Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-48220 | MEDIUM | 5.4 | Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ics205.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized … | May 21, 2026 |
| CVE-2026-48219 | MEDIUM | 5.4 | Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ics202.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized … | May 21, 2026 |
| CVE-2026-48218 | MEDIUM | 5.4 | Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in icons/buttons/landb.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized … | May 21, 2026 |
| CVE-2026-48217 | MEDIUM | 5.4 | Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in delete_module.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized … | May 21, 2026 |
| CVE-2026-48216 | MEDIUM | 5.4 | Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in db_loader.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized … | May 21, 2026 |
| CVE-2026-48215 | MEDIUM | 5.4 | Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in circle.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized … | May 21, 2026 |
| CVE-2026-48214 | MEDIUM | 5.4 | Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in add_nm.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized … | May 21, 2026 |
| CVE-2026-39593 | MEDIUM | 6.5 | Missing Authorization vulnerability in VillaTheme HAPPY allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects HAPPY: from n/a through 1.0.10. | May 21, 2026 |
| CVE-2026-48213 | MEDIUM | 5.4 | Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in add.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized … | May 21, 2026 |
| CVE-2026-48207 | CRITICAL | 9.8 | Deserialization of untrusted data in Apache Fory PyFory. PyFory's ReduceSerializer could bypass documented DeserializationPolicy validation hooks during reduce-state restoration and global-name resolution. An application is … | May 21, 2026 |
| CVE-2026-9089 | HIGH | 8.8 | The ConnectWise Automate™ Agent does not fully verify the authenticity of components obtained during plugin loading and self-update operations. This issue is addressed in Automate … | May 21, 2026 |
| CVE-2026-39531 | CRITICAL | 9.3 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wp Directory Kit WP Directory Kit allows Blind SQL Injection. This … | May 21, 2026 |
| CVE-2026-36189 | MEDIUM | 6.2 | Buffer Overflow vulnerability in Uncrustify Project Affected v.Uncrustify_d-0.82.0-132-bcc41cbdc and Fixed in commit 68e67b9a1435a1bb173b106fedb4a4f510972bdc allows a local attacker to cause a denial of service via the … | May 21, 2026 |
| CVE-2026-1816 | MEDIUM | 6.3 | Improper restriction of excessive authentication attempts vulnerability in Turkiye Electricity Transmission Corporation (TEİAŞ) Mobile Application allows Brute Force. This issue affects Mobile Application: from 1.6.2 … | May 21, 2026 |
| CVE-2026-1815 | MEDIUM | 5.7 | Insufficient session expiration vulnerability in Turkiye Electricity Transmission Corporation (TEİAŞ) Mobile Application allows Session Hijacking. This issue affects Mobile Application: from 1.6.2 before 1.13. | May 21, 2026 |
| CVE-2026-45208 | HIGH | 7.8 | A time-of-check time-of-use vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must … | May 21, 2026 |
| CVE-2026-45207 | HIGH | 7.8 | An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-45206 … | May 21, 2026 |
| CVE-2026-45206 | HIGH | 7.8 | An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-45207 … | May 21, 2026 |
| CVE-2026-34930 | HIGH | 7.8 | An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-34927 … | May 21, 2026 |
| CVE-2026-34929 | HIGH | 7.8 | An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-34927 … | May 21, 2026 |
| CVE-2026-34928 | HIGH | 7.8 | An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-34927 … | May 21, 2026 |
| CVE-2026-34927 | HIGH | 7.8 | An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must … | May 21, 2026 |
| CVE-2026-34926 | MEDIUM | 6.7 | A directory traversal vulnerability in the Apex One (on-premise) server could allow a pre-authenticated local attacker to modify a key table on the server to … | May 21, 2026 |
| CVE-2026-2740 | HIGH | 8.4 | Zohocorp ManageEngine ADSelfService Plus version before 6525, DataSecurity Plus before 6264 and RecoveryManager Plus before 6313 are vulnerable to Authenticated Remote code execution in the … | May 21, 2026 |
| CVE-2025-71217 | HIGH | 7.8 | An origin validation error vulnerability in the Trend Micro Apex One (mac) agent self-protection mechanism could allow a local attacker to escalate privileges on affected … | May 21, 2026 |