Total CVEs

141,537

Critical Severity

3,871

High Severity

13,923

Last 7 Days

1,576
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 14,241 - 14,260 of 37,942 CVEs

gittuf is a platform-agnostic Git security system. Prior to 0.14.0, an attacker with push access to gittuf's Reference State Log (RSL) can roll back the current policy to any previous policy trusted by the current set of root keys. gittuf determines the policy to load by inspecting the RSL. Exc...

Vendor: go
Product: github.com/gittuf/gittuf
Published: May 07, 2026
Source: GitHub
CVE-2026-44542 CRITICAL - 9.1

FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to 1.3.1-stable and 1.3.9-beta, attacker-controlled path input is joined with a trusted base path prior to sanitization, allowing traversal sequences (e.g., ../) to escape the intended shared directory. As a result, an unauthe...

Vendor: go
Product: github.com/gtsteffaniak/filebrowser
Published: May 07, 2026
Source: GitHub

etcd is a distributed key-value store for the data of a distributed system. Prior to 3.4.44, 3.5.30, and 3.6.11, a vulnerability in etcd allows read access via PrevKv, or lease attachment in Put requests within transaction operations, to bypass RBAC authorization checks. An authenticated user withou...

Vendor: go
Product: go.etcd.io/etcd/v3
Published: May 07, 2026
Source: GitHub
CVE-2026-4807 MEDIUM - 6.5

The Appointment Booking Calendar plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.6.10.6. This is due to a flawed authorization logic in the nonce_permissions_check() method combined with the public exposure of a site-wide reusable nonce. The plugin expos...

Published: May 07, 2026
Source: NVD

Tor before 0.4.9.7 mishandles accounting of the conflux out-of-order queue during the clearing of a queue, aka TROVE-2026-010.

Vendor: torproject
Product: Tor
Published: May 07, 2026
Source: NVD

Tor before 0.4.9.7 can attempt or accept BEGIN_DIR via conflux legs, aka TROVE-2026-008.

Vendor: torproject
Product: Tor
Published: May 07, 2026
Source: NVD
CVE-2026-44520 MEDIUM - 5.7

Docling-Graph turns documents into validated Pydantic objects, then builds a directed knowledge graph with explicit semantic relationships. Prior to 1.5.1, the URLInputHandler class in docling_graph/core/input/handlers.py makes HTTP requests to user-supplied URLs without validating whether the targe...

Vendor: pip
Product: docling-graph
Published: May 07, 2026
Source: GitHub
CVE-2026-44426 MEDIUM - 6.5

ShellHub is a centralized SSH gateway. Prior to 0.24.2, GET /api/namespaces/:tenant returns the full namespace object โ€” including the members list (user IDs, e-mails, roles), settings, and device counts โ€” to any caller authenticated by an API Key, for any tenant, regardless of the API Key's own...

Vendor: go
Product: github.com/shellhub-io/shellhub
Published: May 07, 2026
Source: GitHub
CVE-2026-44514 MEDIUM - 6.5

Kubetail is a real-time logging dashboard for Kubernetes. Prior to 0.14.0, Kubetail's dashboard exposes WebSocket endpoints that did not adequately validate the Origin header on connection upgrade. A malicious web page visited by a user with an active Kubetail session could open a WebSocket to ...

Vendor: go
Product: github.com/kubetail-org/kubetail/modules/dashboard
Published: May 07, 2026
Source: GitHub
CVE-2026-6222 MEDIUM - 5.3

The Forminator Forms plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.51.1. This is due to the `processRequest()` method in `Forminator_Admin_Module_Edit_Page` (admin/abstracts/class-admin-module-edit-page.php) dispatching sensitive module-management acti...

Published: May 07, 2026
Source: NVD
CVE-2026-40003 MEDIUM - 5.1

ZTE ZX297520V3 BootROM contains a vulnerability that allows arbitrary memory writes via USB. Attackers can exploit the lack of target address validation in the USB download mode to write data to any location in BootROM runtime memory, thereby overwriting the stack, hijacking the execution flow, bypa...

Vendor: ZTE
Product: ZX297520V3 BootROM
Published: May 07, 2026
Source: NVD
CVE-2026-44511 HIGH - 7.4

Katalyst Koi is a framework for building Rails admin functionality. Prior to 4.20.0 and 5.6.0, admin session cookies were not invalidated when an admin user logged out. An attacker with access to a valid admin session cookie could continue to access admin functionality after logout, until the cookie...

Vendor: rubygems
Product: katalyst-koi
Published: May 07, 2026
Source: GitHub
CVE-2026-42459 HIGH - 7.5

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, the free5GC UDM component fails to validate the supi path parameter in six GET handlers of the nudm-sdm (Subscriber Data Management) service. An unauthenticated attacker can inject control characters into the SUPI param...

Vendor: go
Product: github.com/free5gc/udm
Published: May 07, 2026
Source: GitHub
CVE-2026-42328 MEDIUM - 6.2

go-ipld-prime is an implementation of the InterPlanetary Linked Data (IPLD) spec interfaces, a batteries-included codec implementations of IPLD for CBOR and JSON, and tooling for basic operations on IPLD objects. Prior to 0.23.0, the DAG-CBOR and DAG-JSON decoders recurse on each nested map or list ...

Vendor: go
Product: github.com/ipld/go-ipld-prime
Published: May 07, 2026
Source: GitHub
CVE-2026-44312 MEDIUM - 5.8

css_parser is a Ruby CSS parser. Prior to 2.1.0 and 1.22.0, the CSS Parser gem does not validate HTTPS connections, allowing a Man-in-the-Middle (MITM) attacker to inject or modify CSS content when stylesheets are loaded via HTTPS. The connection is established with OpenSSL::SSL::VERIFY_NONE, meanin...

Vendor: rubygems
Product: css_parser
Published: May 07, 2026
Source: GitHub
CVE-2026-42083 HIGH - 8.2

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, PCF Npcf_SMPolicyControl missing authentication middleware allows unauthenticated access to SM policy handlers and disclosure of subscriber SUPI. In NewServer(), the smPolicyGroup route group is created and routes are a...

Vendor: go
Product: github.com/free5gc/pcf
Published: May 07, 2026
Source: GitHub
CVE-2026-42880 CRITICAL - 9.6

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. From versions 3.2.0 to before 3.2.11 and 3.3.0 to before 3.3.9, there is a missing authorization and data-masking gap in Argo CD's ServerSideDiff endpoint that allows an attacker with read-only access to extract plaintext...

Vendor: go
Product: github.com/argoproj/argo-cd/v3
Published: May 07, 2026
Source: GitHub

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, the AMF in Free5GC does not enforce the concurrent security procedure rules defined in 3GPP TS 33.501 ยง6.9.5.1. The AMF does not check for ongoing N2 handover procedures before initiating a NAS Security Mode Command, an...

Vendor: go
Product: github.com/free5gc/amf
Published: May 07, 2026
Source: GitHub
CVE-2026-42081 MEDIUM - 6.1

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, the AMF in Free5GC does not verify the UE Security Capabilities received in NGAP PathSwitchRequest messages against its locally stored values, as mandated by 3GPP TS 33.501 ยง6.7.3.1. A malicious gNB can overwrite the AM...

Vendor: go
Product: github.com/free5gc/amf
Published: May 07, 2026
Source: GitHub

Aegra is a drop-in replacement for LangSmith Deployments. Prior to 0.9.7, with multiple authenticated users on a shared instance are vulnerable to a cross-tenant IDOR. Any authenticated attacker, given another user's thread_id, can execute graph runs against the user's thread, read the use...

Vendor: pip
Product: aegra-api
Published: May 07, 2026
Source: GitHub