Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10192
Total
692
Critical
2939
High
3205
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-45781 | LOW | 3.5 | The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. Prior to 1.7.9, OCI ownership validation … | May 14, 2026 |
| CVE-2026-45370 | HIGH | 7.7 | python-utcp is the python implementation of UTCP. Prior to 1.1.3, _prepare_environment() in cli_communication_protocol.py passes a full copy of os.environ to every CLI subprocess. When combined … | May 14, 2026 |
| CVE-2026-45369 | HIGH | 8.3 | python-utcp is the python implementation of UTCP. Prior to 1.1.3, the _substitute_utcp_args method in cli_communication_protocol.py inserts user-controlled tool_args values directly into shell command strings without … | May 14, 2026 |
| CVE-2026-44700 | UNKNOWN | — | Elixir WebRTC is an Elixir implementation of the W3C WebRTC API. Prior to 0.15.1 and 0.16.1, missing DTLS peer certificate fingerprint validation in the DTLS … | May 14, 2026 |
| CVE-2026-44679 | UNKNOWN | — | Tuist is a virtual platform team for Swift app devs. Prior to 1.180.10, the forgot password flow allows an unauthenticated attacker to repeatedly trigger password … | May 14, 2026 |
| CVE-2026-44678 | UNKNOWN | — | Tuist is a virtual platform team for Swift app devs. In 1.180.8 and earlier, the DELETE /api/projects/{account_handle}/{project_handle}/previews/{preview_id} endpoint loads the preview by its UUID without … | May 14, 2026 |
| CVE-2026-44673 | HIGH | 7.5 | libyang is a YANG data modeling language library. Prior to SO 5.2.15, lyb_read_string() in src/parser_lyb.c contains an integer overflow that results in a heap buffer … | May 14, 2026 |
| CVE-2026-44666 | UNKNOWN | — | HRConvert2 is a self-hosted, drag-and-drop & nosql file conversion server & share tool. Prior to 3.3.8, the sanitizeString() function in convertCore.php is missing backtick (`) … | May 14, 2026 |
| CVE-2026-44662 | UNKNOWN | — | rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.10.0 to before 0.10.79, CipherCtxRef::cipher_update, CipherCtxRef::cipher_update_vec, and symm::Crypter::update incorrectly sized output buffers when used with … | May 14, 2026 |
| CVE-2026-44661 | MEDIUM | 4.7 | python-utcp is the python implementation of UTCP. Prior to 1.1.3, the utcp-http plugin is vulnerable to a blind Server-Side Request Forgery (SSRF) caused by a … | May 14, 2026 |
| CVE-2026-44647 | UNKNOWN | — | OneDev is a Git server with CI/CD, kanban, and packages. Prior to 15.0.2, there is behavior that breaks the expected boundary between repository-controlled LFS metadata … | May 14, 2026 |
| CVE-2026-44430 | UNKNOWN | — | The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. Prior to 1.7.7, the Registry's HTTP-based … | May 14, 2026 |
| CVE-2026-44429 | UNKNOWN | — | The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. Prior to 1.7.7, the public catalogue … | May 14, 2026 |
| CVE-2026-44212 | CRITICAL | 9.3 | PrestaShop is an open source e-commerce web application. Prior to 8.2.6 and 9.1.1, there is a stored Cross-Site Scripting (XSS) vulnerability in the PrestaShop back-office … | May 14, 2026 |
| CVE-2026-42847 | UNKNOWN | — | ClipBucket v5 is an open source video sharing platform. Prior to 5.5.3 - #122, there is a critical SQL Injection (SQLi) vulnerability in ClipBucket, exploitable … | May 14, 2026 |
| CVE-2026-42327 | UNKNOWN | — | rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.7 to before 0.10.79, X509Ref::ocsp_responders returns OCSP responder URLs from a certificate's AIA extension as … | May 14, 2026 |
| CVE-2026-8634 | CRITICAL | 9.1 | Crabbox prior to v0.12.0 contains an environment variable exposure vulnerability that allows attackers with access to a malicious or compromised repository to forward local secrets … | May 14, 2026 |
| CVE-2026-8629 | HIGH | 8.1 | Crabbox prior to v0.12.0 contains a privilege escalation vulnerability that allows users with shared visibility-only access to obtain Code, WebVNC, and Egress agent tickets by … | May 14, 2026 |
| CVE-2026-8597 | HIGH | 7.2 | Missing integrity verification in the Triton inference handler in Amazon SageMaker Python SDK v2 before v2.257.2 and v3 before v3.8.0 might allow a remote authenticated … | May 14, 2026 |
| CVE-2026-8596 | HIGH | 7.2 | Cleartext storage of sensitive information in the ModelBuilder/Serve component in Amazon SageMaker Python SDK before v2.257.2 and v3 before v3.8.0 might allow a remote authenticated … | May 14, 2026 |
| CVE-2026-8587 | HIGH | 8.8 | Use after free in Extensions in Google Chrome on Mac prior to 148.0.7778.168 allowed an attacker who convinced a user to install a malicious extension … | May 14, 2026 |
| CVE-2026-8586 | MEDIUM | 5.5 | Inappropriate implementation in Chromoting in Google Chrome prior to 148.0.7778.168 allowed a local attacker to bypass discretionary access control via a malicious file. (Chromium security … | May 14, 2026 |
| CVE-2026-8585 | HIGH | 7.5 | Inappropriate implementation in Media in Google Chrome on iOS prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an … | May 14, 2026 |
| CVE-2026-8584 | MEDIUM | 4.2 | Inappropriate implementation in Views in Google Chrome on iOS prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform UI … | May 14, 2026 |
| CVE-2026-8583 | MEDIUM | 5.3 | Insufficient policy enforcement in WebXR in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to obtain … | May 14, 2026 |