Total CVEs

142,518

Critical Severity

3,992

High Severity

14,327

Last 7 Days

1,922
Quick preset (or use dates below)
Clear Filters
📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →
Showing 14,541 - 14,560 of 38,923 CVEs
CVE-2025-15633 MEDIUM - 6.5

An improper authorization vulnerability in HCL BigFix WebUI allows an authenticated user without Master Operator privileges to access internal data (site names, versions, and configuration variables) and bypass privilege requirements via unprotected endpoints lacking adequate security headers.

Vendor: HCLSoftware
Product: BigFix WebUI
Published: May 09, 2026
Source: NVD

Gibbon versions before v30.0.01 are affected by a path traversal vulnerability resulting in DOS by attempting extraction of web application PHP files, failed .zip extraction results in deletion of the file and a DOS condition. Successful exploitation requires Teacher or higher privileges. Exploitati...

Published: May 09, 2026
Source: NVD

Gibbon versions before v30.0.01 are affected by a local file inclusion vulnerability resulting in RCE by changing the report archive directory and forcing interpretation of a user provided .zip as PHP. Successful exploitation requires Teacher or higher privileges. Exploitation could result in compro...

Published: May 09, 2026
Source: NVD

bubblewrap is a low-level unprivileged sandboxing tool. From version 0.11.0 to before version 0.11.2, if bubblewrap is installed in setuid mode then the user can use ptrace to attach to bubblewrap and control the unprivileged part of the sandbox setup phase. This allows the attacker to arbitrarily u...

Vendor: containers
Product: bubblewrap
Published: May 09, 2026
Source: NVD

Gibbon versions before v30.0.01 are affected by an authenticated SQL Injection vulnerability by abusing the Tracking/graphing https://github.com/GibbonEdu/core/blob/c431e25fdc874adece5d2dc7e408e9aa2d1abadb/modules/Tracking/graphing.php#L145 feature. Successful exploitation requires Teacher or high...

Published: May 09, 2026
Source: NVD
CVE-2026-7652 MEDIUM - 5.3

The LatePoint plugin for WordPress is vulnerable to Account Takeover via Weak Password Recovery Mechanism in the unauthenticated guest booking flow in versions up to, and including, 5.5.0 This is due to the save_connected_wordpress_user() function propagating a LatePoint customer's email addres...

Published: May 09, 2026
Source: NVD
CVE-2026-6667 MEDIUM - 4.3

PgBouncer before 1.25.2 did not perform an appropriate authorization check for the KILL_CLIENT admin command. All users with access to the administration console (which itself requires authorization) could run this command. It would have been correct to allow only users listed in the admin_users par...

Vendor: pgbouncer
Product: pgbouncer
Published: May 09, 2026
Source: NVD
CVE-2026-6666 MEDIUM - 5.9

A possible null pointer reference in PgBouncer before 1.25.2 could lead to a crash, if a server sends an error response without SQLSTATE field.

Vendor: pgbouncer
Product: pgbouncer
Published: May 09, 2026
Source: NVD
CVE-2026-6665 HIGH - 8.1

The SCRAM code in PgBouncer before 1.25.2 did not check the return value of strlcat() correctly when building the contents of the SCRAM client-final-message. A malicious backend that sends a SCRAM server-final-message with a long nonce can trigger a stack overflow.

Vendor: pgbouncer
Product: pgbouncer
Published: May 09, 2026
Source: NVD
CVE-2026-6664 HIGH - 7.5

An integer overflow in network packet parsing code in PgBouncer before 1.25.2 bypasses a boundary check and can lead to a crash. An unauthenticated remote attacker can crash PgBouncer with a malformed SCRAM authentication packet.

Vendor: pgbouncer
Product: pgbouncer
Published: May 09, 2026
Source: NVD
CVE-2026-41705 HIGH - 8.6

Spring AI's MilvusVectorStore#doDelete(List) implementation is vulnerable to filter-expression injection via unsanitized document IDs. Spring AI 1.0.x: affected from 1.0.0 through latest 1.0.x; upgrade to 1.0.7 or greater. Spring AI 1.1.x: affected from 1.1.0 through latest 1.1.x; upgrade to 1....

Vendor: Spring
Product: Spring AI
Published: May 09, 2026
Source: NVD
CVE-2026-44458 MEDIUM - 4.3

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.18, the JSX renderer escapes style attribute object values for HTML but not for CSS. Untrusted input in a style object value or property name can therefore inject additional CSS declarations into the ...

Vendor: npm
Product: hono
Published: May 09, 2026
Source: GitHub

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.18, improper validation of the JWT NumericDate claims exp, nbf, and iat in hono/utils/jwt allows tokens with non-spec-compliant claim values to silently bypass time-based checks. This issue is not exp...

Vendor: npm
Product: hono
Published: May 09, 2026
Source: GitHub
CVE-2026-44966 HIGH - 8.3

Velocity.js is a JavaScript implementation of the Apache Velocity template engine. In 2.1.5 and earlier, a prototype pollution vulnerability was discovered in velocityjs. This issue occurs during the processing of #set directives in Velocity templates. If an application renders a template controlled...

Vendor: npm
Product: velocityjs
Published: May 09, 2026
Source: GitHub
CVE-2026-44457 MEDIUM - 5.3

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.18, Cache Middleware does not skip caching for responses that declare per-user variance via Vary: Authorization or Vary: Cookie. As a result, a response cached for one authenticated user may be served...

Vendor: npm
Product: hono
Published: May 09, 2026
Source: GitHub
CVE-2026-44313 CRITICAL - 9.1

Linkwarden is a self-hosted, open-source collaborative bookmark manager to collect, organize and archive webpages. Prior to version 2.13.0, a Server-Side Request Forgery (SSRF) vulnerability in the fetchTitleAndHeaders function allows authenticated users to make arbitrary HTTP requests to internal s...

Vendor: linkwarden
Product: linkwarden
Published: May 09, 2026
Source: NVD

Linkwarden is a self-hosted, open-source collaborative bookmark manager to collect, organize and archive webpages. In versions 2.14.0 and prior, the archive upload endpoint (POST /api/v1/archives/[linkId]?format=4) accepts HTML files (text/html) without sanitizing JavaScript content. When the archiv...

Vendor: linkwarden
Product: linkwarden
Published: May 09, 2026
Source: NVD
CVE-2026-44897 MEDIUM - 6.1

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, HTMLRenderer.heading() builds the opening <hN> tag by string-concatenating the id attribute value directly into the HTML — with no call to escape(), safe_entity(), or any other sanitisation function. A double-quote...

Vendor: pip
Product: mistune
Published: May 09, 2026
Source: GitHub

GitLab MCP Server lets an AI agent talk directly to GitLab. Prior to 0.6.0, the HTTP transport in src/transport.ts ships with no authentication layer at all and a wildcard Access-Control-Allow-Origin: * on every response. The structural defect is that the SSE server stands up a stateful, mutation-ca...

Vendor: npm
Product: @yoda.digital/gitlab-mcp-server
Published: May 09, 2026
Source: GitHub
CVE-2026-44983 HIGH - 7.3

smallbitvec is a growable bit-vector for Rust, optimized for size. From 1.0.1 to 2.6.0, an integer overflow in the internal capacity calculation of smallbitvec can lead to an undersized heap allocation, resulting in a heap buffer overflow through safe APIs only. This allows memory corruption without...

Vendor: rust
Product: smallbitvec
Published: May 09, 2026
Source: GitHub