Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10192
Total
692
Critical
2939
High
3205
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-41615 | CRITICAL | 9.6 | Exposure of sensitive information to an unauthorized actor in Microsoft Authenticator allows an unauthorized attacker to disclose information over a network. | May 14, 2026 |
| CVE-2025-15024 | HIGH | 8.8 | Improper Control of Generation of Code ('Code Injection') vulnerability in Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc. Library Automation System … | May 14, 2026 |
| CVE-2025-15023 | HIGH | 8.8 | Incorrect Authorization vulnerability in Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc. Library Automation System allows Exploiting Incorrectly Configured Access Control … | May 14, 2026 |
| CVE-2026-7805 | UNKNOWN | — | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-3258. Reason: This candidate is a reservation duplicate of CVE-2026-3258. Notes: All CVE … | May 14, 2026 |
| CVE-2026-6923 | LOW | 3.8 | A side-channel attack, which requires a physical presence to the TPM, can lead to extraction of an Elliptic Curve Diffie-Hellman (ECDH) key. | May 14, 2026 |
| CVE-2026-45448 | MEDIUM | 4.3 | CWE-601 URL redirection to untrusted site ('open redirect') | May 14, 2026 |
| CVE-2026-44827 | HIGH | 8.8 | Diffusers is the a library for pretrained diffusion models. Prior to 0.38.0, diffusers 0.37.0 allows remote code execution without the trust_remote_code=True safeguard when loading pipelines … | May 14, 2026 |
| CVE-2026-44516 | HIGH | 7.6 | Valtimo is an open-source business process automation platform. From 12.4.0 to 12.33.0 and 13.26.0, the LoggingRestClientCustomizer in the web module automatically intercepts all outgoing HTTP … | May 14, 2026 |
| CVE-2026-44515 | UNKNOWN | — | Nextcloud News is an RSS/Atom feed reader. Prior to 28.3.0-beta.1, Nextcloud News allows authenticated users to add feeds by providing a feed URL (via the … | May 14, 2026 |
| CVE-2026-44514 | MEDIUM | 6.5 | Kubetail is a real-time logging dashboard for Kubernetes. Prior to 0.14.0, Kubetail's dashboard exposes WebSocket endpoints that did not adequately validate the Origin header on … | May 14, 2026 |
| CVE-2026-44513 | HIGH | 8.8 | Diffusers is the a library for pretrained diffusion models. Prior to 0.38.0, a trust_remote_code bypass in DiffusionPipeline.from_pretrained allows arbitrary remote code execution despite the user … | May 14, 2026 |
| CVE-2026-44511 | HIGH | 7.4 | Katalyst Koi is a framework for building Rails admin functionality. Prior to 4.20.0 and 5.6.0, admin session cookies were not invalidated when an admin user … | May 14, 2026 |
| CVE-2026-44348 | LOW | 2.5 | PoDoFo is a C++17 PDF manipulation library. From 1.0.0 to before 1.0.4, a double-free vulnerability exists in compute_hash_to_sign() in src/podofo/private/OpenSSLInternal_Ripped.cpp. If EVP_DigestFinal fails after buf … | May 14, 2026 |
| CVE-2026-44312 | MEDIUM | 5.8 | css_parser is a Ruby CSS parser. Prior to 2.1.0 and 1.22.0, the CSS Parser gem does not validate HTTPS connections, allowing a Man-in-the-Middle (MITM) attacker … | May 14, 2026 |
| CVE-2026-42555 | CRITICAL | 9.1 | Valtimo is an open-source business process automation platform. com.ritense.valtimo:document from 12.0.0 to before 12.32.0, com.ritense.valtimo:case from 13.0.0 to before 13.23.0, and com.ritense.valtimo:contract from 13.4.0 to … | May 14, 2026 |
| CVE-2026-20224 | HIGH | 8.6 | A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, remote attacker to read arbitrary files that … | May 14, 2026 |
| CVE-2026-20210 | MEDIUM | 5.4 | A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker with read-only permissions to modify … | May 14, 2026 |
| CVE-2026-20209 | MEDIUM | 5.4 | A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker with read-only permissions to elevate … | May 14, 2026 |
| CVE-2026-20182 | CRITICAL | 10.0 | May 2026: This security advisory provides the details and fix information for a vulnerability that was discovered and fixed after the was disclosed in February … | May 14, 2026 |
| CVE-2025-62317 | LOW | 2.6 | HCL AION is affected by a vulnerability where sensitive information may be included in URL parameters. Passing sensitive data in URLs may expose it through … | May 14, 2026 |
| CVE-2025-62316 | LOW | 2.3 | HCL AION is affected by a vulnerability where certain security-related HTTP response headers are not properly configured. Absence of these headers may reduce the effectiveness … | May 14, 2026 |
| CVE-2025-62313 | MEDIUM | 5.4 | HCL AION is affected by a vulnerability where adequate protections against brute-force attempts are not enforced. This may allow repeated authentication attempts, potentially leading to … | May 14, 2026 |
| CVE-2025-62312 | LOW | 3.0 | HCL AION is affected by a vulnerability where basic authorization tokens are used for authentication. Use of basic authorization mechanisms may expose credentials to potential … | May 14, 2026 |
| CVE-2025-62311 | MEDIUM | 4.3 | HCL AION is affected by a vulnerability where backend service details may be transmitted over insecure HTTP channels. This may expose sensitive information to potential … | May 14, 2026 |
| CVE-2025-62310 | MEDIUM | 5.4 | HCL AION is affected by a vulnerability where encryption is not enforced for certain data transmissions or operations. This may expose sensitive information to potential … | May 14, 2026 |