Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-41692 | MEDIUM | 4.7 | i18nextify is a JavaScript library that adds website internationalization via a script tag, without source code changes. Versions prior to 4.0.8 substitute {{key}} interpolation tokens … | May 07, 2026 |
| CVE-2026-41691 | MEDIUM | 6.5 | Copilot said: i18nextify is a JavaScript library that adds i18nextify is a JavaScript library that adds website internationalization via a script tag, without source code … | May 07, 2026 |
| CVE-2026-8142 | MEDIUM | 6.5 | VINCE versions 3.0.38 and earlier do not properly verify the From address authenticity due to encoding confusion and use the from address for automated actions … | May 07, 2026 |
| CVE-2026-8088 | LOW | 3.3 | A weakness has been identified in OSGeo gdal up to 3.13.0dev-4. The affected element is the function GDfieldinfo of the file frmts/hdf4/hdf-eos/GDapi.c. Executing a manipulation … | May 07, 2026 |
| CVE-2026-8087 | MEDIUM | 5.3 | A security flaw has been discovered in OSGeo gdal up to 3.13.0dev-4. Impacted is the function GDnentries of the file frmts/hdf4/hdf-eos/GDapi.c. Performing a manipulation of … | May 07, 2026 |
| CVE-2026-43510 | HIGH | 7.6 | manage.get.gov is the .gov TLD registrar maintained by CISA. manage.get.gov allows an organization administrator to assign domain manager privileges for domains not already in another … | May 07, 2026 |
| CVE-2026-42501 | HIGH | 7.5 | A malicious module proxy can exploit a flaw in the go command's validation of module checksums to bypass checksum database validation. This vulnerability affects any … | May 07, 2026 |
| CVE-2026-42499 | UNKNOWN | — | Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322. | May 07, 2026 |
| CVE-2026-42259 | UNKNOWN | — | Saltcorn is an extensible, open source, no-code database application builder. Prior to versions 1.4.6, 1.5.6, and 1.6.0-beta.5, Saltcorn validates the post-login dest parameter with a … | May 07, 2026 |
| CVE-2026-42241 | MEDIUM | 5.3 | ParquetSharp is a .NET library for reading and writing Apache Parquet files. From version 18.1.0 to before version 23.0.0.1, DecimalConverter.ReadDecimal makes a stackalloc using what … | May 07, 2026 |
| CVE-2026-42239 | HIGH | 8.1 | Budibase is an open-source low-code platform. Prior to version 3.35.10, the budibase:auth cookie containing the JWT session token is set with httpOnly: false at packages/backend-core/src/utils/utils.ts:218. … | May 07, 2026 |
| CVE-2026-42225 | UNKNOWN | — | PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, on GnuTLS builds, the SIP TLS transport (sip_transport_tls) … | May 07, 2026 |
| CVE-2026-39836 | UNKNOWN | — | The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL (0). | May 07, 2026 |
| CVE-2026-39826 | MEDIUM | 6.1 | If a trusted template author were to write a <script> tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the … | May 07, 2026 |
| CVE-2026-39825 | UNKNOWN | — | ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, … | May 07, 2026 |
| CVE-2026-39823 | MEDIUM | 6.1 | CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a <meta> tag's <content> attribute. If the URL content were to insert … | May 07, 2026 |
| CVE-2026-39820 | HIGH | 7.5 | Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations. | May 07, 2026 |
| CVE-2026-39819 | UNKNOWN | — | The "go bug" command writes to two files with predictable names in the system temporary directory (for example, "/tmp"). An attacker with access to the … | May 07, 2026 |
| CVE-2026-39817 | UNKNOWN | — | The "go tool pack" subcommand (usually used only by the compiler as an internal tool with known-good inputs) does not sanitize output filenames. Extracting a … | May 07, 2026 |
| CVE-2026-33814 | UNKNOWN | — | When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0. | May 07, 2026 |
| CVE-2026-33811 | HIGH | 7.5 | When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash. | May 07, 2026 |
| CVE-2026-8086 | MEDIUM | 5.3 | A vulnerability was identified in OSGeo gdal up to 3.13.0dev-4. This issue affects the function SWnentries of the file frmts/hdf4/hdf-eos/SWapi.c. Such manipulation of the argument … | May 07, 2026 |
| CVE-2026-8084 | LOW | 3.3 | A vulnerability was determined in OSGeo gdal up to 3.13.0dev-4. This vulnerability affects the function memmove of the file frmts/hdf4/hdf-eos/SWapi.c of the component HDF-EOS Grid … | May 07, 2026 |
| CVE-2026-8083 | HIGH | 7.3 | A vulnerability was found in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects an unknown part of the file /ajax.php?action=save_user. The manipulation of the … | May 07, 2026 |
| CVE-2026-44742 | HIGH | 7.2 | Postorius through 1.3.13 does not escape HTML in the message subject when rendering it in the Held messages pop-up, as exploited in the wild in … | May 07, 2026 |