Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10648
Total
723
Critical
3075
High
3393
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-43358 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: btrfs: add missing RCU unlock in error path in try_release_subpage_extent_buffer() Call rcu_read_lock() before exiting the … | May 08, 2026 |
| CVE-2026-43357 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: iio: gyro: mpu3050-core: fix pm_runtime error handling The return value of pm_runtime_get_sync() is not checked, … | May 08, 2026 |
| CVE-2026-43356 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: iio: imu: adis: Fix NULL pointer dereference in adis_init The adis_init() function dereferences adis->ops to … | May 08, 2026 |
| CVE-2026-43355 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: iio: light: bh1780: fix PM runtime leak on error path Move pm_runtime_put_autosuspend() before the error … | May 08, 2026 |
| CVE-2026-43354 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: iio: proximity: hx9023s: Protect against division by zero in set_samp_freq Avoid division by zero when … | May 08, 2026 |
| CVE-2026-43353 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: i3c: mipi-i3c-hci: Fix race in DMA ring dequeue The HCI DMA dequeue path (hci_dma_dequeue_xfer()) may … | May 08, 2026 |
| CVE-2026-43352 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: i3c: mipi-i3c-hci: Correct RING_CTRL_ABORT handling in DMA dequeue The logic used to abort the DMA … | May 08, 2026 |
| CVE-2026-43351 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Eagerly init vgic dist/redist on vgic creation If vgic_allocate_private_irqs_locked() fails for any odd … | May 08, 2026 |
| CVE-2026-41588 | CRITICAL | 9.0 | RELATE is a web-based courseware package. Prior to commit 2f68e16, there is a timing attack vulnerability in course/auth.py — check_sign_in_key(). This issue has been patched … | May 08, 2026 |
| CVE-2026-41585 | UNKNOWN | — | ZEBRA is a Zcash node written entirely in Rust. From zebrad versions 2.2.0 to before 4.3.1 and from zebra-rpc versions 1.0.0-beta.45 to before 6.0.2, a … | May 08, 2026 |
| CVE-2026-41584 | UNKNOWN | — | ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.1 and prior to zebra-chain version 6.0.2, Orchard transactions contain a rk … | May 08, 2026 |
| CVE-2026-41583 | UNKNOWN | — | ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.1 and prior to zebra-script version 5.0.2, after a refactoring, Zebra failed … | May 08, 2026 |
| CVE-2026-41576 | HIGH | 7.1 | Brave CMS is an open-source CMS. Prior to commit 6c56603, the contact form is publicly accessible (no authentication required). User-supplied message text is passed through … | May 08, 2026 |
| CVE-2026-41575 | MEDIUM | 6.1 | In th30d4y/IP from version 1.0.1 to before version 2.0.1, a DOM-Based Cross-Site Scripting (XSS) vulnerability was identified in an IP Reputation Checker application. Unsanitized user … | May 08, 2026 |
| CVE-2026-41574 | UNKNOWN | — | Nhost is an open source Firebase alternative with GraphQL. Prior to version 0.49.1, Nhost automatically links an incoming OAuth identity to an existing Nhost account … | May 08, 2026 |
| CVE-2026-41570 | HIGH | 7.8 | PHPUnit is a testing framework for PHP. In versions 12.5.21 and 13.1.5, PHPUnit forwards PHP INI settings to child processes (used for isolated/PHPT test execution) … | May 08, 2026 |
| CVE-2026-41524 | HIGH | 8.7 | Brave CMS is an open-source CMS. Prior to commit 6c56603, page and article body content entered through the CKEditor rich-text editor is stored verbatim in … | May 08, 2026 |
| CVE-2026-41487 | UNKNOWN | — | Langfuse is an open source large language model engineering platform. From version 3.68.0 to before version 3.167.0, there is a role-based-access control flaw in the … | May 08, 2026 |
| CVE-2026-41308 | MEDIUM | 6.5 | Password Pusher is an open source application to communicate sensitive information over the web. Prior to versions 1.69.3 and 2.4.2, a security issue in OSS … | May 08, 2026 |
| CVE-2026-38361 | UNKNOWN | — | An issue in fohrloop dash-uploader v.0.1.0 through v.0.7.0a2 allows a remote attacker to execute arbitrary code via the dash_uploader/httprequesthandler.py, dash_uploader/upload.py in the Upload function and … | May 08, 2026 |
| CVE-2026-37431 | UNKNOWN | — | Beauty Parlour Management System v1.1 was discovered to contain a SQL injection vulnerability via the aptnumber parameter in the /appointment-detail.php endpoint. This vulnerability allows attackers … | May 08, 2026 |
| CVE-2025-67486 | UNKNOWN | — | Dolibarr is an enterprise resource planning (ERP) and customer relationship management (CRM) software package. Versions 22.0.2 and earlier contains an authenticated remote code execution vulnerability … | May 08, 2026 |
| CVE-2026-7864 | UNKNOWN | — | SEPPmail Secure Email Gateway before version 15.0.4 exposes server environment variables through an unauthenticated endpoint in the new GINA UI, allowing remote attackers to obtain … | May 08, 2026 |
| CVE-2026-44340 | UNKNOWN | — | PraisonAI is a multi-agent teams system. Prior to version 4.6.37, the _safe_extractall helper that all recipe pull, recipe publish, and recipe unpack flows route through … | May 08, 2026 |
| CVE-2026-44339 | HIGH | 8.6 | PraisonAI is a multi-agent teams system. Prior to praisonai version 4.6.37 and praisonaiagents version 1.6.37, praisonaiagents resolves unresolved tool names against module globals and __main__ … | May 08, 2026 |