| CVE ID ↕ | SEV ↕ | CVSS ↕ | DESCRIPTION & LINKS |
|---|---|---|---|
|
CVE-2026-41070
2026-05-08
|
CRITICAL | 10.0 |
openvpn-auth-oauth2 is a plugin/management interface client for OpenVPN server to handle an OIDC based single sign-on (SSO) auth flows. From version 1.26.3 to before version 1.27.3, when openvpn-auth-oauth2 is deployed in the experimental plugin mode...
|
|
CVE-2026-41512
2026-05-08
|
CRITICAL | 9.9 |
ai-scanner is an AI model safety scanner built on NVIDIA garak. From version 1.0.0 to before version 1.4.1, there is a remote code execution vulnerability via JavaScript injection in `BrowserAutomation::PlaywrightService`. This issue has been patched...
|
|
CVE-2026-41500
2026-05-08
|
CRITICAL | 9.8 |
electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to version 3.3.8, a command injection vulnerability exists in github.com/elcterm/electerm/npm/install.js:150. The runMac() function appends attacker-contr...
|
|
CVE-2026-41501
2026-05-08
|
CRITICAL | 9.8 |
electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to version 3.3.8, a command injection vulnerability exists in github.com/elcterm/electerm/npm/install.js:130. The runLinux() function appends attacker-con...
|
|
CVE-2026-8153
2026-05-08
|
CRITICAL | 9.8 |
OS command injection in Dashboard Server interface in Universal Robots PolyScope versions prior to 5.21.1 allows unauthenticated attacker to craft commands that will execute code on the robot's OS.
|
|
CVE-2026-41497
2026-05-08
|
CRITICAL | 9.8 |
PraisonAI is a multi-agent teams system. Prior to version 4.6.9, the fix for PraisonAI's MCP command handling does not add a command allowlist or argument validation to parse_mcp_command(), allowing arbitrary executables like bash, python, or /bin/sh...
|
|
CVE-2026-41507
2026-05-08
|
CRITICAL | 9.8 |
math-codegen generates code from mathematical expressions. Prior to version 0.4.3, string literal content passed to cg.parse() is injected verbatim into a new Function() body without sanitization. This allows an attacker to execute arbitrary system c...
|
|
CVE-2026-42072
2026-05-08
|
CRITICAL | 9.8 |
Nornicdb is a distributed low-latency, Graph+Vector, Temporal MVCC with all sub-ms HNSW search, graph traversal, and writes. Prior to version 1.0.42-hotfix, the --address CLI flag (and NORNICDB_ADDRESS / server.host config key) is plumbed through to ...
|
|
CVE-2026-43941
2026-05-08
|
CRITICAL | 9.6 |
electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. In versions 3.8.15 and prior, Electerm's terminal hyperlink handler passes any URL clicked in the terminal directly to shell.openExternal without any protocol v...
|
|
CVE-2026-41588
2026-05-08
|
CRITICAL | 9.0 |
RELATE is a web-based courseware package. Prior to commit 2f68e16, there is a timing attack vulnerability in course/auth.py — check_sign_in_key(). This issue has been patched via commit 2f68e16.
|
|
CVE-2026-41900
2026-05-08
|
HIGH | 8.8 |
OpenLearnX is an open-source, decentralized learning and assessment platform. Prior to version 2.0.3, a remote code execution (RCE) vulnerability was identified in the OpenLearnX code execution environment, allowing sandbox escape and arbitrary comma...
|
|
CVE-2026-8137
2026-05-08
|
HIGH | 8.8 |
A vulnerability has been found in Totolink X5000R 9.1.0u.6369_B20230113. This vulnerability affects the function sub_458E40 of the file /boafrm/formDdns. The manipulation of the argument submit-url leads to buffer overflow. Remote exploitation of the...
|
|
CVE-2026-8138
2026-05-08
|
HIGH | 8.8 |
A vulnerability was found in Tenda CX12L 16.03.53.12. This issue affects the function formSetPPTPServer of the file /goform/SetPptpServerCfg”. The manipulation results in stack-based buffer overflow. The attack can be executed remotely. The exploit...
|
|
CVE-2026-5127
2026-05-08
|
HIGH | 8.8 |
The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin for WordPress is vulnerable to Deserialization of Untrusted Data in versions up to, and including, 4.3.1 This is due to insufficient input ...
|
|
CVE-2026-42275
2026-05-08
|
HIGH | 8.7 |
zrok is software for sharing web services, files, and network resources. Prior to version 2.0.2, the zrok WebDAV drive backend (davServer.Dir) restricts path traversal through lexical normalization but does not prevent symlink following. When a symbo...
|
|
CVE-2026-41524
2026-05-08
|
HIGH | 8.7 |
Brave CMS is an open-source CMS. Prior to commit 6c56603, page and article body content entered through the CKEditor rich-text editor is stored verbatim in the database and subsequently rendered with Laravel Blade's unescaped output directive {!! !!}...
|
|
CVE-2026-44339
2026-05-08
|
HIGH | 8.6 |
PraisonAI is a multi-agent teams system. Prior to praisonai version 4.6.37 and praisonaiagents version 1.6.37, praisonaiagents resolves unresolved tool names against module globals and __main__ after it fails to match the declared tool list and the r...
|
|
CVE-2026-41683
2026-05-08
|
HIGH | 8.6 |
i18next-http-middleware is a middleware to be used with Node.js web frameworks like express or Fastify and also for Deno. Prior to version 3.9.3, i18next-http-middleware wrote user-controlled language values into the Content-Language response header ...
|
|
CVE-2026-41690
2026-05-08
|
HIGH | 8.6 |
18next-http-middleware is a middleware to be used with Node.js web frameworks like express or Fastify and also for Deno. Versions prior to 3.9.3 allow an unauthenticated HTTP client to pollute Object.prototype in the Node.js process hosting the middl...
|
|
CVE-2026-43940
2026-05-08
|
HIGH | 8.4 |
electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to version 3.7.16, the runWidget function in src/app/widgets/load-widget.js constructs a file path by directly concatenating user‑supplied widget identi...
|
|
CVE-2026-44334
2026-05-08
|
HIGH | 8.4 |
PraisonAI is a multi-agent teams system. From version 4.5.139 to before version 4.6.32, CVE-2026-40287's fix gated tools.py auto-import behind PRAISONAI_ALLOW_LOCAL_TOOLS=true in two files (tool_resolver.py, api/call.py). A third import sink in prais...
|
|
CVE-2026-41693
2026-05-08
|
HIGH | 8.2 |
i18next-fs-backend is a backend layer for i18next using in Node.js and for Deno to load translations from the filesystem. Prior to version 2.6.4, i18next-fs-backend substitutes the lng and ns options directly into the configured loadPath / addPath te...
|
|
CVE-2026-42353
2026-05-08
|
HIGH | 8.2 |
i18next-http-middleware is a middleware to be used with Node.js web frameworks like express or Fastify and also for Deno. Prior to version 3.9.3, i18next-http-middleware passes the user-controlled lng and ns values from getResourcesHandler directly i...
|
|
CVE-2026-29972
2026-05-08
|
HIGH | 8.2 |
nanoMODBUS through v1.22.0 has a stack-based buffer overflow in recv_read_registers_res() in nanomodbus.c. When a client calls nmbs_read_holding_registers() or nmbs_read_input_registers(), the library writes register data from the server response to ...
|
|
CVE-2022-50994
2026-05-08
|
HIGH | 8.1 |
DrayTek Vigor 2960 firmware versions prior to 1.5.1.4 contain an OS command injection vulnerability in the CGI login handler that allows unauthenticated remote attackers to execute arbitrary commands by injecting shell metacharacters into the formpas...
|
|
CVE-2026-41491
2026-05-08
|
HIGH | 8.1 |
Dapr is a portable, event-driven, runtime for building distributed applications across cloud and edge. From versions 1.3.0 to before 1.15.14, 1.16.0-rc.1 to before 1.16.14, and 1.17.0-rc.1 to before 1.17.5, a vulnerability has been found in Dapr that...
|
|
CVE-2026-41496
2026-05-08
|
HIGH | 8.1 |
PraisonAI is a multi-agent teams system. Prior to praisonai version 4.6.9 and praisonaiagents version 1.6.9, the fix for CVE-2026-40315 added input validation to SQLiteConversationStore only. Nine sibling backends — MySQL, PostgreSQL, async SQLite/...
|
|
CVE-2026-41883
2026-05-08
|
HIGH | 8.1 |
OmniFaces is a utility library for Faces. Prior to versions 1.14.2, 2.7.32, 3.14.16, 4.7.5, and 5.2.3, there is a server-side EL injection leading to Remote Code Execution (RCE). This affects applications that use CDNResourceHandler with a wildcard C...
|
|
CVE-2026-8178
2026-05-08
|
HIGH | 8.1 |
An issue exists in Amazon Redshift JDBC Driver versions prior to 2.2.2. Under certain conditions, the driver could load and execute arbitrary classes when processing JDBC connection URL parameters. An actor who can influence the connection URL could ...
|
|
CVE-2025-66467
2026-05-08
|
HIGH | 8.0 |
Missing MinIO policy cleanup on bucket deletion via Apache CloudStack allows users to retain access to buckets which they previously owned. If another user creates a new bucket with the same name, the previous owners can gain unauthorized read and wr...
|
|
CVE-2026-43943
2026-05-08
|
HIGH | 7.8 |
electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to version 3.7.9, a code execution (RCE) vulnerability exists in electerm's SFTP open with system editor or "Edit with custom editor" feature. When a user...
|
|
CVE-2026-41570
2026-05-08
|
HIGH | 7.8 |
PHPUnit is a testing framework for PHP. In versions 12.5.21 and 13.1.5, PHPUnit forwards PHP INI settings to child processes (used for isolated/PHPT test execution) as -d name=value command-line arguments without neutralizing INI metacharacters. Beca...
|
|
CVE-2026-41886
2026-05-08
|
HIGH | 7.5 |
locize is a localization platform that connects code and i18n setup. Prior to version 4.0.21, the locize client SDK registers a window.addEventListener("message", …) handler that dispatches to registered internal handlers (editKey, commitKey, commi...
|
|
CVE-2026-6659
2026-05-08
|
HIGH | 7.5 |
Crypt::PasswdMD5 versions through 1.42 for Perl generates insecure random values for salts.
The built-in rand function is predictable, and unsuitable for cryptography.
|
|
CVE-2026-42264
2026-05-08
|
HIGH | 7.4 |
Axios is a promise based HTTP client for the browser and Node.js. From version 1.0.0 to before version 1.15.2, fFive config properties (auth, baseURL, socketPath, beforeRedirect, and insecureHTTPParser) in the HTTP adapter are read via direct propert...
|
|
CVE-2026-34354
2026-05-08
|
HIGH | 7.4 |
Akamai Guardicore Platform Agent (GPA) and Zero Trust Client on Linux and macOS allow TOCTOU-based local privilege escalation. The GPA service creates an IPC socket in the world-writable /tmp directory. It accepts unauthenticated IPC control messages...
|
|
CVE-2026-8126
2026-05-08
|
HIGH | 7.3 |
A flaw has been found in SourceCodester Comment System 1.0. This issue affects some unknown processing of the file post_comment.php. This manipulation of the argument Name causes sql injection. Remote exploitation of the attack is possible. The explo...
|
|
CVE-2026-8128
2026-05-08
|
HIGH | 7.3 |
A vulnerability was found in SourceCodester SUP Online Shopping 1.0. The affected element is an unknown function of the file /admin/viewmsg.php. Performing a manipulation of the argument msgid results in sql injection. The attack is possible to be ca...
|
|
CVE-2026-8129
2026-05-08
|
HIGH | 7.3 |
A vulnerability was determined in SourceCodester SUP Online Shopping 1.0. The impacted element is an unknown function of the file wishlist.php. Executing a manipulation of the argument delwlistid can lead to sql injection. The attack may be performed...
|
|
CVE-2026-8130
2026-05-08
|
HIGH | 7.3 |
A vulnerability was identified in SourceCodester SUP Online Shopping 1.0. This affects an unknown function of the file /admin/message.php. The manipulation of the argument seenid leads to sql injection. It is possible to initiate the attack remotely....
|
|
CVE-2026-8131
2026-05-08
|
HIGH | 7.3 |
A security flaw has been discovered in SourceCodester SUP Online Shopping 1.0. This impacts an unknown function of the file /admin/replymsg.php. The manipulation of the argument msgid results in sql injection. It is possible to launch the attack remo...
|
|
CVE-2026-8132
2026-05-08
|
HIGH | 7.3 |
A weakness has been identified in CodeAstro Leave Management System 1.0. Affected is an unknown function of the file /login.php. This manipulation of the argument txt_username causes sql injection. The attack can be initiated remotely. The exploit ha...
|
|
CVE-2026-8133
2026-05-08
|
HIGH | 7.3 |
A security vulnerability has been detected in zyx0814 FilePress up to 2.2.0. Affected by this vulnerability is an unknown functionality of the file dzz/shares/admin.php of the component Shares Filelist API. Such manipulation of the argument order lea...
|
|
CVE-2026-44338
2026-05-08
|
HIGH | 7.3 |
PraisonAI is a multi-agent teams system. From version 2.5.6 to before version 4.6.34, PraisonAI ships a legacy Flask API server with authentication disabled by default. When that server is used, any caller that can reach it can access /agents and tri...
|
|
CVE-2026-7330
2026-05-08
|
HIGH | 7.2 |
The Auto Affiliate Links plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 6.8.8 This is due to insufficient input sanitization on the 'url' POST parameter in the aal_url_stats_save_action() function ...
|
|
CVE-2026-42261
2026-05-08
|
HIGH | 7.1 |
PromptHub is an all-in-one AI toolbox for prompt, skill, and agent management. From version 0.4.9 to before version 0.5.4, apps/web/src/routes/skills.ts exposes an authenticated endpoint POST /api/skills/fetch-remote that fetches a user-supplied URL ...
|
|
CVE-2026-41576
2026-05-08
|
HIGH | 7.1 |
Brave CMS is an open-source CMS. Prior to commit 6c56603, the contact form is publicly accessible (no authentication required). User-supplied message text is passed through PHP's nl2br() function, which converts newlines to <br> tags but does not esc...
|
|
CVE-2026-42826
2026-05-07
|
CRITICAL | 10.0 |
Exposure of sensitive information to an unauthorized actor in Azure DevOps allows an unauthorized attacker to disclose information over a network.
|
|
CVE-2026-33109
2026-05-07
|
CRITICAL | 9.9 |
Improper access control in Azure Managed Instance for Apache Cassandra allows an authorized attacker to execute code over a network.
|
|
CVE-2026-6508
2026-05-07
|
CRITICAL | 9.8 |
Origin Validation Error vulnerability in TUBITAK BILGEM Software Technologies Research Institute Liderahenk allows Accessing Functionality Not Properly Constrained by ACLs.
This issue affects Liderahenk: from 2.0.1 before 2.0.2.
|
|
CVE-2026-7414
2026-05-07
|
CRITICAL | 9.8 |
Yarbo firmware v2.3.9 contains hardcoded administrative credentials embedded in the firmware image. These credentials are identical across all devices running this firmware and cannot be changed or removed by end users, enabling trivial unauthorized ...
|
|
CVE-2026-7415
2026-05-07
|
CRITICAL | 9.8 |
The MQTT broker embedded in Yarbo firmware v2.3.9 is configured to allow anonymous connections with no topic-level read or write ACLs. Any host on the same network can subscribe to sensitive telemetry topics or publish control messages directly to th...
|
|
CVE-2026-37709
2026-05-07
|
CRITICAL | 9.8 |
Insecure Permissions vulnerability in grokability snipe-it v.8.4.0 and before and fixed after 2026-03-10 commit 676a9958 allows a remote attacker to execute arbitrary code via the app/Http/Controllers/Api/UploadedFilesController.php component
|
|
CVE-2026-5791
2026-05-07
|
CRITICAL | 9.6 |
Cross-Site request forgery (CSRF) vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Cross Site Request Forgery.
This issue affects DivvyDrive: from 4.8.2.9 before 4.8.3.2.
|
|
CVE-2026-41589
2026-05-07
|
CRITICAL | 9.6 |
Wish is an SSH server with defaults and a collection of middlewares. From version 2.0.0 to before version 2.0.1, the SCP middleware in charm.land/wish/v2 is vulnerable to path traversal attacks. A malicious SCP client can read arbitrary files from th...
|
|
CVE-2026-6795
2026-05-07
|
CRITICAL | 9.6 |
URL redirection to untrusted site ('open redirect') vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Parameter Injection.
This issue affects DivvyDrive: from 4.8.2.9 before 4.8.3.2.
|
|
CVE-2026-33823
2026-05-07
|
CRITICAL | 9.6 |
Improper authorization in Microsoft Teams allows an authorized attacker to disclose information over a network.
|
|
CVE-2026-35428
2026-05-07
|
CRITICAL | 9.6 |
Improper neutralization of special elements used in a command ('command injection') in Azure Cloud Shell allows an unauthorized attacker to perform spoofing over a network.
|
|
CVE-2026-42880
2026-05-07
|
CRITICAL | 9.6 |
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. From versions 3.2.0 to before 3.2.11 and 3.3.0 to before 3.3.9, there is a missing authorization and data-masking gap in Argo CD's ServerSideDiff endpoint that allows an attack...
|
|
CVE-2026-40982
2026-05-07
|
CRITICAL | 9.1 |
Spring Cloud Config allows applications to serve arbitrary text and binary files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead to a directory traversal att...
|
|
CVE-2026-41201
2026-05-07
|
CRITICAL | 9.1 |
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. In version 0.31.4.0, an attacker can achieve Full Account Takeover & Privilege Escalation via Stored DOM XSS...
|
|
CVE-2026-41902
2026-05-07
|
CRITICAL | 9.1 |
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, the /user-setup/{hash} endpoint accepts a 60-character random invite_hash to set a new user's password. The endpoint performs no expiration c...
|
|
CVE-2026-33844
2026-05-07
|
CRITICAL | 9.0 |
Improper input validation in Azure Managed Instance for Apache Cassandra allows an authorized attacker to execute code over a network.
|
|
CVE-2026-5787
2026-05-07
|
HIGH | 8.9 |
An Improper Certificate Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to impersonate registered Sentry hosts and obtain valid CA-signed client certificates.
|
|
CVE-2026-41142
2026-05-07
|
HIGH | 8.8 |
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From versions 3.0.0 to before 3.2.9, 3.3.0 to before 3.3.11, and 3.4.0 to before 3.4.11, there is an inte...
|
|
CVE-2026-41139
2026-05-07
|
HIGH | 8.8 |
Math.js is an extensive math library for JavaScript and Node.js. From version 13.1.0 to before version 15.2.0, arbitrary JavaScript can be executed via the expression parser of mathjs. This issue has been patched in version 15.2.0.
|
|
CVE-2026-41143
2026-05-07
|
HIGH | 8.8 |
YesWiki is a wiki system written in PHP. Prior to version 4.6.1, YesWiki bazar module contains a SQL injection vulnerability in tools/bazar/services/EntryManager.php at line 704. The $data['id_fiche'] value (sourced from $_POST['id_fiche']) is concat...
|
|
CVE-2026-6692
2026-05-07
|
HIGH | 8.8 |
The Slider Revolution plugin for WordPress is vulnerable to Arbitrary File Upload in versions 7.0.0 to 7.0.10 via the '_get_media_url' and '_check_file_path' function. This is due to insufficient file type validation. This makes it possible for authe...
|
|
CVE-2026-3953
2026-05-07
|
HIGH | 8.8 |
Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Gosoft Software Industry and Trade Ltd. Co. Proticaret E-Commerce allows Cross-Site Scripting (XSS), Reflected XSS.
This issue affects Proticaret E...
|
|
CVE-2026-5784
2026-05-07
|
HIGH | 8.8 |
Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Stored XSS.
This issue affects DivvyDrive: from 4.8.2.9 before 4.8.3.2.
|
|
CVE-2026-6002
2026-05-07
|
HIGH | 8.8 |
Improper neutralization of Script-Related HTML tags in a web page (basic XSS) vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Cross-Site Scripting (XSS).
This issue affects DivvyDrive: from 4.8.2.9 before 4.8.3.2.
|
|
CVE-2026-5786
2026-05-07
|
HIGH | 8.8 |
An Improper Access Control vulnerability in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote authenticated attacker to gain administrative access.
|
|
CVE-2026-42215
2026-05-07
|
HIGH | 8.8 |
GitPython is a python library used to interact with Git repositories. From version 3.1.30 to before version 3.1.47, GitPython blocks dangerous Git options such as --upload-pack and --receive-pack by default, but the equivalent Python kwargs upload_pa...
|
|
CVE-2026-32207
2026-05-07
|
HIGH | 8.8 |
Improper neutralization of input during web page generation ('cross-site scripting') in Azure Machine Learning allows an unauthorized attacker to perform spoofing over a network.
|
|
CVE-2026-41505
2026-05-07
|
HIGH | 8.7 |
RELATE is a web-based courseware package. Prior to commit 2f68e16, RELATE is vulnerable to predictable token generation in auth.py's make_sign_in_key() function and exam.py's gen_ticket_code() function. This issue has been patched via commit 2f68e16.
|
|
CVE-2026-42047
2026-05-07
|
HIGH | 8.6 |
Inngest is a platform for running event-driven and scheduled background functions with queueing, retries, and step orchestration. Versions 3.22.0 through 3.53.1 contain a vulnerability that allows unauthenticated remote attackers to exfiltrate enviro...
|
|
CVE-2026-35435
2026-05-07
|
HIGH | 8.6 |
Improper access control in Azure AI Foundry M365 published agents allows an unauthorized attacker to elevate privileges over a network.
|
|
CVE-2026-42449
2026-05-07
|
HIGH | 8.5 |
n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. In versions 2.47.4 through 2.47.13, the SDK embedder path (N8NDocumentationMCPServer constructor, getN8nApiClient(), and validateInstan...
|
|
CVE-2025-1978
2026-05-07
|
HIGH | 8.3 |
Remote Code Execution Vulnerability in Hitachi Storage Navigator and the maintenance console in Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E109...
|
|
CVE-2025-14341
2026-05-07
|
HIGH | 8.3 |
Improperly controlled modification of Dynamically-Determined object attributes, Allocation of resources without limits or throttling vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Excessive Allocation, Flooding.
This iss...
|
|
CVE-2026-41490
2026-05-07
|
HIGH | 8.3 |
Dagster is an orchestration platform for the development, production, and observation of data assets. Prior to Dagster Core version 1.13.1 and prior to Dagster libraries version 0.29.1, the DuckDB, Snowflake, BigQuery, and DeltaLake I/O managers cons...
|
|
CVE-2026-41422
2026-05-07
|
HIGH | 8.3 |
Daptin is a GraphQL/JSON-API headless CMS. Prior to version 0.11.4, the /aggregate/:typename endpoint accepted column and group query parameters that were passed verbatim to goqu.L() — a raw SQL literal expression builder — without any validation...
|
|
CVE-2026-41669
2026-05-07
|
HIGH | 8.2 |
Admidio is an open-source user management solution. Prior to version 5.0.9, the Admidio SAML Identity Provider implementation discards the return value of its validateSignature() method at both call sites (handleSSORequest() line 418 and handleSLOReq...
|
|
CVE-2026-41670
2026-05-07
|
HIGH | 8.2 |
Admidio is an open-source user management solution. Prior to version 5.0.9, the SAML IdP implementation in Admidio's SSO module uses the AssertionConsumerServiceURL value directly from incoming SAML AuthnRequest messages as the destination for the SA...
|
|
CVE-2026-34327
2026-05-07
|
HIGH | 8.2 |
Externally controlled reference to a resource in another sphere in Microsoft Partner Center allows an unauthorized attacker to perform spoofing over a network.
|
|
CVE-2026-7252
2026-05-07
|
HIGH | 8.1 |
The WP-Optimize – Cache, Compress images, Minify & Clean database to boost page speed & performance plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the unscheduled_original_file_deletion fun...
|
|
CVE-2025-9661
2026-05-07
|
HIGH | 8.1 |
OS command injection vulneravility in the management gui (maintenance utility) of Hitachi Virtual Storage Platform One Block 23, 24, 26 and 28.
This issue affects Hitachi Virtual Storage Platform One Block 23/24/26/28: before DKCMAIN A3-04-21-40/00,...
|
|
CVE-2026-42284
2026-05-07
|
HIGH | 8.1 |
GitPython is a python library used to interact with Git repositories. Prior to version 3.1.47, _clone() validates multi_options as the original list, then executes shlex.split(" ".join(multi_options)). A string like "--branch main --config core.hooks...
|
|
CVE-2026-42239
2026-05-07
|
HIGH | 8.1 |
Budibase is an open-source low-code platform. Prior to version 3.35.10, the budibase:auth cookie containing the JWT session token is set with httpOnly: false at packages/backend-core/src/utils/utils.ts:218. JavaScript can read this cookie via documen...
|
|
CVE-2026-41105
2026-05-07
|
HIGH | 8.1 |
Server-side request forgery (ssrf) in Azure Notification Service allows an authorized attacker to elevate privileges over a network.
|
|
CVE-2024-43384
2026-05-07
|
HIGH | 8.0 |
A low privileged remote attacker can gain the root password due to improper removal of sensitive information before storage or transfer.
|
|
CVE-2026-42214
2026-05-07
|
HIGH | 7.8 |
Notepad Next is a cross-platform, reimplementation of Notepad++. Prior to version 0.14, NotepadNext's detectLanguageFromExtension() function interpolates a file's extension directly into a Lua script without sanitization. An attacker can craft a file...
|
|
CVE-2026-44244
2026-05-07
|
HIGH | 7.8 |
GitPython is a python library used to interact with Git repositories. Prior to version 3.1.49, GitConfigParser.set_value() passes values to Python's configparser without validating for newlines. GitPython's own _write() converts embedded newlines int...
|
|
CVE-2026-41688
2026-05-07
|
HIGH | 7.7 |
Wallos is an open-source, self-hostable personal subscription tracker. In versions 4.8.4 and prior, the incomplete SSRF fix in Wallos validates webhook URLs via gethostbyname() but passes the original hostname to cURL without CURLOPT_RESOLVE pinning ...
|
|
CVE-2026-41905
2026-05-07
|
HIGH | 7.7 |
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, Helper::sanitizeRemoteUrl() in app/Misc/Helper.php follows HTTP redirects via curlGetLastRedirectedUrl() but then re-validates the original U...
|
|
CVE-2025-68060
2026-05-07
|
HIGH | 7.6 |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPMart Team Member allows Blind SQL Injection.
This issue affects Team Member: from n/a through 8.5.
|
|
CVE-2026-41904
2026-05-07
|
HIGH | 7.6 |
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, a user with updateAutoReply permission can store an XSS payload in the mailbox auto-reply message. The payload is rendered unescaped in the a...
|
|
CVE-2026-43510
2026-05-07
|
HIGH | 7.6 |
manage.get.gov is the .gov TLD registrar maintained by CISA. manage.get.gov allows an organization administrator to assign domain manager privileges for domains not already in another organization. Fixed in 1.176.0 on or around 2026-04-30.
|
|
CVE-2026-40981
2026-05-07
|
HIGH | 7.5 |
When using Google Secrets Manager as a backend for the Spring Cloud Config server a client can craft a request to the config server potentially exposing secrets from unintended GCP projects.
Spring Cloud Config 3.1.x: affected from 3.1.0 through 3.1....
|
|
CVE-2026-41640
2026-05-07
|
HIGH | 7.5 |
NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to version 2.0.39, the queryParentSQL() function in the core database package constructs a recursive CTE query by joining nodeIds w...
|
|
CVE-2026-4348
2026-05-07
|
HIGH | 7.5 |
The BetterDocs Pro plugin for WordPress is vulnerable to SQL Injection via the `get_current_letter_docs` and `docs_sort_by_letter` AJAX actions in all versions up to, and including, 3.7.0. This is due to the `limit` POST parameter being interpolated ...
|
|
CVE-2026-41642
2026-05-07
|
HIGH | 7.5 |
GoBGP is an open source Border Gateway Protocol (BGP) implementation in the Go Programming Language. In version 4.3.0, a remote Denial of Service (DoS) vulnerability exists in GoBGP due to a nil pointer dereference. When a malformed BGP UPDATE messag...
|
|
CVE-2026-41643
2026-05-07
|
HIGH | 7.5 |
GoBGP is an open source Border Gateway Protocol (BGP) implementation in the Go Programming Language. Prior to version 4.3.0, a remote Denial of Service (DoS) vulnerability exists in GoBGP where a malformed BGP UPDATE message can trigger a runtime err...
|
|
CVE-2026-42285
2026-05-07
|
HIGH | 7.5 |
GoBGP is an open source Border Gateway Protocol (BGP) implementation in the Go Programming Language. In version 4.4.0, an unauthenticated remote BGP peer can trigger a fatal panic in GoBGP by sending a specially crafted BGP UPDATE message. When the s...
|
|
CVE-2025-65122
2026-05-07
|
HIGH | 7.5 |
Regex Denial of Service in youtube-regex npm package through version 1.0.5.
|
|
CVE-2026-26129
2026-05-07
|
HIGH | 7.5 |
Improper neutralization of special elements in M365 Copilot allows an unauthorized attacker to disclose information over a network.
|
|
CVE-2026-26164
2026-05-07
|
HIGH | 7.5 |
Improper neutralization of special elements in output used by a downstream component ('injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network.
|
|
CVE-2026-33111
2026-05-07
|
HIGH | 7.5 |
Improper neutralization of special elements used in a command ('command injection') in Copilot Chat (Microsoft Edge) allows an unauthorized attacker to disclose information over a network.
|
|
CVE-2026-42011
2026-05-07
|
HIGH | 7.4 |
A flaw was found in gnutls. This vulnerability occurs because permitted name constraints were incorrectly ignored when previous Certificate Authorities (CAs) only had excluded name constraints. A remote attacker could exploit this to bypass critical ...
|
|
CVE-2026-7821
2026-05-07
|
HIGH | 7.4 |
Improper certificate validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to enroll a device belonging to a restricted set of unenrolled devices, leading to information disclosure abou...
|
|
CVE-2026-40213
2026-05-07
|
HIGH | 7.4 |
OpenStack Cyborg before 16.0.1 uses rule:allow (check_str='@') as the default policy for multiple API endpoints. This unconditionally authorizes any request carrying a valid Keystone token regardless of roles, project membership, or scope. An authent...
|
|
CVE-2026-8083
2026-05-07
|
HIGH | 7.3 |
A vulnerability was found in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects an unknown part of the file /ajax.php?action=save_user. The manipulation of the argument ID results in sql injection. The attack can be executed remotel...
|
|
CVE-2026-8098
2026-05-07
|
HIGH | 7.3 |
A security vulnerability has been detected in code-projects Feedback System 1.0. Impacted is an unknown function of the file /admin/checklogin.php. Such manipulation of the argument email leads to sql injection. It is possible to launch the attack re...
|
|
CVE-2026-6411
2026-05-07
|
HIGH | 7.3 |
This vulnerability, in the MAXHUB Pivot client application versions
prior to v1.36.2, may allow an attacker to obtain encrypted tenant email
addresses and related metadata from any tenant. Due to the presence of a
hardcoded AES key within the appl...
|
|
CVE-2026-41002
2026-05-07
|
HIGH | 7.2 |
The base directory (`spring.cloud.config.server.git.basedir`) used by the Spring Cloud Config Server to clone Git repositories to is susceptible to time-of-check-time-of-use (TOCTOU) attacks.
Spring Cloud Config 3.1.x: affected from 3.1.0 through 3.1...
|
|
CVE-2026-41641
2026-05-07
|
HIGH | 7.2 |
NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to version 2.0.39, the checkSQL() validation function that blocks dangerous SQL keywords (e.g., pg_read_file, LOAD_FILE, dblink) is...
|
|
CVE-2026-6973
2026-05-07
|
HIGH | 7.2 |
An Improper Input Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remotely authenticated user with administrative access to achieve remote code execution.
|
|
CVE-2026-7413
2026-05-07
|
HIGH | 7.2 |
A hidden, persistent backdoor was found in Yarbo firmware v2.3.9 that provides remote, unauthenticated (or weakly authenticated) access to privileged functionality. The backdoor is undocumented, cannot be disabled via user-facing settings, and surviv...
|
|
CVE-2026-44742
2026-05-07
|
HIGH | 7.2 |
Postorius through 1.3.13 does not escape HTML in the message subject when rendering it in the Held messages pop-up, as exploited in the wild in May 2026.
|
|
CVE-2026-41660
2026-05-07
|
HIGH | 7.1 |
Admidio is an open-source user management solution. Prior to version 5.0.9, a logic error in Admidio's two-factor authentication reset inverts the authorization check. Non-admin users cannot remove their own TOTP configuration, but they can remove ot...
|
|
CVE-2026-42010
2026-05-07
|
HIGH | 7.1 |
A flaw was found in gnutls. Servers configured with RSA-PSK (Rivest–Shamir–Adleman – Pre-Shared Key) wrongfully matched usernames containing a NUL character with truncated usernames. A remote attacker could exploit this by sending a specially c...
|
|
CVE-2026-41554
2026-05-07
|
HIGH | 7.1 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bricks Builder allows Reflected XSS.
This issue affects Bricks Builder: from n/a through 1.9.2 to 2.2.
|
|
CVE-2026-41906
2026-05-07
|
HIGH | 7.1 |
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.214, the Change Customer modal correctly hides out-of-scope customers through the mailbox-filtered search endpoint, but the backend conversation_c...
|
|
CVE-2026-5788
2026-05-07
|
HIGH | 7.0 |
An Improper Access Control in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to invoke arbitrary methods.
|
|
CVE-2026-40281
2026-05-06
|
CRITICAL | 10.0 |
Gotenberg is a Docker-powered stateless API for PDF files. In versions 8.30.1 and earlier, the metadata write endpoint validates metadata keys for control characters but leaves metadata values unsanitized. A newline character in a metadata value spli...
|
|
CVE-2026-41930
2026-05-06
|
CRITICAL | 9.8 |
Vvveb before version 1.0.8.2 contains a hard-coded credentials vulnerability in its docker-compose-apache.yaml configuration that allows unauthenticated attackers to access the bundled phpMyAdmin container with pre-configured database credentials. At...
|
|
CVE-2026-43575
2026-05-06
|
CRITICAL | 9.8 |
OpenClaw versions 2026.2.21 before 2026.4.10 contain an authentication bypass vulnerability in the sandbox noVNC helper route that exposes interactive browser session credentials. Attackers can access the noVNC helper route without bridge authenticat...
|
|
CVE-2026-44109
2026-05-06
|
CRITICAL | 9.8 |
OpenClaw before 2026.4.15 contains an authentication bypass vulnerability in Feishu webhook and card-action validation that allows unauthenticated requests to reach command dispatch. Missing encryptKey configuration and blank callback tokens fail ope...
|
|
CVE-2026-43581
2026-05-06
|
CRITICAL | 9.6 |
OpenClaw before 2026.4.10 contains an improper network binding vulnerability in the sandbox browser CDP relay that exposes Chrome DevTools Protocol on 0.0.0.0. Attackers can access the DevTools protocol outside intended local sandbox boundaries by ex...
|
|
CVE-2026-43578
2026-05-06
|
CRITICAL | 9.1 |
OpenClaw versions 2026.3.31 before 2026.4.10 contain a privilege escalation vulnerability where heartbeat owner downgrade detection misses local background async exec completion events. Attackers can exploit this by providing untrusted completion con...
|
|
CVE-2026-20034
2026-05-06
|
HIGH | 8.8 |
A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authenticated, remote attacker to execute arbitrary code on an affected device.
This vulnerability is due to insufficient validation of user-supplied in...
|
|
CVE-2026-42503
2026-05-06
|
HIGH | 8.8 |
gopls by default communicates via pipe. However, -port and -listen flags are supported as means of debugging.
If -listen is given a value without an explicit host (e.g. :8080), or -port is used, gopls will listen on 0.0.0.0.
As a result, users migh...
|
|
CVE-2026-7875
2026-05-06
|
HIGH | 8.8 |
NanoClaw contains a host/container filesystem boundary vulnerability in outbound attachment handling and outbox cleanup that allows a compromised or prompt-injected container to read files outside the intended outbox directory by supplying crafted me...
|
|
CVE-2026-41934
2026-05-06
|
HIGH | 8.8 |
Vvveb before version 1.0.8.2 contains an authenticated remote code execution vulnerability in the admin code editor that allows low-privilege authenticated users to execute arbitrary code by exploiting insufficient file extension restrictions. Attack...
|
|
CVE-2026-41938
2026-05-06
|
HIGH | 8.8 |
Vvveb before version 1.0.8.2 contains an unrestricted file upload vulnerability in the media upload handler that allows authenticated users with media-upload permissions to bypass extension restrictions by uploading a .htaccess file to map .phtml ext...
|
|
CVE-2026-43584
2026-05-06
|
HIGH | 8.8 |
OpenClaw before 2026.4.10 contains an insufficient environment variable denylist vulnerability in its exec environment policy that allows operator-supplied overrides of high-risk interpreter startup variables including VIMINIT, EXINIT, LUA_INIT, and ...
|
|
CVE-2026-44110
2026-05-06
|
HIGH | 8.8 |
OpenClaw before 2026.4.15 contains an authorization bypass vulnerability in Matrix room control-command authorization that trusts DM pairing-store entries. Attackers with DM-paired sender IDs can execute room control commands without being in configu...
|
|
CVE-2026-44115
2026-05-06
|
HIGH | 8.8 |
OpenClaw before 2026.4.22 contains an exec allowlist analysis vulnerability allowing shell expansion hiding in unquoted heredoc bodies. Attackers can bypass allowlist validation by embedding shell expansion tokens in heredoc bodies to execute unappro...
|
|
CVE-2026-44116
2026-05-06
|
HIGH | 8.6 |
OpenClaw before 2026.4.22 contains a server-side request forgery vulnerability in the Zalo plugin's sendPhoto function that fails to validate outbound photo URLs through the SSRF guard. Attackers can bypass SSRF protection by providing malicious phot...
|
|
CVE-2024-30151
2026-05-06
|
HIGH | 8.3 |
HCL BigFix Service Management (SX) is affected by a Broken Access Control vulnerability leading to privilege escalation. This could allow unauthorized users to gain elevated privileges, bypassing intended access restrictions. This may result in expo...
|
|
CVE-2026-41936
2026-05-06
|
HIGH | 8.1 |
Vvveb before version 1.0.8.2 contains an XML external entity (XXE) injection vulnerability in the admin Tools/Import feature that allows authenticated site_admin users to read arbitrary files and modify database records. Attackers can exploit the XML...
|
|
CVE-2026-43585
2026-05-06
|
HIGH | 8.1 |
OpenClaw before 2026.4.15 captures resolved bearer-auth configuration at startup, allowing revoked tokens to remain valid after SecretRef rotation. Gateway HTTP and WebSocket handlers fail to re-resolve authentication per-request, enabling attackers ...
|
|
CVE-2026-6691
2026-05-06
|
HIGH | 7.8 |
The MongoDB C Driver's Cyrus SASL integration performs unsafe string copying during username canonicalization, enabling a heap buffer overflow before any authentication or network traffic. This may be triggered by passing untrusted input in the usern...
|
|
CVE-2026-44114
2026-05-06
|
HIGH | 7.8 |
OpenClaw before 2026.4.20 fails to properly reserve the OPENCLAW_ runtime-control environment namespace in workspace dotenv files, allowing attackers to override critical runtime variables. Malicious workspaces can set variables like OPENCLAW_GIT_DIR...
|
|
CVE-2026-44118
2026-05-06
|
HIGH | 7.8 |
OpenClaw before 2026.4.22 derives loopback MCP owner context from spoofable server-issued bearer tokens in request headers. Non-owner loopback clients can present themselves as owner to bypass owner-gated operations by manipulating the sender-owner h...
|
|
CVE-2026-20167
2026-05-06
|
HIGH | 7.7 |
A vulnerability in the web-based management interface of Cisco IoT Field Network Director could allow an authenticated, remote attacker with low privileges to cause a DoS condition on a remotely managed router.
This vulnerability is due to imprope...
|
|
CVE-2026-20185
2026-05-06
|
HIGH | 7.7 |
A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco 350 Series Managed Switches (SG350) and Cisco 350X Series Stackable Managed Switches (SG350X) firmware could allow an authenticated, remote attacker to caus...
|
|
CVE-2026-43576
2026-05-06
|
HIGH | 7.7 |
OpenClaw before 2026.4.5 contains a server-side request forgery vulnerability in the CDP /json/version WebSocket endpoint that allows attackers to pivot to untrusted second-hop targets. The webSocketDebuggerUrl response field is not properly validate...
|
|
CVE-2026-43580
2026-05-06
|
HIGH | 7.7 |
OpenClaw before 2026.4.10 contains an incomplete navigation guard vulnerability that allows attackers to trigger navigation without complete SSRF policy enforcement. Browser press/type style interactions, including pressKey and type submit flows, can...
|
|
CVE-2026-20188
2026-05-06
|
HIGH | 7.5 |
A vulnerability in the connection-handling mechanism of Cisco Crosswork Network Controller (CNC) and Cisco Network Services Orchestrator (NSO) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected...
|
|
CVE-2026-23870
2026-05-06
|
HIGH | 7.5 |
A denial of service vulnerability could be triggered by sending specially crafted HTTP requests to server function endpoints, this could lead to server crashes, out-of-memory exceptions or excessive CPU usage; affecting the following packages: react-...
|
|
CVE-2026-34473
2026-05-06
|
HIGH | 7.5 |
Unauthenticated DoS in ZTE H8102E, H168N, H167A, H199A, H288A, H198A, H267A, H267N, H268A, H388X, H196A, H369A, H268N, H208N, H367N, H181A, and H196Q. A denial-of-service condition can be triggered against the router's web interface by sending an ove...
|
|
CVE-2026-8032
2026-05-06
|
HIGH | 7.3 |
A flaw has been found in PicoTronica e-Clinic Healthcare System ECHS 5.7. The impacted element is an unknown function of the file /cdemos/echs/priv/echs.js. This manipulation of the argument ADMIN_KEY causes hard-coded credentials. The attack is poss...
|
|
CVE-2026-20035
2026-05-06
|
HIGH | 7.2 |
A vulnerability in the web UI of Cisco Unity Connection Web Inbox could allow an unauthenticated, remote attacker to conduct SSRF attacks through an affected device.
This vulnerability is due to improper input validation for specific HTTP requests...
|