Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10521
Total
716
Critical
3036
High
3359
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-34684 | MEDIUM | 5.5 | Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of … | May 12, 2026 |
| CVE-2026-34683 | MEDIUM | 5.5 | Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of … | May 12, 2026 |
| CVE-2026-34682 | HIGH | 7.8 | Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of … | May 12, 2026 |
| CVE-2026-34681 | HIGH | 7.8 | Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of … | May 12, 2026 |
| CVE-2026-34664 | MEDIUM | 6.3 | Substance3D - Designer versions 15.1.0 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could … | May 12, 2026 |
| CVE-2026-34660 | CRITICAL | 9.3 | Adobe Connect versions 2025.9.15, 2025.8.157 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of … | May 12, 2026 |
| CVE-2026-34659 | CRITICAL | 9.6 | Adobe Connect versions 2025.9.15, 2025.8.157 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the … | May 12, 2026 |
| CVE-2026-23823 | HIGH | 7.2 | A vulnerability in the command line interface of Access Points running AOS-10 could allow an authenticated remote attacker to perform command injection. Successful exploitation could … | May 12, 2026 |
| CVE-2026-23822 | MEDIUM | 5.3 | A vulnerability in the XML handling component of AOS-8 DHCP services could allow an unauthenticated remote attacker to trigger a denial-of-service condition. Successful exploitation could … | May 12, 2026 |
| CVE-2026-23821 | HIGH | 7.2 | A vulnerability in the configuration processing logic of Access Points running AOS-10 could allow an authenticated remote attacker to execute system commands under certain pre-existing … | May 12, 2026 |
| CVE-2026-23820 | HIGH | 7.2 | A vulnerability in the command line interface of Access Points running AOS-10 and AOS-8 Instant could allow an authenticated remote attacker to execute system commands … | May 12, 2026 |
| CVE-2026-23819 | HIGH | 8.8 | A vulnerability in the web-based management interface of Access Points running AOS-10 and AOS-8 Instant could allow an unauthenticated remote attacker to execute arbitrary JavaScript … | May 12, 2026 |
| CVE-2026-5146 | MEDIUM | 4.3 | Improper access control in the notification management endpoints in Devolutions Server allows an unauthenticated attacker to modify or delete arbitrary user notification records via missing … | May 12, 2026 |
| CVE-2026-44343 | UNKNOWN | — | WGDashboard is a dashboard for WireGuard VPN. Prior to 4.3.2, there are critical vulnerabilities affecting WGDashboard that, if exploited, could allow unauthorized parties to access … | May 12, 2026 |
| CVE-2026-44279 | MEDIUM | 5.5 | A improper export of android application components vulnerability in Fortinet FortiTokenAndroid 6.2 all versions, FortiTokenAndroid 6.1 all versions, FortiTokenAndroid 5.2 all versions may allow attacker … | May 12, 2026 |
| CVE-2026-44278 | LOW | 2.3 | A use of hard-coded cryptographic key vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.2, FortiClientWindows 7.2 all versions may allow attacker to information disclosure via <insert … | May 12, 2026 |
| CVE-2026-44277 | CRITICAL | 9.8 | A improper access control vulnerability in Fortinet FortiAuthenticator 8.0.2, FortiAuthenticator 8.0.0, FortiAuthenticator 6.6.0 through 6.6.8, FortiAuthenticator 6.5.0 through 6.5.6 may allow attacker to execute unauthorized … | May 12, 2026 |
| CVE-2026-44204 | MEDIUM | 6.5 | Shelf is a platform for tracking physical assets. From 1.12 to before 1.20.1, a SQL injection vulnerability in the sortBy query parameter on the /assets … | May 12, 2026 |
| CVE-2026-44196 | CRITICAL | 9.1 | Pingvin Share X is a secure and easy self-hosted file sharing platform. From 1.14.1 to 1.16.2, a critical authentication bypass vulnerability allows an attacker who … | May 12, 2026 |
| CVE-2026-44184 | HIGH | 8.0 | Cleanuparr is a tool for automating the cleanup of unwanted or blocked files in Sonarr, Radarr, and supported download clients like qBittorrent. Prior to 2.9.10, … | May 12, 2026 |
| CVE-2026-44183 | CRITICAL | 9.8 | Cleanuparr is a tool for automating the cleanup of unwanted or blocked files in Sonarr, Radarr, and supported download clients like qBittorrent. Prior to 2.9.10, … | May 12, 2026 |
| CVE-2026-44167 | HIGH | 7.5 | phpseclib is a PHP secure communications library. Prior to 1.0.29, 2.0.54, and 3.0.52, anyone loading untrusted ASN1 files (eg. X509 certificates, RSA PKCS8 private or … | May 12, 2026 |
| CVE-2026-44166 | UNKNOWN | — | Pocketbase is an open source web backend written in go. Prior to 0.22.42 and 0.37.4, in some situations, if an attacker knows the email address … | May 12, 2026 |
| CVE-2026-43929 | HIGH | 8.2 | ssrfcheck is a library that checks if a string contains a potential SSRF attack. In 1.3.0 and earlier, ssrfcheck fails to block Server-Side Request Forgery … | May 12, 2026 |
| CVE-2026-43892 | HIGH | 8.8 | AntSword is a cross-platform website management toolkit. Prior to 2.1.16, incomplete noxss() sanitization leads to 1-click RCE via jquery.terminal format code injection. This vulnerability is … | May 12, 2026 |