Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10338
Total
705
Critical
2973
High
3268
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-44863 | HIGH | 7.2 | SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with administrative … | May 12, 2026 |
| CVE-2026-44862 | HIGH | 7.2 | SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with administrative … | May 12, 2026 |
| CVE-2026-44861 | HIGH | 7.2 | SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with administrative … | May 12, 2026 |
| CVE-2026-44860 | HIGH | 7.2 | SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with administrative … | May 12, 2026 |
| CVE-2026-44859 | HIGH | 7.2 | Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line interface of the AOS-8 and AOS-10 Operating Systems. An authenticated … | May 12, 2026 |
| CVE-2026-44858 | HIGH | 7.2 | Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line interface of the AOS-8 and AOS-10 Operating Systems. An authenticated … | May 12, 2026 |
| CVE-2026-44857 | HIGH | 7.2 | Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line interface of the AOS-8 and AOS-10 Operating Systems. An authenticated … | May 12, 2026 |
| CVE-2026-44856 | HIGH | 7.2 | Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line interface of the AOS-8 and AOS-10 Operating Systems. An authenticated … | May 12, 2026 |
| CVE-2026-44855 | HIGH | 7.2 | Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line interface of the AOS-8 and AOS-10 Operating Systems. An authenticated … | May 12, 2026 |
| CVE-2026-44854 | HIGH | 7.2 | Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation could allow an authenticated remote attacker to upload … | May 12, 2026 |
| CVE-2026-44853 | HIGH | 7.2 | Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation could allow an authenticated remote attacker to upload … | May 12, 2026 |
| CVE-2026-44852 | HIGH | 7.2 | An authenticated remote code execution vulnerability exists in the AOS-8 and AOS-10 web-based management interface. A vulnerability in the certificate download functionality could allow an … | May 12, 2026 |
| CVE-2026-44225 | CRITICAL | 9.3 | Pulpy is a lightweight, cross-platform desktop application packager for web apps. Prior to 0.1.1, Pulpy injects a pulpy.fs JavaScript API into every packaged web application, … | May 12, 2026 |
| CVE-2026-44223 | MEDIUM | 6.5 | vLLM is an inference and serving engine for large language models (LLMs). From to before 0.20.0, the extract_hidden_states speculative decoding proposer in vLLM returns a … | May 12, 2026 |
| CVE-2026-44222 | MEDIUM | 6.5 | vLLM is an inference and serving engine for large language models (LLMs). From 0.6.1 to before 0.20.0, there is a a Token Injection vulnerability in … | May 12, 2026 |
| CVE-2026-44221 | CRITICAL | 9.0 | ArcadeDB is a Multi-Model DBMS. Prior to 2.6.4, authenticated users and API tokens scoped to a specific database could read, write, and mutate schema on … | May 12, 2026 |
| CVE-2026-44220 | LOW | 3.2 | ciguard is a static security auditor for CI/CD pipelines. From 0.8.0 to 0.8.1 , the discover_pipeline_files() function in src/ciguard/discovery.py walks a directory tree following symlinks, … | May 12, 2026 |
| CVE-2026-44219 | LOW | 3.7 | ciguard is a static security auditor for CI/CD pipelines. From 0.6.0 to 0.8.1, both SCA HTTP clients (src/ciguard/analyzer/sca/osv.py and src/ciguard/analyzer/sca/endoflife.py) call payload = json.loads(resp.read().decode('utf-8')) without … | May 12, 2026 |
| CVE-2026-44218 | LOW | 3.0 | ciguard is a static security auditor for CI/CD pipelines. From 0.1.0 to 0.8.1, the published ghcr.io/jo-jo98/ciguard container image inherits the default root user because the … | May 12, 2026 |
| CVE-2026-44217 | UNKNOWN | — | sse-channel is an SSE-implementation which can be used to any node.js http request/response stream. Prior to 4.0.1, implementations that allow user-provided values to be passed … | May 12, 2026 |
| CVE-2026-44215 | MEDIUM | 4.4 | NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a one-byte heap out-of-bounds null write exists in the UFS/UFS2 filesystem image parser … | May 12, 2026 |
| CVE-2026-42889 | CRITICAL | 9.1 | Relay adds real-time collaboration to Obsidian. Relay Server versions 0.9.0 through 0.9.6 contain an authentication bypass in the multi-document WebSocket endpoints. When authentication is configured, … | May 12, 2026 |
| CVE-2026-42446 | MEDIUM | 4.4 | NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a stack-based out-of-bounds read exists in the ZealFS filesystem image parser in NanaZip. … | May 12, 2026 |
| CVE-2026-42445 | LOW | 3.3 | NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an uncontrolled recursion vulnerability exists in the UFS/UFS2 filesystem image parser in NanaZip. … | May 12, 2026 |
| CVE-2026-42444 | LOW | 3.3 | NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a denial-of-service vulnerability exists in the littlefs filesystem image parser in NanaZip. The … | May 12, 2026 |