Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10338
Total
705
Critical
2973
High
3268
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-23822 | MEDIUM | 5.3 | A vulnerability in the XML handling component of AOS-8 DHCP services could allow an unauthenticated remote attacker to trigger a denial-of-service condition. Successful exploitation could … | May 12, 2026 |
| CVE-2026-23821 | HIGH | 7.2 | A vulnerability in the configuration processing logic of Access Points running AOS-10 could allow an authenticated remote attacker to execute system commands under certain pre-existing … | May 12, 2026 |
| CVE-2026-23820 | HIGH | 7.2 | A vulnerability in the command line interface of Access Points running AOS-10 and AOS-8 Instant could allow an authenticated remote attacker to execute system commands … | May 12, 2026 |
| CVE-2026-23819 | HIGH | 8.8 | A vulnerability in the web-based management interface of Access Points running AOS-10 and AOS-8 Instant could allow an unauthenticated remote attacker to execute arbitrary JavaScript … | May 12, 2026 |
| CVE-2026-5146 | MEDIUM | 4.3 | Improper access control in the notification management endpoints in Devolutions Server allows an unauthenticated attacker to modify or delete arbitrary user notification records via missing … | May 12, 2026 |
| CVE-2026-44343 | UNKNOWN | — | WGDashboard is a dashboard for WireGuard VPN. Prior to 4.3.2, there are critical vulnerabilities affecting WGDashboard that, if exploited, could allow unauthorized parties to access … | May 12, 2026 |
| CVE-2026-44279 | MEDIUM | 5.5 | A improper export of android application components vulnerability in Fortinet FortiTokenAndroid 6.2 all versions, FortiTokenAndroid 6.1 all versions, FortiTokenAndroid 5.2 all versions may allow attacker … | May 12, 2026 |
| CVE-2026-44278 | LOW | 2.3 | A use of hard-coded cryptographic key vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.2, FortiClientWindows 7.2 all versions may allow attacker to information disclosure via <insert … | May 12, 2026 |
| CVE-2026-44277 | CRITICAL | 9.8 | A improper access control vulnerability in Fortinet FortiAuthenticator 8.0.2, FortiAuthenticator 8.0.0, FortiAuthenticator 6.6.0 through 6.6.8, FortiAuthenticator 6.5.0 through 6.5.6 may allow attacker to execute unauthorized … | May 12, 2026 |
| CVE-2026-44204 | MEDIUM | 6.5 | Shelf is a platform for tracking physical assets. From 1.12 to before 1.20.1, a SQL injection vulnerability in the sortBy query parameter on the /assets … | May 12, 2026 |
| CVE-2026-44196 | CRITICAL | 9.1 | Pingvin Share X is a secure and easy self-hosted file sharing platform. From 1.14.1 to 1.16.2, a critical authentication bypass vulnerability allows an attacker who … | May 12, 2026 |
| CVE-2026-44184 | HIGH | 8.0 | Cleanuparr is a tool for automating the cleanup of unwanted or blocked files in Sonarr, Radarr, and supported download clients like qBittorrent. Prior to 2.9.10, … | May 12, 2026 |
| CVE-2026-44183 | CRITICAL | 9.8 | Cleanuparr is a tool for automating the cleanup of unwanted or blocked files in Sonarr, Radarr, and supported download clients like qBittorrent. Prior to 2.9.10, … | May 12, 2026 |
| CVE-2026-44167 | HIGH | 7.5 | phpseclib is a PHP secure communications library. Prior to 1.0.29, 2.0.54, and 3.0.52, anyone loading untrusted ASN1 files (eg. X509 certificates, RSA PKCS8 private or … | May 12, 2026 |
| CVE-2026-44166 | UNKNOWN | — | Pocketbase is an open source web backend written in go. Prior to 0.22.42 and 0.37.4, in some situations, if an attacker knows the email address … | May 12, 2026 |
| CVE-2026-43929 | HIGH | 8.2 | ssrfcheck is a library that checks if a string contains a potential SSRF attack. In 1.3.0 and earlier, ssrfcheck fails to block Server-Side Request Forgery … | May 12, 2026 |
| CVE-2026-43892 | HIGH | 8.8 | AntSword is a cross-platform website management toolkit. Prior to 2.1.16, incomplete noxss() sanitization leads to 1-click RCE via jquery.terminal format code injection. This vulnerability is … | May 12, 2026 |
| CVE-2026-43891 | HIGH | 7.5 | changedetection.io is a free open source web page change detection tool. Prior to 0.55.1, the vulnerability is caused by trusting attacker-controlled snapshot paths restored from … | May 12, 2026 |
| CVE-2026-42899 | HIGH | 7.5 | Loop with unreachable exit condition ('infinite loop') in ASP.NET Core allows an unauthorized attacker to deny service over a network. | May 12, 2026 |
| CVE-2026-42898 | CRITICAL | 9.9 | Improper control of generation of code ('code injection') in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network. | May 12, 2026 |
| CVE-2026-42896 | HIGH | 7.8 | Integer overflow or wraparound in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. | May 12, 2026 |
| CVE-2026-42893 | HIGH | 7.4 | Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to perform tampering over a network. | May 12, 2026 |
| CVE-2026-42891 | MEDIUM | 6.5 | User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. | May 12, 2026 |
| CVE-2026-42838 | MEDIUM | 5.4 | Improper neutralization of special elements in output used by a downstream component ('injection') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to elevate privileges over … | May 12, 2026 |
| CVE-2026-42833 | CRITICAL | 9.1 | Execution with unnecessary privileges in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network. | May 12, 2026 |