Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10238
Total
701
Critical
2952
High
3222
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-32992 | HIGH | 8.2 | SSL verification is disabled in the DNS Cluster system. This could allow for a malicious server to man-in-the-middle the request and capture credentials. | May 13, 2026 |
| CVE-2026-29205 | HIGH | 8.6 | Incorrect privileges management and insufficient path filtering allow to read arbitrary file on the server via the cpdavd attachment download endpoints. | May 13, 2026 |
| CVE-2026-8328 | UNKNOWN | — | The ftpcp() function in Lib/ftplib.py was not updated when CVE-2021-4189 was fixed. While makepasv() was patched to replace server-supplied PASV host addresses with the actual … | May 13, 2026 |
| CVE-2026-45714 | CRITICAL | 9.1 | CubeCart is an ecommerce software solution. Prior to 6.7.0, an Authenticated Server-Side Template Injection (SSTI) vulnerability exists in multiple modules of CubeCart (including Email Templates, … | May 13, 2026 |
| CVE-2026-45708 | HIGH | 7.2 | CubeCart is an ecommerce software solution. Prior to 6.7.3, an admin with documents edit permission can save raw <?php … ?> into the Invoice Editor. … | May 13, 2026 |
| CVE-2026-45229 | HIGH | 8.8 | Quark Drive before 0.8.5 contains a mass assignment vulnerability in the POST /update endpoint that allows authenticated attackers to overwrite administrator credentials by posting an … | May 13, 2026 |
| CVE-2026-45228 | MEDIUM | 5.4 | Quark Drive before 0.8.5 contains a stored cross-site scripting vulnerability in the System Configuration page where the template renders push_config key names using Vue.js's v-html … | May 13, 2026 |
| CVE-2026-45055 | HIGH | 8.1 | CubeCart is an ecommerce software solution. Prior to 6.7.2, CubeCart 6.6.x – 6.7.1 builds CC_STORE_URL directly from the Host request header at bootstrap, with no … | May 13, 2026 |
| CVE-2026-45054 | MEDIUM | 4.9 | CubeCart is an ecommerce software solution. Prior to 6.7.0, the admin orders-transactions listing page (admin.php?_g=orders&node=transactions) builds a raw ORDER BY SQL fragment from the attacker-controlled … | May 13, 2026 |
| CVE-2026-45053 | CRITICAL | 9.1 | CubeCart is an ecommerce software solution. Prior to 6.7.0, an Authenticated Arbitrary File Upload vulnerability exists in the REST API File Manager endpoint (POST /api/v1/files) … | May 13, 2026 |
| CVE-2026-44418 | UNKNOWN | — | EcclesiaCRM is CRM Software for church management. In 8.0.0 and earlier, the ValidateInput() function's default case in EcclesiaCRM's query view passes user-supplied POST parameters directly … | May 13, 2026 |
| CVE-2026-44381 | UNKNOWN | — | MISP is an open source threat intelligence and sharing platform. Prior to 2.5.37, a SQL injection vulnerability existed in the handling of user-controlled ordering parameters … | May 13, 2026 |
| CVE-2026-44380 | UNKNOWN | — | MISP is an open source threat intelligence and sharing platform. Prior to 2.5.37, an improper access control vulnerability in the authentication key reset functionality allowed … | May 13, 2026 |
| CVE-2026-44379 | UNKNOWN | — | MISP is an open source threat intelligence and sharing platform. Prior to 2.5.37, MISP Collections did not enforce RFC 4122 UUID validation on the uuid … | May 13, 2026 |
| CVE-2026-44377 | CRITICAL | 9.1 | CubeCart is an ecommerce software solution. Prior to 6.7.0, an Authenticated Server-Side Template Injection (SSTI) vulnerability exists in multiple modules of CubeCart (including Email Templates … | May 13, 2026 |
| CVE-2026-44376 | MEDIUM | 6.1 | CubeCart is an ecommerce software solution. Prior to 6.7.0, an unauthenticated Reflected XSS vulnerability exists in the CubeCart v6.x search feature. Due to a logic … | May 13, 2026 |
| CVE-2026-44373 | MEDIUM | 5.3 | Nitro is a next generation server toolkit. Prior to 3.0.260429-beta, an attacker could bypass a proxy route rule by sending percent-encoded path traversal (..%2f) in … | May 13, 2026 |
| CVE-2026-44372 | UNKNOWN | — | Nitro is a next generation server toolkit. Prior to 3.0.260429-beta, an attacker could turn a redirect route rule using wildcards rewrite into a cross-host redirect … | May 13, 2026 |
| CVE-2026-44368 | UNKNOWN | — | PyQuorum is a cryptographic library for secret sharing and key management. Prior to 0.2.1, the mul_mod function implements multiplication via a binary expansion loop whose … | May 13, 2026 |
| CVE-2026-42602 | HIGH | 8.1 | azureauthextension is the Azure Authenticator Extension. From 0.124.0 to 0.150.0, a server-side authentication bypass in azureauthextension allows any party who holds a single valid Azure … | May 13, 2026 |
| CVE-2026-42561 | HIGH | 7.5 | Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.27, python-multipart has a denial of service vulnerability in multipart part header parsing. When parsing … | May 13, 2026 |
| CVE-2026-42304 | HIGH | 7.5 | Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 26.4.0rc2, the twisted.names module is vulnerable to a Denial of Service (DoS) … | May 13, 2026 |
| CVE-2026-39428 | MEDIUM | 4.8 | CubeCart is an ecommerce software solution. Prior to 6.6.0, a Stored Cross-Site Scripting (XSS) vulnerability exists in CubeCart v6.x. An attacker with administrative privileges can … | May 13, 2026 |
| CVE-2026-39358 | HIGH | 7.2 | CubeCart is an ecommerce software solution. Prior to 6.6.0, Authenticated Time-Based Blind SQL Injection vulnerabilities were identified in the sorting parameters (sort[price], sort_activity, sort_admin, and … | May 13, 2026 |
| CVE-2026-21821 | HIGH | 8.3 | The HCL BigFix SCM Reporting site contains an outdated and unsupported version of the jQuery 1.x library. Since jQuery 1.x has reached end-of-life and no … | May 13, 2026 |