Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
11037
Total
752
Critical
3191
High
3530
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-7875 | HIGH | 8.8 | NanoClaw contains a host/container filesystem boundary vulnerability in outbound attachment handling and outbox cleanup that allows a compromised or prompt-injected container to read files outside … | May 06, 2026 |
| CVE-2026-42503 | HIGH | 8.8 | gopls by default communicates via pipe. However, -port and -listen flags are supported as means of debugging. If -listen is given a value without an … | May 06, 2026 |
| CVE-2026-29080 | UNKNOWN | — | A SQL injection vulnerability in `FilterEngine.create_sqla_query()` allows any authenticated Rucio user to execute arbitrary SQL against the backend database through the DID search endpoint (`GET … | May 06, 2026 |
| CVE-2026-23870 | HIGH | 7.5 | A denial of service vulnerability could be triggered by sending specially crafted HTTP requests to server function endpoints, this could lead to server crashes, out-of-memory … | May 06, 2026 |
| CVE-2026-21661 | UNKNOWN | — | Uncontrolled Search Path Element vulnerability in JohnsonControls AC2000 on Windows allows Leveraging/Manipulating Configuration File Search Paths. This issue affects AC2000: from 10.6 before release 10, … | May 06, 2026 |
| CVE-2026-20219 | MEDIUM | 5.4 | A vulnerability in the REST API of Cisco Slido could have allowed an authenticated, remote attacker to access the social profile data of other users … | May 06, 2026 |
| CVE-2026-20195 | MEDIUM | 5.3 | A vulnerability in an identity management API endpoint of Cisco ISE could allow an unauthenticated, remote attacker to enumerate valid user accounts on an affected … | May 06, 2026 |
| CVE-2026-20193 | MEDIUM | 4.3 | A vulnerability in the RADIUS Policy API endpoints of Cisco ISE could allow an authenticated, remote attacker with read-only Administrator privileges to gain unauthorized access to … | May 06, 2026 |
| CVE-2026-20189 | MEDIUM | 4.3 | A vulnerability in the log file download functionality of Cisco Prime Infrastructure could allow an authenticated, remote attacker to download arbitrary log files from the server. … | May 06, 2026 |
| CVE-2026-20188 | HIGH | 7.5 | A vulnerability in the connection-handling mechanism of Cisco Crosswork Network Controller (CNC) and Cisco Network Services Orchestrator (NSO) could allow an unauthenticated, remote attacker to … | May 06, 2026 |
| CVE-2026-20185 | HIGH | 7.7 | A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco 350 Series Managed Switches (SG350) and Cisco 350X Series Stackable Managed Switches (SG350X) firmware could … | May 06, 2026 |
| CVE-2026-20172 | MEDIUM | 4.3 | A vulnerability in the Lite Agent feature of Cisco Enterprise Chat and Email (ECE) could allow an authenticated, remote attacker to conduct browser-based attacks. To … | May 06, 2026 |
| CVE-2026-20169 | MEDIUM | 6.4 | A vulnerability in the web-based management interface of Cisco IoT Field Network Director could allow an authenticated, remote attacker with low privileges to access files … | May 06, 2026 |
| CVE-2026-20168 | MEDIUM | 6.5 | A vulnerability in the web-based management interface of Cisco IoT Field Network Director could allow an authenticated, remote attacker with low privileges to retrieve files … | May 06, 2026 |
| CVE-2026-20167 | HIGH | 7.7 | A vulnerability in the web-based management interface of Cisco IoT Field Network Director could allow an authenticated, remote attacker with low privileges to cause a … | May 06, 2026 |
| CVE-2026-20035 | HIGH | 7.2 | A vulnerability in the web UI of Cisco Unity Connection Web Inbox could allow an unauthenticated, remote attacker to conduct SSRF attacks through an affected … | May 06, 2026 |
| CVE-2026-20034 | HIGH | 8.8 | A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authenticated, remote attacker to execute arbitrary code on an affected device. … | May 06, 2026 |
| CVE-2026-6863 | MEDIUM | 6.8 | Velociraptor versions prior to 0.76.4 contain a cross organization authorization bypass in the HTTP API. A user with only the reader role in the root … | May 06, 2026 |
| CVE-2026-6788 | UNKNOWN | — | Uncontrolled Search Path Element vulnerability in WatchGuard Agent on Windows allows Using Malicious Files.This issue affects WatchGuard Agent before 1.25.03.0000. | May 06, 2026 |
| CVE-2026-6787 | UNKNOWN | — | Use of Hard-coded Cryptographic Key vulnerability in WatchGuard Agent on Windows allows Inclusion of Code in Existing Process.This issue affects WatchGuard Agent: before 1.25.03.0000. | May 06, 2026 |
| CVE-2026-6691 | HIGH | 7.8 | The MongoDB C Driver's Cyrus SASL integration performs unsafe string copying during username canonicalization, enabling a heap buffer overflow before any authentication or network traffic. … | May 06, 2026 |
| CVE-2026-41288 | UNKNOWN | — | Incorrect permission assignment for a resource in the patch management component of the WatchGuard Agent on Windows allows an authenticated local user to elevate their … | May 06, 2026 |
| CVE-2026-41286 | UNKNOWN | — | Stack-based Buffer Overflow vulnerability in the WatchGuard Agent discovery service on Windows allows Overflow Buffers. An unauthenticated attacker on the same local network could exploit … | May 06, 2026 |
| CVE-2026-8028 | LOW | 3.7 | A vulnerability was detected in FlowiseAI Flowise up to 3.0.12. This affects the function verify of the file packages/server/src/enterprise/services/account.service.ts of the component Endpoint. Performing a … | May 06, 2026 |
| CVE-2026-8027 | MEDIUM | 4.3 | A weakness has been identified in FlowiseAI Flowise up to 3.0.12. Affected by this vulnerability is an unknown functionality of the component User Controller Handler. … | May 06, 2026 |