Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-39311 | MEDIUM | 6.8 | Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. Versions 0.102.1 and prior contain a critical security flaw … | May 20, 2026 |
| CVE-2026-39310 | HIGH | 8.6 | Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. In versions 0.102.1 and prior, the Clipper API in … | May 20, 2026 |
| CVE-2026-35016 | MEDIUM | 4.6 | Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in search.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized … | May 20, 2026 |
| CVE-2026-35015 | MEDIUM | 4.6 | Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in do_unit_mail.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized … | May 20, 2026 |
| CVE-2026-35014 | MEDIUM | 4.6 | Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in routes_nm.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized … | May 20, 2026 |
| CVE-2026-35013 | MEDIUM | 4.6 | Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in street_view.php that allows authenticated attackers to inject arbitrary JavaScript by passing unsanitized values … | May 20, 2026 |
| CVE-2026-35012 | MEDIUM | 4.6 | Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in add_facnote.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized … | May 20, 2026 |
| CVE-2026-35011 | MEDIUM | 4.6 | Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in opena.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized … | May 20, 2026 |
| CVE-2026-35010 | MEDIUM | 4.6 | Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in patient_JF.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized … | May 20, 2026 |
| CVE-2026-35009 | MEDIUM | 4.6 | Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in add_note.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized … | May 20, 2026 |
| CVE-2026-35008 | MEDIUM | 4.6 | Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in single.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized … | May 20, 2026 |
| CVE-2026-35007 | MEDIUM | 4.6 | Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in single_unit.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized … | May 20, 2026 |
| CVE-2026-33137 | UNKNOWN | — | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki Platform is a generic wiki platform. In … | May 20, 2026 |
| CVE-2026-2813 | MEDIUM | 4.7 | ArcGIS Server contains an input validation weakness in the login redirection workflow. An Authenticated attacker could exploit this issue by sending a specially crafted request, … | May 20, 2026 |
| CVE-2026-2812 | MEDIUM | 5.3 | ArcGIS Server contains an improper authentication vulnerability in an undocumented administrative endpoint. An unauthenticated attacker could exploit this issue by sending a crafted request to … | May 20, 2026 |
| CVE-2026-26028 | MEDIUM | 6.1 | CryptPad is an end-to-end encrypted collaborative office suite. In versions prior to 2026.2.0, the HTML sanitizer in Diffmarked.js can be bypassed due to incomplete attribute … | May 20, 2026 |
| CVE-2026-24218 | HIGH | 8.1 | NVIDIA DGX OS contains a vulnerability in the factory provisioning process, where the cloning of a base image causes identical SSH host keys to be … | May 20, 2026 |
| CVE-2026-24217 | HIGH | 8.8 | NVIDIA BioNeMo Core for Linux contains a vulnerability where a user could cause a path traversal by loading a malicious file. A successful exploit of … | May 20, 2026 |
| CVE-2026-24216 | HIGH | 7.8 | NVIDIA BioNemo for Linux contains a vulnerability where a user could cause a deserialization of untrusted data. A successful exploit of this vulnerability might lead … | May 20, 2026 |
| CVE-2026-24188 | HIGH | 8.2 | NVIDIA TensorRT contains a vulnerability where an attacker could cause an out-of-bounds write. A successful exploit of this vulnerability might lead to data tampering. | May 20, 2026 |
| CVE-2026-23734 | UNKNOWN | — | XWiki Platform is a generic wiki platform. Versions prior to 18.1.0-rc-1, 17.10.3, 17.4.9, and 16.10.17 allow access to read configuration files by using URLs such … | May 20, 2026 |
| CVE-2026-30691 | MEDIUM | 6.1 | Cross-Site Scripting (XSS) vulnerability in @cyntler/react-doc-viewer v1.17.1 allows remote attackers to execute arbitrary JavaScript via a crafted .txt file. The TXTRenderer component fails to sanitize … | May 20, 2026 |
| CVE-2026-20240 | MEDIUM | 6.5 | In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.11, and 9.3.12, and Splunk Cloud Platform versions below 10.4.2603.1, 10.3.2512.9, 10.2.2510.11, 10.1.2507.21, 10.0.2503.13, and 9.3.2411.129, a low-privileged … | May 20, 2026 |
| CVE-2026-20239 | HIGH | 7.5 | In Splunk Enterprise versions below 10.2.2 and 10.0.5, and Splunk Cloud Platform versions below 10.3.2512.8, 10.2.2510.11, 10.1.2507.21, and 10.0.2503.13, a user with a role that … | May 20, 2026 |
| CVE-2026-20238 | MEDIUM | 6.5 | In Splunk AI Toolkit versions below 5.7.3, a low-privileged user that does not hold the 'admin' or 'power' roles could access confidential data that was … | May 20, 2026 |