Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10238
Total
701
Critical
2952
High
3222
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-29206 | HIGH | 8.1 | Insufficient sanitization of SQL queries in the `sqloptimizer` utility script allows SQL Injections on behalf of the root user if Slow Query logging is enabled. | May 13, 2026 |
| CVE-2026-45158 | CRITICAL | 9.1 | OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.8, unsanitized user input is passed to the DHCP configuration of the configured interface, … | May 13, 2026 |
| CVE-2026-44478 | HIGH | 7.5 | hoppscotch is an open source API development ecosystem. The fix for CVE-2026-28215 in version 2026.2.0 addresses the unauthenticated POST /v1/onboarding/config endpoint by checking onboardingCompleted and … | May 13, 2026 |
| CVE-2026-44471 | HIGH | 7.8 | gitoxide is an implementation of git written in Rust. Prior to 0.21.1, a malicious tree can be constructed that will, when checked out with gitoxide, … | May 13, 2026 |
| CVE-2026-44448 | MEDIUM | 5.9 | ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.102.0 and 16.11.0, certain endpoints failed to enforce proper authorization checks, allowing … | May 13, 2026 |
| CVE-2026-44447 | HIGH | 8.8 | ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 16.9.0, some endpoints were vulnerable to SQL injection through specially crafted requests, … | May 13, 2026 |
| CVE-2026-44446 | HIGH | 8.8 | ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.104.3 and 16.14.0, some endpoints were vulnerable to SQL injection through specially … | May 13, 2026 |
| CVE-2026-44445 | UNKNOWN | — | ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.104.3 and 16.12.0, an improper restriction of XML external entity (XXE) reference … | May 13, 2026 |
| CVE-2026-44442 | CRITICAL | 9.9 | ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 16.9.1, certain endpoints failed to enforce proper authorization checks, allowing users to … | May 13, 2026 |
| CVE-2026-44441 | MEDIUM | 5.0 | ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.106.0 and 16.16.0, a malicious user could send a crafted request to … | May 13, 2026 |
| CVE-2026-44440 | MEDIUM | 6.5 | ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.101.1 and 16.10.0, an Improper Limitation of a Pathname to a Restricted … | May 13, 2026 |
| CVE-2026-44439 | UNKNOWN | — | PlaywrightCapture is a simple replacement for splash using playwright. Prior to 1.39.6, PlaywrightCapture did not sufficiently restrict navigations and resource requests initiated by rendered pages. … | May 13, 2026 |
| CVE-2026-44437 | UNKNOWN | — | The Angular SSR is a server-rise rendering tool for Angular applications. From 19.0.0-next.0 to before 19.2.25, 20.3.25, 21.2.9, and 22.0.0-next.7, a vulnerability exists in the … | May 13, 2026 |
| CVE-2026-44426 | MEDIUM | 6.5 | ShellHub is a centralized SSH gateway. Prior to 0.24.2, GET /api/namespaces/:tenant returns the full namespace object — including the members list (user IDs, e-mails, roles), … | May 13, 2026 |
| CVE-2026-44425 | MEDIUM | 5.4 | ShellHub is a centralized SSH gateway. Prior to 0.24.2, the device list endpoint accepts user-controlled identifiers in the the name field of each filter property … | May 13, 2026 |
| CVE-2026-44424 | MEDIUM | 6.5 | ShellHub is a centralized SSH gateway. Prior to 0.24.2, GET /api/devices/:uid returns the full device object whenever the caller is authenticated, without verifying that the … | May 13, 2026 |
| CVE-2026-44423 | MEDIUM | 6.5 | ShellHub is a centralized SSH gateway. Prior to 0.24.2, GET /api/sessions/:uid returns the full session object for any authenticated caller, without scoping by the caller's … | May 13, 2026 |
| CVE-2026-44369 | UNKNOWN | — | CVAT is an open source interactive video and image annotation tool for computer vision. From 2.5.0 to 2.63.0, an attacker who is able to create … | May 13, 2026 |
| CVE-2026-44195 | MEDIUM | 5.3 | OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.7, a logic flaw in the OPNsense lockout_handler allows an unauthenticated attacker to continuously … | May 13, 2026 |
| CVE-2026-44194 | CRITICAL | 9.1 | OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.8, an authenticated Remote Code Execution (RCE) vulnerability in the OPNsense core allows a … | May 13, 2026 |
| CVE-2026-44193 | CRITICAL | 9.1 | OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.7, the XMLRPC method opnsense.restore_config_section fails to sanitize user supplied input leading to Remote … | May 13, 2026 |
| CVE-2026-42463 | UNKNOWN | — | SQLBot is an intelligent Text-to-SQL system based on large language models and RAG. Prior to 1.8.0, SQLBot contains a Cross-Workspace IDOR (Insecure Direct Object Reference) … | May 13, 2026 |
| CVE-2026-40328 | UNKNOWN | — | Rejected reason: This CVE is a duplicate of another CVE. | May 13, 2026 |
| CVE-2026-40327 | UNKNOWN | — | Rejected reason: This CVE is a duplicate of another CVE. | May 13, 2026 |
| CVE-2026-32993 | HIGH | 8.3 | Improper sanitization of the `status` query parameter of the `/unprotected/nova_error` endpoint allows unauthenticated attacker to inject arbitrary HTTP header to the response. | May 13, 2026 |