Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
11537
Total
770
Critical
3263
High
3665
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-6378 | MEDIUM | 6.4 | The Maxi Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `/wp-json/maxi-blocks/v1.0/style-card` REST API endpoint in all versions up to, and including, … | May 02, 2026 |
| CVE-2026-7601 | MEDIUM | 4.3 | A vulnerability has been found in Open5GS up to 2.7.6. Affected is an unknown function of the file src/amf/gmm-handler.c of the component AMF. The manipulation … | May 02, 2026 |
| CVE-2026-43824 | HIGH | 7.7 | In Argo CD 3.2.0 before 3.2.11 and 3.3.0 before 3.3.9, ServerSideDiff allows reading cleartext Kubernetes Secret data. | May 02, 2026 |
| CVE-2026-7600 | MEDIUM | 6.3 | A flaw has been found in ArtMin96 yii2-mcp-server 1.0.2. This impacts the function yii_command_help/yii_execute_command of the file src/index.ts of the component MCP Interface. Executing a … | May 02, 2026 |
| CVE-2026-7599 | MEDIUM | 6.3 | A vulnerability was detected in Dayoooun hwpx-mcp 0.2.0. This affects the function save_document/export_to_text/export_to_html of the file mcp-server/src/index.ts of the component MCP Interface. Performing a manipulation … | May 01, 2026 |
| CVE-2026-7598 | HIGH | 7.3 | A security vulnerability has been detected in libssh2 up to 1.11.1. The impacted element is the function userauth_password of the file src/userauth.c. Such manipulation of … | May 01, 2026 |
| CVE-2026-7597 | MEDIUM | 6.3 | A vulnerability was found in mem0ai mem0 up to 1.0.11. This affects the function pickle.load/pickle.dump of the file mem0/vector_stores/faiss.py. Performing a manipulation results in deserialization. … | May 01, 2026 |
| CVE-2026-7596 | MEDIUM | 4.3 | A vulnerability has been found in nextlevelbuilder ui-ux-pro-max-skill up to 2.5.0. Affected by this issue is the function data.get of the file .claude/skills/design-system/scripts/generate-slide.py of the … | May 01, 2026 |
| CVE-2026-7595 | MEDIUM | 6.3 | A flaw has been found in nextlevelbuilder ui-ux-pro-max-skill up to 2.5.0. Affected by this vulnerability is the function _format_plugins of the file .claude/skills/ui-styling/scripts/tailwind_config_gen.py of the … | May 01, 2026 |
| CVE-2026-7594 | HIGH | 7.3 | A vulnerability was detected in Flux159 mcp-game-asset-gen 0.1.0. Affected is the function image_to_3d_async of the file src/index.ts of the component MCP Interface. The manipulation of … | May 01, 2026 |
| CVE-2026-7593 | HIGH | 7.3 | A security vulnerability has been detected in Sunwood-ai-labs command-executor-mcp-server up to 0.1.0. This impacts the function execute_command of the file src/index.ts of the component MCP … | May 01, 2026 |
| CVE-2026-42788 | UNKNOWN | — | Allocation of Resources Without Limits or Throttling vulnerability in mtrudel bandit allows unauthenticated memory exhaustion via oversized HTTP/2 frames. 'Elixir.Bandit.HTTP2.Frame':deserialize/2 in lib/bandit/http2/frame.ex checks the SETTINGS_MAX_FRAME_SIZE … | May 01, 2026 |
| CVE-2026-42786 | UNKNOWN | — | Allocation of Resources Without Limits or Throttling vulnerability in mtrudel bandit allows unauthenticated remote denial of service via memory exhaustion. The fragment reassembly path in … | May 01, 2026 |
| CVE-2026-39807 | UNKNOWN | — | Reliance on Untrusted Inputs in a Security Decision vulnerability in mtrudel bandit allows unauthenticated transport-state spoofing on plaintext HTTP connections. 'Elixir.Bandit.Pipeline':determine_scheme/2 in lib/bandit/pipeline.ex returns the … | May 01, 2026 |
| CVE-2026-39805 | UNKNOWN | — | Inconsistent Interpretation of HTTP Requests vulnerability in mtrudel bandit allows HTTP request smuggling via duplicate Content-Length headers. 'Elixir.Bandit.Headers':get_content_length/1 in lib/bandit/headers.ex uses List.keyfind/3, which returns only … | May 01, 2026 |
| CVE-2026-39804 | UNKNOWN | — | Allocation of Resources Without Limits or Throttling vulnerability in mtrudel bandit allows unauthenticated remote denial of service via memory exhaustion when WebSocket permessage-deflate compression is … | May 01, 2026 |
| CVE-2025-12993 | UNKNOWN | — | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2025-67968. Reason: This candidate is a reservation duplicate of CVE-2025-67968. Notes: All CVE … | May 01, 2026 |
| CVE-2026-7592 | HIGH | 7.3 | A weakness has been identified in itsourcecode Courier Management System 1.0. This affects an unknown function of the file /edit_staff.php. Executing a manipulation of the … | May 01, 2026 |
| CVE-2025-8903 | UNKNOWN | — | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-2052. Reason: This candidate is a reservation duplicate of CVE-2026-2052 Notes: All CVE … | May 01, 2026 |
| CVE-2026-7591 | MEDIUM | 6.3 | A security flaw has been discovered in TimBroddin astro-mcp-server up to 1.1.1. The impacted element is an unknown function of the file src/index.ts of the … | May 01, 2026 |
| CVE-2026-7590 | HIGH | 7.3 | A vulnerability was identified in eyal-gor p_69_branch_monkey_mcp up to 69bc71874ce40050ef45fde5a435855f18af3373. The affected element is an unknown function of the file branch_monkey_mcp/bridge_and_local_actions/routes/advanced.py of the component Preview … | May 01, 2026 |
| CVE-2026-7589 | MEDIUM | 5.3 | A vulnerability was determined in ghantakiran splunk-mcp-integration up to 0b86b09d5e5adf0433acd43c975951224613a1a6. Impacted is the function create_csv_export of the file services/csv-export-service/app/api/v1/endpoints/csv_export.py of the component CSV Export. This … | May 01, 2026 |
| CVE-2026-30363 | HIGH | 8.4 | flipperzero-firmware commit ad2a80 was discovered to contain a stack overflow in the "Main" function. | May 01, 2026 |
| CVE-2025-52347 | HIGH | 7.8 | An issue in the component DirectIo64.sys of PassMark BurnInTest v11.0 Build 1011, OSForensics v11.1 Build 1007, and PerformanceTest v11.1 Build 1004 allows attackers to access … | May 01, 2026 |
| CVE-2026-7588 | MEDIUM | 5.3 | A vulnerability was found in ggerve coding-standards-mcp. This issue affects the function get_style_guide/get_best_practices of the file server.py. The manipulation of the argument Language results in … | May 01, 2026 |