Total CVEs

140,356

Critical Severity

3,747

High Severity

13,524

Last 7 Days

1,777
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 10,921 - 10,940 of 36,761 CVEs
CVE-2026-44899 MEDIUM - 4.7

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, the Image directive plugin validates the :width: and :height: options with a regex compiled as _num_re = re.compile(r"^\d+(?:\.\d*)?"). When the validated value is not a plain integer, render_block_image() inse...

Vendor: pip
Product: mistune
Published: May 14, 2026
Source: GitHub
CVE-2026-44898 MEDIUM - 6.1

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, render_toc_ul() builds a <ul> table-of-contents tree from a list of (level, id, text) tuples. Both the id value (used as href="#<id>") and the text value (used as the visible link label) are inserte...

Vendor: pip
Product: mistune
Published: May 14, 2026
Source: GitHub
CVE-2026-45292 MEDIUM - 5.3

opentelemetry-java is the Java implementation of the OpenTelemetry API for recording telemetry, and SDK for managing telemetry recorded by the API. Prior to 1.62.0, a vulnerability affects the baggage propagation implementation in opentelemetry-api and opentelemetry-extension-trace-propagators. Pars...

Vendor: maven
Product: io.opentelemetry:opentelemetry-api
Published: May 14, 2026
Source: GitHub
CVE-2026-44884 MEDIUM - 6.5

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8 and 2.39.1, a missing authorization vulnerability in the Custom Template file endpoint (GET /a...

Vendor: go
Product: github.com/portainer/portainer
Published: May 14, 2026
Source: GitHub
CVE-2026-44883 HIGH - 7.5

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, Portainer's authentication middleware accepts JWT bearer tokens pass...

Vendor: go
Product: github.com/portainer/portainer
Published: May 14, 2026
Source: GitHub
CVE-2026-44849 CRITICAL - 8.8

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, Portainer enforces seven EndpointSecuritySettings restrictions that admin...

Vendor: go
Product: github.com/portainer/portainer
Published: May 14, 2026
Source: GitHub
CVE-2026-44882 HIGH - 8.1

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33., Portainer proxies requests to Kubernetes clusters through a middleware layer (kubeClientMiddle...

Vendor: go
Product: github.com/portainer/portainer
Published: May 14, 2026
Source: GitHub
CVE-2026-44881 HIGH - 9.9

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, Portainer supports deploying stacks from Git repositories. When a Git-bac...

Vendor: go
Product: github.com/portainer/portainer
Published: May 14, 2026
Source: GitHub
CVE-2026-44850 HIGH - 8.5

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, Portainer offers an environment-level Disable bind mounts for non-adminis...

Vendor: go
Product: github.com/portainer/portainer
Published: May 14, 2026
Source: GitHub
CVE-2026-44885 MEDIUM - 5.5

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, Portainer's backup restore feature accepts a .tar.gz archive and extracts it to a target...

Vendor: go
Product: github.com/portainer/portainer
Published: May 14, 2026
Source: GitHub
CVE-2026-44848 CRITICAL - 8.8

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, The Docker plugin management endpoints (/plugins/*) were not registered w...

Vendor: go
Product: github.com/portainer/portainer
Published: May 14, 2026
Source: GitHub
CVE-2026-46480 HIGH - 8.8

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, evaluator create and update mass-assignment allows cross-workspace evaluator takeover. This issue has been patched in version 3.1.2.

Vendor: npm
Product: flowise
Published: May 14, 2026
Source: GitHub
CVE-2026-46479 HIGH - 8.8

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, evaluation create and update mass-assignment allows cross-workspace evaluation takeover. This issue has been patched in version 3.1.2.

Vendor: npm
Product: flowise
Published: May 14, 2026
Source: GitHub
CVE-2026-46478 HIGH - 8.8

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, DatasetRow create and update mass-assignment allows cross-workspace row takeover. This issue has been patched in version 3.1.2.

Vendor: npm
Product: flowise
Published: May 14, 2026
Source: GitHub
CVE-2026-46477 HIGH - 8.8

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, dataset create and update mass-assignment allows cross-workspace dataset takeover. This issue has been patched in version 3.1.2.

Vendor: npm
Product: flowise
Published: May 14, 2026
Source: GitHub
CVE-2026-46476 HIGH - 8.8

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, CustomTemplate create and update mass-assignment allows cross-workspace template takeover. This issue has been patched in version 3.1.2.

Vendor: npm
Product: flowise
Published: May 14, 2026
Source: GitHub
CVE-2026-46475 HIGH - 8.8

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, assistant create and update mass-assignment allows cross-workspace assistant takeover. This issue has been patched in version 3.1.2.

Vendor: npm
Product: flowise
Published: May 14, 2026
Source: GitHub
CVE-2026-46444 HIGH - 8.8

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, all CRUD endpoints for OpenAI Assistants Vector Store have no authentication middleware and the route path /api/v1/openai-assistants-vector-store is not in WHITELIST_URLS. However, it...

Vendor: npm
Product: flowise
Published: May 14, 2026
Source: GitHub
CVE-2026-45076 MEDIUM - 2.7

Synapse is an open source Matrix homeserver implementation. Prior to 1.152.1, in federated rooms, malicious homeservers can craft room events in such a way that prevents Synapse from providing full history to paginating clients. Clients could therefore fail to display room history. This vulnerabilit...

Vendor: pip
Product: matrix-synapse
Published: May 14, 2026
Source: GitHub
CVE-2026-45078 HIGH - 5.5

Synapse is an open source Matrix homeserver implementation. Prior to 1.152.1, local authenticated users can cause Synapse to starve other requests of CPU and lead to other requests failing, causing other users to be denied service. This vulnerability is fixed in 1.152.1.

Vendor: pip
Product: matrix-synapse
Published: May 14, 2026
Source: GitHub