Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-44244 | HIGH | 7.8 | GitPython is a python library used to interact with Git repositories. Prior to version 3.1.49, GitConfigParser.set_value() passes values to Python's configparser without validating for newlines. … | May 07, 2026 |
| CVE-2026-44243 | HIGH | 7.1 | GitPython is a python library used to interact with Git repositories. Prior to version 3.1.48, a vulnerability in GitPython allows attackers who can supply a … | May 07, 2026 |
| CVE-2026-42284 | HIGH | 8.1 | GitPython is a python library used to interact with Git repositories. Prior to version 3.1.47, _clone() validates multi_options as the original list, then executes shlex.split(" … | May 07, 2026 |
| CVE-2026-42215 | HIGH | 8.8 | GitPython is a python library used to interact with Git repositories. From version 3.1.30 to before version 3.1.47, GitPython blocks dangerous Git options such as … | May 07, 2026 |
| CVE-2026-42214 | HIGH | 7.8 | Notepad Next is a cross-platform, reimplementation of Notepad++. Prior to version 0.14, NotepadNext's detectLanguageFromExtension() function interpolates a file's extension directly into a Lua script without … | May 07, 2026 |
| CVE-2026-41906 | HIGH | 7.1 | FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.214, the Change Customer modal correctly hides out-of-scope … | May 07, 2026 |
| CVE-2026-41905 | HIGH | 7.7 | FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, Helper::sanitizeRemoteUrl() in app/Misc/Helper.php follows HTTP redirects via … | May 07, 2026 |
| CVE-2026-41904 | HIGH | 7.6 | FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, a user with updateAutoReply permission can store … | May 07, 2026 |
| CVE-2026-41903 | MEDIUM | 5.4 | FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, a user holding the PERM_EDIT_USERS permission (intended … | May 07, 2026 |
| CVE-2026-41902 | CRITICAL | 9.1 | FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, the /user-setup/{hash} endpoint accepts a 60-character random … | May 07, 2026 |
| CVE-2026-41653 | UNKNOWN | — | BentoPDF is a client-side PDF toolkit that is self hostable. Prior to version 2.8.3, a cross-site scripting vulnerability was identified in BentoPD. An attacker may … | May 07, 2026 |
| CVE-2026-8081 | MEDIUM | 6.3 | A vulnerability has been found in router-for-me CLIProxyAPI 6.9.29. Affected by this issue is some unknown functionality of the file internal/api/handlers/management/api_tools.go of the component API … | May 07, 2026 |
| CVE-2026-37709 | CRITICAL | 9.8 | Insecure Permissions vulnerability in grokability snipe-it v.8.4.0 and before and fixed after 2026-03-10 commit 676a9958 allows a remote attacker to execute arbitrary code via the … | May 07, 2026 |
| CVE-2026-7415 | CRITICAL | 9.8 | The MQTT broker embedded in Yarbo firmware v2.3.9 is configured to allow anonymous connections with no topic-level read or write ACLs. Any host on the … | May 07, 2026 |
| CVE-2026-7414 | CRITICAL | 9.8 | Yarbo firmware v2.3.9 contains hardcoded administrative credentials embedded in the firmware image. These credentials are identical across all devices running this firmware and cannot be … | May 07, 2026 |
| CVE-2026-7413 | HIGH | 7.2 | A hidden, persistent backdoor was found in Yarbo firmware v2.3.9 that provides remote, unauthenticated (or weakly authenticated) access to privileged functionality. The backdoor is undocumented, … | May 07, 2026 |
| CVE-2026-7821 | HIGH | 7.4 | Improper certificate validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to enroll a device belonging to a restricted … | May 07, 2026 |
| CVE-2026-6973 | HIGH | 7.2 | An Improper Input Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remotely authenticated user with administrative access to achieve remote code … | May 07, 2026 |
| CVE-2026-5788 | HIGH | 7.0 | An Improper Access Control in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to invoke arbitrary methods. | May 07, 2026 |
| CVE-2026-5787 | HIGH | 8.9 | An Improper Certificate Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to impersonate registered Sentry hosts and obtain … | May 07, 2026 |
| CVE-2026-5786 | HIGH | 8.8 | An Improper Access Control vulnerability in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote authenticated attacker to gain administrative access. | May 07, 2026 |
| CVE-2026-36388 | MEDIUM | 5.4 | A Cross-Site Scripting (XSS) vulnerability was found in PHPGurukal Hospital Management System v4.0 in the /hospital/hms/edit-profile.php page. This flaw allows an authenticated attacker (patient) to … | May 07, 2026 |
| CVE-2026-36387 | MEDIUM | 6.5 | A Remote Code Execution vulnerability was found in CODEASTRO Membership Management System v1.0 in /add_members.php. This vulnerability affects the file upload functionality, where improper file … | May 07, 2026 |
| CVE-2026-36341 | MEDIUM | 5.4 | Cross-Site Scripting (XSS) vulnerability exists in Webkul Krayin CRM v2.1.5. The application fails to sanitize user-supplied input in the comment field during Activity creation on … | May 07, 2026 |
| CVE-2025-65122 | HIGH | 7.5 | Regex Denial of Service in youtube-regex npm package through version 1.0.5. | May 07, 2026 |