Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10192
Total
692
Critical
2939
High
3205
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2021-47965 | CRITICAL | 9.8 | WordPress Plugin WP Super Edit 2.5.4 and earlier contains an unrestricted file upload vulnerability in the FCKeditor component that allows attackers to upload dangerous file … | May 15, 2026 |
| CVE-2021-47964 | HIGH | 8.8 | Schlix CMS 2.2.6-6 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary PHP code by uploading malicious extension packages through the … | May 15, 2026 |
| CVE-2021-47963 | HIGH | 7.2 | Anote 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to execute arbitrary code by injecting malicious payloads into markdown files stored within the … | May 15, 2026 |
| CVE-2021-47962 | MEDIUM | 6.4 | Savsoft Quiz 5.0 contains a persistent cross-site scripting vulnerability in the user account settings page that allows authenticated attackers to inject malicious HTML and JavaScript … | May 15, 2026 |
| CVE-2021-47959 | HIGH | 7.5 | WordPress Plugin WPGraphQL 1.3.5 contains a denial of service vulnerability that allows unauthenticated attackers to exhaust server resources by sending batched GraphQL queries with duplicated … | May 15, 2026 |
| CVE-2021-47958 | MEDIUM | 4.3 | CouchCMS 2.2.1 contains a server-side request forgery vulnerability that allows authenticated attackers to make arbitrary HTTP requests by uploading malicious SVG files. Attackers can upload … | May 15, 2026 |
| CVE-2026-46474 | UNKNOWN | — | Trog::TOTP versions before 1.006 for Perl generate secrets using rand. Secrets were generated using Perl's built-in rand function, which is predictable and unsuitable for security … | May 15, 2026 |
| CVE-2026-8695 | HIGH | 7.5 | radare2 6.1.5 contains a use-after-free vulnerability in the gdbr_threads_list() function that allows remote attackers to trigger memory corruption by sending a valid qfThreadInfo response followed … | May 15, 2026 |
| CVE-2026-46383 | MEDIUM | 5.5 | Microsoft APM is an open-source, community-driven dependency manager for AI agents. Prior to 0.13.0, Microsoft APM contains a Windows-specific archive extraction boundary failure in the … | May 15, 2026 |
| CVE-2026-45539 | HIGH | 7.4 | Microsoft APM is an open-source, community-driven dependency manager for AI agents. From 0.5.4 to 0.12.4, two primitive integrators in apm-cli enumerate package files with bare … | May 15, 2026 |
| CVE-2026-45038 | UNKNOWN | — | Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.233, since Tabby does not escape control characters from file paths when dragging and … | May 15, 2026 |
| CVE-2026-45037 | HIGH | 7.1 | Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.232, Tabby's terminal linkifier passes any detected URI directly to the operating system's protocol … | May 15, 2026 |
| CVE-2026-45036 | HIGH | 7.0 | Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.233, Tabby before 1.0.233 automatically confirms ZMODEM protocol detection on all terminal session output … | May 15, 2026 |
| CVE-2026-45035 | UNKNOWN | — | Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.233, Tabby registers itself as the handler for the tabby:// URL scheme on all … | May 15, 2026 |
| CVE-2026-44774 | UNKNOWN | — | Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.46, 3.6.17, and 3.7.1, Traefik's Kubernetes Gateway API provider allows a tenant with HTTPRoute … | May 15, 2026 |
| CVE-2026-44717 | CRITICAL | 9.8 | MCP Calculate Server is a mathematical calculation service based on MCP protocol and SymPy library. Prior to 0.1.1, the use of eval() to evaluate mathematical … | May 15, 2026 |
| CVE-2026-44714 | HIGH | 7.5 | The bitcoinj library is a Java implementation of the Bitcoin protocol. Prior to 0.17.1, ScriptExecution.correctlySpends() contains two fast-path verification bugs for standard P2PKH and native … | May 15, 2026 |
| CVE-2026-44699 | UNKNOWN | — | LibJWT is a C JSON Web Token Library. From 3.0.0 to 3.3.2, libjwt accepts an RSA JWK that does not contain an alg parameter as … | May 15, 2026 |
| CVE-2026-44641 | HIGH | 7.1 | Microsoft APM is an open-source, community-driven dependency manager for AI agents. Prior to 0.8.12, Microsoft APM normalizes marketplace plugins by copying plugin components referenced in … | May 15, 2026 |
| CVE-2026-44310 | MEDIUM | 5.4 | Gitsign is a keyless Sigstore to signing tool for Git commits with your a GitHub / OIDC identity. From 0.4.0 to before 0.15.0, CertVerifier.Verify() in … | May 15, 2026 |
| CVE-2026-44309 | MEDIUM | 5.3 | Gitsign is a keyless Sigstore to signing tool for Git commits with your a GitHub / OIDC identity. Prior to 0.16.0, gitsign verify and gitsign … | May 15, 2026 |
| CVE-2026-42458 | UNKNOWN | — | Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of … | May 15, 2026 |
| CVE-2026-42207 | MEDIUM | 6.1 | Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of … | May 15, 2026 |
| CVE-2026-42155 | UNKNOWN | — | Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of … | May 15, 2026 |
| CVE-2026-41258 | CRITICAL | 9.1 | OpenMRS is an open source electronic medical record system platform. From 2.7.0 to before 2.7.9 and 2.8.6, the ConceptReferenceRangeUtility.evaluateCriteria() method in OpenMRS Core evaluates database-stored … | May 15, 2026 |