Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10846
Total
736
Critical
3127
High
3471
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-20034 | HIGH | 8.8 | A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authenticated, remote attacker to execute arbitrary code on an affected device. … | May 06, 2026 |
| CVE-2026-6863 | MEDIUM | 6.8 | Velociraptor versions prior to 0.76.4 contain a cross organization authorization bypass in the HTTP API. A user with only the reader role in the root … | May 06, 2026 |
| CVE-2026-6788 | UNKNOWN | — | Uncontrolled Search Path Element vulnerability in WatchGuard Agent on Windows allows Using Malicious Files.This issue affects WatchGuard Agent before 1.25.03.0000. | May 06, 2026 |
| CVE-2026-6787 | UNKNOWN | — | Use of Hard-coded Cryptographic Key vulnerability in WatchGuard Agent on Windows allows Inclusion of Code in Existing Process.This issue affects WatchGuard Agent: before 1.25.03.0000. | May 06, 2026 |
| CVE-2026-6691 | HIGH | 7.8 | The MongoDB C Driver's Cyrus SASL integration performs unsafe string copying during username canonicalization, enabling a heap buffer overflow before any authentication or network traffic. … | May 06, 2026 |
| CVE-2026-41288 | UNKNOWN | — | Incorrect permission assignment for a resource in the patch management component of the WatchGuard Agent on Windows allows an authenticated local user to elevate their … | May 06, 2026 |
| CVE-2026-41286 | UNKNOWN | — | Stack-based Buffer Overflow vulnerability in the WatchGuard Agent discovery service on Windows allows Overflow Buffers. An unauthenticated attacker on the same local network could exploit … | May 06, 2026 |
| CVE-2026-8028 | LOW | 3.7 | A vulnerability was detected in FlowiseAI Flowise up to 3.0.12. This affects the function verify of the file packages/server/src/enterprise/services/account.service.ts of the component Endpoint. Performing a … | May 06, 2026 |
| CVE-2026-8027 | MEDIUM | 4.3 | A weakness has been identified in FlowiseAI Flowise up to 3.0.12. Affected by this vulnerability is an unknown functionality of the component User Controller Handler. … | May 06, 2026 |
| CVE-2026-41287 | UNKNOWN | — | Stack-based Buffer Overflow vulnerability in the WatchGuard Agent discovery service on Windows allows Overflow Buffers. An unauthenticated attacker on the same local network could exploit … | May 06, 2026 |
| CVE-2025-52613 | MEDIUM | 4.6 | HCL BigFix Service Management (SM) is affected by use of a vulnerable WSGI Server was identified. Deploying an outdated or insecure WSGI server may expose … | May 06, 2026 |
| CVE-2025-31984 | LOW | 3.7 | HCL BigFix Service Management (SM) is affected by a security misconfiguration due to a missing or insecure “X-Content-Type-Options” header. This could allow browsers to perform … | May 06, 2026 |
| CVE-2025-31983 | LOW | 3.7 | HCL BigFix Service Management (SM) is affected by a security misconfiguration vulnerability due to CSP header. This could allow attackers to inject malicious scripts increasing … | May 06, 2026 |
| CVE-2025-31982 | LOW | 3.7 | HCL BigFix Service Management (SM) had directories that were not linked or publicly visible but could be accessed directly. This could allow an increased risk … | May 06, 2026 |
| CVE-2025-31978 | MEDIUM | 4.6 | HCL BigFix Service Management (SM) does not adequately sanitize or safely render spreadsheet files (CSV, XLS, XLSX) before processing or distributing them. An attacker could … | May 06, 2026 |
| CVE-2025-31976 | MEDIUM | 4.8 | HCL BigFix Service Management (SM) is vulnerable to insufficiently protected credentials for a short duration while communicating with a backend, internal application which could allow … | May 06, 2026 |
| CVE-2025-31975 | LOW | 2.6 | HCL BigFix Service Management (SM) is affected by an Information Disclosure – Server Banner issue was identified. Exposed server banners may reveal software versions and … | May 06, 2026 |
| CVE-2025-31959 | LOW | 3.5 | HCL BigFix Service Management (SM) application fails to strip EXIF metadata from uploaded images. This could lead to confidentiality and privacy risks if sensitive location … | May 06, 2026 |
| CVE-2025-31957 | LOW | 2.6 | HHCL BigFix Service Management (SM) is affected by a Cross‑Site Request Forgery (CSRF) vulnerability. This could lead to unauthorized changes or exposure of sensitive data. | May 06, 2026 |
| CVE-2026-36358 | MEDIUM | 5.4 | Cross Site Scripting vulnerability in Juzaweb CMS v.5.0.0 allows a remote attacker via execute arbitrary code via a crafted script to the Add Banner Ads … | May 06, 2026 |
| CVE-2026-8026 | LOW | 3.7 | A security flaw has been discovered in FlowiseAI Flowise up to 3.0.12. Affected is the function Login of the file packages/server/src/enterprise/services/account.service.ts of the component API … | May 06, 2026 |
| CVE-2026-5081 | CRITICAL | 9.1 | Apache::Session::Generate::ModUniqueId versions from 1.54 through 1.94 for Perl session ids are insecure. Apache::Session::Generate::ModUniqueId (added in version 1.54) uses the value of the UNIQUE_ID environment variable … | May 06, 2026 |
| CVE-2026-40562 | HIGH | 7.5 | Gazelle versions through 0.49 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Gazelle incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are … | May 06, 2026 |
| CVE-2026-6210 | UNKNOWN | — | A type confusion vulnerability in Qt SVG allows an attacker to cause an application crash via a crafted SVG image. When processing SVG marker references, … | May 06, 2026 |
| CVE-2026-43283 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: net: ethernet: ec_bhf: Fix dma_free_coherent() dma handle dma_free_coherent() in error path takes priv->rx_buf.alloc_len as the … | May 06, 2026 |