Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-8467 | UNKNOWN | — | Code Injection vulnerability in phenixdigital phoenix_storybook allows unauthenticated remote code execution via unsanitized attribute value interpolation in HEEx template generation. The psb-assign WebSocket event handler … | May 20, 2026 |
| CVE-2026-47068 | UNKNOWN | — | Authorization Bypass Through User-Controlled Key vulnerability in phenixdigital phoenix_storybook allows cross-session PubSub topic injection via a URL query parameter. 'Elixir.PhoenixStorybook.Story.ComponentIframeLive':handle_params/3 in lib/phoenix_storybook/live/story/component_iframe_live.ex reads a PubSub … | May 20, 2026 |
| CVE-2026-24425 | HIGH | 8.8 | Twig versions 2.16.x and 3.9.0 through 3.25.x contain a sandbox bypass vulnerability when using a SourcePolicyInterface that allows attackers with template rendering capabilities to pass … | May 20, 2026 |
| CVE-2026-22554 | HIGH | 7.8 | MediaArea MediaInfoLib Channel Splitting heap-based buffer overflow vulnerability | May 20, 2026 |
| CVE-2026-21836 | MEDIUM | 6.5 | The HCL DominoIQ RAG feature is affected by a Broken Access Control vulnerability. Under certain circumstances, document level access restrictions will be ignored when determining … | May 20, 2026 |
| CVE-2026-5950 | MEDIUM | 5.3 | An unbounded resend loop vulnerability exists in the BIND 9 resolver state machine during bad-server handling, enabling a remote unauthenticated attacker to cause severe resource … | May 20, 2026 |
| CVE-2026-5947 | HIGH | 7.5 | Undefined behavior may result due to a race condition leading to a use-after-free violation. If BIND receives an incoming DNS message signed with SIG(0), it … | May 20, 2026 |
| CVE-2026-5946 | HIGH | 7.5 | Multiple flaws have been identified in `named` related to the handling of DNS messages whose CLASS is not Internet (`IN`) — for example, `CHAOS` or … | May 20, 2026 |
| CVE-2026-45584 | HIGH | 8.1 | Heap-based buffer overflow in Microsoft Defender allows an unauthorized attacker to execute code over a network. | May 20, 2026 |
| CVE-2026-45498 | MEDIUM | 4.0 | Microsoft Defender Denial of Service Vulnerability | May 20, 2026 |
| CVE-2026-45443 | MEDIUM | 5.0 | Missing Authorization vulnerability in ADD-ONS.ORG PDF for Elementor Forms + Drag And Drop Template Builder allows Exploiting Incorrectly Configured Access Control Security Levels. This issue … | May 20, 2026 |
| CVE-2026-42834 | HIGH | 7.8 | Improper link resolution before file access ('link following') in Azure Portal Windows Admin Center allows an authorized attacker to elevate privileges locally. | May 20, 2026 |
| CVE-2026-42383 | HIGH | 7.6 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YITH YITH WooCommerce Product Add-Ons allows Blind SQL Injection. This issue … | May 20, 2026 |
| CVE-2026-41091 | HIGH | 7.8 | Improper link resolution before file access ('link following') in Microsoft Defender allows an authorized attacker to elevate privileges locally. | May 20, 2026 |
| CVE-2026-3593 | HIGH | 7.4 | A use-after-free vulnerability exists within the DNS-over-HTTPS implementation. This issue affects BIND 9 versions 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, and 9.20.9-S1 through 9.20.22-S1. BIND … | May 20, 2026 |
| CVE-2026-3592 | MEDIUM | 5.3 | BIND resolvers are vulnerable to an amplified resource consumption/exhaustion attack. If a victim resolver makes a query to a specially crafted zone, the resolver will … | May 20, 2026 |
| CVE-2026-3039 | HIGH | 7.5 | BIND servers that are configured to use TKEY-based authentication via GSS-API tokens are vulnerable to excessive memory consumption when receiving and processing maliciously-constructed packets. Typically … | May 20, 2026 |
| CVE-2026-29518 | HIGH | 7.0 | Rsync versions before 3.4.3 contain a time-of-check to time-of-use (TOCTOU) race condition in daemon file handling that allows attackers to redirect file writes outside intended … | May 20, 2026 |
| CVE-2026-27424 | MEDIUM | 4.3 | Missing Authorization vulnerability in WP Chill Image Photo Gallery Final Tiles Grid allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Image Photo … | May 20, 2026 |
| CVE-2026-27405 | MEDIUM | 6.5 | Missing Authorization vulnerability in Magepeople inc. WpBookingly allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WpBookingly: from n/a through 1.2.9. | May 20, 2026 |
| CVE-2026-24573 | MEDIUM | 6.5 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeisle Visualizer allows Stored XSS. This issue affects Visualizer: from n/a before 4.0.0. | May 20, 2026 |
| CVE-2025-11954 | HIGH | 8.0 | Cross-Site request forgery (CSRF) vulnerability in Sitemio Information Technologies Trade Ltd. Co. WISECP allows Cross Site Request Forgery. This issue affects WISECP: through 20022026. NOTE: … | May 20, 2026 |
| CVE-2025-31985 | LOW | 3.7 | HCL BigFix Service Management (SM) is affected by a security misconfiguration due to a missing or insecure “X-Content-Type-Options” header. This could allow browsers to perform … | May 20, 2026 |
| CVE-2025-31973 | MEDIUM | 4.0 | HCL BigFix Service Management (SM) is susceptible to a Configuration – 'Insecure Use of Base Image Version'. Using outdated or insecure base images may introduce … | May 20, 2026 |
| CVE-2026-25602 | MEDIUM | 4.4 | Insufficient Verification of Data Authenticity vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component makes it possible to send messages to any email … | May 20, 2026 |