Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-8706 | MEDIUM | 6.5 | Firefox for iOS hosted Reader mode on an unauthenticated local web server, allowing another application on the same device to request arbitrary URLs and receive … | May 19, 2026 |
| CVE-2026-5804 | HIGH | 8.4 | An improper authentication vulnerability was discovered in the Motorola Factory Test component (com.motorola.motocit). The application contained a reference to a writable file descriptor in external … | May 19, 2026 |
| CVE-2026-37281 | UNKNOWN | — | An OS command injection vulnerability in the /stream-to-vlc Express route in hitarth-gg Zenshin before 2.7.0 allows remote attackers to execute arbitrary commands via the url … | May 19, 2026 |
| CVE-2026-31072 | UNKNOWN | — | The JSONSerializer and CBORSerializer in APScheduler (all versions including 3.10.x and 4.0.0a5) are vulnerable to Remote Code Execution (RCE) via Insecure Deserialization. The unmarshal_object function … | May 19, 2026 |
| CVE-2026-31071 | UNKNOWN | — | API endpoints in LalanaChami Pharmacy Management System (commit 5c3d028) lack authentication middleware. Unauthenticated remote attackers can exploit this to dump all user records (including bcrypt … | May 19, 2026 |
| CVE-2026-31070 | UNKNOWN | — | The LalanaChami Pharmacy Management System (commit 5c3d028) allows unauthenticated remote attackers to escalate privileges by self-assigning an administrative role during registration. The /api/user/signup endpoint fails … | May 19, 2026 |
| CVE-2026-31069 | UNKNOWN | — | BillaBear (all versions prior to Jan 2026) contains a SQL Injection vulnerability in the EventRepository. User-controlled input from metric filter names and aggregation properties is … | May 19, 2026 |
| CVE-2026-30118 | UNKNOWN | — | scalar/astro v0.1.13 was discovered to contain a Server-Side Request Forgery (SSRF) in the scalar_url query parameter of the Scalar Proxy endpoint. This vulnerability allows unauthenticated … | May 19, 2026 |
| CVE-2026-30117 | UNKNOWN | — | scalar/astro v0.1.13 was discovered to contain an arbitrary file upload vulnerability in the the scalar_url query parameter of the Scalar Proxy endpoint. This vulnerability allows … | May 19, 2026 |
| CVE-2026-8711 | HIGH | 8.1 | NGINX JavaScript has a vulnerability when the js_fetch_proxy directive is configured with at least one client-controlled NGINX variable (for example, $http_*, $arg_*, $cookie_*) and a … | May 19, 2026 |
| CVE-2026-47100 | HIGH | 7.5 | Funnel Builder for WooCommerce Checkout prior to 3.15.0.3 contains a missing authorization vulnerability in the public checkout endpoint that allows unauthenticated attackers to invoke internal … | May 19, 2026 |
| CVE-2026-45557 | MEDIUM | 5.8 | Technitium DNS Server aggressively tries to fetch missing RRSIG records or mismatched DNSKEY records. An attacker in control of a domain can cause a vulnerable … | May 19, 2026 |
| CVE-2026-44159 | CRITICAL | 9.8 | Tyler Identity Local (TID-L) uses documented, default administrative credentials. Users are not required to change the credentials before deployment. TID-L has not been distributed since … | May 19, 2026 |
| CVE-2026-43634 | HIGH | 7.5 | HestiaCP versions 1.2.0 through 1.9.4 contain an IP spoofing vulnerability that allows unauthenticated remote attackers to bypass authentication security controls by supplying an arbitrary IP … | May 19, 2026 |
| CVE-2026-34883 | MEDIUM | 5.3 | An issue was discovered in the Portrait Dell Color Management application before 3.7.0 for Dell monitors. On Windows, a symbolic link vulnerability allows a local … | May 19, 2026 |
| CVE-2026-2587 | CRITICAL | 9.6 | A critical Remote Code Execution (RCE) vulnerability was identified in the server-side template rendering mechanism used by the Glassfish gadget handler. The application processes .xml … | May 19, 2026 |
| CVE-2026-2586 | CRITICAL | 9.1 | An authenticated Remote Code Execution (RCE) vulnerability was identified in GlassFish's Administration Console. A user with access to the panel can send crafted requests that … | May 19, 2026 |
| CVE-2025-70950 | HIGH | 7.3 | An issue in gohttp commit 34ea51 allows attackers to execute a directory traversal via supplying a crafted request. | May 19, 2026 |
| CVE-2025-51427 | HIGH | 7.3 | An issue was discovered in ModelScope 1.25.0 allowing attackers to execute arbitrary code via crafted module listed in the configuration file (dey_mini.yaml) under the key … | May 19, 2026 |
| CVE-2026-8975 | CRITICAL | 9.8 | Memory safety bugs present in Thunderbird 140.10 and Thunderbird 150. Some of these bugs showed evidence of memory corruption and we presume that with enough … | May 19, 2026 |
| CVE-2026-8974 | CRITICAL | 9.8 | Memory safety bugs present in Thunderbird 140.10 and Thunderbird 150. Some of these bugs showed evidence of memory corruption and we presume that with enough … | May 19, 2026 |
| CVE-2026-8973 | CRITICAL | 9.8 | Memory safety bugs present in Thunderbird 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of … | May 19, 2026 |
| CVE-2026-8972 | MEDIUM | 6.5 | Privilege escalation in the WebRTC: Audio/Video component. This vulnerability was fixed in Firefox 151 and Thunderbird 151. | May 19, 2026 |
| CVE-2026-8971 | MEDIUM | 6.5 | Same-origin policy bypass in the Networking: JAR component. This vulnerability was fixed in Firefox 151 and Thunderbird 151. | May 19, 2026 |
| CVE-2026-8970 | HIGH | 7.3 | Privilege escalation in the Security component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11. | May 19, 2026 |