Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10110
Total
681
Critical
2907
High
3176
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-8695 | HIGH | 7.5 | radare2 6.1.5 contains a use-after-free vulnerability in the gdbr_threads_list() function that allows remote attackers to trigger memory corruption by sending a valid qfThreadInfo response followed … | May 15, 2026 |
| CVE-2026-46383 | MEDIUM | 5.5 | Microsoft APM is an open-source, community-driven dependency manager for AI agents. Prior to 0.13.0, Microsoft APM contains a Windows-specific archive extraction boundary failure in the … | May 15, 2026 |
| CVE-2026-45539 | HIGH | 7.4 | Microsoft APM is an open-source, community-driven dependency manager for AI agents. From 0.5.4 to 0.12.4, two primitive integrators in apm-cli enumerate package files with bare … | May 15, 2026 |
| CVE-2026-45038 | UNKNOWN | — | Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.233, since Tabby does not escape control characters from file paths when dragging and … | May 15, 2026 |
| CVE-2026-45037 | HIGH | 7.1 | Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.232, Tabby's terminal linkifier passes any detected URI directly to the operating system's protocol … | May 15, 2026 |
| CVE-2026-45036 | HIGH | 7.0 | Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.233, Tabby before 1.0.233 automatically confirms ZMODEM protocol detection on all terminal session output … | May 15, 2026 |
| CVE-2026-45035 | UNKNOWN | — | Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.233, Tabby registers itself as the handler for the tabby:// URL scheme on all … | May 15, 2026 |
| CVE-2026-44774 | UNKNOWN | — | Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.46, 3.6.17, and 3.7.1, Traefik's Kubernetes Gateway API provider allows a tenant with HTTPRoute … | May 15, 2026 |
| CVE-2026-44717 | CRITICAL | 9.8 | MCP Calculate Server is a mathematical calculation service based on MCP protocol and SymPy library. Prior to 0.1.1, the use of eval() to evaluate mathematical … | May 15, 2026 |
| CVE-2026-44714 | HIGH | 7.5 | The bitcoinj library is a Java implementation of the Bitcoin protocol. Prior to 0.17.1, ScriptExecution.correctlySpends() contains two fast-path verification bugs for standard P2PKH and native … | May 15, 2026 |
| CVE-2026-44699 | UNKNOWN | — | LibJWT is a C JSON Web Token Library. From 3.0.0 to 3.3.2, libjwt accepts an RSA JWK that does not contain an alg parameter as … | May 15, 2026 |
| CVE-2026-44641 | HIGH | 7.1 | Microsoft APM is an open-source, community-driven dependency manager for AI agents. Prior to 0.8.12, Microsoft APM normalizes marketplace plugins by copying plugin components referenced in … | May 15, 2026 |
| CVE-2026-44310 | MEDIUM | 5.4 | Gitsign is a keyless Sigstore to signing tool for Git commits with your a GitHub / OIDC identity. From 0.4.0 to before 0.15.0, CertVerifier.Verify() in … | May 15, 2026 |
| CVE-2026-44309 | MEDIUM | 5.3 | Gitsign is a keyless Sigstore to signing tool for Git commits with your a GitHub / OIDC identity. Prior to 0.16.0, gitsign verify and gitsign … | May 15, 2026 |
| CVE-2026-42458 | UNKNOWN | — | Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of … | May 15, 2026 |
| CVE-2026-42207 | MEDIUM | 6.1 | Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of … | May 15, 2026 |
| CVE-2026-42155 | UNKNOWN | — | Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of … | May 15, 2026 |
| CVE-2026-41258 | CRITICAL | 9.1 | OpenMRS is an open source electronic medical record system platform. From 2.7.0 to before 2.7.9 and 2.8.6, the ConceptReferenceRangeUtility.evaluateCriteria() method in OpenMRS Core evaluates database-stored … | May 15, 2026 |
| CVE-2026-41181 | UNKNOWN | — | Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.44, 3.6.15, and 3.7.0-rc.3, there is an information disclosure vulnerability in Traefik's errors (custom … | May 15, 2026 |
| CVE-2026-23695 | MEDIUM | 5.4 | Cockpit CMS through version 2.14.0, patched in commit 72a83fc, contains a stored cross-site scripting vulnerability in the Set field type's Display template option, where the … | May 15, 2026 |
| CVE-2026-46508 | UNKNOWN | — | Turborepo is a high-performance build system for JavaScript and TypeScript codebases. Prior to 2.9.14000, the Turborepo LSP VS Code extension could execute shell commands derived … | May 15, 2026 |
| CVE-2026-45803 | LOW | 3.5 | `gh` is GitHub’s official command line tool. From 1.6.0 to before 2.92.0, a security vulnerability has been identified in GitHub CLI that could allow terminal … | May 15, 2026 |
| CVE-2026-45773 | UNKNOWN | — | Turborepo is a high-performance build system for JavaScript and TypeScript codebases. Prior to 2.9.14, Turborepo's self-hosted login and SSO browser flows did not validate a … | May 15, 2026 |
| CVE-2026-45772 | UNKNOWN | — | Turborepo is a high-performance build system for JavaScript and TypeScript codebases. From 1.1.0 to before 2.9.14, Turborepo can be vulnerable to arbitrary code execution when … | May 15, 2026 |
| CVE-2026-35194 | HIGH | 8.1 | Code injection in SQL code generation in Apache Flink 1.15.0 through 1.20.x and 2.0.0 through 2.x allows authenticated users with query submission privileges to execute … | May 15, 2026 |