Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-41496 | HIGH | 8.1 | PraisonAI is a multi-agent teams system. Prior to praisonai version 4.6.9 and praisonaiagents version 1.6.9, the fix for CVE-2026-40315 added input validation to SQLiteConversationStore only. … | May 08, 2026 |
| CVE-2026-41493 | UNKNOWN | — | YARD is a Ruby Documentation tool. Prior to version 0.9.42, a path traversal vulnerability was discovered in YARD when using yard server to serve documentation. … | May 08, 2026 |
| CVE-2026-41491 | HIGH | 8.1 | Dapr is a portable, event-driven, runtime for building distributed applications across cloud and edge. From versions 1.3.0 to before 1.15.14, 1.16.0-rc.1 to before 1.16.14, and … | May 08, 2026 |
| CVE-2026-41423 | UNKNOWN | — | Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.21, 20.3.19, 21.2.9, and 22.0.0-next.8, … | May 08, 2026 |
| CVE-2026-41161 | UNKNOWN | — | Sync-in Server is a secure, open-source platform for file storage, sharing, collaboration, and syncing. Prior to version 2.2.0, the /api/auth/login endpoint contains a logic flaw … | May 08, 2026 |
| CVE-2026-39816 | UNKNOWN | — | The optional extension component TinkerpopClientService is missing the Restricted annotation with the Execute Code Required Permission in Apache NiFi 2.0.0-M1 through 2.8.0. The TinkerpopClientService supports … | May 08, 2026 |
| CVE-2026-32803 | LOW | 3.3 | Dell PowerScale OneFS versions 9.5.0.0 through 9.5.1.6, 9.6.0.0 through 9.7.1.13, 9.8.0.0 through 9.10.1.5 and 9.11.0.0 through 9.12.0.1 contains an Insufficient Logging vulnerability. A low privileged … | May 08, 2026 |
| CVE-2025-71302 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: drm/panthor: fix for dma-fence safe access rules Commit 506aa8b02a8d6 ("dma-fence: Add safe access helpers and … | May 08, 2026 |
| CVE-2025-71301 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: drm/tests: shmem: Hold reservation lock around vmap/vunmap Acquire and release the GEM object's reservation lock … | May 08, 2026 |
| CVE-2025-71300 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: Revert "arm64: zynqmp: Add an OP-TEE node to the device tree" This reverts commit 06d22ed6b6635b17551f386b50bb5aaff9b75fbe. … | May 08, 2026 |
| CVE-2025-71299 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: spi: cadence-quadspi: Parse DT for flashes with the rest of the DT parsing The recent … | May 08, 2026 |
| CVE-2025-71298 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: drm/tests: shmem: Hold reservation lock around madvise Acquire and release the GEM object's reservation lock … | May 08, 2026 |
| CVE-2025-71297 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: 8822b: Avoid WARNING in rtw8822b_config_trx_mode() rtw8822b_set_antenna() can be called from userspace when the … | May 08, 2026 |
| CVE-2025-71296 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: drm/tests: shmem: Hold reservation lock around purge Acquire and release the GEM object's reservation lock … | May 08, 2026 |
| CVE-2026-8077 | UNKNOWN | — | Lack of proper authorization implementation in the CashDro 3 web administration panel, version 24.01.00.26. The backend lacks authorization controls, leaving security entirely to the frontend. … | May 08, 2026 |
| CVE-2026-25199 | UNKNOWN | — | Instances deployed via the Proxmox extension allow unauthorized access to instances belonging to other tenants. This issue affects Apache CloudStack: from 4.21.0.0 through 4.22.0.0. The … | May 08, 2026 |
| CVE-2026-25077 | UNKNOWN | — | Account users are allowed by default to register templates to be downloaded directly to the primary storage for deploying instances using the KVM hypervisor. Due … | May 08, 2026 |
| CVE-2025-69233 | MEDIUM | 6.5 | Due to multiple time-of-check time-of-use race conditions in the resource count check and increment logic, as well as missing validations, users of the platform are … | May 08, 2026 |
| CVE-2025-66467 | HIGH | 8.0 | Missing MinIO policy cleanup on bucket deletion via Apache CloudStack allows users to retain access to buckets which they previously owned. If another user creates … | May 08, 2026 |
| CVE-2025-66172 | UNKNOWN | — | The CloudStack Backup plugin has an improper access logic in versions 4.21.0.0 and 4.22.0.0. Anyone with authenticated user-account access in CloudStack 4.21.0.0+ environments, where this … | May 08, 2026 |
| CVE-2025-66171 | UNKNOWN | — | The CloudStack Backup plugin has an improper access logic in versions 4.21.0.0 and 4.22.0.0. Anyone with authenticated user-account access in CloudStack 4.21.0.0+ environments, where this … | May 08, 2026 |
| CVE-2025-66170 | UNKNOWN | — | The CloudStack Backup plugin has an improper authorization logic in versions 4.21.0.0 and 4.22.0.0. Anyone with authenticated user-account access in CloudStack 4.21.0.0+ environments, where this … | May 08, 2026 |
| CVE-2022-50994 | HIGH | 8.1 | DrayTek Vigor 2960 firmware versions prior to 1.5.1.4 contain an OS command injection vulnerability in the CGI login handler that allows unauthenticated remote attackers to … | May 08, 2026 |
| CVE-2026-8153 | CRITICAL | 9.8 | OS command injection in Dashboard Server interface in Universal Robots PolyScope versions prior to 5.21.1 allows unauthenticated attacker to craft commands that will execute code … | May 08, 2026 |
| CVE-2026-8076 | UNKNOWN | — | Weak credentials in the CashDro 3 web administration panel, version 24.01.00.26, where the platform allows the use of numeric PINs for user authentication. The system … | May 08, 2026 |