Total CVEs

143,701

Critical Severity

4,088

High Severity

14,745

Last 7 Days

1,536
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 541 - 560 of 1,584 CVEs
CVE-2026-8556 LOW - 3.1

Inappropriate implementation in ANGLE in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: May 14, 2026
Source: NVD
CVE-2026-8554 LOW - 3.1

Type Confusion in ANGLE in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: May 14, 2026
Source: NVD
CVE-2026-8553 LOW - 3.1

Use after free in GPU in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: May 14, 2026
Source: NVD
CVE-2026-8545 LOW - 3.1

Object corruption in Compositing in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: May 14, 2026
Source: NVD
CVE-2026-8536 LOW - 3.1

Insufficient validation of untrusted input in ReadingMode in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to bypass site Isolation via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: May 14, 2026
Source: NVD

libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. From to 1.8.7-r1, a wrong NULL check after an allocation call in sixel_decode_raw and sixel_decode causes a NULL pointer dereference whenever the allocation fails. The check tests the address of the output parameter...

Vendor: saitoha
Product: libsixel
Published: May 14, 2026
Source: NVD

Due to improper input handling under certain conditions, SAP NetWeaver Application Server ABAP allows an attacker to inject custom Cascading Style Sheets (CSS) data into a web page served by the application. When a user accesses or clicks the affected page, the injected CSS is executed. As a result,...

Vendor: SAP_SE
Product: SAP NetWeaver Application Server ABAP
Published: May 14, 2026
Source: NVD

dbt MCP Server Transmits All MCP Tool Arguments Including Raw SQL and --vars Credentials to dbt Labs Telemetry by Default Without Redaction

Vendor: pip
Product: dbt-mcp
Published: May 14, 2026
Source: GitHub

dbt MCP Server Logs Tool Arguments Including SQL Queries and Credentials in Plaintext Without Redaction When File Logging Is Enabled

Vendor: pip
Product: dbt-mcp
Published: May 14, 2026
Source: GitHub
CVE-2026-6923 LOW - 3.8

A side-channel attack, which requires a physical presence to the TPM, can lead to extraction of an Elliptic Curve Diffie-Hellman (ECDH) key.

Published: May 14, 2026
Source: NVD

PoDoFo is a C++17 PDF manipulation library. From 1.0.0 to before 1.0.4, a double-free vulnerability exists in compute_hash_to_sign() in src/podofo/private/OpenSSLInternal_Ripped.cpp. If EVP_DigestFinal fails after buf has already been freed, the Error label frees buf a second time, causing heap corr...

Vendor: podofo
Product: podofo
Published: May 14, 2026
Source: NVD

HCL AION is affected by a vulnerability where sensitive information may be included in URL parameters. Passing sensitive data in URLs may expose it through browser history, logs, or intermediary systems, potentially leading to unintended information disclosure under certain conditions.

Vendor: HCL
Product: AION
Published: May 14, 2026
Source: NVD

HCL AION is affected by a vulnerability where certain security-related HTTP response headers are not properly configured. Absence of these headers may reduce the effectiveness of browser-based security controls and could expose the application to limited security risks under specific conditions.

Vendor: HCL
Product: AION
Published: May 14, 2026
Source: NVD

HCL AION is affected by a vulnerability where basic authorization tokens are used for authentication. Use of basic authorization mechanisms may expose credentials to potential interception or misuse, especially if not combined with secure transmission practices.

Vendor: HCL
Product: AION
Published: May 14, 2026
Source: NVD

HCL AION is affected by a vulnerability where auto-complete functionality is enabled for certain input fields. This may allow sensitive information to be stored in the browser, potentially leading to unintended exposure under specific conditions.

Vendor: HCL
Product: AION
Published: May 14, 2026
Source: NVD
CVE-2026-6638 LOW - 3.7

SQL injection in PostgreSQL logical replication ALTER SUBSCRIPTION ... REFRESH PUBLICATION allows a subscriber table creator to execute arbitrary SQL with the subscription's publication-side credentials. The attack takes effect at the next REFRESH PUBLICATION. Within major versions 16, 17, an...

Vendor: postgresql
Product: postgresql
Published: May 14, 2026
Source: NVD
CVE-2026-7471 LOW - 3.5

GitLab has remediated an issue in GitLab EE affecting all versions from 18.8 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with control of a virtual registry upstream to make requests to internal hosts due to improper validation.

Vendor: gitlab
Product: gitlab
Published: May 14, 2026
Source: NVD
CVE-2026-6883 LOW - 2.6

GitLab has remediated an issue in GitLab EE affecting all versions from 15.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to bypass merge request approval requirements due to improper cleanup of orphaned policy records.

Vendor: gitlab
Product: gitlab
Published: May 14, 2026
Source: NVD
CVE-2026-2900 LOW - 2.7

GitLab has remediated an issue in GitLab EE affecting all versions from 16.10 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that when instance-level approval rule editing prevention was enabled, could have allowed an authenticated user with Maintainer permissions to modify or delete ...

Vendor: gitlab
Product: gitlab
Published: May 14, 2026
Source: NVD

Strapi is an open source headless content management system. In Strapi versions prior to 5.33.3, changing or resetting a user's password did not invalidate the user's existing refresh-token sessions by default. The refresh-token invalidation step in the users-permissions and admin authenti...

Vendor: npm
Product: @strapi/admin
Published: May 13, 2026
Source: GitHub