Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-43493 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: crypto: pcrypt - Fix handling of MAY_BACKLOG requests MAY_BACKLOG requests can return EBUSY. Handle them … | May 19, 2026 |
| CVE-2026-43492 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: lib/crypto: mpi: Fix integer underflow in mpi_read_raw_from_sgl() Yiming reports an integer underflow in mpi_read_raw_from_sgl() when … | May 19, 2026 |
| CVE-2026-43491 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: net: qrtr: ns: Limit the maximum server registration per node Current code does no bound … | May 19, 2026 |
| CVE-2026-37982 | MEDIUM | 6.8 | A flaw was found in Keycloak. This authentication vulnerability allows a remote attacker to replay `ExecuteActionsActionToken` tokens within Keycloak's WebAuthn (Web Authentication) flow. By intercepting … | May 19, 2026 |
| CVE-2026-37981 | MEDIUM | 4.3 | A flaw was found in Keycloak. A broken access control vulnerability in the Account Resources user lookup endpoint allows a remote authenticated user, who owns … | May 19, 2026 |
| CVE-2026-37979 | MEDIUM | 6.5 | A flaw was found in Keycloak. This access control vulnerability in Keycloak's OpenID Connect (OIDC) token introspection endpoint allows a confidential client to bypass audience … | May 19, 2026 |
| CVE-2026-37978 | MEDIUM | 4.9 | A flaw was found in Keycloak. A low-privilege administrator with the 'view-clients' role can exploit this by invoking the 'evaluate-scopes' Admin API endpoints with an … | May 19, 2026 |
| CVE-2026-8827 | UNKNOWN | — | The AddressRepository::getSqlQuery() method constructs a database query without properly sanitizing user input, leading to SQL Injection. The method is not invoked anywhere within the extension … | May 19, 2026 |
| CVE-2026-8727 | UNKNOWN | — | The Crawler extension passes the X-T3Crawler-Meta response header from crawled URLs directly to PHP's unserialize(). An attacker controlling a crawled endpoint can inject arbitrary serialized … | May 19, 2026 |
| CVE-2026-8726 | UNKNOWN | — | The extension fails to properly sanitize user input before using it in a database query. As a result, an unauthenticated attacker can inject arbitrary SQL … | May 19, 2026 |
| CVE-2026-46725 | UNKNOWN | — | The extension passes an attacker-controlled cookie directly to PHP's unserialize() without safely processing the input. A remote, unauthenticated attacker can supply a crafted serialized payload … | May 19, 2026 |
| CVE-2026-46724 | UNKNOWN | — | The file indexer does not normalize the configured directory path. A backend user with permission to edit indexer configurations can index documents from arbitrary locations … | May 19, 2026 |
| CVE-2026-46723 | UNKNOWN | — | The additional_tables configuration of the page and tt_content indexers accepts arbitrary table and field names. A backend user with permission to edit indexer configurations can … | May 19, 2026 |
| CVE-2026-46722 | UNKNOWN | — | The OOXML parsing of the file indexer does not disable external entity resolution. A crafted xlsx or pptx document placed in an indexed directory can … | May 19, 2026 |
| CVE-2026-46721 | UNKNOWN | — | The create and edit flows do not restrict which user properties may be submitted and do not enforce access control on the frontend user group … | May 19, 2026 |
| CVE-2026-46586 | HIGH | 7.3 | Improper Control of Generation of Code ('Code Injection'), Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') vulnerability in Apache OFBiz. This issue affects … | May 19, 2026 |
| CVE-2026-45434 | HIGH | 8.8 | Improper Authentication vulnerability in Apache OFBiz via Password-Change Logic Flaw Leading to Remote Code Execution This issue affects Apache OFBiz: before 24.09.06. Users are recommended … | May 19, 2026 |
| CVE-2026-45187 | MEDIUM | 6.5 | Improper Authorization vulnerability in Apache OFBiz Webtools. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the … | May 19, 2026 |
| CVE-2026-41919 | CRITICAL | 9.1 | Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are … | May 19, 2026 |
| CVE-2026-35086 | MEDIUM | 6.5 | Improper Control of Generation of Code ('Code Injection') vulnerability in email services of Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended … | May 19, 2026 |
| CVE-2026-31986 | CRITICAL | 9.1 | Use of Hard-coded Cryptographic Key vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which … | May 19, 2026 |
| CVE-2026-31910 | HIGH | 7.5 | Server-Side Request Forgery (SSRF) vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes … | May 19, 2026 |
| CVE-2026-31909 | HIGH | 7.5 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to … | May 19, 2026 |
| CVE-2026-31906 | MEDIUM | 6.1 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to … | May 19, 2026 |
| CVE-2026-31388 | MEDIUM | 5.3 | Improper Access Control vulnerability in Apache OFBiz in multi-tenant deployments. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, … | May 19, 2026 |