Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-31387 | MEDIUM | 5.3 | Improper Authentication vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue. | May 19, 2026 |
| CVE-2026-31380 | MEDIUM | 6.5 | Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. … | May 19, 2026 |
| CVE-2026-31379 | MEDIUM | 6.1 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Improper Control of Generation … | May 19, 2026 |
| CVE-2026-31378 | MEDIUM | 6.5 | Improper Input Validation vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the … | May 19, 2026 |
| CVE-2026-2611 | CRITICAL | 9.6 | In MLflow version 3.9.0, the MLflow Assistant feature introduced improper origin validation in its /ajax-api endpoints. This vulnerability allows a remote attacker to exploit cross-origin … | May 19, 2026 |
| CVE-2026-29226 | HIGH | 7.3 | Server-Side Request Forgery (SSRF) vulnerability in Apache OFBiz via Content component operations. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to … | May 19, 2026 |
| CVE-2026-29220 | MEDIUM | 6.5 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended … | May 19, 2026 |
| CVE-2026-29207 | MEDIUM | 6.5 | Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to … | May 19, 2026 |
| CVE-2026-44408 | MEDIUM | 6.3 | There is an unauthorized access vulnerability in ZTE MU5250. Due to improper permission control of the Web interface, an unauthorized attacker can modify configuration through … | May 19, 2026 |
| CVE-2026-8922 | MEDIUM | 5.4 | A flaw was found in Keycloak. When both realm-level and client-level `notBefore` revocation policies are configured, Keycloak's OpenID Connect (OIDC) Introspection feature fails to properly … | May 19, 2026 |
| CVE-2026-4885 | CRITICAL | 9.8 | The Piotnet Addons for Elementor Pro plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the 'pafe_ajax_form_builder' function … | May 19, 2026 |
| CVE-2026-47317 | MEDIUM | 5.5 | Uncontrolled Recursion vulnerability in Samsung Open Source Escargot allows Excessive Allocation. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3. | May 19, 2026 |
| CVE-2026-47316 | MEDIUM | 5.5 | Improper Check or Handling of Exceptional Conditions vulnerability in Samsung Open Source Escargot allows Input Data Manipulation. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3. | May 19, 2026 |
| CVE-2026-47315 | MEDIUM | 5.5 | Improper Check for Unusual or Exceptional Conditions vulnerability in Samsung Open Source Escargot allows Input Data Manipulation. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3. | May 19, 2026 |
| CVE-2026-47314 | HIGH | 7.8 | Out-of-bounds write vulnerability in Samsung Open Source Escargot allows Overflow Buffers. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3. | May 19, 2026 |
| CVE-2026-47313 | MEDIUM | 5.5 | Memory allocation with excessive size value vulnerability in Samsung Open Source Escargot allows Excessive Allocation. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3. | May 19, 2026 |
| CVE-2026-47312 | MEDIUM | 5.5 | Release of invalid pointer or reference vulnerability in Samsung Open Source Escargot allows Buffer Manipulation. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3. | May 19, 2026 |
| CVE-2026-8830 | MEDIUM | 4.3 | A flaw was found in Keycloak. An authenticated user can bypass configured WebAuthn policies during credential registration by manipulating client-side JavaScript. This occurs because the … | May 19, 2026 |
| CVE-2026-8814 | MEDIUM | 5.3 | Versions of the package exifreader before 4.39.0 are vulnerable to Improper Handling of Highly Compressed Data (Data Amplification) due to decompressing PNG zTXt metadata without … | May 19, 2026 |
| CVE-2026-8813 | HIGH | 7.5 | This affects versions of the package exifreader before 4.39.0. A crafted image containing an ICC mluc tag can set an attacker-controlled record count together with … | May 19, 2026 |
| CVE-2026-47311 | HIGH | 7.8 | Heap-based buffer overflow vulnerability in Samsung Open Source Escargot allows Overflow Buffers. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3. | May 19, 2026 |
| CVE-2026-47310 | HIGH | 7.8 | Use after free vulnerability in Samsung Open Source Escargot allows Pointer Manipulation. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3. | May 19, 2026 |
| CVE-2026-47309 | MEDIUM | 5.5 | Uncontrolled Recursion vulnerability in Samsung Open Source Escargot allows Oversized Serialized Data Payloads. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3. | May 19, 2026 |
| CVE-2025-15609 | HIGH | 7.5 | The Fortis for WooCommerce WordPress plugin before 1.3.1 may leak sensitive API keys to unauthenticated attackers, allowing them to query Fortis' API and retrieve sensitive … | May 19, 2026 |
| CVE-2026-47308 | MEDIUM | 5.5 | NULL pointer dereference vulnerability in Samsung Open Source Walrus allows Pointer Manipulation. This issue affects Walrus: f339b8ee4ea701772e8ae640b3d1b12ac02b1ae9. | May 19, 2026 |