Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
11346
Total
769
Critical
3260
High
3665
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-44029 | MEDIUM | 5.3 | An issue was discovered in Nix before 2.34.7. Writing to arbitrary files can occur via "nix-prefetch-url --unpack" or "nix store prefetch-file --unpack" directory traversal. The … | May 05, 2026 |
| CVE-2026-44028 | HIGH | 7.5 | An issue was discovered in Nix before 2.34.7 and Lix before 2.95.2. Unbounded recursion in the NAR (Nix Archive) parser could lead to a stack-to-heap … | May 05, 2026 |
| CVE-2026-7788 | HIGH | 7.3 | A security flaw has been discovered in Axle-Bucamp MCP-Docusaurus up to 404bc028e15ec304c9a045528560f4b5f27a17e0. The affected element is the function update_document/continue_document/delete_document/get_content of the file app/routes/document.py. Performing a … | May 05, 2026 |
| CVE-2026-7785 | HIGH | 7.3 | A security flaw has been discovered in A-G-U-P-T-A wireshark-mcp edaf604416fbc94a201b4043092d4a1b09a12275/400c3da70074f22f3cce7ccb65304cafc7089c89. This affects the function quick_capture of the file pyshark_mcp.py. The manipulation results in os command … | May 05, 2026 |
| CVE-2026-7784 | HIGH | 7.3 | A vulnerability has been found in RTGS2017 NagaAgent up to 5.1.0. This issue affects some unknown processing of the file apiserver/routes/extensions.py of the component Skills … | May 05, 2026 |
| CVE-2026-7783 | MEDIUM | 6.3 | A flaw has been found in CodeCanyon Perfex CRM up to 3.4.1. This vulnerability affects the function AbstractKanban::applySortQuery of the file application/services/AbstractKanban.php of the component … | May 05, 2026 |
| CVE-2026-7782 | MEDIUM | 6.3 | A vulnerability was detected in CodeCanyon Perfex CRM up to 3.4.1. This affects the function Clients::project of the file application/controllers/Clients.php of the component Tenant Handler. … | May 04, 2026 |
| CVE-2026-7781 | MEDIUM | 4.3 | A security vulnerability has been detected in Open5GS up to 2.7.7. Affected by this issue is the function udm_nudm_uecm_handle_amf_registration_update of the file /src/udm/nudm-handler.c of the … | May 04, 2026 |
| CVE-2026-7791 | HIGH | 7.8 | Improper privilege management in the log rotation mechanism of the Skylight Workspace Config Service in Amazon WorkSpaces for Windows before 2.6.2034.0 allows a local non-admin … | May 04, 2026 |
| CVE-2026-7780 | MEDIUM | 4.3 | A weakness has been identified in Open5GS up to 2.7.7. Affected by this vulnerability is the function udm_state_operational of the file /src/udm/udm-sm.c of the component … | May 04, 2026 |
| CVE-2026-7776 | HIGH | 7.5 | Boundary Community Edition and Boundary Enterprise (“Boundary”) workers are vulnerable to a denial-of-service condition during node enrollment TLS handshakes. An attacker with network access to … | May 04, 2026 |
| CVE-2026-7779 | MEDIUM | 4.3 | A security flaw has been discovered in Open5GS up to 2.7.7. Affected is the function udm_nudr_dr_handle_subscription_authentication of the file /src/udm/nudr-handler.c of the component authentication-subscription Endpoint. … | May 04, 2026 |
| CVE-2026-42238 | UNKNOWN | — | Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.8, nginx-ui exposes a backup restore endpoint (POST /api/restore) that … | May 04, 2026 |
| CVE-2026-42223 | MEDIUM | 6.5 | Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.8, the GetSettings API handler (api/settings/settings.go:24-65) serializes all settings structs … | May 04, 2026 |
| CVE-2026-42222 | HIGH | 8.1 | Nginx UI is a web user interface for the Nginx web server. In version 2.3.5, an unauthenticated bootstrap takeover exists in nginx-ui during the initial … | May 04, 2026 |
| CVE-2026-42221 | HIGH | 8.1 | Nginx UI is a web user interface for the Nginx web server. From version 2.0.0 to before version 2.3.8, an unauthenticated network attacker can claim … | May 04, 2026 |
| CVE-2026-42220 | MEDIUM | 6.5 | Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.8, an authenticated user can call GET /api/settings and retrieve … | May 04, 2026 |
| CVE-2026-7768 | HIGH | 7.5 | @fastify/accepts-serializer cached serializer-selection results keyed by the request Accept header without a size limit or eviction policy. A remote unauthenticated client could send many distinct … | May 04, 2026 |
| CVE-2026-6321 | HIGH | 7.5 | fast-uri decoded percent-encoded path separators and dot segments before applying dot-segment removal in its normalize() and equal() functions. Encoded path data was treated like real … | May 04, 2026 |
| CVE-2026-41927 | UNKNOWN | — | WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) contains a stack-based buffer overflow vulnerability in the firewall.cgi and makeRequest.cgi binaries that allows unauthenticated attackers to overwrite … | May 04, 2026 |
| CVE-2026-41926 | UNKNOWN | — | WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) contains an OS command injection vulnerability in the firewall.cgi binary across five request handlers that apply insufficient input … | May 04, 2026 |
| CVE-2026-41925 | UNKNOWN | — | WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) contains an OS command injection vulnerability in the adm.cgi binary's reboot_time function that allows unauthenticated remote attackers to … | May 04, 2026 |
| CVE-2026-41924 | UNKNOWN | — | WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) contains an OS command injection vulnerability in the makeRequest.cgi binary that allows unauthenticated remote attackers to execute arbitrary … | May 04, 2026 |
| CVE-2026-41923 | UNKNOWN | — | WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) contains an OS command injection vulnerability in the internet.cgi binary that allows unauthenticated remote attackers to execute arbitrary … | May 04, 2026 |
| CVE-2026-41922 | UNKNOWN | — | WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) contains an OS command injection vulnerability in the wireless.cgi binary that allow unauthenticated remote attackers to execute arbitrary … | May 04, 2026 |