Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-6095 | MEDIUM | 6.1 | Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Orejime allows Cross-Site Scripting (XSS). This issue affects Orejime: from 0.0.0 before … | May 19, 2026 |
| CVE-2026-34744 | UNKNOWN | — | Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions 2.28.1 and prior permit a user to list and download their own attachments from … | May 19, 2026 |
| CVE-2026-34600 | MEDIUM | 5.7 | Joplin is an open source note-taking and to-do application that organises notes and lists into notebooks. Versions 3.5.2 and prior contain a logic error in … | May 19, 2026 |
| CVE-2026-34579 | UNKNOWN | — | Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions 2.28.1 and prior are vulnerable to Authorization Bypass through the private issue monitoring feature … | May 19, 2026 |
| CVE-2026-5090 | MEDIUM | 6.1 | Template::Plugin::HTML versions through 3.102 for Perl allows HTML and JavaScript to be injected. The html_filter function did not escape single quotes. HTML attributes inside of … | May 19, 2026 |
| CVE-2026-34463 | UNKNOWN | — | Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions 2.28.1 and prior contain a Stored XSS vulnerability. When cloning an issue originating from … | May 19, 2026 |
| CVE-2026-34390 | UNKNOWN | — | Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions 2.28.1 and prior have a Privilege Escalation vulnerability where insufficient access control checks in … | May 19, 2026 |
| CVE-2026-34358 | HIGH | 8.1 | CtrlPanel is open-source billing software for hosting providers. Versions 1.1.1 and prior contains a broken access control vulnerability where multiple admin controllers enforce permission checks … | May 19, 2026 |
| CVE-2026-34246 | MEDIUM | 4.8 | CtrlPanel is open-source billing software for hosting providers. Versions 1.1.1 and prior contain a Stored Cross-Site Scripting (XSS) vulnerability exists in the admin role management … | May 19, 2026 |
| CVE-2026-34241 | HIGH | 8.7 | CtrlPanel is open-source billing software for hosting providers. Versions 1.1.1 and prior contain a Stored Cross-Site Scripting (XSS) vulnerability in the ticket reply notification system. … | May 19, 2026 |
| CVE-2026-34234 | CRITICAL | 10.0 | CtrlPanel is open-source billing software for hosting providers. In versions 1.1.1 and prior, the web-based installer (public/installer/index.php) is vulnerable to unauthenticated Remote Code Execution (RCE) … | May 19, 2026 |
| CVE-2025-15645 | MEDIUM | 4.6 | Ledger Nano X, Flex, and Stax devices contain a denial of service vulnerability in the MCU firmware update process due to missing validation of the … | May 19, 2026 |
| CVE-2024-36343 | UNKNOWN | — | Improper input validation in the System Management Mode (SMM) communications buffer could allow a privileged attacker to perform an out of bounds read or write … | May 19, 2026 |
| CVE-2023-7345 | MEDIUM | 6.5 | Ledger Live with vulnerable versions of ledgerhq/hw-app-eth prior to 6.34.7 contains an integer parsing vulnerability that allows attackers to manipulate EIP-712 typed data messages by … | May 19, 2026 |
| CVE-2026-39250 | HIGH | 7.3 | An authorization vulnerability exists in Innoshop 0.6.0. After logging into the frontend, an attacker can directly access backend application interfaces, leading to further dangerous operations. | May 19, 2026 |
| CVE-2026-34233 | MEDIUM | 6.5 | CtrlPanel is open-source billing software for hosting providers. In versions 1.1.1 and prior, multiple admin controllers expose DataTable endpoints without authorization checks, allowing any authenticated … | May 19, 2026 |
| CVE-2026-34216 | MEDIUM | 6.6 | CtrlPanel is open-source billing software for hosting providers. In versions 1.1.1 and prior, the admin settings update endpoint accepted a fully qualified class name directly … | May 19, 2026 |
| CVE-2026-32882 | HIGH | 7.1 | libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and prior contain a heap buffer over-read in HeifPixelImage::overlay() in libheif/pixelimage.cc. When … | May 19, 2026 |
| CVE-2026-32814 | MEDIUM | 6.5 | libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, when decoding a HEIF grid image with strict_decoding=false (the … | May 19, 2026 |
| CVE-2026-32741 | HIGH | 7.1 | libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and below contain a heap buffer overflow in MaskImageCodec::decode_mask_image(). When decoding a … | May 19, 2026 |
| CVE-2025-57798 | MEDIUM | 5.5 | Joplin is an open source note-taking and to-do application that organises notes and lists into notebooks. Versions 3.6.14 and prior contain a Denial of Service … | May 19, 2026 |
| CVE-2026-42526 | MEDIUM | 5.3 | In the AWS Secrets Manager and SSM Parameter Store secrets backends of `apache-airflow-providers-amazon` prior to 9.28.0, the team-scoping logic could resolve a `conn_id` containing a … | May 19, 2026 |
| CVE-2026-32740 | HIGH | 8.8 | libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and prior contain a heap-buffer-overflow (write) vulnerability in the grid tile compositing, … | May 19, 2026 |
| CVE-2026-32739 | MEDIUM | 6.5 | libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 800-byte HEIF sequence file causes an infinite … | May 19, 2026 |
| CVE-2026-27173 | HIGH | 8.7 | JWT tokens that were used by workers in Kubernetes Executors have been exposed to users who had read only access to Kuberentes Pods. This could … | May 19, 2026 |