Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10846
Total
736
Critical
3127
High
3471
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-41930 | CRITICAL | 9.8 | Vvveb before version 1.0.8.2 contains a hard-coded credentials vulnerability in its docker-compose-apache.yaml configuration that allows unauthenticated attackers to access the bundled phpMyAdmin container with pre-configured … | May 06, 2026 |
| CVE-2026-34474 | HIGH | 7.5 | Sensitive data exposure leading to admin/WLAN credential leak in ZTE ZXHN H298A 1.1 and H108N 2.6. A crafted request to the router web interface can … | May 06, 2026 |
| CVE-2026-34473 | HIGH | 7.5 | Unauthenticated DoS in ZTE H8102E, H168N, H167A, H199A, H288A, H198A, H267A, H267N, H268A, H388X, H196A, H369A, H268N, H208N, H367N, H181A, and H196Q. A denial-of-service condition … | May 06, 2026 |
| CVE-2026-0300 | UNKNOWN | — | A buffer overflow vulnerability in the User-ID™ Authentication Portal (aka Captive Portal) service of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to execute … | May 06, 2026 |
| CVE-2025-31974 | LOW | 3.9 | HCL BigFix Service Management (SM) is susceptible to a Root File System Not Mounted as Read-Only. An improperly configured root file system may allow unintended … | May 06, 2026 |
| CVE-2025-31960 | MEDIUM | 5.3 | HCL BigFix Service Management (SM) is vulnerable to information exposure due to improper error handling within its reporting module. It was observed that supplying an … | May 06, 2026 |
| CVE-2024-30151 | HIGH | 8.3 | HCL BigFix Service Management (SX) is affected by a Broken Access Control vulnerability leading to privilege escalation. This could allow unauthorized users to gain elevated … | May 06, 2026 |
| CVE-2026-33079 | UNKNOWN | — | In versions 3.0.0a1 through 3.2.0 of Mistune, there is a ReDoS (Regular Expression Denial of Service) vulnerability in `LINK_TITLE_RE` that allows an attacker who can … | May 06, 2026 |
| CVE-2026-29090 | UNKNOWN | — | ### Summary A SQL injection vulnerability exists in Rucio versions 1.30.0 and later before 35.8.5, 38.5.5, 39.4.2, and 40.1.1, in `FilterEngine.create_postgres_query()`. This allows any authenticated … | May 06, 2026 |
| CVE-2026-7875 | HIGH | 8.8 | NanoClaw contains a host/container filesystem boundary vulnerability in outbound attachment handling and outbox cleanup that allows a compromised or prompt-injected container to read files outside … | May 06, 2026 |
| CVE-2026-42503 | HIGH | 8.8 | gopls by default communicates via pipe. However, -port and -listen flags are supported as means of debugging. If -listen is given a value without an … | May 06, 2026 |
| CVE-2026-29080 | UNKNOWN | — | A SQL injection vulnerability in `FilterEngine.create_sqla_query()` allows any authenticated Rucio user to execute arbitrary SQL against the backend database through the DID search endpoint (`GET … | May 06, 2026 |
| CVE-2026-23870 | HIGH | 7.5 | A denial of service vulnerability could be triggered by sending specially crafted HTTP requests to server function endpoints, this could lead to server crashes, out-of-memory … | May 06, 2026 |
| CVE-2026-21661 | UNKNOWN | — | Uncontrolled Search Path Element vulnerability in JohnsonControls AC2000 on Windows allows Leveraging/Manipulating Configuration File Search Paths. This issue affects AC2000: from 10.6 before release 10, … | May 06, 2026 |
| CVE-2026-20219 | MEDIUM | 5.4 | A vulnerability in the REST API of Cisco Slido could have allowed an authenticated, remote attacker to access the social profile data of other users … | May 06, 2026 |
| CVE-2026-20195 | MEDIUM | 5.3 | A vulnerability in an identity management API endpoint of Cisco ISE could allow an unauthenticated, remote attacker to enumerate valid user accounts on an affected … | May 06, 2026 |
| CVE-2026-20193 | MEDIUM | 4.3 | A vulnerability in the RADIUS Policy API endpoints of Cisco ISE could allow an authenticated, remote attacker with read-only Administrator privileges to gain unauthorized access to … | May 06, 2026 |
| CVE-2026-20189 | MEDIUM | 4.3 | A vulnerability in the log file download functionality of Cisco Prime Infrastructure could allow an authenticated, remote attacker to download arbitrary log files from the server. … | May 06, 2026 |
| CVE-2026-20188 | HIGH | 7.5 | A vulnerability in the connection-handling mechanism of Cisco Crosswork Network Controller (CNC) and Cisco Network Services Orchestrator (NSO) could allow an unauthenticated, remote attacker to … | May 06, 2026 |
| CVE-2026-20185 | HIGH | 7.7 | A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco 350 Series Managed Switches (SG350) and Cisco 350X Series Stackable Managed Switches (SG350X) firmware could … | May 06, 2026 |
| CVE-2026-20172 | MEDIUM | 4.3 | A vulnerability in the Lite Agent feature of Cisco Enterprise Chat and Email (ECE) could allow an authenticated, remote attacker to conduct browser-based attacks. To … | May 06, 2026 |
| CVE-2026-20169 | MEDIUM | 6.4 | A vulnerability in the web-based management interface of Cisco IoT Field Network Director could allow an authenticated, remote attacker with low privileges to access files … | May 06, 2026 |
| CVE-2026-20168 | MEDIUM | 6.5 | A vulnerability in the web-based management interface of Cisco IoT Field Network Director could allow an authenticated, remote attacker with low privileges to retrieve files … | May 06, 2026 |
| CVE-2026-20167 | HIGH | 7.7 | A vulnerability in the web-based management interface of Cisco IoT Field Network Director could allow an authenticated, remote attacker with low privileges to cause a … | May 06, 2026 |
| CVE-2026-20035 | HIGH | 7.2 | A vulnerability in the web UI of Cisco Unity Connection Web Inbox could allow an unauthenticated, remote attacker to conduct SSRF attacks through an affected … | May 06, 2026 |