Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10338
Total
705
Critical
2973
High
3268
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-44246 | HIGH | 7.2 | nnU-Net is a semantic segmentation framework that automatically adapts its pipeline to a dataset. Prior to 2.4.1, the nnU-Net Issue Triage workflow in .github/workflows/issue-triage.yml is … | May 12, 2026 |
| CVE-2026-44240 | HIGH | 7.5 | basic-ftp is an FTP client for Node.js. Prior to 5.3.1, basic-ftp is vulnerable to client-side denial of service when parsing FTP control-channel multiline responses. A … | May 12, 2026 |
| CVE-2026-44232 | UNKNOWN | — | DSSRF is a Node.js library that provides a wide range of utilities and advanced SSRF defense checks. Prior to 1.3.0, every IPv6 category bypasses is_url_safe. … | May 12, 2026 |
| CVE-2026-44224 | UNKNOWN | — | Wiki.js is an open source wiki app built on Node.js. Prior to 2.5.313, the users.update GraphQL mutation accepts an arbitrary groups array and applies it … | May 12, 2026 |
| CVE-2026-44012 | UNKNOWN | — | Craft CMS is a content management system (CMS). From 5.0.0-RC1 to before 5.9.18, AssetsController::actionShowInFolder() fetches an asset by ID and returns its filename and complete … | May 12, 2026 |
| CVE-2026-44011 | UNKNOWN | — | Craft CMS is a content management system (CMS). From 4.0.0 to before 4.17.12 and 5.9.18, Craft CMS which contains an input-handling flaw in a Yii … | May 12, 2026 |
| CVE-2026-44010 | UNKNOWN | — | Craft CMS is a content management system (CMS). From 4.0.0 to before 4.17.12 and 5.9.18, the GraphQL Address element resolver (src/gql/resolvers/elements/Address.php) performs no schema scope … | May 12, 2026 |
| CVE-2026-35504 | MEDIUM | 5.5 | PowerSYSTEM Center email notification service is affected by a CRLF injection vulnerability when using SMTPS communication. | May 12, 2026 |
| CVE-2025-65088 | UNKNOWN | — | An Out-of-Bounds Read vulnerability is present in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions 12.6.1204.216 and prior that could allow an attacker to … | May 12, 2026 |
| CVE-2025-65087 | UNKNOWN | — | An Out-of-Bounds Read vulnerability is present in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions 12.6.1204.216 and prior that could allow an attacker to … | May 12, 2026 |
| CVE-2025-65086 | UNKNOWN | — | An Out-of-Bounds Write vulnerability is present in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions 12.6.1204.216 and prior that could allow an attacker to … | May 12, 2026 |
| CVE-2026-8052 | MEDIUM | 6.0 | HashiCorp Nomad’s exec2 task driver prior to 0.1.2 is vulnerable to arbitrary file read and write on the client host as the Nomad process user … | May 12, 2026 |
| CVE-2026-7474 | HIGH | 8.8 | HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are vulnerable to code execution on the client host through a path traversal attack. This vulnerability (CVE-2026-7474) … | May 12, 2026 |
| CVE-2026-6959 | MEDIUM | 6.0 | HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are vulnerable to arbitrary file read and write on the client host as the Nomad process user … | May 12, 2026 |
| CVE-2026-45185 | CRITICAL | 9.8 | Exim before 4.99.3, in certain GnuTLS configurations, has a remotely reachable use-after-free in the BDAT body parsing path. It is triggered when a client sends … | May 12, 2026 |
| CVE-2026-44874 | MEDIUM | 4.9 | A vulnerability exists in the web-based management interface of an AOS-10 Gateway that could allow an authenticated remote attacker to access sensitive files on the … | May 12, 2026 |
| CVE-2026-44873 | MEDIUM | 5.4 | A session management vulnerability in AOS-8 allows previously authenticated users to retain network access after their accounts are administratively disabled. Existing sessions are not invalidated … | May 12, 2026 |
| CVE-2026-44872 | HIGH | 7.2 | A command injection vulnerability exists in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation could allow an authenticated remote attacker to … | May 12, 2026 |
| CVE-2026-44870 | HIGH | 7.2 | Command injection vulnerabilities exist in the command line interface (CLI) service accessed by the PAPI protocol of AOS-8 and AOS-10 Operating Systems. Successful exploitation of … | May 12, 2026 |
| CVE-2026-44869 | HIGH | 7.2 | Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote … | May 12, 2026 |
| CVE-2026-44868 | HIGH | 7.2 | Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote … | May 12, 2026 |
| CVE-2026-44867 | HIGH | 7.2 | Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote … | May 12, 2026 |
| CVE-2026-44866 | HIGH | 7.2 | Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote … | May 12, 2026 |
| CVE-2026-44865 | HIGH | 7.2 | Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote … | May 12, 2026 |
| CVE-2026-44864 | HIGH | 7.2 | SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with administrative … | May 12, 2026 |