Total CVEs

142,518

Critical Severity

3,992

High Severity

14,327

Last 7 Days

1,840
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 14,601 - 14,620 of 38,923 CVEs
CVE-2026-44321 HIGH - 7.5

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's SMF mounts the UPI management route group without inbound OAuth2 middleware. The POST /upi/v1/upNodesLinks create-or-update handler accepts attacker-controlled JSON and passes it directly into UpNodesFrom...

Vendor: go
Product: github.com/free5gc/smf
Published: May 08, 2026
Source: GitHub
CVE-2026-44320 HIGH - 7.3

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the nnef-callback route group without inbound OAuth2/bearer-token authorization. A forged or arbitrary bearer token (e.g. Authorization: Bearer not-a-real-token) is enough to reach the SMF-call...

Vendor: go
Product: github.com/free5gc/nef
Published: May 08, 2026
Source: GitHub
CVE-2026-44319 HIGH - 7.5

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF terminates the entire process when a stored PFD-subscription notifyUri cannot be reached. In PfdChangeNotifier.FlushNotifications(), the notifier calls NnefPFDmanagementNotify(...) and on any delivery...

Vendor: go
Product: github.com/free5gc/nef
Published: May 08, 2026
Source: GitHub
CVE-2026-44318 MEDIUM - 6.5

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's BSF PUT /nbsf-management/v1/subscriptions/{subId} handler has an unsynchronized write on the global Subscriptions map. The handler first reads the map under RLock() via BSFContext.GetSubscription(subId), ...

Vendor: go
Product: github.com/free5gc/bsf
Published: May 08, 2026
Source: GitHub
CVE-2026-44317 MEDIUM - 6.5

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's PCF POST /npcf-policyauthorization/v1/app-sessions handler panics on a single authenticated request whose ascReqData.suppFeat == "1" (enabling traffic-routing feature negotiation) and whose medC...

Vendor: go
Product: github.com/free5gc/pcf
Published: May 08, 2026
Source: GitHub
CVE-2026-44316 HIGH - 7.5

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's PCF POST /npcf-smpolicycontrol/v1/sm-policies handler (HandleCreateSmPolicyRequest) panics with a nil-pointer dereference when a downstream OpenAPI consumer call (UDR lookup) returns 404 Not Found and the...

Vendor: go
Product: github.com/free5gc/pcf
Published: May 08, 2026
Source: GitHub
CVE-2026-44315 CRITICAL - 9.4

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the 3gpp-pfd-management API without inbound OAuth2/bearer-token authorization. A network attacker who can reach NEF on the SBI can create, read, and delete PFD-management transaction state with...

Vendor: go
Product: github.com/free5gc/nef
Published: May 08, 2026
Source: GitHub
CVE-2026-44309 MEDIUM - 5.3

Gitsign is a keyless Sigstore to signing tool for Git commits with your a GitHub / OIDC identity. Prior to 0.16.0, gitsign verify and gitsign verify-tag re-encode commit/tag objects through go-git's EncodeWithoutSignature before checking the signature, instead of verifying against the raw git o...

Vendor: go
Product: github.com/sigstore/gitsign
Published: May 08, 2026
Source: GitHub
CVE-2026-44566 HIGH - 7.3

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.1.124, when attaching files to a promp, the name of the file is derived from the original HTTP upload request and is not validated or sanitized. This allows for users to upload files with na...

Vendor: pip
Product: open-webui
Published: May 08, 2026
Source: GitHub
CVE-2026-44567 HIGH - 7.3

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.1.124, the API does not properly validate that the user has an authorized user role of user. By default, when Open WebUI is configured with new sign-ups enabled, the default user role is set...

Vendor: pip
Product: open-webui
Published: May 08, 2026
Source: GitHub
CVE-2026-44549 HIGH - 7.3

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.0, Excel file attachments are previewed in an unsafe way. A crafted XLSX file payload can be used to cause the sheetjs function sheet_to_html to embed an XSS payload into the generated HTM...

Vendor: pip
Product: open-webui
Published: May 08, 2026
Source: GitHub
CVE-2026-44832 HIGH - 8.8

Snipe-IT is an IT asset/license management system. Prior to 8.4.1, aAn authenticated user with only users.edit permission can escalate their own privileges to admin by sending a PATCH request to /api/v1/users/{id} with permissions[admin]=1. The API controller only strips the superuser key from the p...

Vendor: composer
Product: snipe/snipe-it
Published: May 08, 2026
Source: GitHub
CVE-2026-44831 MEDIUM - 4.8

Snipe-IT is an IT asset/license management system. Prior to 8.4.1, users with component view access could be impacted by an unescaped notes column, resulting in cross-site scripting (XSS). This vulnerability is fixed in 8.4.1.

Vendor: composer
Product: snipe/snipe-it
Published: May 08, 2026
Source: GitHub
CVE-2026-44568 MEDIUM - 4.8

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the AccountPending.svelte component renders the admin-configured "Pending User Overlay Content" using marked.parse() inside {@html} with an incorrect DOMPurify application ord...

Vendor: pip
Product: open-webui
Published: May 08, 2026
Source: GitHub

Emlog is an open source website building system. Prior to version 2.6.11, direct SQL injection in article creation and update functions allows attackers to execute arbitrary SQL commands, potentially leading to complete database compromise, data theft, or system destruction. This issue has been patc...

Vendor: emlog
Product: emlog
Published: May 08, 2026
Source: NVD

Emlog is an open source website building system. Prior to version 2.6.11, missing CSRF protection in critical admin functions allows attackers to trick authenticated administrators into performing unauthorized actions like system registration, plugin management, and configuration changes. This issue...

Vendor: emlog
Product: emlog
Published: May 08, 2026
Source: NVD

SolidCAM-GPPL-IDE is an unofficial, independently developed extension, Postprocessor IDE for SolidCAM. From version 1.0.0 to before version 1.0.2, the inc "filename" directive in GPPL postprocessor files is resolved by GpplDocumentLinkHandler into a clickable link (VS Code textDocument/doc...

Vendor: anzory
Product: SolidCAM-GPPL-IDE
Published: May 08, 2026
Source: NVD

SolidCAM-GPPL-IDE is an unofficial, independently developed extension, Postprocessor IDE for SolidCAM. From version 1.0.0 to before version 1.0.2, Opening a .gpp file in the SolidCAM Postprocessor IDE extension causes the language server to parse a companion .vmid file from the same directory (namin...

Vendor: anzory
Product: SolidCAM-GPPL-IDE
Published: May 08, 2026
Source: NVD
CVE-2026-42209 MEDIUM - 6.5

FlashMQ is a MQTT broker/server, designed for multi-CPU environments. Prior to version 1.26.1, a remote client with retained publish permission can crash the FlashMQ broker when both set_retained_message_defer_timeout and set_retained_message_defer_timeout_spread are configured to non-default values...

Vendor: halfgaar
Product: FlashMQ
Published: May 08, 2026
Source: NVD
CVE-2026-42205 HIGH - 8.8

Avo is a framework to create admin panels for Ruby on Rails apps. Prior to version 3.31.2, a broken access control vulnerability was identified in the ActionsController of the Avo framework. Due to insecure action lookup logic, an authenticated user can execute any Action class (descendants of Avo::...

Vendor: avo-hq
Product: avo
Published: May 08, 2026
Source: NVD