Total CVEs

141,272

Critical Severity

3,795

High Severity

13,729

Last 7 Days

1,863
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 13,301 - 13,320 of 37,677 CVEs
CVE-2026-6667 MEDIUM - 4.3

PgBouncer before 1.25.2 did not perform an appropriate authorization check for the KILL_CLIENT admin command. All users with access to the administration console (which itself requires authorization) could run this command. It would have been correct to allow only users listed in the admin_users par...

Vendor: pgbouncer
Product: pgbouncer
Published: May 09, 2026
Source: NVD
CVE-2026-6666 MEDIUM - 5.9

A possible null pointer reference in PgBouncer before 1.25.2 could lead to a crash, if a server sends an error response without SQLSTATE field.

Vendor: pgbouncer
Product: pgbouncer
Published: May 09, 2026
Source: NVD
CVE-2026-6665 HIGH - 8.1

The SCRAM code in PgBouncer before 1.25.2 did not check the return value of strlcat() correctly when building the contents of the SCRAM client-final-message. A malicious backend that sends a SCRAM server-final-message with a long nonce can trigger a stack overflow.

Vendor: pgbouncer
Product: pgbouncer
Published: May 09, 2026
Source: NVD
CVE-2026-6664 HIGH - 7.5

An integer overflow in network packet parsing code in PgBouncer before 1.25.2 bypasses a boundary check and can lead to a crash. An unauthenticated remote attacker can crash PgBouncer with a malformed SCRAM authentication packet.

Vendor: pgbouncer
Product: pgbouncer
Published: May 09, 2026
Source: NVD
CVE-2026-41705 HIGH - 8.6

Spring AI's MilvusVectorStore#doDelete(List) implementation is vulnerable to filter-expression injection via unsanitized document IDs. Spring AI 1.0.x: affected from 1.0.0 through latest 1.0.x; upgrade to 1.0.7 or greater. Spring AI 1.1.x: affected from 1.1.0 through latest 1.1.x; upgrade to 1....

Vendor: Spring
Product: Spring AI
Published: May 09, 2026
Source: NVD
CVE-2026-44458 MEDIUM - 4.3

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.18, the JSX renderer escapes style attribute object values for HTML but not for CSS. Untrusted input in a style object value or property name can therefore inject additional CSS declarations into the ...

Vendor: npm
Product: hono
Published: May 09, 2026
Source: GitHub

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.18, improper validation of the JWT NumericDate claims exp, nbf, and iat in hono/utils/jwt allows tokens with non-spec-compliant claim values to silently bypass time-based checks. This issue is not exp...

Vendor: npm
Product: hono
Published: May 09, 2026
Source: GitHub
CVE-2026-44966 HIGH - 8.3

Velocity.js is a JavaScript implementation of the Apache Velocity template engine. In 2.1.5 and earlier, a prototype pollution vulnerability was discovered in velocityjs. This issue occurs during the processing of #set directives in Velocity templates. If an application renders a template controlled...

Vendor: npm
Product: velocityjs
Published: May 09, 2026
Source: GitHub
CVE-2026-44457 MEDIUM - 5.3

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.18, Cache Middleware does not skip caching for responses that declare per-user variance via Vary: Authorization or Vary: Cookie. As a result, a response cached for one authenticated user may be served...

Vendor: npm
Product: hono
Published: May 09, 2026
Source: GitHub
CVE-2026-44313 CRITICAL - 9.1

Linkwarden is a self-hosted, open-source collaborative bookmark manager to collect, organize and archive webpages. Prior to version 2.13.0, a Server-Side Request Forgery (SSRF) vulnerability in the fetchTitleAndHeaders function allows authenticated users to make arbitrary HTTP requests to internal s...

Vendor: linkwarden
Product: linkwarden
Published: May 09, 2026
Source: NVD

Linkwarden is a self-hosted, open-source collaborative bookmark manager to collect, organize and archive webpages. In versions 2.14.0 and prior, the archive upload endpoint (POST /api/v1/archives/[linkId]?format=4) accepts HTML files (text/html) without sanitizing JavaScript content. When the archiv...

Vendor: linkwarden
Product: linkwarden
Published: May 09, 2026
Source: NVD
CVE-2026-44897 MEDIUM - 6.1

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, HTMLRenderer.heading() builds the opening <hN> tag by string-concatenating the id attribute value directly into the HTML โ€” with no call to escape(), safe_entity(), or any other sanitisation function. A double-quote...

Vendor: pip
Product: mistune
Published: May 09, 2026
Source: GitHub

GitLab MCP Server lets an AI agent talk directly to GitLab. Prior to 0.6.0, the HTTP transport in src/transport.ts ships with no authentication layer at all and a wildcard Access-Control-Allow-Origin: * on every response. The structural defect is that the SSE server stands up a stateful, mutation-ca...

Vendor: npm
Product: @yoda.digital/gitlab-mcp-server
Published: May 09, 2026
Source: GitHub
CVE-2026-44983 HIGH - 7.3

smallbitvec is a growable bit-vector for Rust, optimized for size. From 1.0.1 to 2.6.0, an integer overflow in the internal capacity calculation of smallbitvec can lead to an undersized heap allocation, resulting in a heap buffer overflow through safe APIs only. This allows memory corruption without...

Vendor: rust
Product: smallbitvec
Published: May 09, 2026
Source: GitHub
CVE-2026-44788 MEDIUM - 5.9

SharpCompress is a fully managed C# library to deal with many compression types and formats. In 0.47.4 and earlier, a path traversal vulnerability in IArchive.WriteToDirectory() allows a malicious archive to create directories outside the intended extraction root. For TAR archives, this can be escal...

Vendor: nuget
Product: SharpCompress
Published: May 08, 2026
Source: GitHub
CVE-2026-44900 HIGH - 8.1

epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. Prior to 1.2.1, in SignedPublicKeysTrustValidatorImpl.isTrusted(), the ECDSA signature verification at line 45 discards the boolean return value of Signature.verify(). The method performs certificate chain valid...

Vendor: maven
Product: com.oviva.telematik:epa4all-client
Published: May 08, 2026
Source: GitHub
CVE-2026-44896 MEDIUM - 6.1

Mistune is a Python Markdown parser with renderers and plugins. In 3.2.0 and realier, in src/mistune/directives/image.py, the render_figure() function concatenates figclass and figwidth options directly into HTML attributes without escaping. This allows attribute injection and XSS even when HTMLRend...

Vendor: pip
Product: mistune
Published: May 08, 2026
Source: GitHub
CVE-2026-44708 MEDIUM - 6.1

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, the mistune math plugin renders inline math ($...$) and block math ($$...$$) by concatenating the raw user-supplied content directly into the HTML output without any HTML escaping. This occurs even when the parser is exp...

Vendor: pip
Product: mistune
Published: May 08, 2026
Source: GitHub
CVE-2026-44837 MEDIUM - 5.9

view_component is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the system test entrypoint canonicalizes a user-controlled file path with File.realpath, then checks whether the resolved path starts with the temp directory path. T...

Vendor: rubygems
Product: view_component
Published: May 08, 2026
Source: GitHub
CVE-2026-44836 MEDIUM - 6.5

view_component is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the preview route derives an example name from the URL and calls it with public_send. The code does not verify that the requested method is one of the preview exampl...

Vendor: rubygems
Product: view_component
Published: May 08, 2026
Source: GitHub