Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-9101 | MEDIUM | 4.3 | Prototype pollution in csv parsing logic during import can lead to untrusted file paths (but not arguments) entering shell.openExternal after specific user behavior leading to … | May 20, 2026 |
| CVE-2026-9100 | MEDIUM | 5.9 | The MongoDB C Driver's legacy GridFS API accepts malformed file metadata from the database without adequate validation. Crafted documents in a GridFS collection may cause … | May 20, 2026 |
| CVE-2026-9087 | MEDIUM | 6.4 | A flaw was found in Keycloak. The cross-session verification proof is keyed only by (local userId, idpAlias) and is not bound to the upstream identity … | May 20, 2026 |
| CVE-2026-8342 | UNKNOWN | — | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this … | May 20, 2026 |
| CVE-2026-7613 | HIGH | 7.2 | The Cost of Goods by PixelYourSite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'csvdata[0][cost_of_goods_value]' parameter in versions up to, and including, … | May 20, 2026 |
| CVE-2026-44926 | HIGH | 8.8 | InfoScale CmdServer before 7.4.2 mishandles access control. | May 20, 2026 |
| CVE-2026-44925 | HIGH | 8.8 | Cross-Site Request Forgery (CSRF) vulnerability in InfoScale v.9.1.3 Operations Manager (VIOM) allows an attacker to force the user with an active session into clicking a … | May 20, 2026 |
| CVE-2026-44924 | MEDIUM | 5.4 | InfoScale VIOM 9.1.3 allows XSS. | May 20, 2026 |
| CVE-2026-44923 | MEDIUM | 6.5 | SQL injection in InfoScale VIOM before v9.1.3 allows remote attackers to escalate privileges. | May 20, 2026 |
| CVE-2026-20223 | CRITICAL | 10.0 | A vulnerability in the access validation of internal REST APIs of Cisco Secure Workload could allow an unauthenticated, remote attacker to access site resources with the … | May 20, 2026 |
| CVE-2026-20206 | MEDIUM | 6.3 | A vulnerability in the BrowserBot component of Cisco ThousandEyes Enterprise Agent could have allowed an authenticated, remote attacker to execute arbitrary commands on Agents on … | May 20, 2026 |
| CVE-2026-20199 | MEDIUM | 4.7 | A vulnerability in the SSL certificate handling of Cisco ThousandEyes Virtual Appliance could allow an authenticated, remote attacker to execute commands on the underlying operating … | May 20, 2026 |
| CVE-2026-20171 | MEDIUM | 6.8 | A vulnerability in the Border Gateway Protocol (BGP) enforce-first-as feature of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could … | May 20, 2026 |
| CVE-2026-9084 | UNKNOWN | — | MISP’s OIDC authentication plugin allowed automatic linking of an OIDC identity to an existing local user account based on the email claim when the local … | May 20, 2026 |
| CVE-2026-8598 | CRITICAL | 9.1 | An undocumented configuration export port is accessible on some models of ZKTeco CCTV cameras. This port does not require authentication and exposes critical information about … | May 20, 2026 |
| CVE-2026-8488 | MEDIUM | 4.3 | Allocation of resources without limits or throttling vulnerability in Progress Software MOVEit Automation allows Excessive Allocation. This issue affects MOVEit Automation: before 2025.0.11, from 2025.1.0 … | May 20, 2026 |
| CVE-2026-8487 | MEDIUM | 6.5 | Incorrect default permissions vulnerability in Progress Software MOVEit Automation allows Retrieve Embedded Sensitive Data. This issue affects MOVEit Automation: before 2025.0.11, from 2025.1.0 before 2025.1.7. | May 20, 2026 |
| CVE-2026-8486 | MEDIUM | 5.3 | Allocation of resources without limits or throttling vulnerability in Progress Software MOVEit Automation allows Flooding. This issue affects MOVEit Automation: before 2025.0.11, from 2025.1.0 before … | May 20, 2026 |
| CVE-2026-5783 | HIGH | 7.6 | Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Beyaz Computer Software Design Industry and Trade Ltd. Co. CityPLus allows Reflected XSS. … | May 20, 2026 |
| CVE-2026-4293 | MEDIUM | 5.3 | The affected Kieback & Peter DDC building controllers are vulnerable to cross-site scripting, enabling JavaScript to be executed by the victim's browser, which allows the … | May 20, 2026 |
| CVE-2026-39047 | HIGH | 7.5 | Buffer Overflow vulnerability in EPSON L14150 FL27PB allows a remote attacker to execute arbitrary code via the RAW Printing Service (JetDirect) on TCP port 9100 | May 20, 2026 |
| CVE-2025-32750 | HIGH | 7.5 | Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Exposure of Information Through Directory Listing vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, … | May 20, 2026 |
| CVE-2023-7346 | MEDIUM | 4.0 | Ledger Bitcoin app versions 2.1.0 and 2.1.1 contain an address derivation vulnerability that allows attackers to cause incorrect Bitcoin addresses to be displayed by exploiting … | May 20, 2026 |
| CVE-2026-8485 | MEDIUM | 5.9 | Uncontrolled Memory Allocation vulnerability in Progress Software MOVEit Automation allows Excessive Allocation. This issue affects MOVEit Automation: before 2025.0.11, from 2025.1.0 before 2025.1.7. | May 20, 2026 |
| CVE-2026-8469 | UNKNOWN | — | Allocation of Resources Without Limits or Throttling vulnerability in phenixdigital phoenix_storybook allows unauthenticated denial-of-service via BEAM atom table exhaustion. Multiple LiveView event handlers convert user-supplied … | May 20, 2026 |