Total CVEs

142,265

Critical Severity

3,947

High Severity

14,217

Last 7 Days

1,745
Quick preset (or use dates below)
Clear Filters
πŸ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years β†’
Showing 12,161 - 12,180 of 38,670 CVEs
CVE-2026-2611 CRITICAL - 9.6

In MLflow version 3.9.0, the MLflow Assistant feature introduced improper origin validation in its /ajax-api endpoints. This vulnerability allows a remote attacker to exploit cross-origin requests from a malicious webpage to interact with the MLflow Assistant running on a victim's local machine...

Vendor: lfprojects
Product: mlflow
Published: May 19, 2026
Source: NVD
CVE-2026-29226 HIGH - 7.3

Server-Side Request Forgery (SSRF) vulnerability in Apache OFBiz via Content component operations. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue.

Vendor: Apache Software Foundation
Product: Apache OFBiz
Published: May 19, 2026
Source: NVD
CVE-2026-29220 MEDIUM - 6.5

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue.

Vendor: Apache Software Foundation
Product: Apache OFBiz
Published: May 19, 2026
Source: NVD
CVE-2026-29207 MEDIUM - 6.5

Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue. Please note that in the updated version, "Data Resource" re...

Vendor: Apache Software Foundation
Product: Apache OFBiz
Published: May 19, 2026
Source: NVD
CVE-2026-44408 MEDIUM - 6.3

There is an unauthorized access vulnerability in ZTE MU5250. Due to improper permission control of the Web interface, an unauthorized attacker canΒ  modify configuration through the interface.

Vendor: ZTE
Product: MU5250
Published: May 19, 2026
Source: NVD
CVE-2026-8922 MEDIUM - 5.4

A flaw was found in Keycloak. When both realm-level and client-level `notBefore` revocation policies are configured, Keycloak's OpenID Connect (OIDC) Introspection feature fails to properly honor the realm-level policy. This allows tokens that should have been revoked to remain active, potentia...

Published: May 19, 2026
Source: NVD
CVE-2026-4885 CRITICAL - 9.8

The Piotnet Addons for Elementor Pro plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the 'pafe_ajax_form_builder' function in all versions up to, and including, 7.1.70. The plugin uses an incomplete extension blacklist that only blocks php...

Published: May 19, 2026
Source: NVD
CVE-2026-47317 MEDIUM - 5.5

Uncontrolled Recursion vulnerability in Samsung Open Source Escargot allows Excessive Allocation. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3.

Vendor: Samsung Open Source
Product: Escargot
Published: May 19, 2026
Source: NVD
CVE-2026-47316 MEDIUM - 5.5

Improper Check or Handling of Exceptional Conditions vulnerability in Samsung Open Source Escargot allows Input Data Manipulation. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3.

Vendor: Samsung Open Source
Product: Escargot
Published: May 19, 2026
Source: NVD
CVE-2026-47315 MEDIUM - 5.5

Improper Check for Unusual or Exceptional Conditions vulnerability in Samsung Open Source Escargot allows Input Data Manipulation. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3.

Vendor: Samsung Open Source
Product: Escargot
Published: May 19, 2026
Source: NVD
CVE-2026-47314 HIGH - 7.8

Out-of-bounds write vulnerability in Samsung Open Source Escargot allows Overflow Buffers. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3.

Vendor: Samsung Open Source
Product: Escargot
Published: May 19, 2026
Source: NVD
CVE-2026-47313 MEDIUM - 5.5

Memory allocation with excessive size value vulnerability in Samsung Open Source Escargot allows Excessive Allocation. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3.

Vendor: Samsung Open Source
Product: Escargot
Published: May 19, 2026
Source: NVD
CVE-2026-47312 MEDIUM - 5.5

Release of invalid pointer or reference vulnerability in Samsung Open Source Escargot allows Buffer Manipulation. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3.

Vendor: Samsung Open Source
Product: Escargot
Published: May 19, 2026
Source: NVD
CVE-2026-8830 MEDIUM - 4.3

A flaw was found in Keycloak. An authenticated user can bypass configured WebAuthn policies during credential registration by manipulating client-side JavaScript. This occurs because the server-side processAction() fails to validate that the newly created credential's parameters, such as public...

Published: May 19, 2026
Source: NVD
CVE-2026-8814 MEDIUM - 5.3

Versions of the package exifreader before 4.39.0 are vulnerable to Improper Handling of Highly Compressed Data (Data Amplification) due to decompressing PNG zTXt metadata without enforcing a built-in maximum decompressed output size. When asynchronous parsing is enabled, a crafted PNG file containin...

Vendor: npm
Product: exifreader
Published: May 19, 2026
Source: NVD
CVE-2026-8813 HIGH - 7.5

This affects versions of the package exifreader before 4.39.0. A crafted image containing an ICC mluc tag can set an attacker-controlled record count together with a zero record size. During parsing, ExifReader repeatedly processes the same record and appends entries to an array without sufficient b...

Vendor: npm
Product: exifreader
Published: May 19, 2026
Source: NVD
CVE-2026-47311 HIGH - 7.8

Heap-based buffer overflow vulnerability in Samsung Open Source Escargot allows Overflow Buffers. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3.

Vendor: Samsung Open Source
Product: Escargot
Published: May 19, 2026
Source: NVD
CVE-2026-47310 HIGH - 7.8

Use after free vulnerability in Samsung Open Source Escargot allows Pointer Manipulation. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3.

Vendor: Samsung Open Source
Product: Escargot
Published: May 19, 2026
Source: NVD
CVE-2026-47309 MEDIUM - 5.5

Uncontrolled Recursion vulnerability in Samsung Open Source Escargot allows Oversized Serialized Data Payloads. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3.

Vendor: Samsung Open Source
Product: Escargot
Published: May 19, 2026
Source: NVD
CVE-2025-15609 HIGH - 7.5

The Fortis for WooCommerce WordPress plugin before 1.3.1 may leak sensitive API keys to unauthenticated attackers, allowing them to query Fortis' API and retrieve sensitive customer information, like past orders, PII, etc.

Vendor: Unknown
Product: Fortis for WooCommerce
Published: May 19, 2026
Source: NVD