Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10192
Total
692
Critical
2939
High
3205
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-41181 | UNKNOWN | — | Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.44, 3.6.15, and 3.7.0-rc.3, there is an information disclosure vulnerability in Traefik's errors (custom … | May 15, 2026 |
| CVE-2026-23695 | MEDIUM | 5.4 | Cockpit CMS through version 2.14.0, patched in commit 72a83fc, contains a stored cross-site scripting vulnerability in the Set field type's Display template option, where the … | May 15, 2026 |
| CVE-2026-46508 | UNKNOWN | — | Turborepo is a high-performance build system for JavaScript and TypeScript codebases. Prior to 2.9.14000, the Turborepo LSP VS Code extension could execute shell commands derived … | May 15, 2026 |
| CVE-2026-45803 | LOW | 3.5 | `gh` is GitHub’s official command line tool. From 1.6.0 to before 2.92.0, a security vulnerability has been identified in GitHub CLI that could allow terminal … | May 15, 2026 |
| CVE-2026-45773 | UNKNOWN | — | Turborepo is a high-performance build system for JavaScript and TypeScript codebases. Prior to 2.9.14, Turborepo's self-hosted login and SSO browser flows did not validate a … | May 15, 2026 |
| CVE-2026-45772 | UNKNOWN | — | Turborepo is a high-performance build system for JavaScript and TypeScript codebases. From 1.1.0 to before 2.9.14, Turborepo can be vulnerable to arbitrary code execution when … | May 15, 2026 |
| CVE-2026-35194 | HIGH | 8.1 | Code injection in SQL code generation in Apache Flink 1.15.0 through 1.20.x and 2.0.0 through 2.x allows authenticated users with query submission privileges to execute … | May 15, 2026 |
| CVE-2026-2031 | UNKNOWN | — | An Improper Access Control vulnerability in several internal API endpoints for Google Cloud Application Integration prior to 2026-01-23 allows a remote, unauthenticated attacker to disclose … | May 15, 2026 |
| CVE-2026-8669 | MEDIUM | 6.5 | Imager versions through 1.030 for Perl allow a heap out of bounds (OOB) write on crafted multi-frame GIF files. Imager::File::GIF's i_readgif_multi_low allocates a single per-row … | May 15, 2026 |
| CVE-2026-46483 | LOW | 3.6 | Vim is an open source, command line text editor. Prior to 9.2.0479, a command injection vulnerability exists in tar#Vimuntar() in runtime/autoload/tar.vim when decompressing .tgz archives … | May 15, 2026 |
| CVE-2026-45736 | MEDIUM | 4.4 | ws is an open source WebSocket client and server for Node.js. Prior to 8.20.1, the websocket.close() implementation is vulnerable to uninitialized memory disclosure when a … | May 15, 2026 |
| CVE-2026-39054 | HIGH | 7.3 | Oinone Pamirs 7.0.0 contains a command injection vulnerability in CommandHelper.executeCommands. The method starts a shell process and writes attacker-controlled command strings directly to the process … | May 15, 2026 |
| CVE-2026-39053 | MEDIUM | 6.5 | Oinone Pamirs 7.0.0 contains an XML External Entity (XXE) issue in its XStream-based XML parsing logic. When attacker-controlled XML is passed to framework parsing entry … | May 15, 2026 |
| CVE-2026-39052 | MEDIUM | 6.5 | Oinone Pamirs 7.0.0 contains a code execution vulnerability via ScriptRunner. The method ScriptRunner.run(String expression, String type, Map<String, Object> context) evaluates attacker-controlled script expressions through the … | May 15, 2026 |
| CVE-2026-38728 | HIGH | 7.5 | An issue in Nodemailer smtp_server before v.3.18.3 allows a remote attacker to cause a denial of service via the SMTPStream._write, lib/smtp-stream.js components | May 15, 2026 |
| CVE-2026-34253 | HIGH | 8.2 | A buffer underflow vulnerability has been identified in the ogg123 utility from the vorbis-tools 1.4.3 package in function remotethread in remote.c. This vulnerability occurs in … | May 15, 2026 |
| CVE-2025-67437 | MEDIUM | 6.5 | Medical Management System a81df1ce700a9662cb136b27af47f4cbde64156b is vulnerable to Insecure Permissions, which allows arbitrary user password reset. | May 15, 2026 |
| CVE-2025-14972 | UNKNOWN | — | * Countermeasures for DPA within SYMCRYPTO engine on SixG301xxx devices are not sufficiently random and will eventually repeat. * KSU keys using SYMCRYPTO will be … | May 15, 2026 |
| CVE-2026-46333 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: ptrace: slightly saner 'get_dumpable()' logic The 'dumpability' of a task is fundamentally about the memory … | May 15, 2026 |
| CVE-2026-7182 | UNKNOWN | — | Diagram's export module is vulnerable to Path Traversal in src attribute due to lack of HTML sanitization. An unauthenticated user could craft the html payload … | May 15, 2026 |
| CVE-2026-41553 | UNKNOWN | — | PDF Export Module used in DHTMLX's products Gantt and Scheduler is vulnerable to Remote Code Execution due to lack of "data" parameter sanitization. An unauthenticated … | May 15, 2026 |
| CVE-2026-41552 | UNKNOWN | — | PDF Export Module used in DHTMLX's products Gantt and Scheduler is vulnerable to Path Traversal due to lack of HTML sanitization. An unauthenticated user could … | May 15, 2026 |
| CVE-2026-8503 | MEDIUM | 6.5 | Apache::Session::Generate::SHA256 versions before 1.3.19 for Perl create insecure session ids. Apache::Session::Generate::SHA256 generated session ids insecurely. The default session id generator returns a SHA-256 hash of … | May 15, 2026 |
| CVE-2026-8454 | MEDIUM | 5.3 | Imager::File::GIF versions through 1.002 for Perl allow a heap out of bounds (OOB) write on crafted multi-frame GIF files. Imager::File::GIF's i_readgif_multi_low allocates a single per-row … | May 15, 2026 |
| CVE-2026-41971 | MEDIUM | 5.5 | Permission control vulnerability in the security control module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | May 15, 2026 |