Total CVEs

144,218

Critical Severity

4,148

High Severity

14,965

Last 7 Days

1,642
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 14,781 - 14,800 of 40,623 CVEs
CVE-2025-62308 MEDIUM - 5.1

HCL AION is affected by a vulnerability where sensitive backend infrastructure details may be exposed. Exposure of such information could reveal internal system architecture or configuration details, which may potentially assist in further analysis or targeted actions under certain conditions

Vendor: HCL
Product: AION
Published: May 14, 2026
Source: NVD
CVE-2025-62305 MEDIUM - 5.1

HCL AION is affected by a vulnerability where certain operations may trigger out-of-band interactions, potentially resulting in unintended disclosure of sensitive information. Such behaviour may allow exposure of data to external systems under specific conditions.

Vendor: HCL
Product: AION
Published: May 14, 2026
Source: NVD
CVE-2026-44899 MEDIUM - 4.7

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, the Image directive plugin validates the :width: and :height: options with a regex compiled as _num_re = re.compile(r"^\d+(?:\.\d*)?"). When the validated value is not a plain integer, render_block_image() inse...

Vendor: pip
Product: mistune
Published: May 14, 2026
Source: GitHub
CVE-2026-44898 MEDIUM - 6.1

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, render_toc_ul() builds a <ul> table-of-contents tree from a list of (level, id, text) tuples. Both the id value (used as href="#<id>") and the text value (used as the visible link label) are inserte...

Vendor: pip
Product: mistune
Published: May 14, 2026
Source: GitHub
CVE-2026-45292 MEDIUM - 5.3

opentelemetry-java is the Java implementation of the OpenTelemetry API for recording telemetry, and SDK for managing telemetry recorded by the API. Prior to 1.62.0, a vulnerability affects the baggage propagation implementation in opentelemetry-api and opentelemetry-extension-trace-propagators. Pars...

Vendor: maven
Product: io.opentelemetry:opentelemetry-api
Published: May 14, 2026
Source: GitHub
CVE-2026-44884 MEDIUM - 6.5

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8 and 2.39.1, a missing authorization vulnerability in the Custom Template file endpoint (GET /a...

Vendor: go
Product: github.com/portainer/portainer
Published: May 14, 2026
Source: GitHub
CVE-2026-44883 HIGH - 7.5

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, Portainer's authentication middleware accepts JWT bearer tokens pass...

Vendor: go
Product: github.com/portainer/portainer
Published: May 14, 2026
Source: GitHub
CVE-2026-44849 CRITICAL - 8.8

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, Portainer enforces seven EndpointSecuritySettings restrictions that admin...

Vendor: go
Product: github.com/portainer/portainer
Published: May 14, 2026
Source: GitHub
CVE-2026-44882 HIGH - 8.1

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33., Portainer proxies requests to Kubernetes clusters through a middleware layer (kubeClientMiddle...

Vendor: go
Product: github.com/portainer/portainer
Published: May 14, 2026
Source: GitHub
CVE-2026-44881 HIGH - 9.9

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, Portainer supports deploying stacks from Git repositories. When a Git-bac...

Vendor: go
Product: github.com/portainer/portainer
Published: May 14, 2026
Source: GitHub
CVE-2026-44850 HIGH - 8.5

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, Portainer offers an environment-level Disable bind mounts for non-adminis...

Vendor: go
Product: github.com/portainer/portainer
Published: May 14, 2026
Source: GitHub
CVE-2026-44885 MEDIUM - 5.5

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, Portainer's backup restore feature accepts a .tar.gz archive and extracts it to a target...

Vendor: go
Product: github.com/portainer/portainer
Published: May 14, 2026
Source: GitHub
CVE-2026-44848 CRITICAL - 8.8

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, The Docker plugin management endpoints (/plugins/*) were not registered w...

Vendor: go
Product: github.com/portainer/portainer
Published: May 14, 2026
Source: GitHub
CVE-2026-46480 HIGH - 8.8

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, evaluator create and update mass-assignment allows cross-workspace evaluator takeover. This issue has been patched in version 3.1.2.

Vendor: npm
Product: flowise
Published: May 14, 2026
Source: GitHub
CVE-2026-46479 HIGH - 8.8

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, evaluation create and update mass-assignment allows cross-workspace evaluation takeover. This issue has been patched in version 3.1.2.

Vendor: npm
Product: flowise
Published: May 14, 2026
Source: GitHub
CVE-2026-46478 HIGH - 8.8

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, DatasetRow create and update mass-assignment allows cross-workspace row takeover. This issue has been patched in version 3.1.2.

Vendor: npm
Product: flowise
Published: May 14, 2026
Source: GitHub
CVE-2026-46477 HIGH - 8.8

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, dataset create and update mass-assignment allows cross-workspace dataset takeover. This issue has been patched in version 3.1.2.

Vendor: npm
Product: flowise
Published: May 14, 2026
Source: GitHub
CVE-2026-46476 HIGH - 8.8

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, CustomTemplate create and update mass-assignment allows cross-workspace template takeover. This issue has been patched in version 3.1.2.

Vendor: npm
Product: flowise
Published: May 14, 2026
Source: GitHub
CVE-2026-46475 HIGH - 8.8

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, assistant create and update mass-assignment allows cross-workspace assistant takeover. This issue has been patched in version 3.1.2.

Vendor: npm
Product: flowise
Published: May 14, 2026
Source: GitHub
CVE-2026-46444 HIGH - 8.8

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, all CRUD endpoints for OpenAI Assistants Vector Store have no authentication middleware and the route path /api/v1/openai-assistants-vector-store is not in WHITELIST_URLS. However, it...

Vendor: npm
Product: flowise
Published: May 14, 2026
Source: GitHub