Total CVEs

142,027

Critical Severity

3,943

High Severity

14,108

Last 7 Days

1,724
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 15,421 - 15,440 of 38,432 CVEs
CVE-2026-42047 HIGH - 8.6

Inngest is a platform for running event-driven and scheduled background functions with queueing, retries, and step orchestration. Versions 3.22.0 through 3.53.1 contain a vulnerability that allows unauthenticated remote attackers to exfiltrate environment variables from the host process via the serv...

Vendor: npm
Product: inngest
Published: May 05, 2026
Source: GitHub
CVE-2026-40864 MEDIUM - 5.4

JupyterHub is software that allows users to create a multi-user server for Jupyter notebooks. In versions 4.1.0 through 5.4.4, XSRF protection (updated in 4.1.0) inappropriately treated requests with Sec-Fetch-Mode: no-cors as same-origin requests, bypassing XSRF checks. The JSON API is not affected...

Vendor: pip
Product: jupyterhub
Published: May 05, 2026
Source: GitHub
CVE-2026-42045 MEDIUM - 6.2

LobeHub is a work-and-lifestyle space to find, build, and collaborate with agent teammates that grow with you. Prior to 2.1.48, when LobeChat processes custom tags in the Render process of src/features/Portal/Artifacts/Body/Renderer/index.tsx, if no type match is found, it will choose to call the de...

Vendor: npm
Product: @lobehub/lobehub
Published: May 05, 2026
Source: GitHub
CVE-2026-42860 HIGH - 8.5

The Open edx Enterprise Service app provides enterprise features to the Open edX platform. From 7.0.2 to 7.0.4, the sync_provider_data endpoint in SAMLProviderDataViewSet fetches SAML metadata from a URL stored in SAMLProviderConfig.metadata_source. An authenticated user with the Enterprise Admin ro...

Vendor: pip
Product: edx-enterprise
Published: May 05, 2026
Source: GitHub

Network-AI is a TypeScript/Node.js multi-agent orchestrator. Prior to 5.1.3, the MCP HTTP transport accepts JSON-RPC tools/call requests with no authentication, session, origin, or token check, and dispatches them directly to the orchestrator's tool registry. The default bind address is 0.0.0.0...

Vendor: npm
Product: network-ai
Published: May 05, 2026
Source: GitHub
CVE-2026-7847 LOW - 2.6

A vulnerability was found in chatchat-space Langchain-Chatchat up to 0.3.1.3. The affected element is the function _get_file_id of the file libs/chatchat-server/chatchat/server/api_server/openai_routes.py of the component Uploaded File Handler. Performing a manipulation results in insufficiently ran...

Published: May 05, 2026
Source: NVD
CVE-2026-43002 MEDIUM - 5.3

An issue was discovered in OpenStack Horizon 25.6 and 25.7 before 25.7.3. There is a write operation to the session storage backend before authentication and thus storage can be exhausted by unauthenticated requests. This is a regression of the CVE-2014-8124 fix.

Vendor: OpenStack
Product: Horizon
Published: May 05, 2026
Source: NVD
CVE-2026-38432 MEDIUM - 6.1

ERPNext v15.103.1 and before is vulnerable to Cross Site Scripting (XSS) in the Email Template engine. An attacker with permission to create or edit email templates can inject malicious JavaScript code that are executed on the victim's browser when the template is applied.

Vendor: frappe
Product: erpnext
Published: May 05, 2026
Source: NVD
CVE-2026-38431 CRITICAL - 9.8

ERPNext v15.103.1 and before is vulnerable to Server-Side Template Injection (SSTI). An attacker with permission to create or edit email templates can inject template expressions that are executed on the server when the template is rendered.

Vendor: frappe
Product: erpnext
Published: May 05, 2026
Source: NVD
CVE-2026-38429 CRITICAL - 9.8

OpenCMS v20 and before is vulnerable to XML External Entity (XXE) in the Admin Import DB feature due to insecure XML parsing of user supplied .zip files containing a manifest.xml.

Published: May 05, 2026
Source: NVD
CVE-2026-25589 HIGH - 8.8

RedisBloom is a probabilistic data structures module for Redis. In all versions of RedisBloom before 2.8.20, the module does not properly validate serialized values processed through the Redis RESTORE command. An authenticated attacker with permission to execute RESTORE on a server with the RedisBlo...

Vendor: RedisBloom
Product: RedisBloom
Published: May 05, 2026
Source: NVD
CVE-2026-25588 HIGH - 8.8

RedisTimeSeries is a time-series module for Redis. In all versions before 1.12.14 of RedisTimeSeries, the module does not properly validate serialized values processed through the Redis RESTORE command. An authenticated attacker with permission to execute RESTORE on a server with the RedisTimeSeries...

Vendor: RedisTimeSeries
Product: RedisTimeSeries
Published: May 05, 2026
Source: NVD
CVE-2026-25243 HIGH - 8.8

Redis is an in-memory data structure store. In versions of redis-server up to 8.6.3, the RESTORE command does not properly validate serialized values. An authenticated attacker with permission to execute RESTORE can supply a crafted serialized payload that triggers invalid memory access and may lead...

Vendor: redis
Product: redis
Published: May 05, 2026
Source: NVD
CVE-2026-23631 HIGH - 8.1

Redis is an in-memory data structure store. In all versions of redis-server with Lua scripting, an authenticated attacker can exploit the master-replica synchronization mechanism to trigger a use-after-free on replicas where replica-read-only is disabled or can be disabled, which may lead to remote ...

Vendor: redis
Product: redis
Published: May 05, 2026
Source: NVD
CVE-2026-23479 HIGH - 8.8

Redis is an in-memory data structure store. In redis-server from 7.2.0 until 8.6.3, the unblock client flow does not handle an error return from `processCommandAndResetClient` when re-executing a blocked command. If a blocked client is evicted during this flow, an authenticated attacker can trigger ...

Vendor: redis
Product: redis
Published: May 05, 2026
Source: NVD
CVE-2026-41164 MEDIUM - 4.4

nuts-node is the reference implementation of the Nuts specification. Prior to 6.2.3 and 5.4.31, the v1 access token introspection endpoint (/auth/v1/introspect_access_token) accepts any JWT signed by a key present on the node, without validating the JWT type, issuer-to-key binding, or required claim...

Vendor: go
Product: github.com/nuts-foundation/nuts-node
Published: May 05, 2026
Source: GitHub
CVE-2026-40934 MEDIUM - 6.8

Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, the secret used to sign authentication cookies is persisted to a static file at ~/.local/share/jupyter/runtime/jupyter_cookie_secret and is never rotated when a user changes their password. After a password r...

Vendor: pip
Product: jupyter-server
Published: May 05, 2026
Source: GitHub
CVE-2026-40110 HIGH - 7.3

Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, the Origin header validation uses Python's re.match() to check incoming origins against the allow_origin_pat configuration value. Because re.match() only anchors at the start of the string and does not r...

Vendor: pip
Product: jupyter-server
Published: May 05, 2026
Source: GitHub
CVE-2026-35397 HIGH - 7.1

Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, a path traversal vulnerability in the REST API allows an authenticated user to escape the configured root_dir and access sibling directories whose names begin with the same prefix as the root_dir. For example...

Vendor: pip
Product: jupyter-server
Published: May 05, 2026
Source: GitHub

A hidden console command is vulnerable to command injection flaw when control characters are passed to its second argument.ย  A third party researcher Eugene Lim had discovered vulnerability in the way console command passes to a popen function call. Attackers with authenticated access to SSH consol...

Published: May 05, 2026
Source: NVD