Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-8034 | UNKNOWN | — | A server-side request forgery (SSRF) vulnerability was identified in the GitHub Enterprise Server notebook viewer that allowed an attacker to access internal services by exploiting … | May 07, 2026 |
| CVE-2026-7891 | UNKNOWN | — | The VerySecureApp made by DIVD using Mendix Studio Pro 11.8.0 Beta allows unintended data exposure due to authorization misconfiguration. The VerySecureApp allows anonymous users of … | May 07, 2026 |
| CVE-2026-7541 | UNKNOWN | — | A denial of service vulnerability was identified in GitHub Enterprise Server that allowed an unauthenticated attacker to cause service disruption by sending crafted requests with … | May 07, 2026 |
| CVE-2026-6736 | UNKNOWN | — | An authentication bypass vulnerability was identified in GitHub Enterprise Server that allowed an unauthenticated attacker to create a local user account, bypassing the configured external … | May 07, 2026 |
| CVE-2026-42826 | CRITICAL | 10.0 | Exposure of sensitive information to an unauthorized actor in Azure DevOps allows an unauthorized attacker to disclose information over a network. | May 07, 2026 |
| CVE-2026-41929 | MEDIUM | 6.1 | Vvveb before 1.0.8.2 contains an unauthenticated reflected cross-site scripting vulnerability in the visual editor preview renderer that allows attackers to execute arbitrary JavaScript by manipulating … | May 07, 2026 |
| CVE-2026-41928 | MEDIUM | 5.3 | Vvveb before 1.0.8.2 contains an information disclosure vulnerability in the cron controller that allows unauthenticated attackers to retrieve the application's secret cron key. Attackers can … | May 07, 2026 |
| CVE-2026-41105 | HIGH | 8.1 | Server-side request forgery (ssrf) in Azure Notification Service allows an authorized attacker to elevate privileges over a network. | May 07, 2026 |
| CVE-2026-40214 | MEDIUM | 6.3 | In OpenStack Cyborg before 16.0.1, the Accelerator Request (ARQ) API does not enforce project ownership at any layer. The project_id column in the database is … | May 07, 2026 |
| CVE-2026-40213 | HIGH | 7.4 | OpenStack Cyborg before 16.0.1 uses rule:allow (check_str='@') as the default policy for multiple API endpoints. This unconditionally authorizes any request carrying a valid Keystone token … | May 07, 2026 |
| CVE-2026-35435 | HIGH | 8.6 | Improper access control in Azure AI Foundry M365 published agents allows an unauthorized attacker to elevate privileges over a network. | May 07, 2026 |
| CVE-2026-35428 | CRITICAL | 9.6 | Improper neutralization of special elements used in a command ('command injection') in Azure Cloud Shell allows an unauthorized attacker to perform spoofing over a network. | May 07, 2026 |
| CVE-2026-34327 | HIGH | 8.2 | Externally controlled reference to a resource in another sphere in Microsoft Partner Center allows an unauthorized attacker to perform spoofing over a network. | May 07, 2026 |
| CVE-2026-33844 | CRITICAL | 9.0 | Improper input validation in Azure Managed Instance for Apache Cassandra allows an authorized attacker to execute code over a network. | May 07, 2026 |
| CVE-2026-33823 | CRITICAL | 9.6 | Improper authorization in Microsoft Teams allows an authorized attacker to disclose information over a network. | May 07, 2026 |
| CVE-2026-33111 | HIGH | 7.5 | Improper neutralization of special elements used in a command ('command injection') in Copilot Chat (Microsoft Edge) allows an unauthorized attacker to disclose information over a … | May 07, 2026 |
| CVE-2026-33109 | CRITICAL | 9.9 | Improper access control in Azure Managed Instance for Apache Cassandra allows an authorized attacker to execute code over a network. | May 07, 2026 |
| CVE-2026-32207 | HIGH | 8.8 | Improper neutralization of input during web page generation ('cross-site scripting') in Azure Machine Learning allows an unauthorized attacker to perform spoofing over a network. | May 07, 2026 |
| CVE-2026-26164 | HIGH | 7.5 | Improper neutralization of special elements in output used by a downstream component ('injection') in M365 Copilot allows an unauthorized attacker to disclose information over a … | May 07, 2026 |
| CVE-2026-26129 | HIGH | 7.5 | Improper neutralization of special elements in M365 Copilot allows an unauthorized attacker to disclose information over a network. | May 07, 2026 |
| CVE-2026-8098 | HIGH | 7.3 | A security vulnerability has been detected in code-projects Feedback System 1.0. Impacted is an unknown function of the file /admin/checklogin.php. Such manipulation of the argument … | May 07, 2026 |
| CVE-2026-8097 | MEDIUM | 6.3 | A security flaw has been discovered in CodeAstro Online Classroom 1.0. This vulnerability affects unknown code of the file /askquery.php. The manipulation of the argument … | May 07, 2026 |
| CVE-2026-44365 | UNKNOWN | — | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-34429. Reason: This candidate is a duplicate of CVE-2026-34429. Notes: All CVE users … | May 07, 2026 |
| CVE-2026-42449 | HIGH | 8.5 | n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. In versions 2.47.4 through 2.47.13, the SDK embedder … | May 07, 2026 |
| CVE-2026-42047 | HIGH | 8.6 | Inngest is a platform for running event-driven and scheduled background functions with queueing, retries, and step orchestration. Versions 3.22.0 through 3.53.1 contain a vulnerability that … | May 07, 2026 |