Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-8768 | HIGH | 7.3 | A vulnerability was found in vercel ai up to 3.0.97. The affected element is the function validateDownloadUrl of the file packages/provider-utils/src/download-blob.ts of the component provider-utils. … | May 17, 2026 |
| CVE-2026-8767 | MEDIUM | 5.0 | A vulnerability has been found in vercel ai up to 3.0.97. Impacted is the function run of the file .github/workflows/prettier-on-automerge.yml of the component PR Branch … | May 17, 2026 |
| CVE-2026-8766 | MEDIUM | 4.3 | A flaw has been found in Kilo-Org kilocode up to 7.0.47. This issue affects the function Load of the file packages/opencode/src/config/config.ts of the component Environment … | May 17, 2026 |
| CVE-2026-8765 | MEDIUM | 4.3 | A vulnerability was detected in Kilo-Org kilocode up to 7.0.47. This vulnerability affects the function Bun.file of the file packages/opencode/src/kilocode/review/worktree-diff.ts of the component File Diff … | May 17, 2026 |
| CVE-2026-8764 | HIGH | 7.2 | A security vulnerability has been detected in H3C Magic B3 up to 100R002. This affects the function UpdateWanParams of the file /goform/aspForm. Such manipulation of … | May 17, 2026 |
| CVE-2026-8721 | CRITICAL | 9.8 | Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl truncates passwords with embedded NULLs. Password parameters in PKCS12.xs are declared char *, which routes through Perl's default typemap … | May 17, 2026 |
| CVE-2026-8507 | CRITICAL | 9.8 | Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl have out-of-bounds (OOB) write flaws. When parsing a PKCS12 file, with a >= 1 GiB OCTET STRING (or BIT … | May 17, 2026 |
| CVE-2026-46720 | HIGH | 8.2 | Net::Statsd::Tiny versions before 0.3.8 for Perl allowed metric injections. The metric names and set values were not checked for newlines, colons or pipes. Metrics generated … | May 17, 2026 |
| CVE-2026-8759 | HIGH | 7.3 | A vulnerability was identified in xiandafu beetl up to 3.20.2. Affected is an unknown function of the file beetl-classic-integration/beetl-spring-classic/src/main/java/org/beetl/ext/spring/SpELFunction.java of the component SpELFunction. The manipulation … | May 17, 2026 |
| CVE-2026-8758 | HIGH | 7.3 | A vulnerability was determined in Metasoft 美特软件 MetaCRM up to 6.4.0 Beta06. This impacts an unknown function of the file /common/jsp/upload3.jsp. Executing a manipulation of … | May 17, 2026 |
| CVE-2026-8757 | HIGH | 7.3 | A vulnerability was found in adenhq hive up to 0.11.0. This affects the function _read_events_tail of the file core/framework/server/routes_sessions.py of the component Delete Request Handler. … | May 17, 2026 |
| CVE-2026-8756 | HIGH | 7.3 | A vulnerability has been found in fishaudio Bert-VITS2 up to 8f7fbd8c4770965225d258db548da27dc8dd934c. The impacted element is the function generate_config of the file webui_preprocess.py of the component … | May 17, 2026 |
| CVE-2026-8755 | HIGH | 7.3 | A flaw has been found in fishaudio Bert-VITS2 up to 8f7fbd8c4770965225d258db548da27dc8dd934c. The affected element is the function _get_all_models of the file hiyoriUI.py of the component … | May 17, 2026 |
| CVE-2026-8754 | MEDIUM | 6.3 | A vulnerability was detected in AstrBotDevs AstrBot up to 4.23.5. Impacted is the function post_file of the file astrbot/dashboard/routes/chat.py of the component File Upload Handler. … | May 17, 2026 |
| CVE-2026-8753 | MEDIUM | 6.3 | A security vulnerability has been detected in kalcaddle Kodbox up to 1.64. This issue affects the function parseVideoInfo of the file /workspace/source-code/plugins/fileThumb/lib/VideoResize.class.php of the component … | May 17, 2026 |
| CVE-2018-25339 | HIGH | 8.2 | Zechat 1.5 contains a SQL injection vulnerability in the v parameter that allows unauthenticated attackers to extract database information using time-based blind techniques. Attackers can … | May 17, 2026 |
| CVE-2018-25338 | HIGH | 8.2 | Zechat 1.5 contains a SQL injection vulnerability in the hashtag parameter that allows unauthenticated attackers to extract database information using union-based techniques. Attackers can exploit … | May 17, 2026 |
| CVE-2018-25337 | MEDIUM | 4.3 | Joomla JoomOCShop 1.0 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions on behalf of authenticated users. Attackers can craft malicious … | May 17, 2026 |
| CVE-2018-25336 | MEDIUM | 5.3 | Joomla jCart for OpenCart 2.3.0.2 contains a cross-site request forgery vulnerability that allows attackers to modify user account information without authentication. Attackers can craft malicious … | May 17, 2026 |
| CVE-2018-25335 | CRITICAL | 9.8 | WordPress Plugin Peugeot Music 1.0 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to the … | May 17, 2026 |
| CVE-2018-25334 | MEDIUM | 5.4 | Zechat 1.5 contains a Cross-Site Request Forgery (CSRF) vulnerability that allows an attacker to change a user's information by bypassing anti-CSRF protections. The application uses … | May 17, 2026 |
| CVE-2018-25333 | HIGH | 8.2 | Nordex N149/4.0-4.5 Wind Turbine Web Server 4.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code … | May 17, 2026 |
| CVE-2018-25332 | CRITICAL | 9.8 | GitBucket 4.23.1 contains an unauthenticated remote code execution vulnerability that allows attackers to execute arbitrary commands by exploiting weak secret token generation and insecure file … | May 17, 2026 |
| CVE-2018-25331 | MEDIUM | 6.1 | Zenar Content Management System contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating form parameters in POST requests. Attackers … | May 17, 2026 |
| CVE-2018-25330 | HIGH | 8.2 | Joomla! extension EkRishta 2.10 contains persistent cross-site scripting and SQL injection vulnerabilities that allow attackers to inject malicious code through profile fields and POST parameters. … | May 17, 2026 |