink traversal vulnerability in remote marketplace repository path handling that allows attackers to escape the expected repository root. … | May 05, 2026 |