Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-43352 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: i3c: mipi-i3c-hci: Correct RING_CTRL_ABORT handling in DMA dequeue The logic used to abort the DMA … | May 08, 2026 |
| CVE-2026-43351 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Eagerly init vgic dist/redist on vgic creation If vgic_allocate_private_irqs_locked() fails for any odd … | May 08, 2026 |
| CVE-2026-41588 | CRITICAL | 9.0 | RELATE is a web-based courseware package. Prior to commit 2f68e16, there is a timing attack vulnerability in course/auth.py — check_sign_in_key(). This issue has been patched … | May 08, 2026 |
| CVE-2026-41585 | UNKNOWN | — | ZEBRA is a Zcash node written entirely in Rust. From zebrad versions 2.2.0 to before 4.3.1 and from zebra-rpc versions 1.0.0-beta.45 to before 6.0.2, a … | May 08, 2026 |
| CVE-2026-41584 | UNKNOWN | — | ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.1 and prior to zebra-chain version 6.0.2, Orchard transactions contain a rk … | May 08, 2026 |
| CVE-2026-41583 | UNKNOWN | — | ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.1 and prior to zebra-script version 5.0.2, after a refactoring, Zebra failed … | May 08, 2026 |
| CVE-2026-41576 | HIGH | 7.1 | Brave CMS is an open-source CMS. Prior to commit 6c56603, the contact form is publicly accessible (no authentication required). User-supplied message text is passed through … | May 08, 2026 |
| CVE-2026-41575 | MEDIUM | 6.1 | In th30d4y/IP from version 1.0.1 to before version 2.0.1, a DOM-Based Cross-Site Scripting (XSS) vulnerability was identified in an IP Reputation Checker application. Unsanitized user … | May 08, 2026 |
| CVE-2026-41574 | UNKNOWN | — | Nhost is an open source Firebase alternative with GraphQL. Prior to version 0.49.1, Nhost automatically links an incoming OAuth identity to an existing Nhost account … | May 08, 2026 |
| CVE-2026-41570 | HIGH | 7.8 | PHPUnit is a testing framework for PHP. In versions 12.5.21 and 13.1.5, PHPUnit forwards PHP INI settings to child processes (used for isolated/PHPT test execution) … | May 08, 2026 |
| CVE-2026-41524 | HIGH | 8.7 | Brave CMS is an open-source CMS. Prior to commit 6c56603, page and article body content entered through the CKEditor rich-text editor is stored verbatim in … | May 08, 2026 |
| CVE-2026-41487 | UNKNOWN | — | Langfuse is an open source large language model engineering platform. From version 3.68.0 to before version 3.167.0, there is a role-based-access control flaw in the … | May 08, 2026 |
| CVE-2026-41308 | MEDIUM | 6.5 | Password Pusher is an open source application to communicate sensitive information over the web. Prior to versions 1.69.3 and 2.4.2, a security issue in OSS … | May 08, 2026 |
| CVE-2026-38361 | UNKNOWN | — | An issue in fohrloop dash-uploader v.0.1.0 through v.0.7.0a2 allows a remote attacker to execute arbitrary code via the dash_uploader/httprequesthandler.py, dash_uploader/upload.py in the Upload function and … | May 08, 2026 |
| CVE-2026-37431 | UNKNOWN | — | Beauty Parlour Management System v1.1 was discovered to contain a SQL injection vulnerability via the aptnumber parameter in the /appointment-detail.php endpoint. This vulnerability allows attackers … | May 08, 2026 |
| CVE-2025-67486 | UNKNOWN | — | Dolibarr is an enterprise resource planning (ERP) and customer relationship management (CRM) software package. Versions 22.0.2 and earlier contains an authenticated remote code execution vulnerability … | May 08, 2026 |
| CVE-2026-7864 | UNKNOWN | — | SEPPmail Secure Email Gateway before version 15.0.4 exposes server environment variables through an unauthenticated endpoint in the new GINA UI, allowing remote attackers to obtain … | May 08, 2026 |
| CVE-2026-44340 | UNKNOWN | — | PraisonAI is a multi-agent teams system. Prior to version 4.6.37, the _safe_extractall helper that all recipe pull, recipe publish, and recipe unpack flows route through … | May 08, 2026 |
| CVE-2026-44339 | HIGH | 8.6 | PraisonAI is a multi-agent teams system. Prior to praisonai version 4.6.37 and praisonaiagents version 1.6.37, praisonaiagents resolves unresolved tool names against module globals and __main__ … | May 08, 2026 |
| CVE-2026-44338 | HIGH | 7.3 | PraisonAI is a multi-agent teams system. From version 2.5.6 to before version 4.6.34, PraisonAI ships a legacy Flask API server with authentication disabled by default. … | May 08, 2026 |
| CVE-2026-44337 | MEDIUM | 6.3 | PraisonAI is a multi-agent teams system. From version 2.4.1 to before version 4.6.34, PraisonAI exposes optional SQL/CQL-backed knowledge-store implementations that build table and index identifiers … | May 08, 2026 |
| CVE-2026-44336 | UNKNOWN | — | PraisonAI is a multi-agent teams system. Prior to version 4.6.34, PraisonAI's MCP (Model Context Protocol) server (praisonai mcp serve) registers four file-handling tools by default … | May 08, 2026 |
| CVE-2026-44335 | UNKNOWN | — | PraisonAI is a multi-agent teams system. Prior to version 1.6.32, the URL checking logic in PraisonAI has a logical flaw that could be bypassed by … | May 08, 2026 |
| CVE-2026-44334 | HIGH | 8.4 | PraisonAI is a multi-agent teams system. From version 4.5.139 to before version 4.6.32, CVE-2026-40287's fix gated tools.py auto-import behind PRAISONAI_ALLOW_LOCAL_TOOLS=true in two files (tool_resolver.py, api/call.py). … | May 08, 2026 |
| CVE-2026-44129 | UNKNOWN | — | SEPPmail Secure Email Gateway before version 15.0.4 contains a server-side template injection vulnerability in the new GINA UI because an endpoint accepts attacker-controlled template, allowing … | May 08, 2026 |