Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-7784 | HIGH | 7.3 | A vulnerability has been found in RTGS2017 NagaAgent up to 5.1.0. This issue affects some unknown processing of the file apiserver/routes/extensions.py of the component Skills … | May 05, 2026 |
| CVE-2026-7783 | MEDIUM | 6.3 | A flaw has been found in CodeCanyon Perfex CRM up to 3.4.1. This vulnerability affects the function AbstractKanban::applySortQuery of the file application/services/AbstractKanban.php of the component … | May 05, 2026 |
| CVE-2026-7782 | MEDIUM | 6.3 | A vulnerability was detected in CodeCanyon Perfex CRM up to 3.4.1. This affects the function Clients::project of the file application/controllers/Clients.php of the component Tenant Handler. … | May 04, 2026 |
| CVE-2026-7781 | MEDIUM | 4.3 | A security vulnerability has been detected in Open5GS up to 2.7.7. Affected by this issue is the function udm_nudm_uecm_handle_amf_registration_update of the file /src/udm/nudm-handler.c of the … | May 04, 2026 |
| CVE-2026-7791 | HIGH | 7.8 | Improper privilege management in the log rotation mechanism of the Skylight Workspace Config Service in Amazon WorkSpaces for Windows before 2.6.2034.0 allows a local non-admin … | May 04, 2026 |
| CVE-2026-7780 | MEDIUM | 4.3 | A weakness has been identified in Open5GS up to 2.7.7. Affected by this vulnerability is the function udm_state_operational of the file /src/udm/udm-sm.c of the component … | May 04, 2026 |
| CVE-2026-7776 | HIGH | 7.5 | Boundary Community Edition and Boundary Enterprise (“Boundary”) workers are vulnerable to a denial-of-service condition during node enrollment TLS handshakes. An attacker with network access to … | May 04, 2026 |
| CVE-2026-7779 | MEDIUM | 4.3 | A security flaw has been discovered in Open5GS up to 2.7.7. Affected is the function udm_nudr_dr_handle_subscription_authentication of the file /src/udm/nudr-handler.c of the component authentication-subscription Endpoint. … | May 04, 2026 |
| CVE-2026-42238 | UNKNOWN | — | Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.8, nginx-ui exposes a backup restore endpoint (POST /api/restore) that … | May 04, 2026 |
| CVE-2026-42223 | MEDIUM | 6.5 | Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.8, the GetSettings API handler (api/settings/settings.go:24-65) serializes all settings structs … | May 04, 2026 |
| CVE-2026-42222 | HIGH | 8.1 | Nginx UI is a web user interface for the Nginx web server. In version 2.3.5, an unauthenticated bootstrap takeover exists in nginx-ui during the initial … | May 04, 2026 |
| CVE-2026-42221 | HIGH | 8.1 | Nginx UI is a web user interface for the Nginx web server. From version 2.0.0 to before version 2.3.8, an unauthenticated network attacker can claim … | May 04, 2026 |
| CVE-2026-42220 | MEDIUM | 6.5 | Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.8, an authenticated user can call GET /api/settings and retrieve … | May 04, 2026 |
| CVE-2026-7768 | HIGH | 7.5 | @fastify/accepts-serializer cached serializer-selection results keyed by the request Accept header without a size limit or eviction policy. A remote unauthenticated client could send many distinct … | May 04, 2026 |
| CVE-2026-6321 | HIGH | 7.5 | fast-uri decoded percent-encoded path separators and dot segments before applying dot-segment removal in its normalize() and equal() functions. Encoded path data was treated like real … | May 04, 2026 |
| CVE-2026-41927 | UNKNOWN | — | WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) contains a stack-based buffer overflow vulnerability in the firewall.cgi and makeRequest.cgi binaries that allows unauthenticated attackers to overwrite … | May 04, 2026 |
| CVE-2026-41926 | UNKNOWN | — | WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) contains an OS command injection vulnerability in the firewall.cgi binary across five request handlers that apply insufficient input … | May 04, 2026 |
| CVE-2026-41925 | UNKNOWN | — | WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) contains an OS command injection vulnerability in the adm.cgi binary's reboot_time function that allows unauthenticated remote attackers to … | May 04, 2026 |
| CVE-2026-41924 | UNKNOWN | — | WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) contains an OS command injection vulnerability in the makeRequest.cgi binary that allows unauthenticated remote attackers to execute arbitrary … | May 04, 2026 |
| CVE-2026-41923 | UNKNOWN | — | WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) contains an OS command injection vulnerability in the internet.cgi binary that allows unauthenticated remote attackers to execute arbitrary … | May 04, 2026 |
| CVE-2026-41922 | UNKNOWN | — | WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) contains an OS command injection vulnerability in the wireless.cgi binary that allow unauthenticated remote attackers to execute arbitrary … | May 04, 2026 |
| CVE-2026-34882 | UNKNOWN | — | Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2026-6074. Reason: This record is a reservation duplicate of CVE-2026-6074. Notes: All CVE users should reference … | May 04, 2026 |
| CVE-2025-67796 | HIGH | 8.1 | IKUS Rdiffweb before 2.10.5 has an improper authorization flaw that allows an attacker with any valid or stolen access token to act as other users. … | May 04, 2026 |
| CVE-2026-43964 | LOW | 3.7 | Postfix before 3.8.16, 3.9 before 3.9.10, and 3.10 before 3.10.9 sometimes allows a buffer over-read and process crash via an enhanced status code that lacks … | May 04, 2026 |
| CVE-2026-42237 | UNKNOWN | — | n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the fix for GHSA-f3f2-mcxc-pwjx did not cover the Snowflake node … | May 04, 2026 |