Total CVEs

142,027

Critical Severity

3,943

High Severity

14,108

Last 7 Days

1,884
Quick preset (or use dates below)
Clear Filters
📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →
Showing 14,361 - 14,380 of 38,432 CVEs
CVE-2026-44337 MEDIUM - 6.3

PraisonAI is a multi-agent teams system. From version 2.4.1 to before version 4.6.34, PraisonAI exposes optional SQL/CQL-backed knowledge-store implementations that build table and index identifiers from unvalidated name and collection arguments. Applications that pass untrusted collection names int...

Vendor: MervinPraison
Product: PraisonAI
Published: May 08, 2026
Source: NVD
CVE-2026-44336 CRITICAL - 9.6

PraisonAI is a multi-agent teams system. Prior to version 4.6.34, PraisonAI's MCP (Model Context Protocol) server (praisonai mcp serve) registers four file-handling tools by default — praisonai.rules.create, praisonai.rules.show, praisonai.rules.delete, and praisonai.workflow.show. Each accepts...

Vendor: MervinPraison
Product: PraisonAI
Published: May 08, 2026
Source: NVD

SEPPmail Secure Email Gateway before version 15.0.4 contains a server-side template injection vulnerability in the new GINA UI because an endpoint accepts attacker-controlled template, allowing remote attackers to execute arbitrary template expressions and potentially achieve remote code execution d...

Vendor: SEPPmail AG
Product: Secure Email Gateway
Published: May 08, 2026
Source: NVD

SEPPmail Secure Email Gateway before version 15.0.2.1 allows unauthenticated remote code execution in the new GINA UI because an endpoint passes attacker-controlled input from a parameter to Perl's eval.

Vendor: SEPPmail AG
Product: Secure Email Gateway
Published: May 08, 2026
Source: NVD

SEPPmail Secure Email Gateway before version 15.0.4 contains an unauthenticated path traversal vulnerability in the identifier parameter of /api.app/attachment/preview that allows remote attackers to read arbitrary local files and trigger deletion of files in the targeted directory with the privileg...

Vendor: SEPPmail AG
Product: Secure Email Gateway
Published: May 08, 2026
Source: NVD

SEPPmail Secure Email Gateway before version 15.0.4 insecurely deserializes untrusted data, which can be reached from the new GINA UI and may allow unauthenticated remote attackers to execute code via a crafted serialized object.

Vendor: SEPPmail AG
Product: Secure Email Gateway
Published: May 08, 2026
Source: NVD

SEPPmail Secure Email Gateway before version 15.0.4 fails to enforce authorization checks for multiple endpoints in the new GINA UI, allowing unauthenticated remote attackers to access functionality that should require a valid session.

Vendor: SEPPmail AG
Product: Secure Email Gateway
Published: May 08, 2026
Source: NVD
CVE-2026-43350 HIGH - 7.6

In the Linux kernel, the following vulnerability has been resolved: smb: client: require a full NFS mode SID before reading mode bits parse_dacl() treats an ACE SID matching sid_unix_NFS_mode as an NFS mode SID and reads sid.sub_auth[2] to recover the mode bits. That assumes the ACE carries three...

Vendor: Linux
Product: Linux
Published: May 08, 2026
Source: NVD
CVE-2026-43349 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid uninit-value access in f2fs_sanity_check_node_footer syzbot reported a f2fs bug as below: BUG: KMSAN: uninit-value in f2fs_sanity_check_node_footer+0x374/0xa20 fs/f2fs/node.c:1520 f2fs_sanity_check_node_footer...

Vendor: Linux
Product: Linux
Published: May 08, 2026
Source: NVD
CVE-2026-43348 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: mshv_vtl: Fix vmemmap_shift exceeding MAX_FOLIO_ORDER When registering VTL0 memory via MSHV_ADD_VTL0_MEMORY, the kernel computes pgmap->vmemmap_shift as the number of trailing zeros in the OR of start_pfn and last_pfn, intendin...

Vendor: Linux
Product: Linux
Published: May 08, 2026
Source: NVD
CVE-2026-43347 HIGH - 7.5

In the Linux kernel, the following vulnerability has been resolved: arm64: dts: qcom: monaco: Reserve full Gunyah metadata region We observe spurious "Synchronous External Abort" exceptions (ESR=0x96000010) and kernel crashes on Monaco-based platforms. These faults are caused by the kern...

Vendor: Linux
Product: Linux
Published: May 08, 2026
Source: NVD
CVE-2026-43346 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: ice: ptp: don't WARN when controlling PF is unavailable In VFIO passthrough setups, it is possible to pass through only a PF which doesn't own the source timer. In that case the PTP controlling PF (adapter->ctrl_pf) i...

Vendor: Linux
Product: Linux
Published: May 08, 2026
Source: NVD
CVE-2026-43345 HIGH - 7.5

In the Linux kernel, the following vulnerability has been resolved: net: ipa: fix event ring index not programmed for IPA v5.0+ For IPA v5.0+, the event ring index field moved from CH_C_CNTXT_0 to CH_C_CNTXT_1. The v5.0 register definition intended to define this field in the CH_C_CNTXT_1 fmask ar...

Vendor: Linux
Product: Linux
Published: May 08, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel/uncore: Fix die ID init and look up bugs In snbep_pci2phy_map_init(), in the nr_node_ids > 8 path, uncore_device_to_die() may return -1 when all CPUs associated with the UBOX device are offline. Remove the WARN_...

Vendor: Linux
Product: Linux
Published: May 08, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_subset: Fix unbalanced refcnt in geth_free geth_alloc() increments the reference count, but geth_free() fails to decrement it. This prevents the configuration of attributes via configfs after unlinking the function....

Vendor: Linux
Product: Linux
Published: May 08, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_rndis: Protect RNDIS options with mutex The class/subclass/protocol options are suspectible to race conditions as they can be accessed concurrently through configfs. Use existing mutex to protect these options. Thi...

Vendor: Linux
Product: Linux
Published: May 08, 2026
Source: NVD
CVE-2026-43341 CRITICAL - 9.8

In the Linux kernel, the following vulnerability has been resolved: net/ipv6: ioam6: prevent schema length wraparound in trace fill ioam6_fill_trace_data() stores the schema contribution to the trace length in a u8. With bit 22 enabled and the largest schema payload, sclen becomes 1 + 1020 / 4, wr...

Vendor: Linux
Product: Linux
Published: May 08, 2026
Source: NVD
CVE-2026-43340 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: comedi: Reinit dev->spinlock between attachments to low-level drivers `struct comedi_device` is the main controlling structure for a COMEDI device created by the COMEDI subsystem. It contains a member `spinlock` containing a s...

Vendor: Linux
Product: Linux
Published: May 08, 2026
Source: NVD
CVE-2026-43339 HIGH - 7.8

In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent possible UaF in addrconf_permanent_addr() The mentioned helper try to warn the user about an exceptional condition, but the message is delivered too late, accessing the ipv6 after its possible deletion. Reorder the ...

Vendor: Linux
Product: Linux
Published: May 08, 2026
Source: NVD
CVE-2026-43338 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: btrfs: reserve enough transaction items for qgroup ioctls Currently our qgroup ioctls don't reserve any space, they just do a transaction join, which does not reserve any space, neither for the quota tree updates nor for the ...

Vendor: Linux
Product: Linux
Published: May 08, 2026
Source: NVD