Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10557
Total
721
Critical
3059
High
3365
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-32684 | LOW | 2.9 | The application does not impose strict enough restrictions on directory access permissions, posing a risk that other malicious applications could obtain sensitive information. | May 12, 2026 |
| CVE-2026-2465 | HIGH | 8.8 | Incorrect Authorization vulnerability in E-Kalite Software Hardware Engineering Design and Internet Services Industry and Trade Ltd. Co. Turboard FOR-S allows Privilege Escalation. This issue affects … | May 12, 2026 |
| CVE-2026-8162 | HIGH | 7.5 | multiparty@4.2.3 and lower versions are vulnerable to denial of service via uncaught exception. By sending a multipart/form-data request with a Content-Disposition header whose filename* parameter … | May 12, 2026 |
| CVE-2026-8161 | HIGH | 7.5 | multiparty@4.2.3 and lower versions are vulnerable to denial of service via uncaught exception. By sending a multipart/form-data request with a field name that collides with … | May 12, 2026 |
| CVE-2026-8159 | HIGH | 7.5 | multiparty@4.2.3 and lower versions are vulnerable to denial of service via regular expression backtracking in the Content-Disposition filename parameter parser. A crafted multipart upload with … | May 12, 2026 |
| CVE-2026-8072 | UNKNOWN | — | Insecure generation of credentials in the local SAT (Technical Support) access functionality of the Ingecon Sun EMS Board. The vulnerability arose because the secret access … | May 12, 2026 |
| CVE-2026-7428 | UNKNOWN | — | Prior to 2025-11-03, well-intended users of Terraform or REST API for Google Cloud AlloyDB for PostgreSQL could have created clusters with an insecure default password … | May 12, 2026 |
| CVE-2026-6813 | MEDIUM | 4.4 | The Continually plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.3.1 due to insufficient … | May 12, 2026 |
| CVE-2026-6800 | MEDIUM | 4.4 | The FastBots plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.12 due to insufficient … | May 12, 2026 |
| CVE-2026-6001 | HIGH | 8.8 | Authorization bypass through User-Controlled key vulnerability in ABIS Technology Ltd. Co. BAPSİS allows Exploitation of Trusted Identifiers. This issue affects BAPSİS: before v.202604152042. | May 12, 2026 |
| CVE-2026-5029 | UNKNOWN | — | A remote code execution vulnerability exists in Code Runner MCP Server when run with the --transport http option, which exposes the /mcp JSON-RPC endpoint without … | May 12, 2026 |
| CVE-2026-44412 | HIGH | 7.8 | A vulnerability has been identified in Solid Edge SE2026 (All versions < V226.0 Update 5). The affected applications contain a stack based overflow vulnerability while … | May 12, 2026 |
| CVE-2026-44411 | HIGH | 7.8 | A vulnerability has been identified in Solid Edge SE2026 (All versions < V226.0 Update 5). The affected application is vulnerable to uninitialized pointer access while … | May 12, 2026 |
| CVE-2026-41551 | CRITICAL | 9.1 | A vulnerability has been identified in ROS# (All versions < V2.2.2). Affected versions contain a path traversal vulnerability because user input is not properly sanitized. … | May 12, 2026 |
| CVE-2026-41125 | MEDIUM | 6.0 | A vulnerability has been identified in blueplanet 100 NX3 M8 (All versions), blueplanet 100 TL3 GEN2 (All versions), blueplanet 105 TL3 (All versions), blueplanet 105 … | May 12, 2026 |
| CVE-2026-33893 | HIGH | 7.5 | A vulnerability has been identified in Teamcenter V2312 (All versions < V2312.0014), Teamcenter V2406 (All versions < V2406.0012), Teamcenter V2412 (All versions < V2412.0009), Teamcenter … | May 12, 2026 |
| CVE-2026-33862 | HIGH | 7.3 | A vulnerability has been identified in Teamcenter V2312 (All versions < V2312.0014), Teamcenter V2406 (All versions < V2406.0012), Teamcenter V2412 (All versions < V2412.0009), Teamcenter … | May 12, 2026 |
| CVE-2026-27662 | HIGH | 7.7 | Affected devices do not properly restrict access to the web browser via the Control Panel when no corresponding security mechanisms are in place. This could … | May 12, 2026 |
| CVE-2026-25789 | HIGH | 7.1 | Affected devices do not properly validate and sanitize filenames on the Firmware Update page. This could allow a remote attacker to social engineer the user … | May 12, 2026 |
| CVE-2026-25787 | CRITICAL | 9.1 | Affected devices do not properly validate and sanitize Technology Object (TO) name rendered on the "Motion Control Diagnostics" page of the web interface. This could … | May 12, 2026 |
| CVE-2026-25786 | CRITICAL | 9.1 | Affected devices do not properly validate and sanitize PLC/station name rendered on the "communication" parameters page of the web interface. This could allow an authenticated … | May 12, 2026 |
| CVE-2026-22925 | HIGH | 7.5 | A vulnerability has been identified in SIMATIC CN 4100 (All versions < V5.0). The affected application is susceptible to resource exhaustion when subjected to high … | May 12, 2026 |
| CVE-2026-22924 | CRITICAL | 9.1 | A vulnerability has been identified in SIMATIC CN 4100 (All versions < V5.0). The affected application does not properly restrict unauthenticated connections and is susceptible … | May 12, 2026 |
| CVE-2026-1934 | MEDIUM | 4.3 | The Motors – Car Dealership & Classified Listings plugin for WordPress is vulnerable to Payment Bypass via insecure user meta update in all versions up … | May 12, 2026 |
| CVE-2025-6577 | CRITICAL | 9.8 | Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Akilli Commerce Software Technologies Ltd. Co. E-Commerce Website allows SQL Injection. … | May 12, 2026 |