Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
11202
Total
755
Critical
3234
High
3640
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-41927 | UNKNOWN | — | WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) contains a stack-based buffer overflow vulnerability in the firewall.cgi and makeRequest.cgi binaries that allows unauthenticated attackers to overwrite … | May 04, 2026 |
| CVE-2026-41926 | UNKNOWN | — | WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) contains an OS command injection vulnerability in the firewall.cgi binary across five request handlers that apply insufficient input … | May 04, 2026 |
| CVE-2026-41925 | UNKNOWN | — | WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) contains an OS command injection vulnerability in the adm.cgi binary's reboot_time function that allows unauthenticated remote attackers to … | May 04, 2026 |
| CVE-2026-41924 | UNKNOWN | — | WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) contains an OS command injection vulnerability in the makeRequest.cgi binary that allows unauthenticated remote attackers to execute arbitrary … | May 04, 2026 |
| CVE-2026-41923 | UNKNOWN | — | WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) contains an OS command injection vulnerability in the internet.cgi binary that allows unauthenticated remote attackers to execute arbitrary … | May 04, 2026 |
| CVE-2026-41922 | UNKNOWN | — | WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) contains an OS command injection vulnerability in the wireless.cgi binary that allow unauthenticated remote attackers to execute arbitrary … | May 04, 2026 |
| CVE-2026-34882 | UNKNOWN | — | Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2026-6074. Reason: This record is a reservation duplicate of CVE-2026-6074. Notes: All CVE users should reference … | May 04, 2026 |
| CVE-2025-67796 | HIGH | 8.1 | IKUS Rdiffweb before 2.10.5 has an improper authorization flaw that allows an attacker with any valid or stolen access token to act as other users. … | May 04, 2026 |
| CVE-2026-43964 | LOW | 3.7 | Postfix before 3.8.16, 3.9 before 3.9.10, and 3.10 before 3.10.9 sometimes allows a buffer over-read and process crash via an enhanced status code that lacks … | May 04, 2026 |
| CVE-2026-42237 | UNKNOWN | — | n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the fix for GHSA-f3f2-mcxc-pwjx did not cover the Snowflake node … | May 04, 2026 |
| CVE-2026-42236 | UNKNOWN | — | n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the MCP OAuth client registration endpoint accepted unauthenticated requests and … | May 04, 2026 |
| CVE-2026-42235 | UNKNOWN | — | n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an unauthenticated attacker could register a malicious MCP OAuth client … | May 04, 2026 |
| CVE-2026-42234 | UNKNOWN | — | n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an authenticated user with permission to create or modify workflows … | May 04, 2026 |
| CVE-2026-42233 | UNKNOWN | — | n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, a flaw in the Oracle Database node's select operation allowed … | May 04, 2026 |
| CVE-2026-42232 | UNKNOWN | — | n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an authenticated user with permission to create or modify workflows … | May 04, 2026 |
| CVE-2026-42231 | UNKNOWN | — | n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, a flaw in the xml2js library used to parse XML … | May 04, 2026 |
| CVE-2026-42230 | UNKNOWN | — | n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the /mcp-oauth/register endpoint accepted OAuth client registrations without authentication, allowing … | May 04, 2026 |
| CVE-2026-42229 | UNKNOWN | — | n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, a flaw in the SeaTable node's row:search and row:get operations … | May 04, 2026 |
| CVE-2026-42228 | UNKNOWN | — | n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the /chat WebSocket endpoint used by the Chat Trigger node's … | May 04, 2026 |
| CVE-2026-42227 | UNKNOWN | — | n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an authenticated user with a valid API key scoped to … | May 04, 2026 |
| CVE-2026-42226 | UNKNOWN | — | n8n is an open source workflow automation platform. Prior to versions 1.123.33 and 2.17.5, the dynamic-node-parameters endpoints did not verify whether the authenticated caller was … | May 04, 2026 |
| CVE-2026-42154 | HIGH | 7.5 | Prometheus is an open-source monitoring system and time series database. Prior to versions 3.5.3 and 3.11.3, the remote read endpoint (/api/v1/read) does not validate the … | May 04, 2026 |
| CVE-2026-42151 | HIGH | 7.5 | Prometheus is an open-source monitoring system and time series database. Prior to versions 3.5.3 and 3.11.3, the client_secret field in the Azure AD remote write … | May 04, 2026 |
| CVE-2026-41686 | UNKNOWN | — | Claude SDK for TypeScript provides access to the Claude API from server-side TypeScript or JavaScript applications. From version 0.79.0 to before version 0.91.1, the BetaLocalFilesystemMemoryTool … | May 04, 2026 |
| CVE-2026-38751 | HIGH | 7.2 | OpenSTAManager version 2.10 and earlier contains an arbitrary file upload vulnerability in the module update functionality (modules/aggiornamenti/upload_modules.php) | May 04, 2026 |