{"last_updated": "2026-05-15T02:33:30.000Z", "total_found": 3937, "cves": [{"id": "EDB-52563", "description": "[EXPLOIT-DB: webapps] Apache HertzBeat 1.8.0 - Remote Code Execution - Author: Brett Gervasoni", "score": 10.0, "severity": "CRITICAL", "published": "2026-05-14T00:00:00.000Z", "lastModified": "2026-05-14T00:00:00.000Z", "source": "Exploit-DB", "source_url": "https://www.exploit-db.com/exploits/52563", "is_exploited": true, "epss": 0, "vendor": "Other", "mts_score": 70.0}, {"id": "EDB-52562", "description": "[EXPLOIT-DB: webapps] ePati Antikor NGFW 2.0.1301 -  Authentication Bypass - Author: sadik", "score": 10.0, "severity": "CRITICAL", "published": "2026-05-14T00:00:00.000Z", "lastModified": "2026-05-14T00:00:00.000Z", "source": "Exploit-DB", "source_url": "https://www.exploit-db.com/exploits/52562", "is_exploited": true, "epss": 0, "vendor": "Other", "mts_score": 70.0}, {"id": "EDB-52561", "description": "[EXPLOIT-DB: webapps] PJPROJECT 2.16 - Heap Bufferoverflow - Author: vabismo452", "score": 10.0, "severity": "CRITICAL", "published": "2026-05-14T00:00:00.000Z", "lastModified": "2026-05-14T00:00:00.000Z", "source": "Exploit-DB", "source_url": "https://www.exploit-db.com/exploits/52561", "is_exploited": true, "epss": 0, "vendor": "Other", "mts_score": 70.0}, {"id": "EDB-52564", "description": "[EXPLOIT-DB: webapps] WordPress Plugin Supsystic Contact Form 1.7.36 - SSTI - Author: bootstrapbool", "score": 10.0, "severity": "CRITICAL", "published": "2026-05-14T00:00:00.000Z", "lastModified": "2026-05-14T00:00:00.000Z", "source": "Exploit-DB", "source_url": "https://www.exploit-db.com/exploits/52564", "is_exploited": true, "epss": 0, "vendor": "Other", "mts_score": 70.0}, {"id": "CVE-2026-20182", "description": "May 2026: This security advisory provides the details and fix information for a vulnerability that was discovered and fixed after the  was disclosed in February 2026. This new advisory is for a new vulnerability in the control connection handshaking. The  section of this advisory includes Show Contr...", "score": 10.0, "severity": "CRITICAL", "published": "2026-05-14T17:16:19.387Z", "lastModified": "2026-05-14T18:16:35.260", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20182", "is_exploited": true, "epss": 0, "vendor": "Other", "mts_score": 70.0}, {"id": "EDB-52558", "description": "[EXPLOIT-DB: webapps] coreruleset 4.21.0 - Firewall Bypass - Author: anonimicerum", "score": 10.0, "severity": "CRITICAL", "published": "2026-05-13T00:00:00.000Z", "lastModified": "2026-05-13T00:00:00.000Z", "source": "Exploit-DB", "source_url": "https://www.exploit-db.com/exploits/52558", "is_exploited": true, "epss": 0, "vendor": "Other", "mts_score": 65.0}, {"id": "EDB-52559", "description": "[EXPLOIT-DB: webapps] glances 4.5.2 - command injection - Author: best.sell", "score": 10.0, "severity": "CRITICAL", "published": "2026-05-13T00:00:00.000Z", "lastModified": "2026-05-13T00:00:00.000Z", "source": "Exploit-DB", "source_url": "https://www.exploit-db.com/exploits/52559", "is_exploited": true, "epss": 0, "vendor": "Other", "mts_score": 65.0}, {"id": "EDB-52560", "description": "[EXPLOIT-DB: webapps] Ninja Forms Uploads - Unauthenticated PHP File Upload - Author: selim.lanouar", "score": 10.0, "severity": "CRITICAL", "published": "2026-05-13T00:00:00.000Z", "lastModified": "2026-05-13T00:00:00.000Z", "source": "Exploit-DB", "source_url": "https://www.exploit-db.com/exploits/52560", "is_exploited": true, "epss": 0, "vendor": "Other", "mts_score": 65.0}, {"id": "EDB-52557", "description": "[EXPLOIT-DB: webapps] Flowise < 3.0.5 - Missing Authentication for Critical Function - Author: andersoncezar048", "score": 10.0, "severity": "CRITICAL", "published": "2026-05-13T00:00:00.000Z", "lastModified": "2026-05-13T00:00:00.000Z", "source": "Exploit-DB", "source_url": "https://www.exploit-db.com/exploits/52557", "is_exploited": true, "epss": 0, "vendor": "Other", "mts_score": 65.0}, {"id": "CVE-2026-6973", "description": "An Improper Input Validation in Ivanti EPMM\u00a0before\u00a0versions 12.6.1.1, 12.7.0.1, and 12.8.0.1\u00a0allows\u00a0a remotely authenticated user with\u00a0administrative access to achieve remote code execution.", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-07T16:16:23.163Z", "lastModified": "2026-05-07T19:18:39.910", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6973", "is_exploited": true, "epss": 0, "vendor": "IVANTI", "mts_score": 61.2}, {"id": "CVE-2026-42208", "description": "LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1.81.16 to before version 1.83.7, a database query used during proxy API key checks mixed the caller-supplied key value into the query text instead of passing it as a separate parameter. An unauthentic...", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-08T04:16:19.923Z", "lastModified": "2026-05-08T19:19:34.537", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42208", "is_exploited": true, "epss": 0, "vendor": "Other", "mts_score": 61.2}, {"id": "EDB-52550", "description": "[EXPLOIT-DB: local] Linux Kernel proc_readdir_de() 6.18-rc5 - Local Privilege Escalation - Author: aviralyash27", "score": 10.0, "severity": "CRITICAL", "published": "2026-05-04T00:00:00.000Z", "lastModified": "2026-05-04T00:00:00.000Z", "source": "Exploit-DB", "source_url": "https://www.exploit-db.com/exploits/52550", "is_exploited": true, "epss": 0, "vendor": "LINUX", "mts_score": 56.0}, {"id": "EDB-52549", "description": "[EXPLOIT-DB: local] Linux nf_tables 6.19.3 - Local Privilege Escalation - Author: aviralyash27", "score": 10.0, "severity": "CRITICAL", "published": "2026-05-04T00:00:00.000Z", "lastModified": "2026-05-04T00:00:00.000Z", "source": "Exploit-DB", "source_url": "https://www.exploit-db.com/exploits/52549", "is_exploited": true, "epss": 0, "vendor": "LINUX", "mts_score": 56.0}, {"id": "EDB-52548", "description": "[EXPLOIT-DB: hardware] Linksys E1200 2.0.04 - Authenticated Stack Buffer Overflow (RCE) - Author: jarrett", "score": 10.0, "severity": "CRITICAL", "published": "2026-05-04T00:00:00.000Z", "lastModified": "2026-05-04T00:00:00.000Z", "source": "Exploit-DB", "source_url": "https://www.exploit-db.com/exploits/52548", "is_exploited": true, "epss": 0, "vendor": "Other", "mts_score": 56.0}, {"id": "EDB-52542", "description": "[EXPLOIT-DB: local] Google Chrome  145.0.7632.75 - CSSFontFeatureValuesMap - Author: nu11secur1ty", "score": 10.0, "severity": "CRITICAL", "published": "2026-04-30T00:00:00.000Z", "lastModified": "2026-04-30T00:00:00.000Z", "source": "Exploit-DB", "source_url": "https://www.exploit-db.com/exploits/52542", "is_exploited": true, "epss": 0, "vendor": "GOOGLE", "mts_score": 56.0}, {"id": "EDB-52552", "description": "[EXPLOIT-DB: local] NocoBase  2.0.27 - VM Sandbox Escape - Author: onurcangencbilkent", "score": 10.0, "severity": "CRITICAL", "published": "2026-05-07T00:00:00.000Z", "lastModified": "2026-05-07T00:00:00.000Z", "source": "Exploit-DB", "source_url": "https://www.exploit-db.com/exploits/52552", "is_exploited": true, "epss": 0, "vendor": "Other", "mts_score": 56.0}, {"id": "EDB-52556", "description": "[EXPLOIT-DB: remote] telnetd 2.7 - Buffer Overflow - Author: jeffbarron", "score": 10.0, "severity": "CRITICAL", "published": "2026-05-07T00:00:00.000Z", "lastModified": "2026-05-07T00:00:00.000Z", "source": "Exploit-DB", "source_url": "https://www.exploit-db.com/exploits/52556", "is_exploited": true, "epss": 0, "vendor": "Other", "mts_score": 56.0}, {"id": "EDB-52553", "description": "[EXPLOIT-DB: webapps] Bludit CMS 3.18.4 -  RCE - Author: yahia", "score": 10.0, "severity": "CRITICAL", "published": "2026-05-07T00:00:00.000Z", "lastModified": "2026-05-07T00:00:00.000Z", "source": "Exploit-DB", "source_url": "https://www.exploit-db.com/exploits/52553", "is_exploited": true, "epss": 0, "vendor": "Other", "mts_score": 56.0}, {"id": "EDB-52538", "description": "[EXPLOIT-DB: webapps] BusyBox 1.37.0 - Path Traversal - Author: Calil Khalil", "score": 10.0, "severity": "CRITICAL", "published": "2026-04-30T00:00:00.000Z", "lastModified": "2026-04-30T00:00:00.000Z", "source": "Exploit-DB", "source_url": "https://www.exploit-db.com/exploits/52538", "is_exploited": true, "epss": 0, "vendor": "Other", "mts_score": 56.0}, {"id": "EDB-52531", "description": "[EXPLOIT-DB: webapps] Camaleon CMS  v2.9.0 - Path Traversal - Author: velampudisakshi", "score": 10.0, "severity": "CRITICAL", "published": "2026-04-30T00:00:00.000Z", "lastModified": "2026-04-30T00:00:00.000Z", "source": "Exploit-DB", "source_url": "https://www.exploit-db.com/exploits/52531", "is_exploited": true, "epss": 0, "vendor": "Other", "mts_score": 56.0}, {"id": "EDB-52530", "description": "[EXPLOIT-DB: webapps] Cybersecurity AI (CAI) Framework 0.5.10 - Command Injection - Author: banyamer", "score": 10.0, "severity": "CRITICAL", "published": "2026-04-30T00:00:00.000Z", "lastModified": "2026-04-30T00:00:00.000Z", "source": "Exploit-DB", "source_url": "https://www.exploit-db.com/exploits/52530", "is_exploited": true, "epss": 0, "vendor": "Other", "mts_score": 56.0}, {"id": "EDB-52528", "description": "[EXPLOIT-DB: webapps] deephas 1.0.7 - Prototype Pollution - Author: banyamer", "score": 10.0, "severity": "CRITICAL", "published": "2026-04-30T00:00:00.000Z", "lastModified": "2026-04-30T00:00:00.000Z", "source": "Exploit-DB", "source_url": "https://www.exploit-db.com/exploits/52528", "is_exploited": true, "epss": 0, "vendor": "Other", "mts_score": 56.0}, {"id": "EDB-52529", "description": "[EXPLOIT-DB: webapps] Erugo  0.2.14 - Remote Code Execution (RCE) - Author: abdulmoiz", "score": 10.0, "severity": "CRITICAL", "published": "2026-04-30T00:00:00.000Z", "lastModified": "2026-04-30T00:00:00.000Z", "source": "Exploit-DB", "source_url": "https://www.exploit-db.com/exploits/52529", "is_exploited": true, "epss": 0, "vendor": "Other", "mts_score": 56.0}, {"id": "EDB-52533", "description": "[EXPLOIT-DB: webapps] Frigate NVR 0.16.3 - Remote Code Execution - Author: jduardo2704", "score": 10.0, "severity": "CRITICAL", "published": "2026-04-30T00:00:00.000Z", "lastModified": "2026-04-30T00:00:00.000Z", "source": "Exploit-DB", "source_url": "https://www.exploit-db.com/exploits/52533", "is_exploited": true, "epss": 0, "vendor": "Other", "mts_score": 56.0}, {"id": "EDB-52544", "description": "[EXPLOIT-DB: webapps] FUXA 1.2.8 - Authentication Bypass + RCE Exploit - Author: joshua", "score": 10.0, "severity": "CRITICAL", "published": "2026-04-30T00:00:00.000Z", "lastModified": "2026-04-30T00:00:00.000Z", "source": "Exploit-DB", "source_url": "https://www.exploit-db.com/exploits/52544", "is_exploited": true, "epss": 0, "vendor": "Other", "mts_score": 56.0}, {"id": "EDB-52555", "description": "[EXPLOIT-DB: webapps] Ghost CMS 6.19.0 - SQLi - Author: Maksim Rogov", "score": 10.0, "severity": "CRITICAL", "published": "2026-05-07T00:00:00.000Z", "lastModified": "2026-05-07T00:00:00.000Z", "source": "Exploit-DB", "source_url": "https://www.exploit-db.com/exploits/52555", "is_exploited": true, "epss": 0, "vendor": "Other", "mts_score": 56.0}, {"id": "EDB-52539", "description": "[EXPLOIT-DB: webapps] HUSTOJ Zip-Slip v26.01.24 -  RCE - Author: Marshall Whittaker", "score": 10.0, "severity": "CRITICAL", "published": "2026-04-30T00:00:00.000Z", "lastModified": "2026-04-30T00:00:00.000Z", "source": "Exploit-DB", "source_url": "https://www.exploit-db.com/exploits/52539", "is_exploited": true, "epss": 0, "vendor": "Other", "mts_score": 56.0}, {"id": "EDB-52532", "description": "[EXPLOIT-DB: webapps] Js2Py 0.74 -  RCE - Author: alisunbul", "score": 10.0, "severity": "CRITICAL", "published": "2026-04-30T00:00:00.000Z", "lastModified": "2026-04-30T00:00:00.000Z", "source": "Exploit-DB", "source_url": "https://www.exploit-db.com/exploits/52532", "is_exploited": true, "epss": 0, "vendor": "Other", "mts_score": 56.0}, {"id": "EDB-52536", "description": "[EXPLOIT-DB: webapps] JUNG Smart Visu Server 1.1.1050 - Dos - Author: banyamer", "score": 10.0, "severity": "CRITICAL", "published": "2026-04-30T00:00:00.000Z", "lastModified": "2026-04-30T00:00:00.000Z", "source": "Exploit-DB", "source_url": "https://www.exploit-db.com/exploits/52536", "is_exploited": true, "epss": 0, "vendor": "Other", "mts_score": 56.0}, {"id": "EDB-52554", "description": "[EXPLOIT-DB: webapps] LuaJIT 2.1.1774638290 - Arbitrary Code Execution - Author: Taurus Omar", "score": 10.0, "severity": "CRITICAL", "published": "2026-05-07T00:00:00.000Z", "lastModified": "2026-05-07T00:00:00.000Z", "source": "Exploit-DB", "source_url": "https://www.exploit-db.com/exploits/52554", "is_exploited": true, "epss": 0, "vendor": "Other", "mts_score": 56.0}, {"id": "EDB-52547", "description": "[EXPLOIT-DB: webapps] MindsDB  25.9.1.1 - Path Traversal - Author: thewhiteh4t", "score": 10.0, "severity": "CRITICAL", "published": "2026-05-04T00:00:00.000Z", "lastModified": "2026-05-04T00:00:00.000Z", "source": "Exploit-DB", "source_url": "https://www.exploit-db.com/exploits/52547", "is_exploited": true, "epss": 0, "vendor": "Other", "mts_score": 56.0}, {"id": "EDB-52534", "description": "[EXPLOIT-DB: webapps] NiceGUI 3.6.1 - Path Traversal - Author: banyamer", "score": 10.0, "severity": "CRITICAL", "published": "2026-04-30T00:00:00.000Z", "lastModified": "2026-04-30T00:00:00.000Z", "source": "Exploit-DB", "source_url": "https://www.exploit-db.com/exploits/52534", "is_exploited": true, "epss": 0, "vendor": "Other", "mts_score": 56.0}, {"id": "EDB-52540", "description": "[EXPLOIT-DB: webapps] Repetier-Server 1.4.10 - Path Traversal - Author: banyamer", "score": 10.0, "severity": "CRITICAL", "published": "2026-04-30T00:00:00.000Z", "lastModified": "2026-04-30T00:00:00.000Z", "source": "Exploit-DB", "source_url": "https://www.exploit-db.com/exploits/52540", "is_exploited": true, "epss": 0, "vendor": "Other", "mts_score": 56.0}, {"id": "EDB-52535", "description": "[EXPLOIT-DB: webapps] SumatraPDF 3.5.2 - Remote Code Execution - Author: banyamer", "score": 10.0, "severity": "CRITICAL", "published": "2026-04-30T00:00:00.000Z", "lastModified": "2026-04-30T00:00:00.000Z", "source": "Exploit-DB", "source_url": "https://www.exploit-db.com/exploits/52535", "is_exploited": true, "epss": 0, "vendor": "Other", "mts_score": 56.0}, {"id": "EDB-52527", "description": "[EXPLOIT-DB: webapps] SUSE Manager 4.3.15 - Code Execution - Author: wjmaj98", "score": 10.0, "severity": "CRITICAL", "published": "2026-04-30T00:00:00.000Z", "lastModified": "2026-04-30T00:00:00.000Z", "source": "Exploit-DB", "source_url": "https://www.exploit-db.com/exploits/52527", "is_exploited": true, "epss": 0, "vendor": "Other", "mts_score": 56.0}, {"id": "EDB-52551", "description": "[EXPLOIT-DB: webapps] ThingsBoard IoT Platform 4.2.0 - Server-Side Request Forgery (SSRF) - Author: 9tamilmathi", "score": 10.0, "severity": "CRITICAL", "published": "2026-05-07T00:00:00.000Z", "lastModified": "2026-05-07T00:00:00.000Z", "source": "Exploit-DB", "source_url": "https://www.exploit-db.com/exploits/52551", "is_exploited": true, "epss": 0, "vendor": "Other", "mts_score": 56.0}, {"id": "EDB-52545", "description": "[EXPLOIT-DB: webapps] Traccar GPS Tracking System 6.11.1 - Cross-Site WebSocket Hijacking (CSWSH) - Author: hazar", "score": 10.0, "severity": "CRITICAL", "published": "2026-05-04T00:00:00.000Z", "lastModified": "2026-05-04T00:00:00.000Z", "source": "Exploit-DB", "source_url": "https://www.exploit-db.com/exploits/52545", "is_exploited": true, "epss": 0, "vendor": "Other", "mts_score": 56.0}, {"id": "EDB-52543", "description": "[EXPLOIT-DB: webapps] Python-Multipart 0.0.22 - Path Traversal - Author: jefersoncardoso.dev", "score": 10.0, "severity": "CRITICAL", "published": "2026-04-30T00:00:00.000Z", "lastModified": "2026-04-30T00:00:00.000Z", "source": "Exploit-DB", "source_url": "https://www.exploit-db.com/exploits/52543", "is_exploited": true, "epss": 0, "vendor": "Other", "mts_score": 56.0}, {"id": "EDB-52541", "description": "[EXPLOIT-DB: local] Windows 11 23H2 - Denial of Service (DoS) - Author: tryhardertryh", "score": 10.0, "severity": "CRITICAL", "published": "2026-04-30T00:00:00.000Z", "lastModified": "2026-04-30T00:00:00.000Z", "source": "Exploit-DB", "source_url": "https://www.exploit-db.com/exploits/52541", "is_exploited": true, "epss": 0, "vendor": "WINDOWS", "mts_score": 56.0}, {"id": "EDB-52546", "description": "[EXPLOIT-DB: local] Windows 11 24H2 - Local Privilege Escalation - Author: 3302509675", "score": 10.0, "severity": "CRITICAL", "published": "2026-05-04T00:00:00.000Z", "lastModified": "2026-05-04T00:00:00.000Z", "source": "Exploit-DB", "source_url": "https://www.exploit-db.com/exploits/52546", "is_exploited": true, "epss": 0, "vendor": "WINDOWS", "mts_score": 56.0}, {"id": "EDB-52537", "description": "[EXPLOIT-DB: local] Windows 11 25H2  - Heap Overflow - Author: nu11secur1ty", "score": 10.0, "severity": "CRITICAL", "published": "2026-04-30T00:00:00.000Z", "lastModified": "2026-04-30T00:00:00.000Z", "source": "Exploit-DB", "source_url": "https://www.exploit-db.com/exploits/52537", "is_exploited": true, "epss": 0, "vendor": "WINDOWS", "mts_score": 56.0}, {"id": "CVE-2026-0300", "description": "A buffer overflow vulnerability in the User-ID\u2122 Authentication Portal (aka Captive Portal) service of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets. \n\n...", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-06T19:16:35.730Z", "lastModified": "2026-05-12T18:47:21.360", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0300", "is_exploited": true, "epss": 0, "vendor": "Other", "mts_score": 55.2}, {"id": "CVE-2026-43997", "description": "vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, it is possible to obtain the host Object. There are various ways to use the host Object, to escape the sandbox, one example would be using HostObject.getOwnPropertySymbols to obtain Symbol(nodejs.util.inspect.custom). This vulnerability ...", "score": 10.0, "severity": "CRITICAL", "published": "2026-05-13T18:16:16.177Z", "lastModified": "2026-05-14T15:37:30.850", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43997", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 55.0}, {"id": "CVE-2026-44005", "description": "vm2 is an open source vm/sandbox for Node.js. From 3.9.6 to 3.10.5, vm2's bridge exposes mutable proxies for real host-realm intrinsic prototypes and then forwards sandbox writes into the underlying host objects with otherReflectSet() and otherReflectDefineProperty(), which lets attacker-controlled ...", "score": 10.0, "severity": "CRITICAL", "published": "2026-05-13T18:16:17.257Z", "lastModified": "2026-05-14T16:16:23.313", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44005", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 55.0}, {"id": "CVE-2026-44006", "description": "vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, It is possible to reach BaseHandler.getPrototypeOf, which can be used to get arbitrary prototypes. This vulnerability is fixed in 3.11.0.", "score": 10.0, "severity": "CRITICAL", "published": "2026-05-13T18:16:17.387Z", "lastModified": "2026-05-14T15:19:08.680", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44006", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 55.0}, {"id": "CVE-2026-44523", "description": "Note Mark is an open-source note-taking application. Prior to 0.19.4, no minimum length or entropy is enforced on the JWT_SECRET configuration value. The application accepts any base64-decodable secret regardless of size, including secrets as short as 1 byte. This vulnerability is fixed in 0.19.4.", "score": 10.0, "severity": "CRITICAL", "published": "2026-05-14T19:16:37.470Z", "lastModified": "2026-05-14T19:16:37.470", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44523", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 55.0}, {"id": "CVE-2026-41050", "description": "Fleet's Helm deployer did not fully apply ServiceAccount impersonation in two code paths, allowing a tenant with git push access to a Fleet-monitored repository to read secrets from any namespace on every downstream cluster targeted by their `GitRepo`.", "score": 9.9, "severity": "CRITICAL", "published": "2026-05-13T08:16:16.780Z", "lastModified": "2026-05-13T15:35:35.267", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41050", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 54.6}, {"id": "CVE-2026-43999", "description": "vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, NodeVM's builtin allowlist can be bypassed when the module builtin is allowed (including via the '*' wildcard). The module builtin exposes Node's Module._load(), which loads any module by name directly in the host context, completely byp...", "score": 9.9, "severity": "CRITICAL", "published": "2026-05-13T18:16:16.450Z", "lastModified": "2026-05-14T16:16:23.190", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43999", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 54.6}, {"id": "CVE-2026-44442", "description": "ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 16.9.1, certain endpoints failed to enforce proper authorization checks, allowing users to modify data beyond their permitted role. This vulnerability is fixed in 16.9.1.", "score": 9.9, "severity": "CRITICAL", "published": "2026-05-13T22:16:45.350Z", "lastModified": "2026-05-14T20:04:02.837", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44442", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 54.6}, {"id": "CVE-2026-32661", "description": "Stack-based buffer overflow vulnerability exists in GUARDIANWALL MailSuite and GUARDIANWALL Mail Security Cloud (SaaS version). If a remote attacker sends a specially crafted request to the product's web service, arbitrary code may be executed when the product is configured to run pop3wallpasswd wit...", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-13T06:16:14.253Z", "lastModified": "2026-05-13T15:47:10.327", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32661", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 54.2}, {"id": "CVE-2026-40621", "description": "ELECOM wireless LAN access point devices do not require authentication to access some specific URLs. The affected product may be operated without authentication.", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-13T13:16:42.750Z", "lastModified": "2026-05-13T15:47:10.327", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40621", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 54.2}, {"id": "CVE-2026-42062", "description": "ELECOM wireless LAN access point devices contain an OS command injection in processing of username parameter. If processing a crafted request, an arbitrary OS command may be executed. No authentication is required.", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-13T13:16:43.570Z", "lastModified": "2026-05-13T15:47:10.327", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42062", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 54.2}, {"id": "CVE-2020-37168", "description": "Ecommerce Systempay 1.0 contains a weak cryptographic implementation vulnerability that allows attackers to brute force the 16-character production secret key used for payment signature generation. Attackers can extract payment form data and signatures from POST requests to the payment endpoint, the...", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-13T16:16:31.720Z", "lastModified": "2026-05-13T17:07:21.030", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-37168", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 54.2}, {"id": "CVE-2026-44008", "description": "vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.2, the new method neutralizeArraySpeciesBatch works with objects from the other side but can call into this side via getter on the array prototype exposing objects of the wrong side into the sandbox. This can be used to get host objects and...", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-13T18:16:17.667Z", "lastModified": "2026-05-14T15:17:59.563", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44008", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 54.2}, {"id": "CVE-2026-44009", "description": "vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.2,  This vulnerability is fixed in 3.11.2.", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-13T18:16:17.803Z", "lastModified": "2026-05-14T15:17:22.300", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44009", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 54.2}, {"id": "CVE-2026-45411", "description": "vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.3, it is possible to catch a host exception using the yield* expression inside an async generator. When the generator is closed using the return function, the value is awaited on and exceptions thrown in the then call will be caught by the ...", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-13T18:16:19.427Z", "lastModified": "2026-05-14T18:19:40.790", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45411", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 54.2}, {"id": "CVE-2026-8500", "description": "Web::Passwd versions through 0.03 for Perl is vulnerable to RCE.\n\nWeb::Passwd is a small CGI application for managing htpasswd files using the htpasswd command.\n\nThe user parameter is not validated or escaped, and is used as the last argument on the command line, allowing for command injection.", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-13T23:16:43.237Z", "lastModified": "2026-05-14T18:16:51.490", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8500", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 54.2}, {"id": "CVE-2026-8181", "description": "The Burst Statistics \u2013 Privacy-Friendly WordPress Analytics (Google Analytics Alternative) plugin for WordPress is vulnerable to Authentication Bypass in versions 3.4.0 to 3.4.1.1. This is due to incorrect return-value handling in the `is_mainwp_authenticated()` function when validating application ...", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-14T06:16:25.990Z", "lastModified": "2026-05-14T14:28:41.283", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8181", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 54.2}, {"id": "CVE-2026-6271", "description": "The Career Section plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.7 via the CV upload handler. This is due to missing file type validation. This makes it possible for unauthenticated attackers to upload files that may be executable, which makes re...", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-14T07:16:20.650Z", "lastModified": "2026-05-14T14:28:41.283", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6271", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 54.2}, {"id": "CVE-2026-6510", "description": "The InfusedWoo Pro plugin for WordPress is vulnerable to privilege escalation via missing authorization in all versions up to, and including, 5.1.2. This is due to missing nonce verification and capability checks in the iwar_save_recipe() AJAX handler. This makes it possible for unauthenticated atta...", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-14T07:16:21.127Z", "lastModified": "2026-05-14T14:28:41.283", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6510", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 54.2}, {"id": "CVE-2025-11024", "description": "Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Akilli Commerce Software Technologies Ltd. Co. E-Commerce Website allows Blind SQL Injection.\n\nThis issue affects E-Commerce Website: before 4.5.001.", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-14T10:16:17.760Z", "lastModified": "2026-05-14T16:20:13.477", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11024", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 54.2}, {"id": "CVE-2026-2347", "description": "Authorization bypass through User-Controlled key vulnerability in Akilli Commerce Software Technologies Ltd. Co. E-Commerce Website allows Session Hijacking.\n\nThis issue affects E-Commerce Website: before 4.5.001.", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-14T10:16:19.203Z", "lastModified": "2026-05-14T16:20:13.477", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2347", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 54.2}, {"id": "CVE-2026-42589", "description": "Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, Gotenberg's /forms/pdfengines/metadata/write HTTP endpoint accepts a JSON metadata object and passes its keys directly to ExifTool via the go-exiftool library. No validation is performed on key characters. A \\n embedded in a...", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-14T16:16:21.867Z", "lastModified": "2026-05-14T20:17:05.023", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42589", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 54.2}, {"id": "CVE-2026-44482", "description": "soundcloud-rpc is a SoundCloud Client with Discord Rich Presence, Dark Mode, Last.fm and AdBlock support. Prior to 0.1.8, a track title containing an HTML payload executed locally in the Electron app. This means attacker-controlled SoundCloud track metadata can lead to local command execution on the...", "score": 9.6, "severity": "CRITICAL", "published": "2026-05-14T15:16:48.793Z", "lastModified": "2026-05-14T18:19:25.260", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44482", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 53.4}, {"id": "CVE-2026-41615", "description": "Exposure of sensitive information to an unauthorized actor in Microsoft Authenticator allows an unauthorized attacker to disclose information over a network.", "score": 9.6, "severity": "CRITICAL", "published": "2026-05-14T18:16:47.243Z", "lastModified": "2026-05-14T18:19:50.767", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41615", "is_exploited": false, "epss": 0, "vendor": "MICROSOFT", "mts_score": 53.4}, {"id": "CVE-2026-8511", "description": "Use after free in UI in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)", "score": 9.6, "severity": "CRITICAL", "published": "2026-05-14T20:17:11.707Z", "lastModified": "2026-05-14T21:19:23.923", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8511", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 53.4}, {"id": "CVE-2026-8580", "description": "Use after free in Mojo in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)", "score": 9.6, "severity": "CRITICAL", "published": "2026-05-14T20:17:20.367Z", "lastModified": "2026-05-14T21:19:23.923", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8580", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 53.4}, {"id": "CVE-2026-42596", "description": "Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, the default deny-lists used by Gotenberg's downloadFrom feature and webhook feature are bypassable. Because the filter is regex-based and case-sensitive, an unauthenticated attacker can supply URLs such as http://[::ffff:127...", "score": 9.4, "severity": "CRITICAL", "published": "2026-05-14T16:16:22.893Z", "lastModified": "2026-05-14T16:28:04.847", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42596", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 52.6}, {"id": "CVE-2026-44592", "description": "Gradient is a nix-based continuous integration system. In 1.1.0, when GRADIENT_DISCOVERABLE=true (the default, and the NixOS module default), anyone who can reach /proto can register as a worker without any credentials by sending a fresh, never-registered worker UUID. The resulting session has PeerA...", "score": 9.4, "severity": "CRITICAL", "published": "2026-05-14T19:16:38.147Z", "lastModified": "2026-05-14T19:16:38.147", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44592", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 52.6}, {"id": "CVE-2025-27851", "description": "The locally served web site on the Garmin WDU (v1 1.4.6 and v2 5.0) allows a cross-site origin WebSocket hijacking attack. Among other uses, the WDU utilizes WebSockets to control settings, including administrative settings. This allows a network attacker to take full control of a WDU. To initiate a...", "score": 9.3, "severity": "CRITICAL", "published": "2026-05-13T21:16:41.233Z", "lastModified": "2026-05-14T17:06:08.693", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27851", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 52.2}, {"id": "CVE-2026-44212", "description": "PrestaShop is an open source e-commerce web application. Prior to 8.2.6 and 9.1.1, there is a stored Cross-Site Scripting (XSS) vulnerability in the PrestaShop back-office Customer Service view. An unauthenticated attacker can submit the public Contact Us form with a malicious email address. The pay...", "score": 9.3, "severity": "CRITICAL", "published": "2026-05-14T21:16:46.540Z", "lastModified": "2026-05-14T21:16:46.540", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44212", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 52.2}, {"id": "CVE-2025-11159", "description": "Hitachi Vantara Pentaho Data Integration & Analytics of all versions contain a JDBC driver for H2 databases which is vulnerable to external script execution when a new connection is created by a\u00a0data source administrator.", "score": 9.1, "severity": "CRITICAL", "published": "2026-05-13T06:16:11.517Z", "lastModified": "2026-05-13T15:35:17.550", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11159", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 51.4}, {"id": "CVE-2026-41225", "description": "A vulnerability exists in iControl REST where a highly privileged, authenticated attacker with at least the Manager role can create configuration objects that allow running arbitrary commands.\n\n\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.", "score": 9.1, "severity": "CRITICAL", "published": "2026-05-13T16:16:44.777Z", "lastModified": "2026-05-13T16:27:11.127", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41225", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 51.4}, {"id": "CVE-2026-44007", "description": "vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.1, when a NodeVM is created with nesting: true, sandbox code can unconditionally require('vm2') regardless of the outer VM's require configuration \u2014 including require: false. With access to vm2, the sandbox constructs a new inner NodeVM wit...", "score": 9.1, "severity": "CRITICAL", "published": "2026-05-13T18:16:17.527Z", "lastModified": "2026-05-14T15:18:26.150", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44007", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 51.4}, {"id": "CVE-2026-44351", "description": "fast-jwt provides fast JSON Web Token (JWT) implementation. Prior to 6.2.4, a critical authentication-bypass vulnerability in fast-jwt's async key-resolver flow allows any unauthenticated attacker to forge arbitrary JWTs that are accepted as authentic. When the application's key resolver returns an ...", "score": 9.1, "severity": "CRITICAL", "published": "2026-05-13T20:16:22.860Z", "lastModified": "2026-05-14T19:16:37.050", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44351", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 51.4}, {"id": "CVE-2026-44377", "description": "CubeCart is an ecommerce software solution. Prior to 6.7.0, an Authenticated Server-Side Template Injection (SSTI) vulnerability exists in multiple modules of CubeCart (including Email Templates and Documents). The application unsafely evaluates user-supplied input directly through the Smarty templa...", "score": 9.1, "severity": "CRITICAL", "published": "2026-05-13T21:16:48.330Z", "lastModified": "2026-05-14T16:49:18.583", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44377", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 51.4}, {"id": "CVE-2026-45053", "description": "CubeCart is an ecommerce software solution. Prior to 6.7.0, an Authenticated Arbitrary File Upload vulnerability exists in the REST API File Manager endpoint (POST /api/v1/files) of CubeCart. The endpoint allows any holder of an API key with files:rw permission to upload PHP source files into the we...", "score": 9.1, "severity": "CRITICAL", "published": "2026-05-13T21:16:49.073Z", "lastModified": "2026-05-14T16:49:18.583", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45053", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 51.4}, {"id": "CVE-2026-45714", "description": "CubeCart is an ecommerce software solution. Prior to 6.7.0, an Authenticated Server-Side Template Injection (SSTI) vulnerability exists in multiple modules of CubeCart (including Email Templates, Invoices, Documents, and Contact Forms). The application unsafely evaluates user-supplied input using th...", "score": 9.1, "severity": "CRITICAL", "published": "2026-05-13T21:16:50.020Z", "lastModified": "2026-05-14T16:49:18.583", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45714", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 51.4}, {"id": "CVE-2026-44193", "description": "OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.7, the XMLRPC method opnsense.restore_config_section fails to sanitize user supplied input leading to Remote Code Execution. This vulnerability is fixed in 26.1.7.", "score": 9.1, "severity": "CRITICAL", "published": "2026-05-13T22:16:43.533Z", "lastModified": "2026-05-14T20:17:07.550", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44193", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 51.4}, {"id": "CVE-2026-44194", "description": "OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.8, an authenticated Remote Code Execution (RCE) vulnerability in the OPNsense core allows a user with user-management privileges to execute arbitrary system commands as root. An attacker can bypass input validation by formattin...", "score": 9.1, "severity": "CRITICAL", "published": "2026-05-13T22:16:43.673Z", "lastModified": "2026-05-14T18:12:13.527", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44194", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 51.4}, {"id": "CVE-2026-45158", "description": "OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.8, unsanitized user input is passed to the DHCP configuration of the configured interface, which is processed by a shell script, allowing remote code execution as root on the underlying operating system. This vulnerability is f...", "score": 9.1, "severity": "CRITICAL", "published": "2026-05-13T22:16:46.363Z", "lastModified": "2026-05-14T18:14:17.893", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45158", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 51.4}, {"id": "CVE-2026-6512", "description": "The InfusedWoo Pro plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.1.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to permanently delete arbit...", "score": 9.1, "severity": "CRITICAL", "published": "2026-05-14T09:16:27.883Z", "lastModified": "2026-05-14T14:28:41.283", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6512", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 51.4}, {"id": "CVE-2026-42555", "description": "Valtimo is an open-source business process automation platform. com.ritense.valtimo:document from 12.0.0 to before 12.32.0, com.ritense.valtimo:case from 13.0.0 to before 13.23.0, and com.ritense.valtimo:contract from 13.4.0 to before 13.23.0 evaluate Spring Expression Language (SpEL) expressions fr...", "score": 9.1, "severity": "CRITICAL", "published": "2026-05-14T17:16:21.907Z", "lastModified": "2026-05-14T18:13:33.660", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42555", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 51.4}, {"id": "CVE-2026-44542", "description": "FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to 1.3.1-stable and 1.3.9-beta, attacker-controlled path input is joined with a trusted base path prior to sanitization, allowing traversal sequences (e.g., ../) to escape the intended shared directory. As a result, an unauthe...", "score": 9.1, "severity": "CRITICAL", "published": "2026-05-14T18:16:50.157Z", "lastModified": "2026-05-14T18:26:39.827", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44542", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 51.4}, {"id": "CVE-2026-8634", "description": "Crabbox prior to v0.12.0 contains an environment variable exposure vulnerability that allows attackers with access to a malicious or compromised repository to forward local secrets such as API tokens, cloud credentials, and broker tokens into the remote command environment. Attackers can exploit ove...", "score": 9.1, "severity": "CRITICAL", "published": "2026-05-14T20:17:21.717Z", "lastModified": "2026-05-14T20:17:21.717", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8634", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 51.4}, {"id": "CVE-2026-42457", "description": "vCluster Platform provides a Kubernetes platform for managing virtual clusters, multi-tenancy, and cluster sharing. Prior to 4.4.3, 4.5.5, 4.6.2, 4.7.1, and 4.8.0, there is a Stored XSS attack vulnerability via the name field of a templateRef. This can lead to the execution of arbitrary external scr...", "score": 9.0, "severity": "CRITICAL", "published": "2026-05-14T15:16:46.500Z", "lastModified": "2026-05-14T17:19:49.973", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42457", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 51.0}, {"id": "CVE-2026-45375", "description": "SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, SiYuan's Bazaar (community marketplace) renders the name and version fields of a package's plugin.json (and the equivalent theme.json / template.json / widget.json / icon.json) into the Settings \u2192 Marketplace UI without H...", "score": 9.0, "severity": "CRITICAL", "published": "2026-05-14T19:16:39.030Z", "lastModified": "2026-05-14T21:22:56.313", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45375", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 51.0}, {"id": "CVE-2026-8053", "description": "An issue in MongoDB Server's time-series collection implementation allows an authenticated user with database write privileges to trigger an out-of-bounds memory write in the mongod process. The issue results from an inconsistency in the internal field-name-to-index mapping within the time-series bu...", "score": 8.8, "severity": "HIGH", "published": "2026-05-13T04:17:41.287Z", "lastModified": "2026-05-13T15:34:29.847", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8053", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 50.2}, {"id": "CVE-2026-3425", "description": "The RTMKit Addons for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.0.2 via the 'path' parameter of the 'get_content' AJAX action. This makes it possible for authenticated attackers, with Author-level access and above, to include and exe...", "score": 8.8, "severity": "HIGH", "published": "2026-05-13T13:16:41.090Z", "lastModified": "2026-05-13T14:43:46.717", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3425", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 50.2}, {"id": "CVE-2026-41957", "description": "An authenticated remote code execution vulnerability through undisclosed vectors exists in the BIG-IP and BIG-IQ Configuration utility.\n\n\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.", "score": 8.8, "severity": "HIGH", "published": "2026-05-13T16:16:45.867Z", "lastModified": "2026-05-13T16:27:11.127", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41957", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 50.2}, {"id": "CVE-2026-42266", "description": "jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. From 4.0.0 to 4.5.6, the allow-list of extensions that can be installed from PyPI Extension Manager (allowed_extensions_uris) is not correctly enforced by JupyterLab. The P...", "score": 8.8, "severity": "HIGH", "published": "2026-05-13T16:16:47.017Z", "lastModified": "2026-05-13T16:32:31.457", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42266", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 50.2}, {"id": "CVE-2026-44293", "description": "protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.5.6 and 8.0.2, protobufjs generated JavaScript for toObject conversion could include an unsafe expression derived from a schema-controlled bytes field default value. A crafted descriptor with a non-string default val...", "score": 8.8, "severity": "HIGH", "published": "2026-05-13T16:16:56.253Z", "lastModified": "2026-05-13T20:56:57.980", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44293", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 50.2}, {"id": "CVE-2026-6281", "description": "A potential vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow a remote authenticated user on the local network to execute arbitrary commands on the device.", "score": 8.8, "severity": "HIGH", "published": "2026-05-13T16:17:01.773Z", "lastModified": "2026-05-13T16:27:11.127", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6281", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 50.2}, {"id": "CVE-2026-42550", "description": "Flight is an extensible micro-framework for PHP. Prior to 3.18.1, SimplePdo::insert(), SimplePdo::update(), and SimplePdo::delete() build SQL statements by concatenating the $table argument and the keys of the $data array directly into the query, with no identifier quoting and no validation. When an...", "score": 8.8, "severity": "HIGH", "published": "2026-05-13T20:16:22.060Z", "lastModified": "2026-05-14T16:51:08.300", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42550", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 50.2}, {"id": "CVE-2026-45229", "description": "Quark Drive before 0.8.5 contains a mass assignment vulnerability in the POST /update endpoint that allows authenticated attackers to overwrite administrator credentials by posting an arbitrary webui object to the config_data dictionary. Attackers can exploit insufficient deny-list filtering to perm...", "score": 8.8, "severity": "HIGH", "published": "2026-05-13T21:16:49.733Z", "lastModified": "2026-05-14T16:24:56.240", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45229", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 50.2}, {"id": "CVE-2026-44446", "description": "ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.104.3 and 16.14.0, some endpoints were vulnerable to SQL injection through specially crafted requests, which would allow a malicious actor to extract sensitive information. This vulnerability is fixed in 15.104.3 and 16...", "score": 8.8, "severity": "HIGH", "published": "2026-05-13T22:16:45.637Z", "lastModified": "2026-05-14T20:01:40.860", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44446", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 50.2}, {"id": "CVE-2026-44447", "description": "ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 16.9.0, some endpoints were vulnerable to SQL injection through specially crafted requests, which would allow a malicious actor to extract sensitive information. This vulnerability is fixed in 16.9.0.", "score": 8.8, "severity": "HIGH", "published": "2026-05-13T22:16:45.780Z", "lastModified": "2026-05-14T19:41:12.147", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44447", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 50.2}, {"id": "CVE-2026-6506", "description": "The InfusedWoo Pro plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 5.1.2. This is due to the infusedwoo_gdpr_upddata() function missing authorization and capability checks, as well as lacking restrictions on which user meta keys can be updated. This m...", "score": 8.8, "severity": "HIGH", "published": "2026-05-14T07:16:20.817Z", "lastModified": "2026-05-14T14:28:41.283", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6506", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 50.2}, {"id": "CVE-2025-12008", "description": "Authorization bypass through User-Controlled key vulnerability in APPYAP Technology and Information Inc. Yaay Social Media App allows Accessing Functionality Not Properly Constrained by ACLs.\n\nThis issue affects Yaay Social Media App: from 3.8.0 through 24102025.", "score": 8.8, "severity": "HIGH", "published": "2026-05-14T13:16:16.133Z", "lastModified": "2026-05-14T16:20:13.477", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12008", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 50.2}, {"id": "CVE-2025-15025", "description": "Authorization bypass through User-Controlled key vulnerability in Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc. Library Automation System allows Exploitation of Trusted Identifiers.\n\nThis issue affects Library Automation System: from v.21.6 before ...", "score": 8.8, "severity": "HIGH", "published": "2026-05-14T14:16:15.640Z", "lastModified": "2026-05-14T16:20:13.477", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15025", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 50.2}, {"id": "CVE-2026-6473", "description": "Integer wraparound in multiple PostgreSQL server features allows an unprivileged database user to cause the server to undersize an allocation and write out-of-bounds.  This may execute arbitrary code as the operating system user running the database.  In applications that pass gigabyte-scale user in...", "score": 8.8, "severity": "HIGH", "published": "2026-05-14T14:16:24.883Z", "lastModified": "2026-05-14T16:21:23.190", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6473", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 50.2}, {"id": "CVE-2026-6475", "description": "Symlink following in PostgreSQL pg_basebackup plain format and in pg_rewind allows an origin superuser to overwrite local files, e.g. /var/lib/postgres/.bashrc, that hijack the operating system account.  It will remain the case that starting the server after these commands implicitly trusts the orig...", "score": 8.8, "severity": "HIGH", "published": "2026-05-14T14:16:25.113Z", "lastModified": "2026-05-14T16:21:23.190", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6475", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 50.2}, {"id": "CVE-2026-6477", "description": "Use of inherently dangerous function PQfn(..., result_is_int=0, ...) in PostgreSQL libpq lo_export(), lo_read(), lo_lseek64(), and lo_tell64() functions allows the server superuser to overwrite a client stack buffer with an arbitrarily-large response.  Like gets(), PQfn(..., result_is_int=0, ...) st...", "score": 8.8, "severity": "HIGH", "published": "2026-05-14T14:16:25.347Z", "lastModified": "2026-05-14T16:21:23.190", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6477", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 50.2}, {"id": "CVE-2026-6637", "description": "Stack buffer overflow in PostgreSQL module \"refint\" allows an unprivileged database user to execute arbitrary code as the operating system user running the database.  A distinct attack is possible if the application declares a user-controlled column as a \"refint\" cascade primary key and facilitates ...", "score": 8.8, "severity": "HIGH", "published": "2026-05-14T14:16:25.820Z", "lastModified": "2026-05-14T16:21:23.190", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6637", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 50.2}, {"id": "CVE-2026-42559", "description": "RMCP is an official Rust SDK for the Model Context Protocol. Prior to version 1.4.0, the rmcp crate's Streamable HTTP server transport (crates/rmcp/src/transport/streamable_http_server/) did not validate the incoming Host header. This allowed a malicious public website, via a DNS rebinding attack, t...", "score": 8.8, "severity": "HIGH", "published": "2026-05-14T15:16:46.750Z", "lastModified": "2026-05-14T17:19:49.973", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42559", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 50.2}, {"id": "CVE-2026-44513", "description": "Diffusers is the a library for  pretrained diffusion models. Prior to 0.38.0, a trust_remote_code bypass in DiffusionPipeline.from_pretrained allows arbitrary remote code execution despite the user passing trust_remote_code=False (or omitting it, which is the default). The vulnerability has three va...", "score": 8.8, "severity": "HIGH", "published": "2026-05-14T17:16:22.903Z", "lastModified": "2026-05-14T18:30:57.103", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44513", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 50.2}, {"id": "CVE-2026-44827", "description": "Diffusers is the a library for  pretrained diffusion models. Prior to 0.38.0, diffusers 0.37.0 allows remote code execution without the trust_remote_code=True safeguard when loading pipelines from Hugging Face Hub repositories. The _resolve_custom_pipeline_and_cls function in pipeline_loading_utils....", "score": 8.8, "severity": "HIGH", "published": "2026-05-14T17:16:23.500Z", "lastModified": "2026-05-14T18:30:57.103", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44827", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 50.2}, {"id": "CVE-2025-15023", "description": "Incorrect Authorization vulnerability in Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc. Library Automation System allows Exploiting Incorrectly Configured Access Control Security Levels.\n\nThis issue affects Library Automation System: from v.19.5 bef...", "score": 8.8, "severity": "HIGH", "published": "2026-05-14T18:16:34.527Z", "lastModified": "2026-05-14T18:19:37.060", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15023", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 50.2}, {"id": "CVE-2025-15024", "description": "Improper Control of Generation of Code ('Code Injection') vulnerability in Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc. Library Automation System allows Remote Code Inclusion.\n\nThis issue affects Library Automation System: from v.19.5 before v.22....", "score": 8.8, "severity": "HIGH", "published": "2026-05-14T18:16:35.063Z", "lastModified": "2026-05-14T18:19:37.060", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15024", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 50.2}, {"id": "CVE-2026-8621", "description": "Crabbox prior to v0.12.0 contains an authentication bypass vulnerability that allows non-admin shared-token callers to impersonate other owners or organizations by spoofing identity headers. Attackers can inject malicious X-Crabbox-Owner and X-Crabbox-Org headers in requests authenticated with a sha...", "score": 8.8, "severity": "HIGH", "published": "2026-05-14T19:16:39.517Z", "lastModified": "2026-05-14T19:16:39.517", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8621", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 50.2}, {"id": "CVE-2026-43908", "description": "OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, a signed 32-bit integer overflow in the pixel-loop index expression i * 3 inside ConvertCbYCrYToRGB() causes the function to compute a lar...", "score": 8.8, "severity": "HIGH", "published": "2026-05-14T20:17:06.920Z", "lastModified": "2026-05-14T21:21:10.620", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43908", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 50.2}, {"id": "CVE-2026-43909", "description": "OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, a signed 32-bit integer overflow in the loop index expression i * 4 inside SwapRGBABytes() causes the function to compute a large negative...", "score": 8.8, "severity": "HIGH", "published": "2026-05-14T20:17:07.063Z", "lastModified": "2026-05-14T21:21:10.620", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43909", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 50.2}, {"id": "CVE-2026-8509", "description": "Heap buffer overflow in WebML in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Critical)", "score": 8.8, "severity": "HIGH", "published": "2026-05-14T20:17:11.440Z", "lastModified": "2026-05-14T21:19:23.923", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8509", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 50.2}, {"id": "CVE-2026-8517", "description": "Object lifecycle issue in WebShare in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)", "score": 8.8, "severity": "HIGH", "published": "2026-05-14T20:17:12.453Z", "lastModified": "2026-05-14T21:19:23.923", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8517", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 50.2}, {"id": "CVE-2026-8518", "description": "Use after free in Blink in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Critical)", "score": 8.8, "severity": "HIGH", "published": "2026-05-14T20:17:12.550Z", "lastModified": "2026-05-14T21:19:23.923", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8518", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 50.2}, {"id": "CVE-2026-8519", "description": "Integer overflow in ANGLE in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)", "score": 8.8, "severity": "HIGH", "published": "2026-05-14T20:17:12.663Z", "lastModified": "2026-05-14T22:16:46.123", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8519", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 50.2}, {"id": "CVE-2026-8522", "description": "Use after free in Downloads in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)", "score": 8.8, "severity": "HIGH", "published": "2026-05-14T20:17:12.973Z", "lastModified": "2026-05-14T21:19:23.923", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8522", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 50.2}, {"id": "CVE-2026-8524", "description": "Out of bounds write in WebAudio in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)", "score": 8.8, "severity": "HIGH", "published": "2026-05-14T20:17:13.180Z", "lastModified": "2026-05-14T22:16:46.550", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8524", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 50.2}, {"id": "CVE-2026-8526", "description": "Out of bounds write in WebRTC in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)", "score": 8.8, "severity": "HIGH", "published": "2026-05-14T20:17:13.407Z", "lastModified": "2026-05-14T22:16:46.837", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8526", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 50.2}, {"id": "CVE-2026-8527", "description": "Insufficient validation of untrusted input in Downloads in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)", "score": 8.8, "severity": "HIGH", "published": "2026-05-14T20:17:13.507Z", "lastModified": "2026-05-14T22:16:46.997", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8527", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 50.2}, {"id": "CVE-2026-8529", "description": "Heap buffer overflow in Codecs in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted video file. (Chromium security severity: High)", "score": 8.8, "severity": "HIGH", "published": "2026-05-14T20:17:13.720Z", "lastModified": "2026-05-14T21:19:23.923", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8529", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 50.2}, {"id": "CVE-2026-8531", "description": "Heap buffer overflow in WebML in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)", "score": 8.8, "severity": "HIGH", "published": "2026-05-14T20:17:13.930Z", "lastModified": "2026-05-14T22:16:47.267", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8531", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 50.2}, {"id": "CVE-2026-8532", "description": "Integer overflow in XML in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)", "score": 8.8, "severity": "HIGH", "published": "2026-05-14T20:17:14.030Z", "lastModified": "2026-05-14T21:19:23.923", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8532", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 50.2}, {"id": "CVE-2026-8540", "description": "Type Confusion in V8 in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)", "score": 8.8, "severity": "HIGH", "published": "2026-05-14T20:17:14.860Z", "lastModified": "2026-05-14T21:19:23.923", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8540", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 50.2}, {"id": "CVE-2026-8544", "description": "Use after free in Media in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)", "score": 8.8, "severity": "HIGH", "published": "2026-05-14T20:17:15.270Z", "lastModified": "2026-05-14T21:19:23.923", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8544", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 50.2}, {"id": "CVE-2026-8549", "description": "Use after free in Media in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)", "score": 8.8, "severity": "HIGH", "published": "2026-05-14T20:17:15.807Z", "lastModified": "2026-05-14T21:19:23.923", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8549", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 50.2}, {"id": "CVE-2026-8551", "description": "Use after free in Downloads in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)", "score": 8.8, "severity": "HIGH", "published": "2026-05-14T20:17:16.163Z", "lastModified": "2026-05-14T21:19:23.923", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8551", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 50.2}, {"id": "CVE-2026-8555", "description": "Use after free in GTK in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)", "score": 8.8, "severity": "HIGH", "published": "2026-05-14T20:17:17.000Z", "lastModified": "2026-05-14T21:19:23.923", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8555", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 50.2}, {"id": "CVE-2026-8558", "description": "Out of bounds write in Fonts in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)", "score": 8.8, "severity": "HIGH", "published": "2026-05-14T20:17:17.773Z", "lastModified": "2026-05-14T22:16:49.270", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8558", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 50.2}, {"id": "CVE-2026-8577", "description": "Integer overflow in Fonts in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)", "score": 8.8, "severity": "HIGH", "published": "2026-05-14T20:17:20.063Z", "lastModified": "2026-05-14T21:19:23.923", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8577", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 50.2}, {"id": "CVE-2026-8581", "description": "Use after free in GPU in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)", "score": 8.8, "severity": "HIGH", "published": "2026-05-14T20:17:20.470Z", "lastModified": "2026-05-14T21:19:23.923", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8581", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 50.2}, {"id": "CVE-2026-8587", "description": "Use after free in Extensions in Google Chrome on Mac prior to 148.0.7778.168 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium security severity: Medium)", "score": 8.8, "severity": "HIGH", "published": "2026-05-14T20:17:21.083Z", "lastModified": "2026-05-14T21:19:23.923", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8587", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 50.2}, {"id": "CVE-2026-41265", "description": "[ZDI] ZDI-26-307: FlowiseAI Flowise Airtable_Agent Code Injection Remote Code Execution Vulnerability | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Flowise. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rat...", "score": 8.5, "severity": "HIGH", "published": "2026-05-01T12:00:00.000Z", "lastModified": "2026-05-01T12:00:00.000Z", "source": "ZDI", "source_url": "http://www.zerodayinitiative.com/advisories/ZDI-26-307/", "is_exploited": true, "epss": 0, "vendor": "Other", "mts_score": 50.0}, {"id": "CVE-2026-44643", "description": "Angular Expressions provides expressions for the Angular.JS web framework as a standalone module. Prior to 1.5.2, an attacker can write a malicious expression using filters that escapes the sandbox to execute arbitrary code on the system. This vulnerability is fixed in 1.5.2.", "score": 10.0, "severity": "CRITICAL", "published": "2026-05-11T16:17:36.143Z", "lastModified": "2026-05-13T14:54:54.340", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44643", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 50.0}, {"id": "CVE-2026-42869", "description": "SOCFortress CoPilot focuses on providing a single pane of glass for all your security operations needs. Prior to 0.1.57, SOCFortress CoPilot ships a hardcoded JWT signing secret as a fallback value in backend/app/auth/utils.py:28 and ships it verbatim in .env.example. Any deployment where JWT_SECRET...", "score": 10.0, "severity": "CRITICAL", "published": "2026-05-11T20:25:43.347Z", "lastModified": "2026-05-13T18:31:17.630", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42869", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 50.0}, {"id": "CVE-2026-42288", "description": "ChurchCRM is an open-source church management system. Prior to 7.3.2, The fix for CVE-2026-39337 is incomplete. The pre-authentication remote code execution vulnerability in ChurchCRM's setup wizard via unsanitized DB_PASSWORD remains fully exploitable This vulnerability is fixed in 7.3.2.", "score": 10.0, "severity": "CRITICAL", "published": "2026-05-12T23:16:17.600Z", "lastModified": "2026-05-13T16:10:57.817", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42288", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 50.0}, {"id": "CVE-2026-32643", "description": "A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Certificate Manager role can modify configuration objects that allow running arbitrary commands.\u00a0 Note: Software versions which have reached End of Technical Support (EoTS) are not...", "score": 8.7, "severity": "HIGH", "published": "2026-05-13T16:16:39.213Z", "lastModified": "2026-05-13T16:27:11.127", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32643", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 49.8}, {"id": "CVE-2026-32673", "description": "A vulnerability exists in BIG-IP scripted monitors that may allow an authenticated attacker with the Resource Administrator or Administrator role to execute arbitrary system commands with higher privileges. In appliance mode deployments, a successful exploit can allow the attacker to cross a securit...", "score": 8.7, "severity": "HIGH", "published": "2026-05-13T16:16:39.380Z", "lastModified": "2026-05-13T16:27:11.127", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32673", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 49.8}, {"id": "CVE-2026-34176", "description": "When running in Appliance mode, an authenticated remote command injection vulnerability exists in an undisclosed iControl REST endpoint. A successful exploit can allow the attacker to cross a security boundary.\u00a0\u00a0\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not eva...", "score": 8.7, "severity": "HIGH", "published": "2026-05-13T16:16:39.813Z", "lastModified": "2026-05-13T16:27:11.127", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34176", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 49.8}, {"id": "CVE-2026-40061", "description": "When BIG-IP DNS is provisioned, a vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS Shell (tmsh) command that may allow an authenticated attacker with the Resource Administrator or Administrator role to execute arbitrary system commands with higher privileges. In Appliance mode de...", "score": 8.7, "severity": "HIGH", "published": "2026-05-13T16:16:42.283Z", "lastModified": "2026-05-13T16:27:11.127", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40061", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 49.8}, {"id": "CVE-2026-40631", "description": "An authenticated attacker with the Resource Administrator or Administrator role can modify configuration objects through iControl SOAP resulting in privilege escalation.\u00a0 Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.", "score": 8.7, "severity": "HIGH", "published": "2026-05-13T16:16:43.417Z", "lastModified": "2026-05-13T16:27:11.127", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40631", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 49.8}, {"id": "CVE-2026-40698", "description": "A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Resource Administrator role can create SNMP configuration objects through iControl REST or the TMOS shell (tmsh) resulting in privilege escalation.\u00a0 Note: Software versions which h...", "score": 8.7, "severity": "HIGH", "published": "2026-05-13T16:16:43.593Z", "lastModified": "2026-05-13T16:27:11.127", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40698", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 49.8}, {"id": "CVE-2026-41953", "description": "A vulnerability exists in BIG-IP systems where a highly privileged, authenticated attacker with at least the Resource Administrator role can modify configuration objects resulting in privilege escalation.\u00a0\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.", "score": 8.7, "severity": "HIGH", "published": "2026-05-13T16:16:45.473Z", "lastModified": "2026-05-13T16:27:11.127", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41953", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 49.8}, {"id": "CVE-2026-42406", "description": "A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Certificate Manager role can modify configuration objects that allow running arbitrary commands.\u00a0 \u00a0 \u00a0Note: Software versions which have reached End of Technical Support (EoTS) are ...", "score": 8.7, "severity": "HIGH", "published": "2026-05-13T16:16:47.517Z", "lastModified": "2026-05-13T16:27:11.127", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42406", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 49.8}, {"id": "CVE-2026-42924", "description": "An authenticated attacker with the Resource Administrator or Administrator role can create SNMP configuration objects through iControl SOAP resulting in privilege escalation.\u00a0 Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.", "score": 8.7, "severity": "HIGH", "published": "2026-05-13T16:16:49.517Z", "lastModified": "2026-05-13T16:27:11.127", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42924", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 49.8}, {"id": "CVE-2026-42930", "description": "When running in Appliance mode, an authenticated attacker assigned the 'Administrator' role may be able to bypass Appliance mode restrictions on a BIG-IP system.\n\n\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.", "score": 8.7, "severity": "HIGH", "published": "2026-05-13T16:16:49.777Z", "lastModified": "2026-05-13T16:27:11.127", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42930", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 49.8}, {"id": "CVE-2026-44295", "description": "protobufjs-cli is the command line add-on for protobuf.js. Prior to 1.2.1 and 2.0.2, pbjs static code generation could emit unsafe JavaScript identifiers derived from schema-controlled names. When generating static JavaScript from a crafted schema or JSON descriptor, certain namespace, enum, service...", "score": 8.7, "severity": "HIGH", "published": "2026-05-13T16:16:56.507Z", "lastModified": "2026-05-13T17:01:38.423", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44295", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 49.8}, {"id": "CVE-2026-33583", "description": "Exposure of the QKEY (used as \ninput into the \u2018OTA-Quantum\u2019 device registration process) and internal \nsystem keys via an unauthenticated and unencrypted HTTP GET method in the Arqit Symmetric Key Agreement Platform.\n\nThis issue affects Symmetric Key Agreement Platform: before 26.03.", "score": 8.7, "severity": "HIGH", "published": "2026-05-13T19:17:06.873Z", "lastModified": "2026-05-14T17:07:07.030", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33583", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 49.8}, {"id": "CVE-2026-6073", "description": "GitLab has remediated an issue in GitLab EE affecting all versions from 18.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to execute arbitrary JavaScript in other users' browsers due to improper input sanitization.", "score": 8.7, "severity": "HIGH", "published": "2026-05-14T06:16:24.503Z", "lastModified": "2026-05-14T16:20:43.240", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6073", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 49.8}, {"id": "CVE-2026-7377", "description": "GitLab has remediated an issue in GitLab EE affecting all versions from 18.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that, in customizable analytics dashboards, could have allowed an authenticated user to execute arbitrary JavaScript in the context of other users' browsers due ...", "score": 8.7, "severity": "HIGH", "published": "2026-05-14T06:16:25.267Z", "lastModified": "2026-05-14T16:20:43.240", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7377", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 49.8}, {"id": "CVE-2026-7481", "description": "GitLab has remediated an issue in GitLab EE affecting all versions from 16.4 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with developer-role permissions to execute arbitrary JavaScript in other users' browsers due to improper input sani...", "score": 8.7, "severity": "HIGH", "published": "2026-05-14T06:16:25.660Z", "lastModified": "2026-05-14T18:50:42.700", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7481", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 49.8}, {"id": "CVE-2026-7813", "description": "Authorization vulnerability in pgAdmin 4 server mode affecting Server Groups, Servers, Shared Servers, Background Processes, and Debugger modules.\n\nMultiple endpoints fetched user-owned objects without filtering by the requesting user's identity. An authenticated user could access another user's pri...", "score": 9.9, "severity": "CRITICAL", "published": "2026-05-11T16:17:37.470Z", "lastModified": "2026-05-13T15:34:13.237", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7813", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 49.6}, {"id": "CVE-2026-42864", "description": "FireFighter is an incident management application. Prior to 0.0.54, the POST /api/v2/firefighter/raid/jira_bot endpoint (CreateJiraBotView) is reachable without authentication (permission_classes = [permissions.AllowAny]). Its attachments payload is fetched server-side via httpx.get() with no URL va...", "score": 9.9, "severity": "CRITICAL", "published": "2026-05-11T19:16:24.417Z", "lastModified": "2026-05-13T17:24:36.160", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42864", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 49.6}, {"id": "CVE-2026-42823", "description": "Improper access control in Azure Logic Apps allows an authorized attacker to elevate privileges over a network.", "score": 9.9, "severity": "CRITICAL", "published": "2026-05-12T18:17:25.170Z", "lastModified": "2026-05-14T14:25:49.913", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42823", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 49.6}, {"id": "CVE-2026-42898", "description": "Improper control of generation of code ('code injection') in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network.", "score": 9.9, "severity": "CRITICAL", "published": "2026-05-12T18:17:26.610Z", "lastModified": "2026-05-14T14:31:46.783", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42898", "is_exploited": false, "epss": 0, "vendor": "MICROSOFT", "mts_score": 49.6}, {"id": "CVE-2026-43948", "description": "wger is a free, open-source workout and fitness manager. Prior to 2.6, the reset_user_password and gym_permissions_user_edit views in wger perform a gym-scope authorization check using Python object comparison (!=) that evaluates None != None as False, silently bypassing the guard when both the atta...", "score": 9.9, "severity": "CRITICAL", "published": "2026-05-12T22:16:35.197Z", "lastModified": "2026-05-13T16:16:53.397", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43948", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 49.6}, {"id": "CVE-2026-44001", "description": "vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, a sandbox escape vulnerability in vm2 v3.10.5 allows any sandboxed code to crash the host Node.js process via a single Promise constructor that triggers an unhandled rejection propagating to the host. The fix for CVE-2026-22709 (v3.10.2)...", "score": 8.6, "severity": "HIGH", "published": "2026-05-13T18:16:16.720Z", "lastModified": "2026-05-14T15:23:48.470", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44001", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 49.4}, {"id": "CVE-2026-44578", "description": "Next.js is a React framework for building full-stack web applications. From 13.4.13 to before 15.5.16 and 16.2.5, self-hosted applications using the built-in Node.js server can be vulnerable to server-side request forgery through crafted WebSocket upgrade requests. An attacker can cause the server t...", "score": 8.6, "severity": "HIGH", "published": "2026-05-13T18:16:17.990Z", "lastModified": "2026-05-14T18:34:38.530", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44578", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 49.4}, {"id": "CVE-2026-29205", "description": "Incorrect privileges management and insufficient path filtering allow to read arbitrary file on the server via the cpdavd attachment download endpoints.", "score": 8.6, "severity": "HIGH", "published": "2026-05-13T22:16:42.817Z", "lastModified": "2026-05-14T18:30:57.103", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29205", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 49.4}, {"id": "CVE-2026-42595", "description": "Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, Gotenberg's Chromium URL-to-PDF endpoint (/forms/chromium/convert/url) has no default protection against HTTP/HTTPS-based SSRF. The default deny-list regex only blocks file:// URIs. An unauthenticated attacker can point Chro...", "score": 8.6, "severity": "HIGH", "published": "2026-05-14T16:16:22.753Z", "lastModified": "2026-05-14T20:17:05.283", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42595", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 49.4}, {"id": "CVE-2026-20224", "description": "A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, remote attacker to read arbitrary files that are stored in an affected system. The attacker does not need to have valid user credentials.\r\n\r\nThis vulnerability is due to improper ...", "score": 8.6, "severity": "HIGH", "published": "2026-05-14T17:16:20.353Z", "lastModified": "2026-05-14T17:19:57.600", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20224", "is_exploited": false, "epss": 0, "vendor": "CISCO", "mts_score": 49.4}, {"id": "CVE-2026-40636", "description": "Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0,\u00a0contains a use of hard-coded credentials vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to filesystem access for attacker.", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-11T10:16:13.623Z", "lastModified": "2026-05-12T17:19:01.577", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40636", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 49.2}, {"id": "CVE-2026-38567", "description": "HireFlow v1.2 is vulnerable to SQL injection in the /login and /search endpoints. User-supplied input is concatenated directly into SQL queries without parameterization. An unauthenticated attacker can bypass authentication by supplying a crafted username (e.g. admin'--) or extract the full contents...", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-11T18:16:32.857Z", "lastModified": "2026-05-12T15:06:07.407", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-38567", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 49.2}, {"id": "CVE-2025-6577", "description": "Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Akilli Commerce Software Technologies Ltd. Co. E-Commerce Website allows SQL Injection.\n\nThis issue affects E-Commerce Website: before 4.5.001.", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-12T10:16:43.647Z", "lastModified": "2026-05-12T16:47:58.570", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6577", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 49.2}, {"id": "CVE-2026-8401", "description": "Sandbox escape in the Profile Backup component. This vulnerability was fixed in Firefox 150.0.3.", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-12T15:16:20.100Z", "lastModified": "2026-05-14T20:17:11.273", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8401", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 49.2}, {"id": "CVE-2026-31214", "description": "The torch-checkpoint-shrink.py script in the ml-engineering project in commit 0099885db36a8f06556efe1faf552518852cb1e0 (2025-20-27) contains an insecure deserialization vulnerability (CWE-502). The script uses torch.load() to process PyTorch checkpoint files (.pt) without enabling the security-restr...", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-12T16:16:13.270Z", "lastModified": "2026-05-13T15:51:52.177", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31214", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 49.2}, {"id": "CVE-2026-31217", "description": "The _load_model() function in the neural_magic_training.py script of the optimate project in commit a6d302f912b481c94370811af6b11402f51d377f (2024-07-21) allows arbitrary code execution. When a user supplies a directory path via the --model command-line argument, the function reads a module.py file ...", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-12T16:16:13.600Z", "lastModified": "2026-05-13T15:52:25.637", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31217", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 49.2}, {"id": "CVE-2026-31226", "description": "The TinyZero project thru commit 6652a63c57fa7e5ccde3fc9c598c7176ff15b839 (2025-58-24) contains a critical command injection vulnerability (CWE-78) in its HDFS file operation utilities. The vulnerability arises from the unsafe construction and execution of shell commands via os.system() without prop...", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-12T16:16:14.530Z", "lastModified": "2026-05-13T15:52:25.637", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31226", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 49.2}, {"id": "CVE-2026-31228", "description": "The Adversarial Robustness Toolbox (ART) thru 1.20.1 contains a remote code execution vulnerability in its Kubeflow component. The robustness evaluation function for PyTorch models uses the unsafe eval() function to dynamically evaluate user-supplied strings for the LossFn and Optimizer parameters w...", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-12T16:16:14.633Z", "lastModified": "2026-05-13T15:52:25.637", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31228", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 49.2}, {"id": "CVE-2026-34187", "description": "Improper Neutralization of Special Elements used in an SQL Command vulnerability allows SQL Injection via graph container parameter. This issue affects Pandora FMS: from 777 through 800", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-12T16:16:14.800Z", "lastModified": "2026-05-14T13:05:09.280", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34187", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 49.2}, {"id": "CVE-2026-41293", "description": "Improper Input Validation vulnerability in Apache Tomcat.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 10.0.0-M1 through 10.0.27.\nOlder, end of support versions may also be affected.\n\nUsers are recommended to u...", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-12T16:16:17.553Z", "lastModified": "2026-05-14T20:17:04.243", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41293", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 49.2}, {"id": "CVE-2026-43512", "description": "DEPRECATED: Authentication Bypass Issues vulnerability in digest authentication in Apache Tomcat.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 8.5.0 through 8.5.100, from before 7.0.0.\nOlder unsupported version...", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-12T16:16:17.990Z", "lastModified": "2026-05-14T20:17:05.560", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43512", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 49.2}, {"id": "CVE-2025-65719", "description": "An issue in Open Source Kubectl MCP Server v1.1.1 allows attackers to execute arbitrary code on a victim system via user interaction with a crafted HTML page.", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-12T17:16:15.140Z", "lastModified": "2026-05-13T16:16:36.050", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65719", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 49.2}, {"id": "CVE-2026-43992", "description": "JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, every MCP write tool (send_tokens, execute_contract, instantiate_contract, upload_wasm, ibc_transfer, etc.) accepted 'mnemonic: string' as an explicit tool-call parameter. The BIP-39 seed was consequently embedded i...", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-12T17:16:21.240Z", "lastModified": "2026-05-13T17:00:37.097", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43992", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 49.2}, {"id": "CVE-2026-26083", "description": "A missing authorization vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.1, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox Cloud 5.0.2 through 5.0.5, FortiSandbox PaaS 23.4 all versions, FortiSandbox PaaS 23.3 all versions, FortiSandbox PaaS 23.1 all versions, FortiSandbox PaaS 22.2 all vers...", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-12T18:16:39.817Z", "lastModified": "2026-05-12T18:57:02.307", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26083", "is_exploited": false, "epss": 0, "vendor": "FORTINET", "mts_score": 49.2}, {"id": "CVE-2026-31229", "description": "The Adversarial Robustness Toolbox (ART) thru 1.20.1 contains an insecure deserialization vulnerability (CWE-502) in its Kubeflow component's model loading functionality. When loading model weights from a file (e.g., model.pt) during robustness evaluation, the code uses torch.load() without the secu...", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-12T18:16:51.160Z", "lastModified": "2026-05-13T16:16:38.880", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31229", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 49.2}, {"id": "CVE-2026-31230", "description": "The Adversarial Robustness Toolbox (ART) thru 1.20.1 contains a command-line argument injection vulnerability in its Kubeflow component (robustness_evaluation_fgsm_pytorch.py). The script uses the unsafe eval() function to parse string values provided via the --clip_values and --input_shape command-...", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-12T18:16:51.277Z", "lastModified": "2026-05-13T16:16:39.053", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31230", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 49.2}, {"id": "CVE-2026-31233", "description": "Guardrails AI thru 0.6.7 contains a code injection vulnerability (CWE-94) in its Hub package installation mechanism. When installing validator packages via guardrails hub install, the system retrieves a manifest from the Guardrails Hub and dynamically executes a script specified in the post_install ...", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-12T18:16:51.627Z", "lastModified": "2026-05-14T20:17:02.600", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31233", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 49.2}, {"id": "CVE-2026-31234", "description": "Horovod thru 0.28.1 contains an insecure deserialization vulnerability (CWE-502) in its KVStore HTTP server component. The KVStore server, used for distributed task coordination, lacks authentication and authorization controls, allowing any remote attacker to write arbitrary data via HTTP PUT reques...", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-12T18:16:51.743Z", "lastModified": "2026-05-14T20:17:02.770", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31234", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 49.2}, {"id": "CVE-2026-31235", "description": "The imgaug library thru 0.4.0 contains an insecure deserialization vulnerability in its BackgroundAugmenter class within the multicore.py module. The class uses Python's pickle module to deserialize data received via a multiprocessing queue in the _augment_images_worker() method without any safety c...", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-12T18:16:51.860Z", "lastModified": "2026-05-14T20:17:02.937", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31235", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 49.2}, {"id": "CVE-2026-31236", "description": "The llm CLI tool thru 0.27.1 contains a critical code injection vulnerability via its --functions command-line argument. This argument is intended to allow users to provide custom Python function definitions. However, the tool directly executes the provided code using the unsafe exec() function with...", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-12T18:16:51.977Z", "lastModified": "2026-05-14T20:17:03.103", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31236", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 49.2}, {"id": "CVE-2026-31237", "description": "The Ludwig framework thru 0.10.4 is vulnerable to insecure deserialization (CWE-502) through its predict() method. When a user provides a dataset file path to the predict() method, the framework automatically determines the file format. If the file is a pickle (.pkl) file, it is loaded using pandas....", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-12T18:16:52.087Z", "lastModified": "2026-05-14T20:17:03.267", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31237", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 49.2}, {"id": "CVE-2026-31238", "description": "The Ludwig framework thru 0.10.4 is vulnerable to insecure deserialization (CWE-502) in its model serving component. When starting a model server with the ludwig serve command, the framework loads model weight files using torch.load() without enabling the security-restrictive weights_only=True param...", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-12T18:16:52.210Z", "lastModified": "2026-05-14T20:17:03.430", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31238", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 49.2}, {"id": "CVE-2026-31239", "description": "The mamba language model framework thru 2.2.6 is vulnerable to insecure deserialization (CWE-502) when loading pre-trained models from HuggingFace Hub. The MambaLMHeadModel.from_pretrained() method uses torch.load() to load the pytorch_model.bin weight file without enabling the security-restrictive ...", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-12T18:16:52.320Z", "lastModified": "2026-05-14T20:17:03.593", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31239", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 49.2}, {"id": "CVE-2026-41089", "description": "Stack-based buffer overflow in Windows Netlogon allows an unauthorized attacker to execute code over a network.", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-12T18:17:20.720Z", "lastModified": "2026-05-13T15:34:52.573", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41089", "is_exploited": false, "epss": 0, "vendor": "WINDOWS", "mts_score": 49.2}, {"id": "CVE-2026-41096", "description": "Heap-based buffer overflow in Microsoft Windows DNS allows an unauthorized attacker to execute code over a network.", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-12T18:17:21.167Z", "lastModified": "2026-05-13T15:34:52.573", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41096", "is_exploited": false, "epss": 0, "vendor": "MICROSOFT", "mts_score": 49.2}, {"id": "CVE-2026-44183", "description": "Cleanuparr is a tool for automating the cleanup of unwanted or blocked files in Sonarr, Radarr, and supported download clients like qBittorrent.  Prior to 2.9.10, TrustedNetworkAuthenticationHandler.ResolveClientIp parses the leftmost entry of the X-Forwarded-For header as the client IP. That entry ...", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-12T18:17:29.427Z", "lastModified": "2026-05-13T17:31:40.840", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44183", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 49.2}, {"id": "CVE-2026-44277", "description": "A improper access control vulnerability in Fortinet FortiAuthenticator 8.0.2, FortiAuthenticator 8.0.0, FortiAuthenticator 6.6.0 through 6.6.8, FortiAuthenticator 6.5.0 through 6.5.6 may allow attacker to execute unauthorized code or commands via <insert attack vector here>", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-12T18:17:30.040Z", "lastModified": "2026-05-12T18:57:02.307", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44277", "is_exploited": false, "epss": 0, "vendor": "FORTINET", "mts_score": 49.2}, {"id": "CVE-2026-45185", "description": "Exim before 4.99.3, in certain GnuTLS configurations, has a remotely reachable use-after-free in the BDAT body parsing path. It is triggered when a client sends a TLS close_notify mid-body during a CHUNKING transfer, followed by a final cleartext byte on the same TCP connection. This can lead to hea...", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-12T20:16:46.137Z", "lastModified": "2026-05-13T15:52:25.637", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45185", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 49.2}, {"id": "CVE-2026-42854", "description": "arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Prior to 3.3.8, the WebServer multipart form parser in arduino-esp32 allocates a Variable Length Array (VLA) on the stack whose size is derived from an attacker-controlled HTTP heade...", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-12T22:16:34.930Z", "lastModified": "2026-05-13T16:16:48.700", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42854", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 49.2}, {"id": "CVE-2026-43998", "description": "vm2 is an open source vm/sandbox for Node.js. In 3.10.5, NodeVM's require.root path restriction can be bypassed using filesystem symlinks, allowing sandboxed code to load modules from outside the allowed root directory in host context. Because path validation uses path.resolve() (which does not dere...", "score": 8.5, "severity": "HIGH", "published": "2026-05-13T18:16:16.317Z", "lastModified": "2026-05-14T15:36:55.493", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43998", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 49.0}, {"id": "CVE-2026-25705", "description": "A vulnerability has been identified in [Rancher's Extensions](https://ranchermanager.docs.rancher.com/integrations-in-rancher/rancher-extensions) where malicious code can be injected in Rancher through a path traversal in the `compressedEndpoint` field inside a `UIPlugin` deployment. A malicious UI ...", "score": 8.4, "severity": "HIGH", "published": "2026-05-13T08:16:16.083Z", "lastModified": "2026-05-13T15:35:35.267", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25705", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 48.6}, {"id": "CVE-2020-37221", "description": "Atomic Alarm Clock 6.3 contains a stack overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string to the display name textbox in the Time Zones Clock configuration. Attackers can craft a buffer with structured exception handling overwrite and encode...", "score": 8.4, "severity": "HIGH", "published": "2026-05-13T16:16:33.570Z", "lastModified": "2026-05-13T17:26:28.013", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-37221", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 48.6}, {"id": "CVE-2026-43899", "description": "DeepChat is an open-source artificial intelligence agent platform that unifies models, tools, and agents. Prior to v1.0.4-beta.1, An incomplete mitigation for CVE-2025-55733 leaves DeepChat vulnerable to an arbitrary protocol execution bypass (RCE). While the patch correctly restricted api.openExter...", "score": 9.6, "severity": "CRITICAL", "published": "2026-05-11T23:20:21.410Z", "lastModified": "2026-05-12T14:50:18.527", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43899", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 48.4}, {"id": "CVE-2026-45321", "description": "On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84 malicious versions across 42 @tanstack/* packages were published to the npm registry. The publishes were authenticated via the legitimate GitHub Actions OIDC trusted-publisher binding for TanStack/router, but the publish workflow itself wa...", "score": 9.6, "severity": "CRITICAL", "published": "2026-05-12T01:16:46.820Z", "lastModified": "2026-05-14T17:05:28.793", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45321", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 48.4}, {"id": "CVE-2026-34260", "description": "SAP S/4HANA (SAP Enterprise Search for ABAP) contains a SQL injection vulnerability that allows an authenticated attacker to inject malicious SQL statements through user-controlled input. The application directly concatenates this malicious user input into SQL queries, which are then passed to the u...", "score": 9.6, "severity": "CRITICAL", "published": "2026-05-12T03:16:11.517Z", "lastModified": "2026-05-12T14:19:41.400", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34260", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 48.4}, {"id": "CVE-2026-34263", "description": "Due to improper Spring Security configuration, SAP Commerce cloud allows an unauthenticated user to perform malicious configuration upload and code injection, resulting in arbitrary server-side code execution, leading to high impact on Confidentiality, Integrity, and Availability of the application.", "score": 9.6, "severity": "CRITICAL", "published": "2026-05-12T03:16:11.650Z", "lastModified": "2026-05-12T14:19:41.400", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34263", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 48.4}, {"id": "CVE-2026-8043", "description": "External control of a file name in Ivanti Xtraction before version 2026.2 allows a remote authenticated attacker to read sensitive files and write arbitrary HTML files to a web directory, leading to information disclosure and possible client-side attacks.", "score": 9.6, "severity": "CRITICAL", "published": "2026-05-12T15:16:17.153Z", "lastModified": "2026-05-13T20:34:20.310", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8043", "is_exploited": false, "epss": 0, "vendor": "IVANTI", "mts_score": 48.4}, {"id": "CVE-2026-42048", "description": "Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.0, Langflow is vulnerable to Path Traversal in the Knowledge Bases API (DELETE /api/v1/knowledge_bases). This occurs because user-supplied knowledge base names are concatenated directly into file paths withou...", "score": 9.6, "severity": "CRITICAL", "published": "2026-05-12T18:17:23.780Z", "lastModified": "2026-05-14T12:52:16.603", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42048", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 48.4}, {"id": "CVE-2026-34659", "description": "Adobe Connect versions 2025.9.15, 2025.8.157 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could exploit this vulnerability to execute arbitrary code. Exploitation of this is...", "score": 9.6, "severity": "CRITICAL", "published": "2026-05-12T19:16:30.800Z", "lastModified": "2026-05-13T19:38:48.113", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34659", "is_exploited": false, "epss": 0, "vendor": "ADOBE", "mts_score": 48.4}, {"id": "CVE-2026-44547", "description": "ChurchCRM is an open-source church management system. From 7.2.0 to 7.2.2, The fix for CVE-2026-4058 is incomplete. The hardening commit was merged and then silently stripped from src/api/routes/public/public-user.php by an unrelated PR before any 7.2.x tag was cut. Every shipped 7.2.x release there...", "score": 9.6, "severity": "CRITICAL", "published": "2026-05-12T23:16:18.610Z", "lastModified": "2026-05-13T16:16:58.563", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44547", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 48.4}, {"id": "CVE-2026-21821", "description": "The HCL BigFix SCM Reporting site contains an outdated and unsupported version of the jQuery 1.x library. Since jQuery 1.x has reached end-of-life and no longer receives security updates, it may expose the application to publicly known security weaknesses and increase the risk of client-side attacks...", "score": 8.3, "severity": "HIGH", "published": "2026-05-13T21:16:41.590Z", "lastModified": "2026-05-14T18:24:08.747", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21821", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 48.2}, {"id": "CVE-2026-32993", "description": "Improper sanitization of the `status` query parameter of the `/unprotected/nova_error` endpoint allows unauthenticated attacker to inject arbitrary HTTP header to the response.", "score": 8.3, "severity": "HIGH", "published": "2026-05-13T22:16:43.143Z", "lastModified": "2026-05-14T16:49:18.583", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32993", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 48.2}, {"id": "CVE-2026-44586", "description": "SiYuan is an open-source personal knowledge management system. From 2.1.12 to before 3.7.0. SiYuan's Bazaar marketplace renders package author metadata from the public bazaar stage feed into HTML without escaping. In the desktop app this becomes stored XSS, and because SiYuan's Electron windows are ...", "score": 8.3, "severity": "HIGH", "published": "2026-05-14T19:16:37.727Z", "lastModified": "2026-05-14T21:22:56.313", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44586", "is_exploited": false, "epss": 0, "vendor": "WINDOWS", "mts_score": 48.2}, {"id": "CVE-2026-43907", "description": "OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, a signed integer overflow in QueryRGBBufferSizeInternal() in DPXColorConverter.cpp leads to a heap-based out-of-bounds write when processi...", "score": 8.3, "severity": "HIGH", "published": "2026-05-14T20:17:06.760Z", "lastModified": "2026-05-14T21:21:10.620", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43907", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 48.2}, {"id": "CVE-2026-8512", "description": "Use after free in FileSystem in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)", "score": 8.3, "severity": "HIGH", "published": "2026-05-14T20:17:11.830Z", "lastModified": "2026-05-14T22:16:45.417", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8512", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 48.2}, {"id": "CVE-2026-8513", "description": "Use after free in Input in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)", "score": 8.3, "severity": "HIGH", "published": "2026-05-14T20:17:11.957Z", "lastModified": "2026-05-14T22:16:45.557", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8513", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 48.2}, {"id": "CVE-2026-8514", "description": "Use after free in Aura in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)", "score": 8.3, "severity": "HIGH", "published": "2026-05-14T20:17:12.087Z", "lastModified": "2026-05-14T22:16:45.703", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8514", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 48.2}, {"id": "CVE-2026-8515", "description": "Use after free in HID in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)", "score": 8.3, "severity": "HIGH", "published": "2026-05-14T20:17:12.200Z", "lastModified": "2026-05-14T22:16:45.847", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8515", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 48.2}, {"id": "CVE-2026-8520", "description": "Race in Payments in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)", "score": 8.3, "severity": "HIGH", "published": "2026-05-14T20:17:12.770Z", "lastModified": "2026-05-14T22:16:46.260", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8520", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 48.2}, {"id": "CVE-2026-8523", "description": "Use after free in Mojo in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)", "score": 8.3, "severity": "HIGH", "published": "2026-05-14T20:17:13.080Z", "lastModified": "2026-05-14T22:16:46.400", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8523", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 48.2}, {"id": "CVE-2026-8525", "description": "Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)", "score": 8.3, "severity": "HIGH", "published": "2026-05-14T20:17:13.290Z", "lastModified": "2026-05-14T22:16:46.700", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8525", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 48.2}, {"id": "CVE-2026-8530", "description": "Use after free in Network in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)", "score": 8.3, "severity": "HIGH", "published": "2026-05-14T20:17:13.827Z", "lastModified": "2026-05-14T22:16:47.130", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8530", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 48.2}, {"id": "CVE-2026-8533", "description": "Use after free in Accessibility in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)", "score": 8.3, "severity": "HIGH", "published": "2026-05-14T20:17:14.137Z", "lastModified": "2026-05-14T22:16:47.413", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8533", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 48.2}, {"id": "CVE-2026-8534", "description": "Integer overflow in GPU in Google Chrome on Linux and ChromeOS prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)", "score": 8.3, "severity": "HIGH", "published": "2026-05-14T20:17:14.240Z", "lastModified": "2026-05-14T22:16:47.553", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8534", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 48.2}, {"id": "CVE-2026-8542", "description": "Use after free in Core in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)", "score": 8.3, "severity": "HIGH", "published": "2026-05-14T20:17:15.070Z", "lastModified": "2026-05-14T22:16:48.273", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8542", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 48.2}, {"id": "CVE-2026-8548", "description": "Out of bounds write in Media in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)", "score": 8.3, "severity": "HIGH", "published": "2026-05-14T20:17:15.700Z", "lastModified": "2026-05-14T22:16:48.700", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8548", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 48.2}, {"id": "CVE-2026-8569", "description": "Out of bounds write in Codecs in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted video file. (Chromium security severity: Medium)", "score": 8.3, "severity": "HIGH", "published": "2026-05-14T20:17:19.127Z", "lastModified": "2026-05-14T22:16:50.293", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8569", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 48.2}, {"id": "CVE-2026-8571", "description": "Insufficient policy enforcement in GPU in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)", "score": 8.3, "severity": "HIGH", "published": "2026-05-14T20:17:19.383Z", "lastModified": "2026-05-14T22:16:50.597", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8571", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 48.2}, {"id": "CVE-2026-8573", "description": "Integer overflow in Codecs in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted video file. (Chromium security severity: Medium)", "score": 8.3, "severity": "HIGH", "published": "2026-05-14T20:17:19.610Z", "lastModified": "2026-05-14T22:16:50.750", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8573", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 48.2}, {"id": "CVE-2026-8574", "description": "Use after free in Core in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)", "score": 8.3, "severity": "HIGH", "published": "2026-05-14T20:17:19.727Z", "lastModified": "2026-05-14T22:16:50.903", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8574", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 48.2}, {"id": "CVE-2026-8575", "description": "Use after free in UI in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)", "score": 8.3, "severity": "HIGH", "published": "2026-05-14T20:17:19.863Z", "lastModified": "2026-05-14T22:16:51.050", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8575", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 48.2}, {"id": "CVE-2026-45369", "description": "python-utcp is the python implementation of UTCP. Prior to 1.1.3, the _substitute_utcp_args method in cli_communication_protocol.py inserts user-controlled tool_args values directly into shell command strings without any sanitization or escaping. These commands are then executed via /bin/bash -c (Un...", "score": 8.3, "severity": "HIGH", "published": "2026-05-14T21:16:48.220Z", "lastModified": "2026-05-14T21:16:48.220", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45369", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 48.2}, {"id": "CVE-2020-37218", "description": "Joomla com_hdwplayer 4.2 contains an SQL injection vulnerability in the search.php file that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the hdwplayersearch parameter. Attackers can submit POST requests with crafted SQL payloads in the hdwpla...", "score": 8.2, "severity": "HIGH", "published": "2026-05-13T16:16:33.153Z", "lastModified": "2026-05-13T17:07:21.030", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-37218", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 47.8}, {"id": "CVE-2026-32992", "description": "SSL verification is disabled in the DNS Cluster system. This could allow for a malicious server to man-in-the-middle the request and capture credentials.", "score": 8.2, "severity": "HIGH", "published": "2026-05-13T22:16:43.010Z", "lastModified": "2026-05-14T18:30:57.103", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32992", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 47.8}, {"id": "CVE-2026-5396", "description": "The Fluent Forms plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to, and including, 6.1.21. This is due to the SubmissionPolicy class authorizing submission-level actions (read, modify, delete, add notes) based on a user-supplied `form_id` qu...", "score": 8.2, "severity": "HIGH", "published": "2026-05-14T06:16:24.117Z", "lastModified": "2026-05-14T14:28:41.283", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5396", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 47.8}, {"id": "CVE-2026-5395", "description": "The Fluent Forms \u2013 Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.2.0 via the exportEntries function due to missing validation on a user controlled key. This makes ...", "score": 8.2, "severity": "HIGH", "published": "2026-05-14T07:16:20.247Z", "lastModified": "2026-05-14T14:28:41.283", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5395", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 47.8}, {"id": "CVE-2026-40893", "description": "Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, Gotenberg only checks if the tag is exactly FileName, so System:FileName slips right through and ExifTool happily renames the file. This allows remote attackers to move, rename, and change permissions for arbitrary files. Th...", "score": 8.2, "severity": "HIGH", "published": "2026-05-14T16:16:20.323Z", "lastModified": "2026-05-14T18:16:45.910", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40893", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 47.8}, {"id": "CVE-2026-42590", "description": "Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.30.0, The ExifTool metadata write blocklist in Gotenberg can be bypassed using ExifTool's group-prefix syntax, enabling arbitrary file rename, move, hardlink, and symlink creation on the server. ExifTool supports group-prefix synt...", "score": 8.2, "severity": "HIGH", "published": "2026-05-14T16:16:22.010Z", "lastModified": "2026-05-14T16:28:04.847", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42590", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 47.8}, {"id": "CVE-2026-42591", "description": "Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, the LibreOffice conversion endpoint (/forms/libreoffice/convert) passes uploaded documents directly to LibreOffice without inspecting their content. LibreOffice then fetches any embedded external URLs on its own, completely ...", "score": 8.2, "severity": "HIGH", "published": "2026-05-14T16:16:22.163Z", "lastModified": "2026-05-14T18:16:48.083", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42591", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 47.8}, {"id": "CVE-2026-42613", "description": "Grav is a file-based Web platform. Prior to 2.0.0-beta.2, the Login::register() method in the Login plugin accepts attacker-controlled groups and access fields from the registration POST data without server-side validation. When registration is enabled and groups or access are included in the config...", "score": 9.4, "severity": "CRITICAL", "published": "2026-05-11T16:17:34.497Z", "lastModified": "2026-05-12T14:51:21.830", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42613", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 47.6}, {"id": "CVE-2026-42882", "description": "oxyno-zeta/s3-proxy is an aws s3 proxy written in go. Prior to 5.0.0, s3-proxy contains an authentication bypass caused by inconsistent URL path interpretation between the authentication middleware and the bucket handler. The authentication middleware evaluates resource path patterns against the per...", "score": 9.4, "severity": "CRITICAL", "published": "2026-05-11T20:25:44.450Z", "lastModified": "2026-05-13T18:31:17.630", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42882", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 47.6}, {"id": "CVE-2026-44262", "description": "Scramble generates API documentation for Laravel project. From 0.13.2 to before 0.13.22, when documentation endpoints are publicly accessible and validation rules reference user-controlled input, request supplied data may be evaluated during documentation generation, leading to execution of arbitrar...", "score": 9.4, "severity": "CRITICAL", "published": "2026-05-12T22:16:36.563Z", "lastModified": "2026-05-13T16:10:57.817", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44262", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 47.6}, {"id": "CVE-2026-7635", "description": "The coreActivity: Activity Logging for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.0. This is due to the plugin failing to validate or strip PHP serialization syntax from the User-Agent HTTP header before storing it in the logmeta tabl...", "score": 8.1, "severity": "HIGH", "published": "2026-05-13T05:16:24.737Z", "lastModified": "2026-05-13T14:43:46.717", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7635", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 47.4}, {"id": "CVE-2026-20916", "description": "An authenticated iControl REST user with low privileges can create or modify arbitrary files through an undisclosed iControl REST endpoint on the BIG-IQ system.\n\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.", "score": 8.1, "severity": "HIGH", "published": "2026-05-13T16:16:36.210Z", "lastModified": "2026-05-13T16:27:11.127", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20916", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 47.4}, {"id": "CVE-2026-42945", "description": "NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module\u00a0module. This vulnerability exists when the rewrite\u00a0directive is followed by a rewrite, if, or set\u00a0directive and an unnamed Perl-Compatible Regular Expression (PCRE) capture (for example, $1, $2) with a replacement s...", "score": 8.1, "severity": "HIGH", "published": "2026-05-13T16:16:50.190Z", "lastModified": "2026-05-14T20:17:05.413", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42945", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 47.4}, {"id": "CVE-2026-44291", "description": "protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.5.6 and 8.0.2, protobufjs used plain objects with inherited prototypes for internal type lookup tables used by generated encode and decode functions. If Object.prototype had already been polluted, those lookup tables...", "score": 8.1, "severity": "HIGH", "published": "2026-05-13T16:16:55.987Z", "lastModified": "2026-05-14T12:22:14.937", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44291", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 47.4}, {"id": "CVE-2026-6282", "description": "A potential improper file path validation vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow a remote authenticated user to move or access files belonging to other users on the same device.", "score": 8.1, "severity": "HIGH", "published": "2026-05-13T16:17:01.960Z", "lastModified": "2026-05-13T16:27:11.127", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6282", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 47.4}, {"id": "CVE-2026-44574", "description": "Next.js is a React framework for building full-stack web applications. From 15.4.0 to before 15.5.16 and 16.2.5, applications that rely on middleware to protect dynamic routes can be vulnerable to authorization bypass. In affected deployments, specially crafted query parameters can alter the dynamic...", "score": 8.1, "severity": "HIGH", "published": "2026-05-13T17:16:22.767Z", "lastModified": "2026-05-14T12:37:00.523", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44574", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 47.4}, {"id": "CVE-2026-42602", "description": "azureauthextension is the Azure Authenticator Extension. From 0.124.0 to 0.150.0, a server-side authentication bypass in azureauthextension allows any party who holds a single valid Azure access token for any scope the collector's configured identity can mint for to authenticate to any OpenTelemetry...", "score": 8.1, "severity": "HIGH", "published": "2026-05-13T21:16:47.210Z", "lastModified": "2026-05-14T18:17:11.253", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42602", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 47.4}, {"id": "CVE-2026-45055", "description": "CubeCart is an ecommerce software solution. Prior to 6.7.2, CubeCart 6.6.x \u2013 6.7.1 builds CC_STORE_URL directly from the Host request header at bootstrap, with no allowlist. The constant is embedded verbatim into transactional email links, most critically the password-reset link in User::passwordReq...", "score": 8.1, "severity": "HIGH", "published": "2026-05-13T21:16:49.437Z", "lastModified": "2026-05-14T16:49:18.583", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45055", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 47.4}, {"id": "CVE-2026-29206", "description": "Insufficient sanitization of SQL queries in the `sqloptimizer` utility script allows SQL Injections on behalf of the root user if Slow Query logging is enabled.", "score": 8.1, "severity": "HIGH", "published": "2026-05-13T23:16:42.477Z", "lastModified": "2026-05-14T16:49:18.583", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29206", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 47.4}, {"id": "CVE-2026-3892", "description": "The Motors \u2013 Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 1.4.107. This is due to insufficient file path validation in the become-dealer logo upload flow. The plugin allows any authenticated user to se...", "score": 8.1, "severity": "HIGH", "published": "2026-05-14T07:16:19.837Z", "lastModified": "2026-05-14T14:28:41.283", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3892", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 47.4}, {"id": "CVE-2026-4030", "description": "The Database Backup for WordPress plugin for WordPress is vulnerable to unauthorized arbitrary file read and deletion in all versions up to, and including, 2.5.2. This is due to the plugin not properly enforcing the return value of its authorization check combined with a user-controlled backup direc...", "score": 8.1, "severity": "HIGH", "published": "2026-05-14T13:16:20.767Z", "lastModified": "2026-05-14T14:28:41.283", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4030", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 47.4}, {"id": "CVE-2026-42897", "description": "Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.", "score": 8.1, "severity": "HIGH", "published": "2026-05-14T18:16:49.360Z", "lastModified": "2026-05-14T18:19:50.767", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42897", "is_exploited": false, "epss": 0, "vendor": "MICROSOFT", "mts_score": 47.4}, {"id": "CVE-2026-44633", "description": "Live Helper Chat is an open-source application that enables live support websites. In 4.84v, the Live Helper Chat REST API chat update endpoint allows a REST user with lhchat/use to update a chat in a department they cannot read. The endpoint accepts arbitrary chat object fields, so the user can cha...", "score": 8.1, "severity": "HIGH", "published": "2026-05-14T19:16:38.293Z", "lastModified": "2026-05-14T20:17:08.607", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44633", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 47.4}, {"id": "CVE-2026-8629", "description": "Crabbox prior to v0.12.0 contains a privilege escalation vulnerability that allows users with shared visibility-only access to obtain Code, WebVNC, and Egress agent tickets by sending POST requests to ticket endpoints. Attackers can exploit insufficient access control checks on the /v1/leases/:id/co...", "score": 8.1, "severity": "HIGH", "published": "2026-05-14T20:17:21.567Z", "lastModified": "2026-05-14T20:17:21.567", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8629", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 47.4}, {"id": "CVE-2026-43900", "description": "DeepChat is an open-source artificial intelligence agent platform that unifies models, tools, and agents. Prior to v1.0.4-beta.1, a Cross-Site Scripting (XSS) vulnerability exists due to a discrepancy between the backend validation layer and the frontend browser rendering engine. The SVGSanitizer (s...", "score": 9.3, "severity": "CRITICAL", "published": "2026-05-11T23:20:21.557Z", "lastModified": "2026-05-12T14:50:18.527", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43900", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 47.2}, {"id": "CVE-2026-40379", "description": "Exposure of sensitive information to an unauthorized actor in Azure Entra ID allows an unauthorized attacker to perform spoofing over a network.", "score": 9.3, "severity": "CRITICAL", "published": "2026-05-12T18:17:16.663Z", "lastModified": "2026-05-13T15:34:52.573", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40379", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 47.2}, {"id": "CVE-2026-40402", "description": "Use after free in Windows Hyper-V allows an unauthorized attacker to elevate privileges locally.", "score": 9.3, "severity": "CRITICAL", "published": "2026-05-12T18:17:18.000Z", "lastModified": "2026-05-13T15:34:52.573", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40402", "is_exploited": false, "epss": 0, "vendor": "WINDOWS", "mts_score": 47.2}, {"id": "CVE-2026-34660", "description": "Adobe Connect versions 2025.9.15, 2025.8.157 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially ga...", "score": 9.3, "severity": "CRITICAL", "published": "2026-05-12T19:16:30.930Z", "lastModified": "2026-05-13T19:39:37.053", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34660", "is_exploited": false, "epss": 0, "vendor": "ADOBE", "mts_score": 47.2}, {"id": "CVE-2026-44225", "description": "Pulpy is a lightweight, cross-platform desktop application packager for web apps. Prior to 0.1.1, Pulpy injects a pulpy.fs JavaScript API into every packaged web application, giving it access to the host filesystem. A validateFsPath() function is supposed to sandbox this access, but its blocklist is...", "score": 9.3, "severity": "CRITICAL", "published": "2026-05-12T20:16:43.427Z", "lastModified": "2026-05-14T13:16:19.153", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44225", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 47.2}, {"id": "CVE-2026-33587", "description": "Lack of user input sanitisation in Open Notebook v1.8.3 allows the application user to execute Python code (and subsequently OS commands) on the docker container via Server-Side Template Injection (SSTI) for user-created transformations.", "score": 10.0, "severity": "CRITICAL", "published": "2026-05-07T11:16:00.887Z", "lastModified": "2026-05-07T20:13:33.540", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33587", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 47.0}, {"id": "CVE-2026-42826", "description": "Exposure of sensitive information to an unauthorized actor in Azure DevOps allows an unauthorized attacker to disclose information over a network.", "score": 10.0, "severity": "CRITICAL", "published": "2026-05-07T22:16:35.587Z", "lastModified": "2026-05-08T19:50:24.040", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42826", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 47.0}, {"id": "CVE-2026-41070", "description": "openvpn-auth-oauth2 is a plugin/management interface client for OpenVPN server to handle an OIDC based single sign-on (SSO) auth flows. From version 1.26.3 to before version 1.27.3, when openvpn-auth-oauth2 is deployed in the experimental plugin mode (shared library loaded by OpenVPN via the plugin ...", "score": 10.0, "severity": "CRITICAL", "published": "2026-05-08T16:16:11.030Z", "lastModified": "2026-05-13T16:00:40.750", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41070", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 47.0}, {"id": "CVE-2026-42298", "description": "Postiz is an AI social media scheduling tool. Prior to commit da44801, a \"Pwn Request\" vulnerability in the Build and Publish PR Docker Image workflow (.github/workflows/pr-docker-build.yml) allows any unauthenticated user to execute arbitrary code during the Docker build process and exfiltrate a hi...", "score": 10.0, "severity": "CRITICAL", "published": "2026-05-08T23:16:36.497Z", "lastModified": "2026-05-13T15:58:40.900", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42298", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 47.0}, {"id": "CVE-2026-33109", "description": "Improper access control in Azure Managed Instance for Apache Cassandra allows an authorized attacker to execute code over a network.", "score": 9.9, "severity": "CRITICAL", "published": "2026-05-07T22:16:34.030Z", "lastModified": "2026-05-08T19:48:54.647", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33109", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 46.6}, {"id": "CVE-2025-69691", "description": "Netgate pfSense CE 2.8.0 allows code execution in the XMLRPC API via pfsense.exec_php. NOTE: the Supplier disputes this because the API call is only available to admins and they are intentionally allowed to execute PHP code.", "score": 9.9, "severity": "CRITICAL", "published": "2026-05-08T07:16:28.880Z", "lastModified": "2026-05-12T20:39:48.423", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69691", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 46.6}, {"id": "CVE-2026-41512", "description": "ai-scanner is an AI model safety scanner built on NVIDIA garak. From version 1.0.0 to before version 1.4.1, there is a remote code execution vulnerability via JavaScript injection in `BrowserAutomation::PlaywrightService`. This issue has been patched in version 1.4.1.", "score": 9.9, "severity": "CRITICAL", "published": "2026-05-08T14:16:34.433Z", "lastModified": "2026-05-11T17:20:02.550", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41512", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 46.6}, {"id": "CVE-2026-42454", "description": "Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.1.0, all Docker container management endpoints in Termix interpolate the containerId URL path parameter and WebSocket message field directly into shell commands executed v...", "score": 9.9, "severity": "CRITICAL", "published": "2026-05-08T23:16:39.097Z", "lastModified": "2026-05-12T16:40:53.150", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42454", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 46.6}, {"id": "CVE-2026-41217", "description": "A vulnerability exists in an undisclosed BIG-IP TMOS Shell (tmsh) command that may allow an authenticated attacker with resource administrator or administrator role to execute arbitrary system commands with higher privileges. In Appliance mode deployments, a successful exploit can allow the attacker...", "score": 7.9, "severity": "HIGH", "published": "2026-05-13T16:16:44.340Z", "lastModified": "2026-05-13T16:27:11.127", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41217", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 46.6}, {"id": "CVE-2026-42607", "description": "Grav is a file-based Web platform. Prior to 2.0.0-beta.2, an authenticated user with administrative privileges can achieve Remote Code Execution (RCE) by uploading a specially crafted ZIP file through the \"Direct Install\" tool. While the system attempts to block direct .php file uploads, it fails to...", "score": 9.1, "severity": "CRITICAL", "published": "2026-05-11T16:17:32.720Z", "lastModified": "2026-05-12T14:51:21.830", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42607", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 46.4}, {"id": "CVE-2026-42608", "description": "Grav is a file-based Web platform. Prior to 2.0.0-beta.2, there is a Path Traversal vulnerability within the FormFlash core component. By manipulating the session_id (passed as __form-flash-id in POST requests), an unauthenticated attacker can traverse the filesystem to create arbitrary directories ...", "score": 9.1, "severity": "CRITICAL", "published": "2026-05-11T16:17:33.207Z", "lastModified": "2026-05-13T18:39:05.060", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42608", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 46.4}, {"id": "CVE-2025-40949", "description": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.1), RUGGEDCOM ROX MX5000RE (All versions < V2.17.1), RUGGEDCOM ROX RX1400 (All versions < V2.17.1), RUGGEDCOM ROX RX1500 (All versions < V2.17.1), RUGGEDCOM ROX RX1501 (All versions < V2.17.1), RUGGEDCOM ROX RX1510 (Al...", "score": 9.1, "severity": "CRITICAL", "published": "2026-05-12T10:16:43.360Z", "lastModified": "2026-05-12T14:19:41.400", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40949", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 46.4}, {"id": "CVE-2026-22924", "description": "A vulnerability has been identified in SIMATIC CN 4100 (All versions < V5.0). The affected application does not properly restrict unauthenticated connections and is susceptible to resource exhaustion conditions.\r\nThis could allow an attacker to disrupt normal operations or perform unauthorized actio...", "score": 9.1, "severity": "CRITICAL", "published": "2026-05-12T10:16:43.917Z", "lastModified": "2026-05-12T14:19:41.400", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22924", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 46.4}, {"id": "CVE-2026-25786", "description": "Affected devices do not properly validate and sanitize PLC/station name rendered on the \"communication\" parameters page of the web interface.\r\nThis could allow an authenticated attacker who is authorized to download a TIA project into the product, to inject malicious scripts into the page.\r\nIf a ben...", "score": 9.1, "severity": "CRITICAL", "published": "2026-05-12T10:16:44.193Z", "lastModified": "2026-05-12T14:19:41.400", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25786", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 46.4}, {"id": "CVE-2026-25787", "description": "Affected devices do not properly validate and sanitize Technology Object (TO) name rendered on the \"Motion Control Diagnostics\" page of the web interface. This could allow an authenticated attacker who is authorized to download a TIA project into the product, to inject malicious scripts into the pag...", "score": 9.1, "severity": "CRITICAL", "published": "2026-05-12T10:16:44.610Z", "lastModified": "2026-05-12T14:19:41.400", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25787", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 46.4}, {"id": "CVE-2026-41551", "description": "A vulnerability has been identified in ROS# (All versions < V2.2.2). Affected versions contain a path traversal vulnerability because user input is not properly sanitized.\r\nThis could allow a remote attacker to access arbitrary files on the device.", "score": 9.1, "severity": "CRITICAL", "published": "2026-05-12T10:16:46.277Z", "lastModified": "2026-05-12T14:19:41.400", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41551", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 46.4}, {"id": "CVE-2026-45091", "description": "sealed-env is a cross-stack, zero-trust secret management library for Node.js and Java/Spring Boot. In sealed-env enterprise mode, versions 0.1.0-alpha.1 through 0.1.0-alpha.3 embedded the operator's literal TOTP secret in the JWS payload of every minted unseal token. JWS payload is base64-encoded J...", "score": 9.1, "severity": "CRITICAL", "published": "2026-05-12T14:17:08.820Z", "lastModified": "2026-05-13T18:27:58.823", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45091", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 46.4}, {"id": "CVE-2026-30805", "description": "Insecure Default Initialization of Resource vulnerability allows Authentication Bypass via API access. This issue affects Pandora FMS: from 777 through 800", "score": 9.1, "severity": "CRITICAL", "published": "2026-05-12T16:16:12.683Z", "lastModified": "2026-05-13T14:39:49.663", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-30805", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 46.4}, {"id": "CVE-2026-31215", "description": "The nexent v1.7.5.2 backend service contains an unauthorized arbitrary file deletion vulnerability in its ElasticSearch service interface. The DELETE /{index_name}/documents endpoint lacks proper authentication and authorization controls and does not validate the user-supplied path_or_url parameter....", "score": 9.1, "severity": "CRITICAL", "published": "2026-05-12T16:16:13.380Z", "lastModified": "2026-05-13T15:52:25.637", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31215", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 46.4}, {"id": "CVE-2026-31216", "description": "The nexent v1.7.5.2 backend service contains an unauthorized arbitrary storage file deletion vulnerability in its file management API. The DELETE /storage/{object_name:path} endpoint lacks authentication, authorization, and input validation mechanisms. Unauthenticated remote attackers can send craft...", "score": 9.1, "severity": "CRITICAL", "published": "2026-05-12T16:16:13.493Z", "lastModified": "2026-05-13T15:52:25.637", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31216", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 46.4}, {"id": "CVE-2026-43515", "description": "Improper Authorization vulnerability when multiple method constraints define an HTTP method for the same extension in Apache Tomcat.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 8.5.0 through 8.5.100, from 7.0....", "score": 9.1, "severity": "CRITICAL", "published": "2026-05-12T16:16:18.553Z", "lastModified": "2026-05-14T20:17:05.887", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43515", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 46.4}, {"id": "CVE-2026-29204", "description": "Insufficient ownership check in `clientarea.php` allows an authenticated client area user to submit requests using another user\u2019s `addonId` without any ownership validation leading to unauthorized access to the victim's account.", "score": 9.1, "severity": "CRITICAL", "published": "2026-05-12T18:16:51.030Z", "lastModified": "2026-05-13T15:54:09.420", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29204", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 46.4}, {"id": "CVE-2026-31242", "description": "The mem0 v1.0.0 server lacks authentication and authorization controls for its memory reset functionality accessible via the DELETE /memories endpoint. An unauthenticated attacker can send a DELETE request that triggers a reset operation, leading to the execution of a DROP TABLE SQL statement. This ...", "score": 9.1, "severity": "CRITICAL", "published": "2026-05-12T18:16:52.677Z", "lastModified": "2026-05-14T18:37:40.297", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31242", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 46.4}, {"id": "CVE-2026-33117", "description": "Improper authentication in Azure SDK allows an unauthorized attacker to bypass a security feature over a network.", "score": 9.1, "severity": "CRITICAL", "published": "2026-05-12T18:17:04.033Z", "lastModified": "2026-05-13T15:34:52.573", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33117", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 46.4}, {"id": "CVE-2026-41103", "description": "Incorrect implementation of authentication algorithm in Microsoft SSO Plugin for Jira &amp; Confluence allows an unauthorized attacker to elevate privileges over a network.", "score": 9.1, "severity": "CRITICAL", "published": "2026-05-12T18:17:21.887Z", "lastModified": "2026-05-13T15:34:52.573", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41103", "is_exploited": false, "epss": 0, "vendor": "MICROSOFT", "mts_score": 46.4}, {"id": "CVE-2026-42833", "description": "Execution with unnecessary privileges in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network.", "score": 9.1, "severity": "CRITICAL", "published": "2026-05-12T18:17:25.933Z", "lastModified": "2026-05-14T14:26:21.660", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42833", "is_exploited": false, "epss": 0, "vendor": "MICROSOFT", "mts_score": 46.4}, {"id": "CVE-2026-44196", "description": "Pingvin Share X is a secure and easy self-hosted file sharing platform. From 1.14.1 to 1.16.2, a critical authentication bypass vulnerability allows an attacker who has obtained a valid username and password to skip the second-factor authentication (TOTP) requirement entirely. Although, an attacker ...", "score": 9.1, "severity": "CRITICAL", "published": "2026-05-12T18:17:29.730Z", "lastModified": "2026-05-13T18:21:10.270", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44196", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 46.4}, {"id": "CVE-2026-42889", "description": "Relay adds real-time collaboration to Obsidian. Relay Server versions 0.9.0 through 0.9.6 contain an authentication bypass in the multi-document WebSocket endpoints. When authentication is configured, WebSocket connections without a token query parameter were incorrectly treated as having full serve...", "score": 9.1, "severity": "CRITICAL", "published": "2026-05-12T20:16:42.143Z", "lastModified": "2026-05-13T18:21:10.270", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42889", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 46.4}, {"id": "CVE-2026-42217", "description": "OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From versions 3.0.0 to before 3.2.9, 3.3.0 to before 3.3.11, and 3.4.0 to before 3.4.11, readVariableLengthInteger() decodes a variable-length integer from...", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-07T04:16:34.387Z", "lastModified": "2026-05-08T17:01:46.713", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42217", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 46.2}, {"id": "CVE-2026-6508", "description": "Origin Validation Error vulnerability in TUBITAK BILGEM Software Technologies Research Institute Liderahenk allows Accessing Functionality Not Properly Constrained by ACLs.\n\nThis issue affects Liderahenk: from 2.0.1 before 2.0.2.", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-07T12:16:18.330Z", "lastModified": "2026-05-07T14:42:56.070", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6508", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 46.2}, {"id": "CVE-2026-8091", "description": "Incorrect boundary conditions in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150, Thunderbird 150, Firefox ESR 140.10.1, Thunderbird 140.10.1, and Firefox ESR 115.35.2.", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-07T13:16:14.087Z", "lastModified": "2026-05-11T15:20:21.330", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8091", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 46.2}, {"id": "CVE-2026-8094", "description": "Other issue in the WebRTC component. This vulnerability was fixed in Firefox ESR 140.10.2 and Thunderbird 140.10.2.", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-07T13:16:14.430Z", "lastModified": "2026-05-11T15:12:23.117", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8094", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 46.2}, {"id": "CVE-2026-30496", "description": "The Optoma CinemaX P2 projector (firmware TVOS-04.24.010.04.01, Android 8.0.0) exposes an HTTP API on TCP port 2345 that allows full unauthenticated remote control of the device. The API supports both reading configuration (74 endpoints) and writing/modifying settings including volume, mute, brightn...", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-07T14:16:02.097Z", "lastModified": "2026-05-08T23:16:34.893", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-30496", "is_exploited": false, "epss": 0, "vendor": "ANDROID", "mts_score": 46.2}, {"id": "CVE-2025-63706", "description": "NPM package next-npm-version1.0.1 is vulnerable to Command injection.", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-07T15:16:04.820Z", "lastModified": "2026-05-08T23:16:34.450", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-63706", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 46.2}, {"id": "CVE-2026-36458", "description": "ChestnutCMS v1.5.10 has a SQL injection vulnerability. The content parameter of the cms_content tag can be manipulated in the admin backend and injected into a SQL query when the template is rendered.", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-07T15:16:05.523Z", "lastModified": "2026-05-08T23:16:35.313", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-36458", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 46.2}, {"id": "CVE-2025-63703", "description": "npm package parse-ini v1.0.6 is vulnerable to Prototype Pollution in index.js().", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-07T16:16:17.590Z", "lastModified": "2026-05-08T23:16:33.447", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-63703", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 46.2}, {"id": "CVE-2025-63704", "description": "NPM package query-parser-string 1.0.0 is vulnerable to Prototype Pollution. The package does not properly sanitize user supplied query parameters and merges them to the newly created object.", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-07T16:16:17.697Z", "lastModified": "2026-05-08T22:16:28.440", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-63704", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 46.2}, {"id": "CVE-2026-7414", "description": "Yarbo firmware v2.3.9 contains hardcoded administrative credentials embedded in the firmware image. These credentials are identical across all devices running this firmware and cannot be changed or removed by end users, enabling trivial unauthorized access to device management interfaces by anyone w...", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-07T17:15:59.460Z", "lastModified": "2026-05-14T17:53:31.260", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7414", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 46.2}, {"id": "CVE-2026-7415", "description": "The MQTT broker embedded in Yarbo firmware v2.3.9 is configured to allow anonymous connections with no topic-level read or write ACLs. Any host on the same network can subscribe to sensitive telemetry topics or publish control messages directly to the robot without authentication or authorization of...", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-07T17:15:59.570Z", "lastModified": "2026-05-14T17:50:35.057", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7415", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 46.2}, {"id": "CVE-2026-37709", "description": "Insecure Permissions vulnerability in grokability snipe-it v.8.4.0 and before and fixed after 2026-03-10 commit 676a9958 allows a remote attacker to execute arbitrary code via the app/Http/Controllers/Api/UploadedFilesController.php component", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-07T18:16:19.013Z", "lastModified": "2026-05-12T20:29:20.630", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-37709", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 46.2}, {"id": "CVE-2026-8034", "description": "A server-side request forgery (SSRF) vulnerability was identified in the GitHub Enterprise Server notebook viewer that allowed an attacker to access internal services by exploiting URL parser confusion between the validation layer and the HTTP request library. The hostname validation used a differen...", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-07T22:16:37.230Z", "lastModified": "2026-05-11T17:18:27.083", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8034", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 46.2}, {"id": "CVE-2026-41500", "description": "electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to version 3.3.8, a command injection vulnerability exists in github.com/elcterm/electerm/npm/install.js:150. The runMac() function appends attacker-controlled remote releaseInfo.name directly into an exe...", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-08T04:16:17.720Z", "lastModified": "2026-05-08T19:18:38.083", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41500", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 46.2}, {"id": "CVE-2026-41501", "description": "electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to version 3.3.8, a command injection vulnerability exists in github.com/elcterm/electerm/npm/install.js:130. The runLinux() function appends attacker-controlled remote version strings directly into an ex...", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-08T04:16:17.940Z", "lastModified": "2026-05-08T19:18:19.483", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41501", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 46.2}, {"id": "CVE-2023-46453", "description": "Certain GL.iNet devices with 4.x firmware allow authentication bypass (resulting in administrative control of the device) via a username that is both a valid SQL statement and a valid regular expression. For example, this affects version 4.3.7 on GL-MT3000 GL-AR300M GL-B1300 GL-AX1800 GL-AR750S GL-M...", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-08T07:16:27.850Z", "lastModified": "2026-05-08T20:16:28.533", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46453", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 46.2}, {"id": "CVE-2025-67887", "description": "1C-Bitrix through 25.100.500 allows Remote Code Execution because an actor with SOURCE/WRITE permissions for the Translate Module can upload and execute code by sending a PHP file and a .htaccess file. NOTE: this is disputed by the Supplier because this is intended behavior for the high-privileged u...", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-08T07:16:28.350Z", "lastModified": "2026-05-11T20:25:40.910", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67887", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 46.2}, {"id": "CVE-2025-69599", "description": "RayVentory Scan Engine through 12.6 Update 8 allows attackers to gain privileges if they control the value of the PATH environment variable. NOTE: this is disputed because ability of an attacker to control the environment is a site-specific misconfiguration.", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-08T07:16:28.617Z", "lastModified": "2026-05-11T20:25:41.117", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69599", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 46.2}, {"id": "CVE-2026-8153", "description": "OS command injection in Dashboard Server interface in Universal Robots PolyScope versions prior to\u00a05.25.1\u00a0allows unauthenticated attacker to\u00a0craft commands that will execute code on the robot's OS.", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-08T12:16:29.977Z", "lastModified": "2026-05-11T10:16:15.380", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8153", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 46.2}, {"id": "CVE-2026-41497", "description": "PraisonAI is a multi-agent teams system. Prior to version 4.6.9, the fix for PraisonAI's MCP command handling does not add a command allowlist or argument validation to parse_mcp_command(), allowing arbitrary executables like bash, python, or /bin/sh with inline code execution flags to pass through ...", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-08T14:16:33.843Z", "lastModified": "2026-05-08T19:10:22.173", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41497", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 46.2}, {"id": "CVE-2026-41507", "description": "math-codegen generates code from mathematical expressions. Prior to version 0.4.3, string literal content passed to cg.parse() is injected verbatim into a new Function() body without sanitization. This allows an attacker to execute arbitrary system commands when user-controlled input reaches the par...", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-08T14:16:34.133Z", "lastModified": "2026-05-12T14:26:48.890", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41507", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 46.2}, {"id": "CVE-2026-41509", "description": "CROSS implementation contains reference and optimized implementations of the CROSS post-quantum signature algorithm. Prior to commit fc6b7e7, there is a buffer overflow in crypto_sign_open() caused by an underflow of the integer mlen. This issue has been patched via commit fc6b7e7.", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-08T14:16:34.287Z", "lastModified": "2026-05-12T14:15:13.230", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41509", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 46.2}, {"id": "CVE-2026-43304", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nlibceph: define and enforce CEPH_MAX_KEY_LEN\n\nWhen decoding the key, verify that the key material would fit into\na fixed-size buffer in process_auth_done() and generally has a sane\nlength.\n\nThe new CEPH_MAX_KEY_LEN check replaces t...", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-08T14:16:37.693Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43304", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 46.2}, {"id": "CVE-2026-43341", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/ipv6: ioam6: prevent schema length wraparound in trace fill\n\nioam6_fill_trace_data() stores the schema contribution to the trace\nlength in a u8. With bit 22 enabled and the largest schema payload,\nsclen becomes 1 + 1020 / 4, wr...", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-08T14:16:44.050Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43341", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 46.2}, {"id": "CVE-2026-44335", "description": "PraisonAI is a multi-agent teams system. Prior to version 1.6.32, the URL checking logic in PraisonAI has a logical flaw that could be bypassed by attackers, leading to SSRF attacks. This issue has been patched in version 1.6.32.", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-08T14:16:46.290Z", "lastModified": "2026-05-08T19:09:07.730", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44335", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 46.2}, {"id": "CVE-2026-37431", "description": "Beauty Parlour Management System v1.1 was discovered to contain a SQL injection vulnerability via the aptnumber parameter in the /appointment-detail.php endpoint. This vulnerability allows attackers to access sensitive database information via a crafted SQL statement.", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-08T15:16:37.010Z", "lastModified": "2026-05-08T19:16:30.750", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-37431", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 46.2}, {"id": "CVE-2026-41574", "description": "Nhost is an open source Firebase alternative with GraphQL. Prior to version 0.49.1, Nhost automatically links an incoming OAuth identity to an existing Nhost account when the email addresses match. This is only safe when the email has been verified by the OAuth provider. Nhost's controller trusts a ...", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-08T15:16:40.580Z", "lastModified": "2026-05-13T17:46:46.410", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41574", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 46.2}, {"id": "CVE-2026-43376", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix use-after-free by using call_rcu() for oplock_info\n\nksmbd currently frees oplock_info immediately using kfree(), even\nthough it is accessed under RCU read-side critical sections in places\nlike opinfo_get() and proc_show_...", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-08T15:16:48.760Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43376", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 46.2}, {"id": "CVE-2026-43379", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix use-after-free in smb_lazy_parent_lease_break_close()\n\nopinfo pointer obtained via rcu_dereference(fp->f_opinfo) is being\naccessed after rcu_read_unlock() has been called. This creates a\nrace condition where the memory c...", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-08T15:16:49.100Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43379", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 46.2}, {"id": "CVE-2026-43384", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/tcp-ao: Fix MAC comparison to be constant-time\n\nTo prevent timing attacks, MACs need to be compared in constant\ntime.  Use the appropriate helper function for this.", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-08T15:16:49.720Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43384", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 46.2}, {"id": "CVE-2026-43402", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nkthread: consolidate kthread exit paths to prevent use-after-free\n\nGuillaume reported crashes via corrupted RCU callback function pointers\nduring KUnit testing. The crash was traced back to the pidfs rhashtable\nconversion which rep...", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-08T15:16:51.670Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43402", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 46.2}, {"id": "CVE-2026-43414", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Completely fix fcport double free\n\nIn qla24xx_els_dcmd_iocb() sp->free is set to qla2x00_els_dcmd_sp_free().\nWhen an error happens, this function is called by qla2x00_sp_release(),\nwhen kref_put() releases the first ...", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-08T15:16:53.353Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43414", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 46.2}, {"id": "CVE-2026-43465", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: RX, Fix XDP multi-buf frag counting for striding RQ\n\nXDP multi-buf programs can modify the layout of the XDP buffer when the\nprogram calls bpf_xdp_pull_data() or bpf_xdp_adjust_tail(). The\nreferenced commit in the fixes ...", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-08T15:16:59.410Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43465", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 46.2}, {"id": "CVE-2026-38360", "description": "Directory Traversal vulnerability in fohrloop dash-uploader v.0.1.0 through v.0.7.0a2 allows a remote attacker to execute arbitrary code via the dash_uploader/httprequesthandler.py, aseHttpRequestHandler.get_temp_root(), BaseHttpRequestHandler._post() components", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-08T17:16:30.380Z", "lastModified": "2026-05-12T15:10:27.993", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-38360", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 46.2}, {"id": "CVE-2026-42072", "description": "Nornicdb is a distributed low-latency, Graph+Vector, Temporal MVCC with all sub-ms HNSW search, graph traversal, and writes. Prior to version 1.0.42-hotfix, the --address CLI flag (and NORNICDB_ADDRESS / server.host config key) is plumbed through to the HTTP server correctly but never reaches the Bo...", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-08T17:16:31.447Z", "lastModified": "2026-05-13T16:34:42.677", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42072", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 46.2}, {"id": "CVE-2026-42302", "description": "FastGPT is an AI Agent building platform. From version 4.14.10 to before version 4.14.13, the agent-sandbox component of FastGPT is vulnerable to unauthenticated Remote Code Execution (RCE). The startup script entrypoint.sh initializes code-server with the --auth none flag and binds the service to a...", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-08T23:16:36.640Z", "lastModified": "2026-05-12T19:16:32.950", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42302", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 46.2}, {"id": "CVE-2026-42601", "description": "ArchiveBox is an open source self-hosted web archiving system. In versions 0.8.6rc0 and prior, the /add/ endpoint (AddView in core/views.py) accepts a config JSON field that gets merged into the crawl config without validation. This config is exported as environment variables when archive plugins ru...", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-09T20:16:29.873Z", "lastModified": "2026-05-14T17:36:36.583", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42601", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 46.2}, {"id": "CVE-2025-14179", "description": "In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, the PDO Firebird driver improperly handles NUL bytes when preparing SQL queries. During token-by-token query construction, a string token containing a NUL byte is copied via strncat(), which stops ...", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-10T05:16:09.853Z", "lastModified": "2026-05-12T17:48:38.497", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14179", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 46.2}, {"id": "CVE-2026-6722", "description": "In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, the SOAP extension's object deduplication mechanism stores pointers to PHP objects in a global map\u00a0without incrementing their reference counts. When an apache:Map node contains duplicate keys, proc...", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-10T05:16:11.070Z", "lastModified": "2026-05-12T17:48:21.643", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6722", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 46.2}, {"id": "CVE-2026-7261", "description": "In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, when SoapServer is configured with SOAP_PERSISTENCE_SESSION, the handler object is persisted across requests via session storage. However, in the case SOAP requests results in an error, the persist...", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-10T05:16:11.640Z", "lastModified": "2026-05-12T17:40:03.410", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7261", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 46.2}, {"id": "CVE-2021-47923", "description": "OpenCart 3.0.3.8 contains a session fixation vulnerability that allows attackers to hijack user sessions by injecting arbitrary values into the OCSESSID cookie. Attackers can set malicious OCSESSID cookie values that the server accepts and maintains, enabling session takeover and unauthorized access...", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-10T13:16:28.170Z", "lastModified": "2026-05-12T14:24:15.210", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47923", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 46.2}, {"id": "CVE-2021-47932", "description": "WordPress TheCartPress 1.5.3.6 contains an unauthenticated privilege escalation vulnerability that allows attackers to create administrator accounts by submitting crafted requests to the AJAX handler. Attackers can send POST requests to the tcp_register_and_login_ajax action with tcp_role set to adm...", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-10T13:16:29.427Z", "lastModified": "2026-05-12T14:24:15.210", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47932", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 46.2}, {"id": "CVE-2021-47933", "description": "WordPress MStore API 2.0.6 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to the REST API endpoint. Attackers can upload PHP files with arbitrary names to the config_file endpoint to achieve remote code executi...", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-10T13:16:29.560Z", "lastModified": "2026-05-12T14:24:15.210", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47933", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 46.2}, {"id": "CVE-2021-47936", "description": "OpenCATS 0.9.4 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary commands by uploading malicious PHP files disguised as resume attachments. Attackers can upload PHP payloads through the careers job application endpoint and execute system comman...", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-10T13:16:29.830Z", "lastModified": "2026-05-12T14:24:15.210", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47936", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 46.2}, {"id": "CVE-2021-47940", "description": "WordPress Plugin Download From Files version 1.48 and earlier contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by exploiting the AJAX fileupload action. Attackers can send POST requests to the admin-ajax.php endpoint with the download_fr...", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-10T13:16:30.363Z", "lastModified": "2026-05-12T14:24:15.210", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47940", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 46.2}, {"id": "CVE-2026-21020", "description": "Improper export of android application components in OmaCP prior to SMR May-2026 Release 1 allows local attackers to trigger privileged functions.", "score": 7.8, "severity": "HIGH", "published": "2026-05-13T06:16:13.540Z", "lastModified": "2026-05-13T17:30:41.283", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21020", "is_exploited": false, "epss": 0, "vendor": "ANDROID", "mts_score": 46.2}, {"id": "CVE-2026-44612", "description": "Bytello Share (Windows Edition) installer executable provided by Bytello insecurely loads Dynamic Link Libraries. If there is a crafted DLL at the same directory when invoking the affected installer, arbitrary code may be executed with the privilege of the user invoking the installer.", "score": 7.8, "severity": "HIGH", "published": "2026-05-13T06:16:14.610Z", "lastModified": "2026-05-13T15:47:10.327", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44612", "is_exploited": false, "epss": 0, "vendor": "WINDOWS", "mts_score": 46.2}, {"id": "CVE-2020-37223", "description": "IObit Uninstaller 9.5.0.15 contains an unquoted service path vulnerability in the IObitUnSvr service that allows local attackers to escalate privileges to SYSTEM level. Attackers can place a malicious executable named IObit.exe in the C:\\Program Files (x86)\\IObit directory and restart the service to...", "score": 7.8, "severity": "HIGH", "published": "2026-05-13T16:16:33.847Z", "lastModified": "2026-05-13T17:07:21.030", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-37223", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 46.2}, {"id": "CVE-2026-42290", "description": "protobufjs-cli is the command line add-on for protobuf.js. Prior to 1.2.1 and 2.0.2, pbts invoked JSDoc by building a shell command string from input file paths and executing it through child_process.exec. File paths containing shell metacharacters could therefore be interpreted by the shell instead...", "score": 7.8, "severity": "HIGH", "published": "2026-05-13T16:16:47.160Z", "lastModified": "2026-05-13T16:32:31.457", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42290", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 46.2}, {"id": "CVE-2026-30905", "description": "External Control of File Name or Path in the Zoom Workplace VDI Plugin Windows Universal Installer before version 6.6.11 may allow an authenticated user to conduct an escalation of privilege via local access.", "score": 7.8, "severity": "HIGH", "published": "2026-05-13T19:17:05.367Z", "lastModified": "2026-05-14T18:15:05.433", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-30905", "is_exploited": false, "epss": 0, "vendor": "WINDOWS", "mts_score": 46.2}, {"id": "CVE-2026-30906", "description": "Untrusted search path in the installer for Zoom Rooms for Windows before version 7.0.0 may allow an authenticated user to enable an escalation of privilege via local access.", "score": 7.8, "severity": "HIGH", "published": "2026-05-13T19:17:05.540Z", "lastModified": "2026-05-14T18:15:05.433", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-30906", "is_exploited": false, "epss": 0, "vendor": "WINDOWS", "mts_score": 46.2}, {"id": "CVE-2026-44471", "description": "gitoxide is an implementation of git written in Rust. Prior to 0.21.1, a malicious tree can be constructed that will, when checked out with gitoxide, permit writing an attacker-controlled symlink into any existing directory the user has write access to. During checkout, all symlink index entries are...", "score": 7.8, "severity": "HIGH", "published": "2026-05-13T22:16:46.057Z", "lastModified": "2026-05-14T17:18:18.640", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44471", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 46.2}, {"id": "CVE-2026-44221", "description": "ArcadeDB is a Multi-Model DBMS. Prior to 2.6.4, authenticated users and API tokens scoped to a specific database could read, write, and mutate schema on any other database on the same server. Two distinct defects contributed: (1) ServerSecurityUser.getDatabaseUser() returned a DB user with an uninit...", "score": 9.0, "severity": "CRITICAL", "published": "2026-05-12T20:16:43.020Z", "lastModified": "2026-05-13T18:21:10.270", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44221", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 46.0}, {"id": "CVE-2026-41901", "description": "Thymeleaf is a server-side Java template engine for web and standalone environments. Prior to 3.1.5.RELEASE, a security bypass vulnerability exists in the expression execution mechanisms of Thymeleaf. Although the library provides mechanisms to avoid the execution of potentially dangerous expression...", "score": 9.0, "severity": "CRITICAL", "published": "2026-05-12T23:16:17.060Z", "lastModified": "2026-05-13T16:10:57.817", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41901", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 46.0}, {"id": "CVE-2026-42283", "description": "DevSpace is a client-only developer tool for cloud-native development with Kubernetes. Prior to 6.3.21, DevSpace's UI server WebSocket accepts connections from all origins by default, and therefore several endpoints are exposed via this WebSocket. When a developer runs the DevSpace UI and at the sam...", "score": 7.7, "severity": "HIGH", "published": "2026-05-14T16:16:21.347Z", "lastModified": "2026-05-14T18:12:13.527", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42283", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 45.8}, {"id": "CVE-2026-45370", "description": "python-utcp is the python implementation of UTCP. Prior to 1.1.3, _prepare_environment() in cli_communication_protocol.py passes a full copy of os.environ to every CLI subprocess. When combined with CVE-2026-45369, an attacker can exfiltrate all process-level secrets in a single tool call. This vuln...", "score": 7.7, "severity": "HIGH", "published": "2026-05-14T21:16:48.350Z", "lastModified": "2026-05-14T21:16:48.350", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45370", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 45.8}, {"id": "CVE-2026-42611", "description": "Grav is a file-based Web platform. Prior to 2.0.0-beta.2, a low-privileged (with the ability to create a page) user can cause XSS with the injection of svg element. The XSS can further be escalated to dump the entire system information available under /admin/config/info whenever a Super Admin visits...", "score": 8.9, "severity": "HIGH", "published": "2026-05-11T16:17:34.173Z", "lastModified": "2026-05-12T16:16:44.470", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42611", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 45.6}, {"id": "CVE-2026-41589", "description": "Wish is an SSH server with defaults and a collection of middlewares. From version 2.0.0 to before version 2.0.1, the SCP middleware in charm.land/wish/v2 is vulnerable to path traversal attacks. A malicious SCP client can read arbitrary files from the server, write arbitrary files to the server, and...", "score": 9.6, "severity": "CRITICAL", "published": "2026-05-07T14:16:02.853Z", "lastModified": "2026-05-07T16:16:19.833", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41589", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 45.4}, {"id": "CVE-2026-6795", "description": "URL redirection to untrusted site ('open redirect') vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Parameter Injection.\n\nThis issue affects DivvyDrive: from 4.8.2.9 before 4.8.3.2.", "score": 9.6, "severity": "CRITICAL", "published": "2026-05-07T14:16:04.280Z", "lastModified": "2026-05-07T14:42:40.917", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6795", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 45.4}, {"id": "CVE-2026-33823", "description": "Improper authorization in Microsoft Teams allows an authorized attacker to disclose information over a network.", "score": 9.6, "severity": "CRITICAL", "published": "2026-05-07T22:16:34.283Z", "lastModified": "2026-05-08T19:58:39.137", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33823", "is_exploited": false, "epss": 0, "vendor": "MICROSOFT", "mts_score": 45.4}, {"id": "CVE-2026-35428", "description": "Improper neutralization of special elements used in a command ('command injection') in Azure Cloud Shell allows an unauthorized attacker to perform spoofing over a network.", "score": 9.6, "severity": "CRITICAL", "published": "2026-05-07T22:16:34.667Z", "lastModified": "2026-05-08T20:02:29.777", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35428", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 45.4}, {"id": "CVE-2026-42880", "description": "Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. From versions 3.2.0 to before 3.2.11 and 3.3.0 to before 3.3.9, there is a missing authorization and data-masking gap in Argo CD's ServerSideDiff endpoint that allows an attacker with read-only access to extract plaintext Kube...", "score": 9.6, "severity": "CRITICAL", "published": "2026-05-07T23:16:32.450Z", "lastModified": "2026-05-11T17:46:18.257", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42880", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 45.4}, {"id": "CVE-2026-43941", "description": "electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. In versions 3.8.15 and prior, Electerm's terminal hyperlink handler passes any URL clicked in the terminal directly to shell.openExternal without any protocol validation. An attacker who controls terminal outpu...", "score": 9.6, "severity": "CRITICAL", "published": "2026-05-08T04:16:23.260Z", "lastModified": "2026-05-08T19:17:30.757", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43941", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 45.4}, {"id": "CVE-2026-43944", "description": "electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. From versions 3.0.6 to before 3.8.15, electerm is vulnerable to arbitrary local code execution via deep links, CLI --opts, or crafted shortcuts. Exploit requires clicking a crafted electerm://... link or openin...", "score": 9.6, "severity": "CRITICAL", "published": "2026-05-08T04:16:24.033Z", "lastModified": "2026-05-13T14:17:56.540", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43944", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 45.4}, {"id": "CVE-2026-44336", "description": "PraisonAI is a multi-agent teams system. Prior to version 4.6.34, PraisonAI's MCP (Model Context Protocol) server (praisonai mcp serve) registers four file-handling tools by default \u2014 praisonai.rules.create, praisonai.rules.show, praisonai.rules.delete, and praisonai.workflow.show. Each accepts a pa...", "score": 9.6, "severity": "CRITICAL", "published": "2026-05-08T14:16:46.437Z", "lastModified": "2026-05-11T20:25:46.367", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44336", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 45.4}, {"id": "CVE-2026-44516", "description": "Valtimo is an open-source business process automation platform. From 12.4.0 to 12.33.0 and 13.26.0, the LoggingRestClientCustomizer in the web module automatically intercepts all outgoing HTTP calls made via Spring's RestClient and logs the full request body, response body, and response headers. Whe...", "score": 7.6, "severity": "HIGH", "published": "2026-05-14T17:16:23.363Z", "lastModified": "2026-05-14T18:14:47.290", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44516", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 45.4}, {"id": "CVE-2026-7815", "description": "SQL injection vulnerability in pgAdmin 4 Maintenance Tool.\n\nFour user-supplied JSON fields (buffer_usage_limit, vacuum_parallel, vacuum_index_cleanup, reindex_tablespace) were concatenated directly into the rendered VACUUM/ANALYZE/REINDEX command and passed to psql --command. An authenticated user w...", "score": 8.8, "severity": "HIGH", "published": "2026-05-11T16:17:37.873Z", "lastModified": "2026-05-13T15:34:13.237", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7815", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 45.2}, {"id": "CVE-2026-7816", "description": "OS command injection (CWE-78) vulnerability in pgAdmin 4 Import/Export query export.\n\nUser-supplied input was interpolated directly into a psql \\copy metacommand template without sanitization. An authenticated user could inject \") TO PROGRAM 'cmd'\" to break out of the \\copy (...) context and achieve...", "score": 8.8, "severity": "HIGH", "published": "2026-05-11T16:17:38.260Z", "lastModified": "2026-05-13T15:34:13.237", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7816", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 45.2}, {"id": "CVE-2026-42603", "description": "OWASP BLT is a QA testing and vulnerability disclosure platform that encompasses websites, apps, git repositories, and more. Prior to 2.1.2, .github/workflows/pre-commit-fix.yaml uses pull_request_target (privileged trigger) but checks out and executes code directly from the attacker's fork, enablin...", "score": 8.8, "severity": "HIGH", "published": "2026-05-11T17:16:33.410Z", "lastModified": "2026-05-13T16:58:09.717", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42603", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 45.2}, {"id": "CVE-2026-42843", "description": "Grav API Plugin is a RESTful API for Grav CMS that provides full headless access to your site's content, media, configuration, users, and system management. Prior to 1.0.0-beta.15, an insecure direct object reference and logic flaw in the Grav API plugin (UsersController::update) allows any authenti...", "score": 8.8, "severity": "HIGH", "published": "2026-05-11T17:16:34.013Z", "lastModified": "2026-05-13T16:04:12.830", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42843", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 45.2}, {"id": "CVE-2026-45006", "description": "OpenClaw before 2026.4.23 contains an improper access control vulnerability in the gateway tool's config.apply and config.patch operations that allows compromised models to write unsafe configuration changes by bypassing an incomplete denylist protection. Attackers can persist malicious config modif...", "score": 8.8, "severity": "HIGH", "published": "2026-05-11T18:16:40.980Z", "lastModified": "2026-05-13T14:14:28.730", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45006", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 45.2}, {"id": "CVE-2026-45223", "description": "Crabbox before 0.9.0 contains an authentication bypass vulnerability in the coordinator user-token verification path where the verifyUserToken() function fails to reject payloads containing an admin claim, allowing attackers to escalate privileges. An attacker with access to the shared non-admin tok...", "score": 8.8, "severity": "HIGH", "published": "2026-05-11T19:16:28.103Z", "lastModified": "2026-05-12T14:47:42.170", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45223", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 45.2}, {"id": "CVE-2026-36734", "description": "EDIMAX BR-6428nS V3 1.15 is vulnerable to Command Injection. An authenticated attacker with access to the network can submit crafted input to the WLAN configuration functionality. Due to insufficient input validation, the attacker is able to execute arbitrary system commands on the device.", "score": 8.8, "severity": "HIGH", "published": "2026-05-11T20:25:41.563Z", "lastModified": "2026-05-13T15:46:19.993", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-36734", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 45.2}, {"id": "CVE-2026-28923", "description": "A logging issue was addressed with improved data redaction. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. A malicious app may be able to break out of its sandbox.", "score": 8.8, "severity": "HIGH", "published": "2026-05-11T21:18:54.627Z", "lastModified": "2026-05-12T17:24:58.797", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28923", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 45.2}, {"id": "CVE-2026-28947", "description": "A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.", "score": 8.8, "severity": "HIGH", "published": "2026-05-11T21:18:55.863Z", "lastModified": "2026-05-13T21:16:43.833", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28947", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 45.2}, {"id": "CVE-2026-28978", "description": "A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. A malicious app may be able to break out of its sandbox.", "score": 8.8, "severity": "HIGH", "published": "2026-05-11T21:18:58.320Z", "lastModified": "2026-05-13T14:34:55.460", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28978", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 45.2}, {"id": "CVE-2026-28995", "description": "A logic issue was addressed with improved restrictions. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. A malicious app may be able to break out of its sandbox.", "score": 8.8, "severity": "HIGH", "published": "2026-05-11T21:18:59.417Z", "lastModified": "2026-05-12T17:17:05.650", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28995", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 45.2}, {"id": "CVE-2026-41489", "description": "Pi-hole is a DNS sinkhole that protects devices from unwanted content without installing any client-side software. From 6.0 to before Core 6.4.2 and FTL 6.6.1, two shell scripts executed as root by systemd (pihole-FTL-prestart.sh and pihole-FTL-poststop.sh) read the files.pid path from this config w...", "score": 8.8, "severity": "HIGH", "published": "2026-05-11T21:19:00.267Z", "lastModified": "2026-05-13T16:16:45.310", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41489", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 45.2}, {"id": "CVE-2026-7256", "description": "** UNSUPPORTED WHEN ASSIGNED ** A command injection vulnerability in the CGI program of Zyxel WRE6505 v2 firmware version V1.00(ABDV.3)C0 could allow an adjacent attacker on the LAN to execute operating system (OS) commands on a vulnerable device by sending a crafted HTTP request.", "score": 8.8, "severity": "HIGH", "published": "2026-05-12T04:16:29.360Z", "lastModified": "2026-05-12T15:11:29.503", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7256", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 45.2}, {"id": "CVE-2026-6001", "description": "Authorization bypass through User-Controlled key vulnerability in ABIS Technology Ltd. Co. BAPS\u0130S allows Exploitation of Trusted Identifiers.\n\nThis issue affects BAPS\u0130S: before v.202604152042.", "score": 8.8, "severity": "HIGH", "published": "2026-05-12T10:16:48.083Z", "lastModified": "2026-05-12T16:47:58.570", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6001", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 45.2}, {"id": "CVE-2026-2465", "description": "Incorrect Authorization vulnerability in E-Kalite Software Hardware Engineering Design and Internet Services Industry and Trade Ltd. Co. Turboard FOR-S allows Privilege Escalation.\n\nThis issue affects Turboard FOR-S: from 7.01.2026 before 18.02.2026.", "score": 8.8, "severity": "HIGH", "published": "2026-05-12T11:16:19.163Z", "lastModified": "2026-05-12T16:47:58.570", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2465", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 45.2}, {"id": "CVE-2026-43937", "description": "YetAnotherForum.NET (YAF.NET) is a C# ASP.NET forum. Prior to 4.0.5, Any admin OnPost\u2026 handler executes its side effects before the ResultFilterAttribute rewrites the response to a 302 to /Info/4. The most impactful abuse is /Admin/RunSql, whose OnPostRunQuery binds Editor from the POST body and pas...", "score": 8.8, "severity": "HIGH", "published": "2026-05-12T15:16:15.327Z", "lastModified": "2026-05-13T18:24:58.737", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43937", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 45.2}, {"id": "CVE-2026-8111", "description": "SQL injection in the web console\u00a0of Ivanti Endpoint Manager\u00a0before version 2024 SU6 allows a remote authenticated attacker to achieve remote code execution.", "score": 8.8, "severity": "HIGH", "published": "2026-05-12T15:16:18.923Z", "lastModified": "2026-05-12T19:17:48.713", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8111", "is_exploited": false, "epss": 0, "vendor": "IVANTI", "mts_score": 45.2}, {"id": "CVE-2026-30807", "description": "Cross-Site Request Forgery vulnerability allows an attacker to perform unauthorized actions via crafted web page. This issue affects Pandora FMS: from 777 through 800", "score": 8.8, "severity": "HIGH", "published": "2026-05-12T16:16:12.833Z", "lastModified": "2026-05-13T14:38:50.753", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-30807", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 45.2}, {"id": "CVE-2026-30810", "description": "Server-Side Request Forgery vulnerability allows Privilege Escalation via API Checker extension. This issue affects Pandora FMS: from 777 through 800", "score": 8.8, "severity": "HIGH", "published": "2026-05-12T16:16:13.130Z", "lastModified": "2026-05-13T14:37:34.480", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-30810", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 45.2}, {"id": "CVE-2026-31222", "description": "The snorkel library thru v0.10.0 contains an insecure deserialization vulnerability (CWE-502) in the Trainer.load() method of the Trainer class. The method loads model checkpoint files using torch.load() without enabling the security-restrictive weights_only=True parameter. This default behavior all...", "score": 8.8, "severity": "HIGH", "published": "2026-05-12T16:16:14.120Z", "lastModified": "2026-05-13T15:47:09.107", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31222", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 45.2}, {"id": "CVE-2026-31223", "description": "The snorkel library thru v0.10.0 contains a critical insecure deserialization vulnerability (CWE-502) in the BaseLabeler.load() method of the BaseLabeler class. The method loads serialized labeler models using the unsafe pickle.load() function on user-supplied file paths without any validation or se...", "score": 8.8, "severity": "HIGH", "published": "2026-05-12T16:16:14.223Z", "lastModified": "2026-05-13T15:46:18.567", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31223", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 45.2}, {"id": "CVE-2026-31224", "description": "The snorkel library thru v0.10.0 contains an insecure deserialization vulnerability (CWE-502) in the MultitaskClassifier.load() method of the MultitaskClassifier class. The method loads model weight files using torch.load() without enabling the security-restrictive weights_only=True parameter. This ...", "score": 8.8, "severity": "HIGH", "published": "2026-05-12T16:16:14.327Z", "lastModified": "2026-05-13T15:44:54.743", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31224", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 45.2}, {"id": "CVE-2026-31225", "description": "The superduper project thru v0.10.0 contains a critical remote code execution vulnerability in its query parsing component. The _parse_op_part() function in query.py uses the unsafe eval() function to dynamically evaluate user-supplied query operands without proper sanitization or restriction. Altho...", "score": 8.8, "severity": "HIGH", "published": "2026-05-12T16:16:14.430Z", "lastModified": "2026-05-13T15:52:25.637", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31225", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 45.2}, {"id": "CVE-2025-43524", "description": "An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.2. An app may be able to break out of its sandbox.", "score": 8.8, "severity": "HIGH", "published": "2026-05-12T18:16:35.007Z", "lastModified": "2026-05-13T17:22:31.270", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-43524", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 45.2}, {"id": "CVE-2025-53844", "description": "A out-of-bounds write vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11 allows attacker to execute unauthorized code or commands via specially crafted packets.", "score": 8.8, "severity": "HIGH", "published": "2026-05-12T18:16:35.983Z", "lastModified": "2026-05-12T18:57:02.307", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53844", "is_exploited": false, "epss": 0, "vendor": "FORTINET", "mts_score": 45.2}, {"id": "CVE-2026-31232", "description": "The CosyVoice project thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e (2025-30-21) contains an insecure deserialization vulnerability (CWE-502) in its model loading process. When loading model files (.pt) from a user-specified directory (via the --model_dir argument), the code uses torch.load()...", "score": 8.8, "severity": "HIGH", "published": "2026-05-12T18:16:51.507Z", "lastModified": "2026-05-14T20:17:02.427", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31232", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 45.2}, {"id": "CVE-2026-33110", "description": "Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.", "score": 8.8, "severity": "HIGH", "published": "2026-05-12T18:17:03.497Z", "lastModified": "2026-05-13T20:53:49.897", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33110", "is_exploited": false, "epss": 0, "vendor": "MICROSOFT", "mts_score": 45.2}, {"id": "CVE-2026-33112", "description": "Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.", "score": 8.8, "severity": "HIGH", "published": "2026-05-12T18:17:03.687Z", "lastModified": "2026-05-13T20:53:28.320", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33112", "is_exploited": false, "epss": 0, "vendor": "MICROSOFT", "mts_score": 45.2}, {"id": "CVE-2026-34329", "description": "Heap-based buffer overflow in Windows Message Queuing allows an unauthorized attacker to execute code over an adjacent network.", "score": 8.8, "severity": "HIGH", "published": "2026-05-12T18:17:06.567Z", "lastModified": "2026-05-14T15:43:02.070", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34329", "is_exploited": false, "epss": 0, "vendor": "WINDOWS", "mts_score": 45.2}, {"id": "CVE-2026-35436", "description": "Insufficient granularity of access control in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.", "score": 8.8, "severity": "HIGH", "published": "2026-05-12T18:17:13.903Z", "lastModified": "2026-05-13T15:34:52.573", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35436", "is_exploited": false, "epss": 0, "vendor": "MICROSOFT", "mts_score": 45.2}, {"id": "CVE-2026-35439", "description": "Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.", "score": 8.8, "severity": "HIGH", "published": "2026-05-12T18:17:14.153Z", "lastModified": "2026-05-13T20:53:04.193", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35439", "is_exploited": false, "epss": 0, "vendor": "MICROSOFT", "mts_score": 45.2}, {"id": "CVE-2026-40357", "description": "Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.", "score": 8.8, "severity": "HIGH", "published": "2026-05-12T18:17:14.413Z", "lastModified": "2026-05-13T20:48:58.907", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40357", "is_exploited": false, "epss": 0, "vendor": "MICROSOFT", "mts_score": 45.2}, {"id": "CVE-2026-40365", "description": "Insufficient granularity of access control in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.", "score": 8.8, "severity": "HIGH", "published": "2026-05-12T18:17:15.483Z", "lastModified": "2026-05-13T20:52:35.700", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40365", "is_exploited": false, "epss": 0, "vendor": "MICROSOFT", "mts_score": 45.2}, {"id": "CVE-2026-40370", "description": "External control of file name or path in SQL Server allows an authorized attacker to execute code over a network.", "score": 8.8, "severity": "HIGH", "published": "2026-05-12T18:17:16.147Z", "lastModified": "2026-05-13T15:34:52.573", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40370", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 45.2}, {"id": "CVE-2026-40403", "description": "Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to execute code locally.", "score": 8.8, "severity": "HIGH", "published": "2026-05-12T18:17:18.127Z", "lastModified": "2026-05-13T15:34:52.573", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40403", "is_exploited": false, "epss": 0, "vendor": "WINDOWS", "mts_score": 45.2}, {"id": "CVE-2026-40420", "description": "Improper access control in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.", "score": 8.8, "severity": "HIGH", "published": "2026-05-12T18:17:20.190Z", "lastModified": "2026-05-13T15:34:52.573", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40420", "is_exploited": false, "epss": 0, "vendor": "MICROSOFT", "mts_score": 45.2}, {"id": "CVE-2026-41086", "description": "Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges over a network.", "score": 8.8, "severity": "HIGH", "published": "2026-05-12T18:17:20.450Z", "lastModified": "2026-05-13T15:34:52.573", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41086", "is_exploited": false, "epss": 0, "vendor": "WINDOWS", "mts_score": 45.2}, {"id": "CVE-2026-41094", "description": "Improper control of generation of code ('code injection') in Microsoft Data Formulator allows an unauthorized attacker to execute code over a network.", "score": 8.8, "severity": "HIGH", "published": "2026-05-12T18:17:20.890Z", "lastModified": "2026-05-13T15:34:52.573", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41094", "is_exploited": false, "epss": 0, "vendor": "MICROSOFT", "mts_score": 45.2}, {"id": "CVE-2026-41109", "description": "Improper neutralization of special elements in output used by a downstream component ('injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to bypass a security feature over a network.", "score": 8.8, "severity": "HIGH", "published": "2026-05-12T18:17:22.210Z", "lastModified": "2026-05-13T15:34:52.573", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41109", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 45.2}, {"id": "CVE-2026-41613", "description": "Session fixation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network.", "score": 8.8, "severity": "HIGH", "published": "2026-05-12T18:17:23.237Z", "lastModified": "2026-05-13T15:34:52.573", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41613", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 45.2}, {"id": "CVE-2026-43892", "description": "AntSword is a cross-platform website management toolkit. Prior to 2.1.16, incomplete noxss() sanitization leads to 1-click RCE via jquery.terminal format code injection. This vulnerability is fixed in 2.1.16.", "score": 8.8, "severity": "HIGH", "published": "2026-05-12T18:17:28.640Z", "lastModified": "2026-05-13T18:24:31.310", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43892", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 45.2}, {"id": "CVE-2026-23819", "description": "A vulnerability in the web-based management interface of Access Points running AOS-10 and AOS-8 Instant could allow an unauthenticated remote attacker to execute arbitrary JavaScript code in a victim's browser within the same local network. Successful exploitation could allow an attacker to compromi...", "score": 8.8, "severity": "HIGH", "published": "2026-05-12T19:16:28.603Z", "lastModified": "2026-05-13T15:35:17.550", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23819", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 45.2}, {"id": "CVE-2026-8429", "description": "SPIP versions prior to 4.4.14 contain a remote code execution vulnerability in the private space that allows attackers to execute arbitrary code in the context of the web server. Attackers can exploit this vulnerability to achieve code execution that bypasses the SPIP security screen protections.", "score": 8.8, "severity": "HIGH", "published": "2026-05-12T19:16:34.553Z", "lastModified": "2026-05-13T15:26:44.333", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8429", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 45.2}, {"id": "CVE-2026-7474", "description": "HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are vulnerable to code execution on the client host through a path traversal attack. This vulnerability (CVE-2026-7474) is fixed in Nomad 2.0.1, 1.11.5 and 1.10.11.", "score": 8.8, "severity": "HIGH", "published": "2026-05-12T20:16:46.380Z", "lastModified": "2026-05-13T15:53:17.173", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7474", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 45.2}, {"id": "CVE-2026-44224", "description": "Wiki.js is an open source wiki app built on Node.js. Prior to 2.5.313, the users.update GraphQL mutation accepts an arbitrary groups array and applies it directly to the database with no validation of the group IDs supplied. The resolver passes the caller's arguments straight to the model without an...", "score": 8.8, "severity": "HIGH", "published": "2026-05-12T21:16:16.137Z", "lastModified": "2026-05-14T14:56:13.470", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44224", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 45.2}, {"id": "CVE-2026-45227", "description": "Heym before 0.0.21 contains a sandbox escape vulnerability in the custom Python tool executor that allows authenticated workflow authors to bypass sandbox restrictions by using object-graph introspection primitives. Attackers can use Python introspection techniques to recover the unrestricted __impo...", "score": 8.8, "severity": "HIGH", "published": "2026-05-12T22:16:38.260Z", "lastModified": "2026-05-14T13:16:20.490", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45227", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 45.2}, {"id": "CVE-2026-42289", "description": "ChurchCRM is an open-source church management system. Prior to 7.3.2, UserEditor.php processes user account creation and permission updates entirely through $_POST parameters with no CSRF token validation. An unauthenticated attacker can craft a malicious HTML page that, when visited by an authentic...", "score": 8.8, "severity": "HIGH", "published": "2026-05-12T23:16:17.730Z", "lastModified": "2026-05-14T13:16:18.157", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42289", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 45.2}, {"id": "CVE-2026-8336", "description": "After invoking $_internalJsEmit, which is not intended to be directly accessible, or mapreduce command\u2019s map function in a certain way, an authenticated user can subsequently crash mongod when the server-side JavaScript engine (through $where, $function, mapreduce reduce stage, etc.) is used also in...", "score": 7.5, "severity": "HIGH", "published": "2026-05-13T04:17:42.197Z", "lastModified": "2026-05-13T15:34:29.847", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8336", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 45.0}, {"id": "CVE-2026-6929", "description": "The JoomSport \u2013 for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'sortf' parameter in all versions up to, and including, 5.7.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation...", "score": 7.5, "severity": "HIGH", "published": "2026-05-13T06:16:14.943Z", "lastModified": "2026-05-13T14:43:46.717", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6929", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 45.0}, {"id": "CVE-2026-4798", "description": "The Avada Builder plugin for WordPress is vulnerable to time-based SQL Injection via the \u2018product_order\u2019 parameter in all versions up to, and including, 3.15.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it pos...", "score": 7.5, "severity": "HIGH", "published": "2026-05-13T13:01:55.760Z", "lastModified": "2026-05-13T14:43:46.717", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4798", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 45.0}, {"id": "CVE-2026-5773", "description": "libcurl might in some circumstances reuse the wrong connection for SMB(S)\ntransfers.\n\nlibcurl features a pool of recent connections so that subsequent requests can\nreuse an existing connection to avoid overhead.\n\nWhen reusing a connection a range of criteria must be met. Due to a logical\nerror in th...", "score": 7.5, "severity": "HIGH", "published": "2026-05-13T13:01:56.307Z", "lastModified": "2026-05-13T19:13:14.097", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5773", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 45.0}, {"id": "CVE-2026-6276", "description": "Using libcurl, when a custom `Host:` header is first set for an HTTP request\nand a second request is subsequently done using the same *easy handle* but\nwithout the custom `Host:` header set, the second request would use stale\ninformation and pass on cookies meant for the first host in the second\nreq...", "score": 7.5, "severity": "HIGH", "published": "2026-05-13T13:01:56.800Z", "lastModified": "2026-05-14T14:21:06.997", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6276", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 45.0}, {"id": "CVE-2020-37219", "description": "Joomla com_fabrik 3.9.11 contains a directory traversal vulnerability that allows unauthenticated attackers to list arbitrary files by manipulating the folder parameter. Attackers can send GET requests to the onAjax_files method with path traversal sequences to enumerate files in system directories ...", "score": 7.5, "severity": "HIGH", "published": "2026-05-13T16:16:33.290Z", "lastModified": "2026-05-13T17:07:21.030", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-37219", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 45.0}, {"id": "CVE-2020-37220", "description": "Huawei HG630 V2 router contains an authentication bypass vulnerability that allows unauthenticated attackers to obtain administrative access by retrieving the device serial number. Attackers can query the /api/system/deviceinfo endpoint without authentication to extract the SerialNumber field, then ...", "score": 7.5, "severity": "HIGH", "published": "2026-05-13T16:16:33.423Z", "lastModified": "2026-05-13T17:07:21.030", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-37220", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 45.0}, {"id": "CVE-2025-28343", "description": "striso-control-firmware 54c9722 is vulnerable to Buffer Overflow in function ThreadReadButtons.", "score": 7.5, "severity": "HIGH", "published": "2026-05-13T16:16:34.967Z", "lastModified": "2026-05-14T13:16:16.440", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-28343", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 45.0}, {"id": "CVE-2025-28344", "description": "striso-control-firmware 54c9722 is vulnerable to Buffer Overflow in function AuxJack.", "score": 7.5, "severity": "HIGH", "published": "2026-05-13T16:16:35.087Z", "lastModified": "2026-05-14T13:16:16.617", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-28344", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 45.0}, {"id": "CVE-2026-39455", "description": "When the BIG-IP Configuration utility is configured to use Lightweight Directory Access Protocol (LDAP) authentication, undisclosed traffic can cause the httpd\u00a0process to exhaust the available file descriptors.\u00a0\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evalu...", "score": 7.5, "severity": "HIGH", "published": "2026-05-13T16:16:41.090Z", "lastModified": "2026-05-13T16:27:11.127", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39455", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 45.0}, {"id": "CVE-2026-39458", "description": "When a BIG-IP DNS profile enabled with DNS cache is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.\u00a0 Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.", "score": 7.5, "severity": "HIGH", "published": "2026-05-13T16:16:41.223Z", "lastModified": "2026-05-13T16:27:11.127", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39458", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 45.0}, {"id": "CVE-2026-40060", "description": "When a BIG-IP Advanced WAF or ASM security policy is configured on a virtual server, undisclosed requests can cause the bd\u00a0process to terminate.\u00a0\n\n \n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated.", "score": 7.5, "severity": "HIGH", "published": "2026-05-13T16:16:42.143Z", "lastModified": "2026-05-13T16:27:11.127", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40060", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 45.0}, {"id": "CVE-2026-40067", "description": "When a BIG-IP APM access policy is configured on a virtual server, undisclosed traffic can cause the apmd\u00a0process to terminate.\n\n\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.", "score": 7.5, "severity": "HIGH", "published": "2026-05-13T16:16:42.427Z", "lastModified": "2026-05-13T16:27:11.127", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40067", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 45.0}, {"id": "CVE-2026-40423", "description": "When a SIP profile is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.\n\n\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.", "score": 7.5, "severity": "HIGH", "published": "2026-05-13T16:16:42.560Z", "lastModified": "2026-05-13T16:27:11.127", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40423", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 45.0}, {"id": "CVE-2026-40618", "description": "When an SSL profile is configured on a virtual server on BIG-IP Virtual Edition (VE) without Intel QuickAssist Technology (QAT) or on BIG-IP hardware platforms with the database variable crypto.hwacceleration\u00a0set to disabled, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to ...", "score": 7.5, "severity": "HIGH", "published": "2026-05-13T16:16:43.097Z", "lastModified": "2026-05-13T16:27:11.127", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40618", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 45.0}, {"id": "CVE-2026-40629", "description": "When SSL profiles are configured on a virtual server, undisclosed traffic can cause the virtual server to stop processing new client connections.\u00a0\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.", "score": 7.5, "severity": "HIGH", "published": "2026-05-13T16:16:43.290Z", "lastModified": "2026-05-13T16:27:11.127", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40629", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 45.0}, {"id": "CVE-2026-41218", "description": "When BIG-IP PEM iRules are configured on a virtual server (iRules using commands starting with CLASSIFICATION::, CLASSIFY::, PEM::, PSC::, and the urlcatquery command), undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.\u00a0\u00a0Note: Software versions which have reached En...", "score": 7.5, "severity": "HIGH", "published": "2026-05-13T16:16:44.473Z", "lastModified": "2026-05-13T16:27:11.127", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41218", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 45.0}, {"id": "CVE-2026-41227", "description": "On an HTTP/2 virtual server with Layer 7 DoS Protection configured, undisclosed traffic can result in an increase in memory consumption causing the Traffic Management Microkernel (TMM) process to terminate.\u00a0\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated...", "score": 7.5, "severity": "HIGH", "published": "2026-05-13T16:16:44.920Z", "lastModified": "2026-05-13T16:27:11.127", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41227", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 45.0}, {"id": "CVE-2026-41956", "description": "When a classification profile is configured on a UDP virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate.\u00a0\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.", "score": 7.5, "severity": "HIGH", "published": "2026-05-13T16:16:45.737Z", "lastModified": "2026-05-13T16:27:11.127", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41956", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 45.0}, {"id": "CVE-2026-42409", "description": "When an HTTP/2 profile and an iRule containing the HTTP::redirect\u00a0or HTTP::respond\u00a0command are configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) process to terminate.\u00a0\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are...", "score": 7.5, "severity": "HIGH", "published": "2026-05-13T16:16:47.770Z", "lastModified": "2026-05-13T16:27:11.127", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42409", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 45.0}, {"id": "CVE-2026-42920", "description": "When a Client SSL profile is configured with Allow Dynamic Record Sizing on a UDP virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.\n\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.", "score": 7.5, "severity": "HIGH", "published": "2026-05-13T16:16:49.390Z", "lastModified": "2026-05-13T16:27:11.127", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42920", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 45.0}, {"id": "CVE-2026-44289", "description": "protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.5.6 and 8.0.2, protobufjs could recurse without a depth limit while decoding nested protobuf data. This affected both skipping unknown group fields and generated decoding of nested message fields. A crafted protobuf ...", "score": 7.5, "severity": "HIGH", "published": "2026-05-13T16:16:55.713Z", "lastModified": "2026-05-13T20:50:50.140", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44289", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 45.0}, {"id": "CVE-2026-44290", "description": "protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.5.6 and 8.0.2, protobufjs allowed certain schema option paths to traverse through inherited object properties while applying options. A crafted protobuf schema or JSON descriptor could cause option handling to write ...", "score": 7.5, "severity": "HIGH", "published": "2026-05-13T16:16:55.847Z", "lastModified": "2026-05-14T12:23:20.007", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44290", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 45.0}, {"id": "CVE-2026-44432", "description": "urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress the whole response instead of the requested portion (1) during the second HTTPResponse.read(amt=N) call when the response was decompressed using the official Brotli library or (2) when HTTPResponse.dra...", "score": 7.5, "severity": "HIGH", "published": "2026-05-13T16:16:57.303Z", "lastModified": "2026-05-14T13:49:25.483", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44432", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 45.0}, {"id": "CVE-2026-44573", "description": "Next.js is a React framework for building full-stack web applications. From 12.2.0 to before 15.5.16 and 16.2.5, Applications using the Pages Router with i18n configured and middleware/proxy-based authorization can allow unauthorized access to protected page data through locale-less /_next/data/<bui...", "score": 7.5, "severity": "HIGH", "published": "2026-05-13T17:16:22.627Z", "lastModified": "2026-05-14T12:24:22.910", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44573", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 45.0}, {"id": "CVE-2026-44575", "description": "Next.js is a React framework for building full-stack web applications. From 15.2.0 to before 15.5.16 and 16.2.5, App Router applications that rely on middleware or proxy-based checks for authorization can allow unauthorized access through transport-specific route variants used for segment prefetchin...", "score": 7.5, "severity": "HIGH", "published": "2026-05-13T17:16:22.907Z", "lastModified": "2026-05-14T12:38:11.500", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44575", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 45.0}, {"id": "CVE-2026-44004", "description": "vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, sandboxed code can call Buffer.alloc() with an arbitrary size to allocate memory directly on the host heap. Because Buffer.alloc is a synchronous C++ native call, vm2's timeout option cannot interrupt it. A single request can exhaust hos...", "score": 7.5, "severity": "HIGH", "published": "2026-05-13T18:16:17.123Z", "lastModified": "2026-05-14T15:22:06.020", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44004", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 45.0}, {"id": "CVE-2026-44579", "description": "Next.js is a React framework for building full-stack web applications. From  to before 15.5.16 and 16.2.5, applications using Partial Prerendering through the Cache Components feature can be vulnerable to connection exhaustion through crafted POST requests to a server action. In affected configurati...", "score": 7.5, "severity": "HIGH", "published": "2026-05-13T18:16:18.123Z", "lastModified": "2026-05-14T18:34:04.757", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44579", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 45.0}, {"id": "CVE-2026-45109", "description": "Next.js is a React framework for building full-stack web applications. From 15.2.0 to before 15.5.18 and 16.2.6, it was found that the fix addressing CVE-2026-44575 did not apply to middleware.ts with Turbopack. This vulnerability is fixed in 15.5.18 and 16.2.6.", "score": 7.5, "severity": "HIGH", "published": "2026-05-13T18:16:19.283Z", "lastModified": "2026-05-14T14:14:06.463", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45109", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 45.0}, {"id": "CVE-2026-42577", "description": "Netty is an asynchronous, event-driven network application framework. From 4.2.0.Final to 4.2.13.Final , Netty's epoll transport fails to detect and close TCP connections that receive a RST after being half-closed, leading to stale channels that are never cleaned up and, in some code paths, a 100% C...", "score": 7.5, "severity": "HIGH", "published": "2026-05-13T19:17:23.063Z", "lastModified": "2026-05-14T16:26:50.047", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42577", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 45.0}, {"id": "CVE-2026-42579", "description": "Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty's DNS codec does not enforce RFC 1035 domain name constraints during either encoding or decoding. This creates a bidirectional attack surface: malicious DNS responses can exploit the ...", "score": 7.5, "severity": "HIGH", "published": "2026-05-13T19:17:23.353Z", "lastModified": "2026-05-14T16:26:50.047", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42579", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 45.0}, {"id": "CVE-2026-42582", "description": "Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final, when decoding header blocks, the non-Huffman branch of io.netty.handler.codec.http3.QpackDecoder#decodeHuffmanEncodedLiteral may execute new byte[length] for a string literal before verifying that length byt...", "score": 7.5, "severity": "HIGH", "published": "2026-05-13T19:17:23.763Z", "lastModified": "2026-05-14T16:26:50.047", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42582", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 45.0}, {"id": "CVE-2026-42583", "description": "Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Lz4FrameDecoder allocates a ByteBuf of size decompressedLength (up to 32 MB per block) before LZ4 runs. A peer only needs a 21-byte header plus compressedLength payload bytes - 22 bytes if ...", "score": 7.5, "severity": "HIGH", "published": "2026-05-13T19:17:23.903Z", "lastModified": "2026-05-14T16:26:50.047", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42583", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 45.0}, {"id": "CVE-2026-42587", "description": "Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, HttpContentDecompressor accepts a maxAllocation parameter to limit decompression buffer size and prevent decompression bomb attacks. This limit is correctly enforced for gzip and deflate en...", "score": 7.5, "severity": "HIGH", "published": "2026-05-13T19:17:24.460Z", "lastModified": "2026-05-14T16:21:02.930", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42587", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 45.0}, {"id": "CVE-2026-42551", "description": "Flight is an extensible micro-framework for PHP. Prior to 3.18.1, Request::getMethod() unconditionally honors the X-HTTP-Method-Override header and the $_REQUEST['_method'] parameter on any HTTP verb (including safe verbs such as GET), with no opt-in and no whitelist of permitted target methods. A G...", "score": 7.5, "severity": "HIGH", "published": "2026-05-13T20:16:22.190Z", "lastModified": "2026-05-14T16:51:08.300", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42551", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 45.0}, {"id": "CVE-2026-42552", "description": "Flight is an extensible micro-framework for PHP. Prior to 3.18.1, the default error handler Engine::_error() writes the full exception message, exception code, and stack trace (including absolute filesystem paths) directly into the HTTP 500 response, with no debug gating. Production deployments leak...", "score": 7.5, "severity": "HIGH", "published": "2026-05-13T20:16:22.323Z", "lastModified": "2026-05-14T16:51:08.300", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42552", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 45.0}, {"id": "CVE-2025-27850", "description": "The locally served web site on the Garmin WDU (v1 1.4.6 and v2 5.0) allows a symlink attack. If a malicious graphics package containing symlinks is uploaded, the web server follows the supplied links when serving content. No mechanisms to restrict those link targets to a specific area of the filesys...", "score": 7.5, "severity": "HIGH", "published": "2026-05-13T21:16:41.100Z", "lastModified": "2026-05-14T17:06:08.693", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27850", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 45.0}, {"id": "CVE-2026-42304", "description": "Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 26.4.0rc2, the twisted.names module is vulnerable to a Denial of Service (DoS) attack via resource exhaustion during DNS name decompression. A remote, unauthenticated attacker can exploit this by sending ...", "score": 7.5, "severity": "HIGH", "published": "2026-05-13T21:16:46.933Z", "lastModified": "2026-05-14T18:12:13.527", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42304", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 45.0}, {"id": "CVE-2026-42561", "description": "Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.27, python-multipart has a denial of service vulnerability in multipart part header parsing. When parsing multipart/form-data, MultipartParser previously had no limit on the number of part headers or the size of an individual ...", "score": 7.5, "severity": "HIGH", "published": "2026-05-13T21:16:47.070Z", "lastModified": "2026-05-14T17:00:31.310", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42561", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 45.0}, {"id": "CVE-2026-44478", "description": "hoppscotch is an open source API development ecosystem. The fix for CVE-2026-28215 in version 2026.2.0 addresses the unauthenticated POST /v1/onboarding/config endpoint by checking onboardingCompleted and canReRunOnboarding before allowing config overwrites. However, GET /v1/onboarding/config still ...", "score": 7.5, "severity": "HIGH", "published": "2026-05-13T22:16:46.207Z", "lastModified": "2026-05-14T16:49:18.583", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44478", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 45.0}, {"id": "CVE-2026-46419", "description": "Yubico webauthn-server-core (aka java-webauthn-server) 2.8.0 before 2.8.2 incorrectly checks a function's return value in the second factor flow, leading to impersonation.", "score": 7.5, "severity": "HIGH", "published": "2026-05-14T02:17:21.917Z", "lastModified": "2026-05-14T18:31:45.970", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46419", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 45.0}, {"id": "CVE-2025-14869", "description": "GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.5 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to cause denial of service by sending specially crafted payloads on certain API endpoints.", "score": 7.5, "severity": "HIGH", "published": "2026-05-14T06:16:20.757Z", "lastModified": "2026-05-14T16:20:43.240", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14869", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 45.0}, {"id": "CVE-2025-14870", "description": "GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.5 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to cause denial of service by sending specially crafted JSON payloads due to insufficient input validation.", "score": 7.5, "severity": "HIGH", "published": "2026-05-14T06:16:20.887Z", "lastModified": "2026-05-14T16:20:43.240", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14870", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 45.0}, {"id": "CVE-2026-1659", "description": "GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.0 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to cause denial of service by sending specially crafted requests due to insufficient input validation.", "score": 7.5, "severity": "HIGH", "published": "2026-05-14T06:16:21.667Z", "lastModified": "2026-05-14T16:20:43.240", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1659", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 45.0}, {"id": "CVE-2026-6514", "description": "The InfusedWoo Pro plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 5.1.2 via the popup_submit. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to quer...", "score": 7.5, "severity": "HIGH", "published": "2026-05-14T09:16:28.023Z", "lastModified": "2026-05-14T14:28:41.283", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6514", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 45.0}, {"id": "CVE-2026-4029", "description": "The Database Backup for WordPress plugin for WordPress is vulnerable to unauthorized database export in all versions up to, and including, 2.5.2. This is due to the plugin not properly enforcing the return value of its authorization check. This makes it possible for unauthenticated attackers to expo...", "score": 7.5, "severity": "HIGH", "published": "2026-05-14T13:16:20.630Z", "lastModified": "2026-05-14T14:28:41.283", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4029", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 45.0}, {"id": "CVE-2026-4031", "description": "The Database Backup for WordPress plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.5.2. This is due to the plugin not restricting access to the wp_db_temp_dir parameter, which controls where database backups are written. This makes it possible for un...", "score": 7.5, "severity": "HIGH", "published": "2026-05-14T13:16:20.907Z", "lastModified": "2026-05-14T14:28:41.283", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4031", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 45.0}, {"id": "CVE-2026-6479", "description": "Uncontrolled recursion in PostgreSQL SSL and GSS negotiation allows an attacker able to connect to a PostgreSQL AF_UNIX socket to achieve sustained denial of service.  If SSL and GSS are both disabled, an attacker can do the same via access to a PostgreSQL TCP socket.  Versions before PostgreSQL 18....", "score": 7.5, "severity": "HIGH", "published": "2026-05-14T14:16:25.583Z", "lastModified": "2026-05-14T16:21:23.190", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6479", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 45.0}, {"id": "CVE-2026-44375", "description": "Nerdbank.MessagePack is a NativeAOT-compatible MessagePack serialization library. Prior to 1.1.62, Nerdbank.MessagePack contains an uncontrolled stack allocation vulnerability in DateTime decoding. A malicious MessagePack payload can declare an oversized timestamp extension length, causing the reade...", "score": 7.5, "severity": "HIGH", "published": "2026-05-14T15:16:48.383Z", "lastModified": "2026-05-14T18:19:25.260", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44375", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 45.0}, {"id": "CVE-2026-42594", "description": "Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, the webhook middleware spawns a goroutine that holds a reference to the request's echo.Context after the synchronous handler returns ErrAsyncProcess and Echo recycles the context back to its sync.Pool. When a concurrent requ...", "score": 7.5, "severity": "HIGH", "published": "2026-05-14T16:16:22.613Z", "lastModified": "2026-05-14T16:28:04.847", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42594", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 45.0}, {"id": "CVE-2026-42334", "description": "Mongoose is a MongoDB object modeling tool designed to work in an asynchronous environment. Prior to 6.13.9, 7.8.9, 8.22.1, and 9.1.6, a vulnerability allows bypassing Mongoose\u2019s sanitizeFilter query sanitization mechanism via the $nor operator. When sanitizeFilter is enabled, Mongoose wraps query o...", "score": 7.5, "severity": "HIGH", "published": "2026-05-14T18:16:47.747Z", "lastModified": "2026-05-14T18:26:39.827", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42334", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 45.0}, {"id": "CVE-2026-8510", "description": "Integer overflow in Skia in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)", "score": 7.5, "severity": "HIGH", "published": "2026-05-14T20:17:11.577Z", "lastModified": "2026-05-14T22:16:45.277", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8510", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 45.0}, {"id": "CVE-2026-8521", "description": "Use after free in Tab Groups in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code via malicious network traffic. (Chromium security severity: Critical)", "score": 7.5, "severity": "HIGH", "published": "2026-05-14T20:17:12.877Z", "lastModified": "2026-05-14T21:19:23.923", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8521", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 45.0}, {"id": "CVE-2026-8547", "description": "Insufficient policy enforcement in Passwords in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. (Chromium security severity: High)", "score": 7.5, "severity": "HIGH", "published": "2026-05-14T20:17:15.607Z", "lastModified": "2026-05-14T21:19:23.923", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8547", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 45.0}, {"id": "CVE-2026-8557", "description": "Use after free in Accessibility in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. (Chromium security severity: High)", "score": 7.5, "severity": "HIGH", "published": "2026-05-14T20:17:17.467Z", "lastModified": "2026-05-14T21:19:23.923", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8557", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 45.0}, {"id": "CVE-2026-44673", "description": "libyang is a YANG data modeling language library. Prior to SO 5.2.15, lyb_read_string() in src/parser_lyb.c contains an integer overflow that results in a heap buffer overflow when parsing a maliciously crafted LYB binary blob. An attacker who can supply LYB data to any libyang consumer (NETCONF ser...", "score": 7.5, "severity": "HIGH", "published": "2026-05-14T21:16:47.500Z", "lastModified": "2026-05-14T21:16:47.500", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44673", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 45.0}, {"id": "CVE-2026-44671", "description": "ZITADEL is an open source identity management platform. From 2.71.11 to before 3.4.10 and 4.15.0, a vulnerability was discovered in Zitadel's LDAP identity provider implementation, which fails to properly escape user-provided usernames before incorporating them into LDAP search filters. This allows ...", "score": 7.5, "severity": "HIGH", "published": "2026-05-14T22:16:44.850Z", "lastModified": "2026-05-14T22:16:44.850", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44671", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 45.0}, {"id": "CVE-2026-43888", "description": "Outline is a service that allows for collaborative documentation. Prior to 1.7.0, ZipHelper.extract computes the extraction path for each entry by passing a full filesystem path through trimFileAndExt, a filename helper that calls path.basename on its input when truncating. When a zip entry's nested...", "score": 8.7, "severity": "HIGH", "published": "2026-05-11T22:22:13.627Z", "lastModified": "2026-05-12T14:50:18.527", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43888", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 44.8}, {"id": "CVE-2026-43912", "description": "Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.35.5, Vaultwarden does not enforce that a groups_users.users_organizations_uuid entry belongs to the same organization as groups.groups_uuid, or a collections_groups.collections_uuid entry belongs to the same organization as co...", "score": 8.7, "severity": "HIGH", "published": "2026-05-11T23:20:21.980Z", "lastModified": "2026-05-13T15:40:38.097", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43912", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 44.8}, {"id": "CVE-2026-34653", "description": "Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in arbitrary file system read and write. An authenticated attacker wi...", "score": 8.7, "severity": "HIGH", "published": "2026-05-12T20:16:36.387Z", "lastModified": "2026-05-13T14:49:11.830", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34653", "is_exploited": false, "epss": 0, "vendor": "ADOBE", "mts_score": 44.8}, {"id": "CVE-2026-34686", "description": "Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may b...", "score": 8.7, "severity": "HIGH", "published": "2026-05-12T20:16:38.597Z", "lastModified": "2026-05-13T18:37:08.717", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34686", "is_exploited": false, "epss": 0, "vendor": "ADOBE", "mts_score": 44.8}, {"id": "CVE-2026-43383", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/tcp-md5: Fix MAC comparison to be constant-time\n\nTo prevent timing attacks, MACs need to be compared in constant\ntime.  Use the appropriate helper function for this.", "score": 9.4, "severity": "CRITICAL", "published": "2026-05-08T15:16:49.593Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43383", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 44.6}, {"id": "CVE-2026-42569", "description": "phpVMS is a PHP application to run and simulate an airline. Prior to version 7.0.6, a critical vulnerability in phpVMS allowed unauthenticated access to a legacy import feature. This issue has been patched in version 7.0.6.", "score": 9.4, "severity": "CRITICAL", "published": "2026-05-09T20:16:29.127Z", "lastModified": "2026-05-13T14:54:50.290", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42569", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 44.6}, {"id": "CVE-2026-33376", "description": "When using an IPv6 allow-list for the Auth Proxy feature, it defaults to /32 addresses. Addresses specifying a mask explicitly are not affected; to mitigate easily, add the desired mask (usually /128) to the addresses. Only auth proxy is affected; Okta, SAML, LDAP, etc are unaffected here.", "score": 7.4, "severity": "HIGH", "published": "2026-05-13T20:16:20.367Z", "lastModified": "2026-05-14T16:21:02.930", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33376", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 44.6}, {"id": "CVE-2026-44511", "description": "Katalyst Koi is a framework for building Rails admin functionality. Prior to 4.20.0 and 5.6.0, admin session cookies were not invalidated when an admin user logged out. An attacker with access to a valid admin session cookie could continue to access admin functionality after logout, until the cookie...", "score": 7.4, "severity": "HIGH", "published": "2026-05-14T17:16:22.760Z", "lastModified": "2026-05-14T18:19:25.260", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44511", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 44.6}, {"id": "CVE-2026-44636", "description": "libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. From  to 1.8.7-r1, signed integer overflow in sixel_encode_highcolor's allocation size calculation can lead to a heap buffer overflow. The public sixel_encode entry point validates only that width and height are greater t...", "score": 7.4, "severity": "HIGH", "published": "2026-05-14T20:17:08.703Z", "lastModified": "2026-05-14T21:21:10.620", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44636", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 44.6}, {"id": "CVE-2025-10470", "description": "The Magic Link authentication flow accepts multiple invalid authentication requests without adequate rate limiting or resource control, leading to uncontrolled memory usage growth.\n\nThis vulnerability can result in a denial-of-service condition, causing service unavailability for deployments that ut...", "score": 8.6, "severity": "HIGH", "published": "2026-05-11T12:16:10.530Z", "lastModified": "2026-05-13T15:25:04.383", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10470", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 44.4}, {"id": "CVE-2026-33362", "description": "In Meari IoT SDK builds embedded in CloudEdge 5.5.0 (build 220), Arenti 1.8.1 (build 220), and white-label Android apps <= 1.8.x (latest observed), multiple security-critical secrets are hardcoded and shared, including API signing material, password-transport keying, and service access keys.", "score": 8.6, "severity": "HIGH", "published": "2026-05-11T17:16:31.083Z", "lastModified": "2026-05-13T15:36:30.533", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33362", "is_exploited": false, "epss": 0, "vendor": "ANDROID", "mts_score": 44.4}, {"id": "CVE-2026-37430", "description": "An arbitrary file upload vulnerability in the ShopOrderImportController.java component of qihang-wms commit 75c15a allows attackers to execute arbitrary code via uploading a crafted file.", "score": 7.3, "severity": "HIGH", "published": "2026-05-13T14:17:32.453Z", "lastModified": "2026-05-14T20:17:03.917", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-37430", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 44.2}, {"id": "CVE-2024-55045", "description": "Firmament-Autopilot FMT-Firmware commit de5aec was discovered to contain a buffer overflow via the task_mavobc_entry function at /comm/task_comm.c.", "score": 7.3, "severity": "HIGH", "published": "2026-05-13T16:16:34.780Z", "lastModified": "2026-05-14T16:16:18.397", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-55045", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 44.2}, {"id": "CVE-2026-42584", "description": "Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, HttpClientCodec pairs each inbound response with an outbound request by queue.poll() once per response, including for 1xx. If the client pipelines GET then HEAD and the server sends 103, th...", "score": 7.3, "severity": "HIGH", "published": "2026-05-13T19:17:24.043Z", "lastModified": "2026-05-14T16:26:50.047", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42584", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 44.2}, {"id": "CVE-2025-27853", "description": "The locally served web site on the Garmin WDU (v1 1.4.6 and v2 5.0) allows its authentication to be bypassed. The WDU web site only performs authentication with the client within the client's browser. The WebSockets used to communicate with the WDU server do not enforce any authentication. An attack...", "score": 7.3, "severity": "HIGH", "published": "2026-05-13T21:16:41.463Z", "lastModified": "2026-05-14T17:06:08.693", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27853", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 44.2}, {"id": "CVE-2026-42612", "description": "Grav is a file-based Web platform. Prior to 2.0.0-beta.2, a stored Cross-Site Scripting (XSS) vulnerability in getgrav/grav allows publisher-level accounts to execute arbitrary JavaScript. The issue arises from a blacklist bypass in the detectXss() function when handling unquoted HTML event attribut...", "score": 8.5, "severity": "HIGH", "published": "2026-05-11T16:17:34.350Z", "lastModified": "2026-05-12T16:16:40.253", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42612", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 44.0}, {"id": "CVE-2026-42858", "description": "Open edX Platform enables the authoring and delivery of online learning at any scale. The sync_provider_data endpoint in SAMLProviderDataViewSet allows authenticated Enterprise Admin users to supply an arbitrary URL via the metadata_url POST parameter. This URL is passed directly to requests.get() i...", "score": 8.5, "severity": "HIGH", "published": "2026-05-11T18:16:36.263Z", "lastModified": "2026-05-13T14:53:35.820", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42858", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 44.0}, {"id": "CVE-2026-42860", "description": "The Open edx Enterprise Service app provides enterprise features to the Open edX platform. From 7.0.2 to 7.0.4, the sync_provider_data endpoint in SAMLProviderDataViewSet fetches SAML metadata from a URL stored in SAMLProviderConfig.metadata_source. An authenticated user with the Enterprise Admin ro...", "score": 8.5, "severity": "HIGH", "published": "2026-05-11T18:16:36.547Z", "lastModified": "2026-05-13T14:50:59.870", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42860", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 44.0}, {"id": "CVE-2026-42741", "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aman Ninja Forms Views &#8211; Display &amp; Edit Ninja Forms Submissions on your site frontend views-for-ninja-forms allows Blind SQL Injection.This issue affects Ninja Forms Views &#8211; Display ...", "score": 8.5, "severity": "HIGH", "published": "2026-05-12T11:16:20.103Z", "lastModified": "2026-05-12T14:03:52.757", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42741", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 44.0}, {"id": "CVE-2026-42742", "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aman Views for WPForms views-for-wpforms-lite allows Blind SQL Injection.This issue affects Views for WPForms: from n/a through <= 3.4.6.", "score": 8.5, "severity": "HIGH", "published": "2026-05-12T11:16:20.227Z", "lastModified": "2026-05-12T14:03:52.757", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42742", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 44.0}, {"id": "CVE-2026-45211", "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Saad Iqbal APIExperts Square for WooCommerce woosquare allows Blind SQL Injection.This issue affects APIExperts Square for WooCommerce: from n/a through <= 4.7.1.", "score": 8.5, "severity": "HIGH", "published": "2026-05-12T11:16:20.487Z", "lastModified": "2026-05-12T14:03:52.757", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45211", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 44.0}, {"id": "CVE-2026-45214", "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Xpro Xpro Elementor Addons xpro-elementor-addons allows Blind SQL Injection.This issue affects Xpro Elementor Addons: from n/a through <= 1.5.1.", "score": 8.5, "severity": "HIGH", "published": "2026-05-12T11:16:20.853Z", "lastModified": "2026-05-12T14:03:52.757", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45214", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 44.0}, {"id": "CVE-2026-43989", "description": "JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, the upload_wasm MCP tool accepted a filesystem path from the agent and uploaded whatever bytes the path resolved to, with no validation of location, symlink target, file size, or file format. This vulnerability is f...", "score": 8.5, "severity": "HIGH", "published": "2026-05-12T17:16:20.800Z", "lastModified": "2026-05-13T14:54:50.290", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43989", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 44.0}, {"id": "CVE-2026-44015", "description": "Nginx UI is a web user interface for the Nginx web server. In 2.3.4 and earlier, an authenticated user can perform Server-Side Request Forgery (SSRF) by creating a cluster node pointing to an arbitrary internal URL and then sending API requests with the X-Node-ID header. The Proxy middleware forward...", "score": 8.5, "severity": "HIGH", "published": "2026-05-12T22:16:35.330Z", "lastModified": "2026-05-14T22:16:43.797", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44015", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 44.0}, {"id": "CVE-2026-6888", "description": "Successful exploitation of the SQL injection vulnerability could allow a remote authenticated attacker to\nexecute arbitrary commands via a specific interface,\npotentially enabling the attacker to access, modify, or delete sensitive\ninformation within the database.", "score": 7.2, "severity": "HIGH", "published": "2026-05-13T04:17:41.093Z", "lastModified": "2026-05-13T16:17:02.120", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6888", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.8}, {"id": "CVE-2026-35506", "description": "ELECOM wireless LAN access point devices contain an OS command injection vulnerability in processing of ping_ip_addr parameter. If processing a crafted request sent by a logged-in user, an arbitrary OS command may be executed.", "score": 7.2, "severity": "HIGH", "published": "2026-05-13T13:16:40.880Z", "lastModified": "2026-05-13T15:47:10.327", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35506", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.8}, {"id": "CVE-2026-6177", "description": "The Custom Twitter Feeds plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 2.5.4. This is due to insufficient output escaping in the CTF_Display_Elements::get_post_text() function when rendering cached tweet text. The plugin's ctf_get_more_posts AJAX a...", "score": 7.2, "severity": "HIGH", "published": "2026-05-13T13:16:44.967Z", "lastModified": "2026-05-13T14:43:46.717", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6177", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.8}, {"id": "CVE-2020-37222", "description": "Kuicms Php EE 2.0 contains a persistent cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted content through the bbs reply endpoint. Attackers can send POST requests to /web/?c=bbs&a=reply with HTML and JavaScript payloads in the ...", "score": 7.2, "severity": "HIGH", "published": "2026-05-13T16:16:33.713Z", "lastModified": "2026-05-13T17:07:21.030", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-37222", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.8}, {"id": "CVE-2026-36741", "description": "U-SPEED AC1200 Gigabit Wi-Fi Router (Model: T18-21K) V1.0 is vulnerable to Command Injection. The Network Time Protocol (NTP) configuration interface does not properly sanitize user-supplied input. An authenticated user with permission to configure NTP settings can inject arbitrary system commands t...", "score": 7.2, "severity": "HIGH", "published": "2026-05-13T16:16:40.840Z", "lastModified": "2026-05-14T13:16:17.373", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-36741", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.8}, {"id": "CVE-2026-39459", "description": "A vulnerability exists in iControl REST and the TMOS Shell (tmsh) where a highly privileged, authenticated attacker with at least the Manager role can create configuration objects that allow running arbitrary commands.\n\n\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are ...", "score": 7.2, "severity": "HIGH", "published": "2026-05-13T16:16:41.380Z", "lastModified": "2026-05-13T16:27:11.127", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39459", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.8}, {"id": "CVE-2026-39358", "description": "CubeCart is an ecommerce software solution. Prior to 6.6.0, Authenticated Time-Based Blind SQL Injection vulnerabilities were identified in the sorting parameters (sort[price], sort_activity, sort_admin, and sort_customer) of the Products and Logs endpoints in CubeCart v6.x. This allows an attacker ...", "score": 7.2, "severity": "HIGH", "published": "2026-05-13T21:16:46.657Z", "lastModified": "2026-05-14T16:49:18.583", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39358", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.8}, {"id": "CVE-2026-45708", "description": "CubeCart is an ecommerce software solution. Prior to 6.7.3, an admin with documents edit permission can save raw <?php \u2026 ?> into the Invoice Editor. The next time any admin clicks Print on any order, the rendered template is written to files/print.<md5>.php. files/.htaccess ships an explicit <Files ...", "score": 7.2, "severity": "HIGH", "published": "2026-05-13T21:16:49.877Z", "lastModified": "2026-05-14T20:17:09.407", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45708", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.8}, {"id": "CVE-2026-3718", "description": "The ManageWP Worker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'MWP-Key-Name' HTTP request header in all versions up to, and including, 4.9.31. This is due to insufficient input sanitization and output escaping of attacker-controlled header values. This makes it possib...", "score": 7.2, "severity": "HIGH", "published": "2026-05-14T07:16:19.703Z", "lastModified": "2026-05-14T14:28:41.283", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3718", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.8}, {"id": "CVE-2026-6476", "description": "SQL injection in PostgreSQL pg_createsubscriber allows an attacker with pg_create_subscription rights to execute arbitrary SQL as a superuser.  The attack takes effect when pg_createsubscriber next runs.  Within major versions 17 and 18, minor versions before PostgreSQL 18.4 and 17.10 are affected. ...", "score": 7.2, "severity": "HIGH", "published": "2026-05-14T14:16:25.230Z", "lastModified": "2026-05-14T16:21:23.190", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6476", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.8}, {"id": "CVE-2026-41937", "description": "Vvveb before 1.0.8.3 contains an unrestricted file upload vulnerability in the plugin upload endpoint that allows super_admin users to execute arbitrary PHP code by uploading a malicious plugin ZIP file. Attackers can craft a ZIP containing a plugin.php with a valid Slug header and a public/index.ph...", "score": 7.2, "severity": "HIGH", "published": "2026-05-14T15:16:46.190Z", "lastModified": "2026-05-14T16:24:56.240", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41937", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.8}, {"id": "CVE-2026-8596", "description": "Cleartext storage of sensitive information in the ModelBuilder/Serve component in Amazon SageMaker Python SDK before v2.257.2 and v3 before v3.8.0 might allow a remote authenticated actor to extract the HMAC signing key from SageMaker API responses and forge valid integrity signatures for specially ...", "score": 7.2, "severity": "HIGH", "published": "2026-05-14T20:17:21.183Z", "lastModified": "2026-05-14T20:17:21.183", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8596", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.8}, {"id": "CVE-2026-8597", "description": "Missing integrity verification in the Triton inference handler in Amazon SageMaker Python SDK v2 before v2.257.2 and v3 before v3.8.0 might allow a remote authenticated actor to achieve code execution in inference containers via replacement of model artifacts in S3 with a specially crafted pickle pa...", "score": 7.2, "severity": "HIGH", "published": "2026-05-14T20:17:21.340Z", "lastModified": "2026-05-14T20:17:21.340", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8597", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.8}, {"id": "CVE-2026-4892", "description": "A heap-based out-of-bounds write vulnerability in the DHCPv6 implementation of dnsmasq allows local attackers to execute arbitrary code with root privileges via a crafted DHCPv6 packet.", "score": 8.4, "severity": "HIGH", "published": "2026-05-11T18:16:41.483Z", "lastModified": "2026-05-12T14:15:46.747", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4892", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.6}, {"id": "CVE-2026-34963", "description": "barebox version prior to 2026.04.0 contains multiple memory-safety vulnerabilities in the EFI PE loader in efi/loader/pe.c where integer overflow in virtual image size computation using 32-bit arithmetic on section VirtualAddress and size values allows undersized heap allocation, and PE section load...", "score": 8.4, "severity": "HIGH", "published": "2026-05-11T23:19:47.950Z", "lastModified": "2026-05-13T19:44:47.967", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34963", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.6}, {"id": "CVE-2026-43990", "description": "JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, plugin-shell's run_command wrapped every agent-supplied command in 'sh -c' / 'cmd /C' and passed the full argument string to the shell's parser, allowing shell metacharacters in agent-supplied arguments to be interp...", "score": 8.4, "severity": "HIGH", "published": "2026-05-12T17:16:20.953Z", "lastModified": "2026-05-13T17:00:37.097", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43990", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.6}, {"id": "CVE-2026-43991", "description": "JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, substring-based blocklist in plugin-shell's command-safety check could be bypassed by adversarial argument constructions, allowing unauthorized command execution on the host when combined with the companion advisory...", "score": 8.4, "severity": "HIGH", "published": "2026-05-12T17:16:21.090Z", "lastModified": "2026-05-13T17:00:37.097", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43991", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.6}, {"id": "CVE-2026-40358", "description": "Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.", "score": 8.4, "severity": "HIGH", "published": "2026-05-12T18:17:14.543Z", "lastModified": "2026-05-13T15:34:52.573", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40358", "is_exploited": false, "epss": 0, "vendor": "MICROSOFT", "mts_score": 43.6}, {"id": "CVE-2026-40361", "description": "Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.", "score": 8.4, "severity": "HIGH", "published": "2026-05-12T18:17:14.950Z", "lastModified": "2026-05-13T15:34:52.573", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40361", "is_exploited": false, "epss": 0, "vendor": "MICROSOFT", "mts_score": 43.6}, {"id": "CVE-2026-40363", "description": "Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.", "score": 8.4, "severity": "HIGH", "published": "2026-05-12T18:17:15.217Z", "lastModified": "2026-05-13T15:34:52.573", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40363", "is_exploited": false, "epss": 0, "vendor": "MICROSOFT", "mts_score": 43.6}, {"id": "CVE-2026-40364", "description": "Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally.", "score": 8.4, "severity": "HIGH", "published": "2026-05-12T18:17:15.350Z", "lastModified": "2026-05-13T15:34:52.573", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40364", "is_exploited": false, "epss": 0, "vendor": "MICROSOFT", "mts_score": 43.6}, {"id": "CVE-2026-40366", "description": "Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.", "score": 8.4, "severity": "HIGH", "published": "2026-05-12T18:17:15.610Z", "lastModified": "2026-05-13T15:34:52.573", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40366", "is_exploited": false, "epss": 0, "vendor": "MICROSOFT", "mts_score": 43.6}, {"id": "CVE-2026-40367", "description": "Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.", "score": 8.4, "severity": "HIGH", "published": "2026-05-12T18:17:15.760Z", "lastModified": "2026-05-13T15:34:52.573", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40367", "is_exploited": false, "epss": 0, "vendor": "MICROSOFT", "mts_score": 43.6}, {"id": "CVE-2026-40982", "description": "Spring Cloud Config allows applications to serve arbitrary text and binary files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead to a directory traversal attack.\nSpring Cloud Config 3.1.x: affected from 3.1....", "score": 9.1, "severity": "CRITICAL", "published": "2026-05-07T04:16:24.790Z", "lastModified": "2026-05-12T17:30:35.937", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40982", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.4}, {"id": "CVE-2026-41201", "description": "CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. In version 0.31.4.0, an attacker can achieve Full Account Takeover & Privilege Escalation via Stored DOM XSS in backup module filename field manipulated via a...", "score": 9.1, "severity": "CRITICAL", "published": "2026-05-07T04:16:26.240Z", "lastModified": "2026-05-07T14:57:13.077", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41201", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.4}, {"id": "CVE-2026-42216", "description": "OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From versions 3.0.0 to before 3.2.9, 3.3.0 to before 3.3.11, and 3.4.0 to before 3.4.11, IDManifest::init() reconstructs strings from a prefix-compressed r...", "score": 9.1, "severity": "CRITICAL", "published": "2026-05-07T04:16:34.220Z", "lastModified": "2026-05-08T16:56:50.613", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42216", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.4}, {"id": "CVE-2026-41902", "description": "FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, the /user-setup/{hash} endpoint accepts a 60-character random invite_hash to set a new user's password. The endpoint performs no expiration check \u2014 the hash remains valid indefinitely until c...", "score": 9.1, "severity": "CRITICAL", "published": "2026-05-07T19:16:00.807Z", "lastModified": "2026-05-08T22:16:30.810", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41902", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.4}, {"id": "CVE-2024-51092", "description": "LibreNMS before 24.10.0 allows a remote attacker to execute arbitrary code via OS command injection involving AboutController.php's index(), SettingsController.php's update(), and PollDevice.php's initRrdDirectory().", "score": 9.1, "severity": "CRITICAL", "published": "2026-05-08T06:16:10.090Z", "lastModified": "2026-05-12T13:50:21.820", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51092", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.4}, {"id": "CVE-2025-69690", "description": "Netgate pfSense CE 2.7.2 allows code execution by using the module installer with a backup file with a serialized PHP object containing the post_reboot_commands property. NOTE: the Supplier disputes this because this installer is only available to admins and they are intentionally allowed to execute...", "score": 9.1, "severity": "CRITICAL", "published": "2026-05-08T07:16:28.750Z", "lastModified": "2026-05-12T13:45:34.787", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69690", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.4}, {"id": "CVE-2013-10075", "description": "Apache::Session versions through 1.94 for Perl re-creates deleted sessions.\n\nThe session stores Apache::Session::Store::File and Apache::Session::Store::DB_File will create a session that does not exist.  This can lead to sessions being revived, potentially with data that was to be deleted.", "score": 9.1, "severity": "CRITICAL", "published": "2026-05-08T08:16:43.463Z", "lastModified": "2026-05-08T19:51:16.810", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-10075", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.4}, {"id": "CVE-2026-25199", "description": "Instances deployed via the Proxmox extension allow unauthorized access to instances belonging to other tenants.\n\n\n\n\nThis issue affects Apache CloudStack: from 4.21.0.0 through 4.22.0.0.\n\n\n\n\nThe Proxmox extension for CloudStack improperly uses a user-editable instance setting, proxmox_vmid, to associ...", "score": 9.1, "severity": "CRITICAL", "published": "2026-05-08T13:16:36.273Z", "lastModified": "2026-05-09T07:16:09.180", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25199", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.4}, {"id": "CVE-2026-41583", "description": "ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.1 and prior to zebra-script version 5.0.2, after a refactoring, Zebra failed to validate a consensus rule that restricted the possible values of sighash hash types for V5 transactions which were enabled in the NU5 network up...", "score": 9.1, "severity": "CRITICAL", "published": "2026-05-08T15:16:41.070Z", "lastModified": "2026-05-08T18:44:58.830", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41583", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.4}, {"id": "CVE-2026-43406", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nlibceph: prevent potential out-of-bounds reads in process_message_header()\n\nIf the message frame is (maliciously) corrupted in a way that the\nlength of the control segment ends up being less than the size of the\nmessage header or a...", "score": 9.1, "severity": "CRITICAL", "published": "2026-05-08T15:16:52.137Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43406", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 43.4}, {"id": "CVE-2026-43407", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nlibceph: Fix potential out-of-bounds access in ceph_handle_auth_reply()\n\nThis patch fixes an out-of-bounds access in ceph_handle_auth_reply()\nthat can be triggered by a message of type CEPH_MSG_AUTH_REPLY. In\nceph_handle_auth_reply...", "score": 9.1, "severity": "CRITICAL", "published": "2026-05-08T15:16:52.250Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43407", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 43.4}, {"id": "CVE-2026-44497", "description": "ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.4.0 and prior to zebra-script version 6.0.0, the fix for CVE-2026-41583 introduced a separate issue due to insufficient error handling of the case where the sighash type is invalid, during sighash computation. Instead of retur...", "score": 9.1, "severity": "CRITICAL", "published": "2026-05-08T15:17:01.493Z", "lastModified": "2026-05-08T18:42:24.100", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44497", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.4}, {"id": "CVE-2026-44694", "description": "n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. From version 2.18.7 to before version 2.50.2, there is an authenticated server-side request forgery vulnerability affecting the webhook trigger tools, the n8n API client (N8N_API_URL), ...", "score": 9.1, "severity": "CRITICAL", "published": "2026-05-08T20:16:31.917Z", "lastModified": "2026-05-14T18:10:06.867", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44694", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.4}, {"id": "CVE-2026-42193", "description": "Plunk is an open-source email platform built on top of AWS SES. Prior to version 0.9.0, the /webhooks/sns endpoint accepts Amazon SNS notification payloads from unauthenticated requests without verifying the SNS signature, certificate, or topic ARN, meaning anyone can forge a valid-looking webhook r...", "score": 9.1, "severity": "CRITICAL", "published": "2026-05-08T22:16:31.273Z", "lastModified": "2026-05-12T16:45:18.893", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42193", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.4}, {"id": "CVE-2026-42354", "description": "Sentry is an error tracking and performance monitoring tool. From version 21.12.0 to before version 26.4.1, a critical vulnerability was discovered in the SAML SSO implementation of Sentry. The vulnerability allows an attacker to take over any user account by using a malicious SAML Identity Provider...", "score": 9.1, "severity": "CRITICAL", "published": "2026-05-08T23:16:38.513Z", "lastModified": "2026-05-13T15:59:12.857", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42354", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.4}, {"id": "CVE-2026-44313", "description": "Linkwarden is a self-hosted, open-source collaborative bookmark manager to collect, organize and archive webpages. Prior to version 2.13.0, a Server-Side Request Forgery (SSRF) vulnerability in the fetchTitleAndHeaders function allows authenticated users to make arbitrary HTTP requests to internal s...", "score": 9.1, "severity": "CRITICAL", "published": "2026-05-09T00:16:29.373Z", "lastModified": "2026-05-12T16:39:33.760", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44313", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.4}, {"id": "CVE-2026-42560", "description": "auth provides authentication via oauth2, direct and email. From versions 1.18.0 to before 1.25.2 and 2.0.0 to before 2.1.2, the Patreon OAuth provider maps every authenticated Patreon account to the same local user.ID, instead of deriving a unique ID from the Patreon account returned by Patreon. In ...", "score": 9.1, "severity": "CRITICAL", "published": "2026-05-09T06:16:10.603Z", "lastModified": "2026-05-13T16:58:09.717", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42560", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.4}, {"id": "CVE-2026-6104", "description": "In PHP versions 8.4.* before 8.4.21 and 8.5.* before 8.5.6, when an encoding name containing an embedded NUL byte is passed to mb_convert_encoding() or related mbstring functions, the code incorrectly assumes that when\u00a0strncasecmp()\u00a0returns 0 it means the strings have the same length. This can lead ...", "score": 9.1, "severity": "CRITICAL", "published": "2026-05-10T06:16:07.397Z", "lastModified": "2026-05-12T17:35:59.777", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6104", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.4}, {"id": "CVE-2026-4609", "description": "The ProfileGrid \u2013 User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the pm_invite_user function in all versions up to, and including, 5.9.8.4. This makes it possible for authenticated attackers, with Subscriber-level ...", "score": 7.1, "severity": "HIGH", "published": "2026-05-13T14:17:58.520Z", "lastModified": "2026-05-13T14:43:46.717", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4609", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.4}, {"id": "CVE-2020-37224", "description": "Joomla J2 JOBS 1.3.0 contains an authenticated SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'sortby' parameter. Attackers can send POST requests to the administrator index with malicious 'sortby' values to extract se...", "score": 7.1, "severity": "HIGH", "published": "2026-05-13T16:16:33.990Z", "lastModified": "2026-05-13T17:07:21.030", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-37224", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.4}, {"id": "CVE-2020-37226", "description": "Joomla J2 JOBS 1.3.0 contains an authenticated SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'sortby' parameter. Attackers can send POST requests to the administrator index with malicious 'sortby' values to extract se...", "score": 7.1, "severity": "HIGH", "published": "2026-05-13T16:16:34.270Z", "lastModified": "2026-05-13T17:07:21.030", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-37226", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.4}, {"id": "CVE-2026-33377", "description": "An Editor can overwrite a dashboard not owned by them to acquire admin on that specific dashboard. The user must have write access to the dashboard to escalate privilege.", "score": 7.1, "severity": "HIGH", "published": "2026-05-13T20:16:20.470Z", "lastModified": "2026-05-14T19:16:32.217", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33377", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.4}, {"id": "CVE-2026-32991", "description": "Improper authorization checks of team members privileges allow a team member to escalate privileges to the team owner account.", "score": 7.1, "severity": "HIGH", "published": "2026-05-13T23:16:43.110Z", "lastModified": "2026-05-14T16:49:18.583", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32991", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.4}, {"id": "CVE-2026-46445", "description": "SOGo before 5.12.7, when PostgreSQL is used, allows SQL injection.", "score": 7.1, "severity": "HIGH", "published": "2026-05-14T04:17:03.193Z", "lastModified": "2026-05-14T16:49:18.583", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46445", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.4}, {"id": "CVE-2026-46446", "description": "SOGo before 5.12.7, when PostgreSQL or MariaDB is used, and cleartext passwords are stored, allows SQL injection. This is related to c_password = '%@' in changePasswordForLogin.", "score": 7.1, "severity": "HIGH", "published": "2026-05-14T04:17:03.547Z", "lastModified": "2026-05-14T16:49:18.583", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46446", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.4}, {"id": "CVE-2026-41935", "description": "Vvveb before 1.0.8.3 contains an uncontrolled recursion vulnerability in the admin controller dispatch cycle where Base::init() repeatedly invokes permission() on error handlers, causing infinite recursion until PHP memory limits are exhausted. Attackers can send sustained requests to forbidden admi...", "score": 7.1, "severity": "HIGH", "published": "2026-05-14T15:16:46.020Z", "lastModified": "2026-05-14T16:24:56.240", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41935", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.4}, {"id": "CVE-2026-44637", "description": "libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. From  to 1.8.7-r1, a signed integer overflow in the SIXEL parser's image-buffer doubling loop can lead to an out-of-bounds heap write in sixel_decode_raw_impl. context->pos_x grows by repeat_count on every sixel character...", "score": 7.1, "severity": "HIGH", "published": "2026-05-14T20:17:08.847Z", "lastModified": "2026-05-14T21:21:10.620", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44637", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.4}, {"id": "CVE-2026-42313", "description": "pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the set_config_value() API method (@permission(Perms.SETTINGS)) in src/pyload/core/api/__init__.py gates security-sensitive options behind a hand-maintained allowlist ADMIN_ONLY_CORE_OPTIONS. The allowlist ...", "score": 8.3, "severity": "HIGH", "published": "2026-05-11T18:16:34.980Z", "lastModified": "2026-05-13T17:26:28.013", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42313", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.2}, {"id": "CVE-2025-40946", "description": "A vulnerability has been identified in blueplanet 100 NX3 M8 (All versions), blueplanet 100 TL3 GEN2 (All versions < V6.1.4.9), blueplanet 105 TL3 (All versions), blueplanet 105 TL3 GEN2 (All versions < V6.1.4.9), blueplanet 110 TL3 (All versions), blueplanet 125 NX3 M11 (All versions), blueplanet 1...", "score": 8.3, "severity": "HIGH", "published": "2026-05-12T10:16:42.860Z", "lastModified": "2026-05-12T14:19:41.400", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40946", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.2}, {"id": "CVE-2026-35438", "description": "Missing authorization in Windows Admin Center allows an authorized attacker to elevate privileges over a network.", "score": 8.3, "severity": "HIGH", "published": "2026-05-12T18:17:14.030Z", "lastModified": "2026-05-13T15:34:52.573", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35438", "is_exploited": false, "epss": 0, "vendor": "WINDOWS", "mts_score": 43.2}, {"id": "USOM-4104", "description": "[USOM] TR-26-0240 (Yordam Bili\u015fim - K\u00fct\u00fcphane Otomasyon Sistemi G\u00fcvenlik Bildirimi) | ...", "score": 7.0, "severity": "HIGH", "published": "2026-05-15T02:33:32.179366+00:00", "lastModified": "2026-05-15T02:33:32.179375+00:00", "source": "USOM", "source_url": "https://www.usom.gov.tr/bildirim/tr-26-0240", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.0}, {"id": "USOM-32024", "description": "[USOM] TR-26-0239 (\u0130m Park Bili\u015fim - DijiDemi\u200b G\u00fcvenlik Bildirimi) | ...", "score": 7.0, "severity": "HIGH", "published": "2026-05-15T02:33:32.179383+00:00", "lastModified": "2026-05-15T02:33:32.179385+00:00", "source": "USOM", "source_url": "https://www.usom.gov.tr/bildirim/tr-26-0239", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.0}, {"id": "USOM-55093", "description": "[USOM] TR-26-0238 (APPYAP Teknoloji - Yaay Sosyal Medya\u200b G\u00fcvenlik Bildirimi) | ...", "score": 7.0, "severity": "HIGH", "published": "2026-05-15T02:33:32.179390+00:00", "lastModified": "2026-05-15T02:33:32.179392+00:00", "source": "USOM", "source_url": "https://www.usom.gov.tr/bildirim/tr-26-0238", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.0}, {"id": "USOM-97698", "description": "[USOM] TR-26-0237 (WordPress LiteSpeed Cache G\u00fcvenlik Zafiyeti) | ...", "score": 7.0, "severity": "HIGH", "published": "2026-05-15T02:33:32.179397+00:00", "lastModified": "2026-05-15T02:33:32.179398+00:00", "source": "USOM", "source_url": "https://www.usom.gov.tr/bildirim/tr-26-0237", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.0}, {"id": "USOM-19569", "description": "[USOM] TR-26-0236 (HashiCorp Nomad G\u00fcvenlik Bildirimi ) | ...", "score": 7.0, "severity": "HIGH", "published": "2026-05-15T02:33:32.179402+00:00", "lastModified": "2026-05-15T02:33:32.179404+00:00", "source": "USOM", "source_url": "https://www.usom.gov.tr/bildirim/tr-26-0236", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.0}, {"id": "USOM-16566", "description": "[USOM] TR-26-0235 (Deskflow G\u00fcvenlik Zafiyeti) | ...", "score": 7.0, "severity": "HIGH", "published": "2026-05-15T02:33:32.179408+00:00", "lastModified": "2026-05-15T02:33:32.179409+00:00", "source": "USOM", "source_url": "https://www.usom.gov.tr/bildirim/tr-26-0235", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.0}, {"id": "USOM-62928", "description": "[USOM] TR-26-0234 (Intel \u00c7oklu \u00dcr\u00fcn G\u00fcvenlik Bildirimi) | ...", "score": 7.0, "severity": "HIGH", "published": "2026-05-15T02:33:32.179414+00:00", "lastModified": "2026-05-15T02:33:32.179416+00:00", "source": "USOM", "source_url": "https://www.usom.gov.tr/bildirim/tr-26-0234", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.0}, {"id": "USOM-64654", "description": "[USOM] TR-26-0233 (Adobe After Effects G\u00fcvenlik Bildirimi ) | ...", "score": 7.0, "severity": "HIGH", "published": "2026-05-15T02:33:32.179420+00:00", "lastModified": "2026-05-15T02:33:32.179422+00:00", "source": "USOM", "source_url": "https://www.usom.gov.tr/bildirim/tr-26-0233", "is_exploited": false, "epss": 0, "vendor": "ADOBE", "mts_score": 43.0}, {"id": "USOM-622", "description": "[USOM] TR-26-0232 (Adobe Media Encoder G\u00fcvenlik Bildirimi) | ...", "score": 7.0, "severity": "HIGH", "published": "2026-05-15T02:33:32.179426+00:00", "lastModified": "2026-05-15T02:33:32.179428+00:00", "source": "USOM", "source_url": "https://www.usom.gov.tr/bildirim/tr-26-0232", "is_exploited": false, "epss": 0, "vendor": "ADOBE", "mts_score": 43.0}, {"id": "USOM-52534", "description": "[USOM] TR-26-0231 (MongoDB G\u00fcvenlik Bildirimi) | ...", "score": 7.0, "severity": "HIGH", "published": "2026-05-15T02:33:32.179432+00:00", "lastModified": "2026-05-15T02:33:32.179433+00:00", "source": "USOM", "source_url": "https://www.usom.gov.tr/bildirim/tr-26-0231", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.0}, {"id": "USOM-53427", "description": "[USOM] TR-26-0230 (Intel Data Center Graphics Driver G\u00fcvenlik Bildirimi) | ...", "score": 7.0, "severity": "HIGH", "published": "2026-05-15T02:33:32.179438+00:00", "lastModified": "2026-05-15T02:33:32.179439+00:00", "source": "USOM", "source_url": "https://www.usom.gov.tr/bildirim/tr-26-0230", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.0}, {"id": "USOM-48293", "description": "[USOM] TR-26-0229 (Apache Tomcat G\u00fcvenlik Bildirimi) | ...", "score": 7.0, "severity": "HIGH", "published": "2026-05-15T02:33:32.179443+00:00", "lastModified": "2026-05-15T02:33:32.179445+00:00", "source": "USOM", "source_url": "https://www.usom.gov.tr/bildirim/tr-26-0229", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.0}, {"id": "USOM-12931", "description": "[USOM] TR-26-0228 (Siemens Ruggedcom G\u00fcvenlik Bildirimi) | ...", "score": 7.0, "severity": "HIGH", "published": "2026-05-15T02:33:32.179449+00:00", "lastModified": "2026-05-15T02:33:32.179450+00:00", "source": "USOM", "source_url": "https://www.usom.gov.tr/bildirim/tr-26-0228", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.0}, {"id": "USOM-45454", "description": "[USOM] TR-26-0227 (Claris FileMaker Cloud G\u00fcvenlik Bildirimi) | ...", "score": 7.0, "severity": "HIGH", "published": "2026-05-15T02:33:32.179454+00:00", "lastModified": "2026-05-15T02:33:32.179456+00:00", "source": "USOM", "source_url": "https://www.usom.gov.tr/bildirim/tr-26-0227", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.0}, {"id": "USOM-6291", "description": "[USOM] TR-26-0226 (HPE Aruba Networking AOS G\u00fcvenlik Bildirimi) | ...", "score": 7.0, "severity": "HIGH", "published": "2026-05-15T02:33:32.179460+00:00", "lastModified": "2026-05-15T02:33:32.179462+00:00", "source": "USOM", "source_url": "https://www.usom.gov.tr/bildirim/tr-26-0226", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.0}, {"id": "USOM-27561", "description": "[USOM] TR-26-0225 (TanStack Router G\u00fcvenlik Zafiyeti) | ...", "score": 7.0, "severity": "HIGH", "published": "2026-05-15T02:33:32.179466+00:00", "lastModified": "2026-05-15T02:33:32.179467+00:00", "source": "USOM", "source_url": "https://www.usom.gov.tr/bildirim/tr-26-0225", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.0}, {"id": "USOM-48028", "description": "[USOM] TR-26-0224 (E-Kalite Yaz\u0131l\u0131m - Turboard FOR-S G\u00fcvenlik Bildirimi) | ...", "score": 7.0, "severity": "HIGH", "published": "2026-05-15T02:33:32.179472+00:00", "lastModified": "2026-05-15T02:33:32.179473+00:00", "source": "USOM", "source_url": "https://www.usom.gov.tr/bildirim/tr-26-0224", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.0}, {"id": "USOM-30611", "description": "[USOM] TR-26-0223 (AB\u0130S Teknoloji - BAPS\u0130S G\u00fcvenlik Bildirimi) | ...", "score": 7.0, "severity": "HIGH", "published": "2026-05-15T02:33:32.179478+00:00", "lastModified": "2026-05-15T02:33:32.179480+00:00", "source": "USOM", "source_url": "https://www.usom.gov.tr/bildirim/tr-26-0223", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.0}, {"id": "USOM-162", "description": "[USOM] TR-26-0222 (Ak\u0131ll\u0131 Ticaret Yaz\u0131l\u0131m Teknolojileri - E-ticaret Sitesi G\u00fcvenlik Bildirimi) | ...", "score": 7.0, "severity": "HIGH", "published": "2026-05-15T02:33:32.179484+00:00", "lastModified": "2026-05-15T02:33:32.179486+00:00", "source": "USOM", "source_url": "https://www.usom.gov.tr/bildirim/tr-26-0222", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.0}, {"id": "USOM-5158", "description": "[USOM] TR-26-0221 (n8n-MCP G\u00fcvenlik Bildirimi) | ...", "score": 7.0, "severity": "HIGH", "published": "2026-05-15T02:33:32.179490+00:00", "lastModified": "2026-05-15T02:33:32.179492+00:00", "source": "USOM", "source_url": "https://www.usom.gov.tr/bildirim/tr-26-0221", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.0}, {"id": "USOM-25739", "description": "[USOM] TR-26-0220 (cPanel G\u00fcvenlik Bildirimi) | ...", "score": 7.0, "severity": "HIGH", "published": "2026-05-15T02:33:32.179496+00:00", "lastModified": "2026-05-15T02:33:32.179497+00:00", "source": "USOM", "source_url": "https://www.usom.gov.tr/bildirim/tr-26-0220", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.0}, {"id": "USOM-71639", "description": "[USOM] TR-26-0219 (Hikvision G\u00fcvenlik Bildirimi) | ...", "score": 7.0, "severity": "HIGH", "published": "2026-05-15T02:33:32.179501+00:00", "lastModified": "2026-05-15T02:33:32.179502+00:00", "source": "USOM", "source_url": "https://www.usom.gov.tr/bildirim/tr-26-0219", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.0}, {"id": "USOM-20943", "description": "[USOM] TR-26-0218 (Open5GS G\u00fcvenlik Zafiyeti) | ...", "score": 7.0, "severity": "HIGH", "published": "2026-05-15T02:33:32.179506+00:00", "lastModified": "2026-05-15T02:33:32.179507+00:00", "source": "USOM", "source_url": "https://www.usom.gov.tr/bildirim/tr-26-0218", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.0}, {"id": "USOM-29156", "description": "[USOM] TR-26-0217 (Apache \u00c7oklu \u00dcr\u00fcn G\u00fcvenlik Bildirimi) | ...", "score": 7.0, "severity": "HIGH", "published": "2026-05-15T02:33:32.179511+00:00", "lastModified": "2026-05-15T02:33:32.179513+00:00", "source": "USOM", "source_url": "https://www.usom.gov.tr/bildirim/tr-26-0217", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.0}, {"id": "USOM-25136", "description": "[USOM] TR-26-0216 (Angular Project G\u00fcvenlik Bildirimi) | ...", "score": 7.0, "severity": "HIGH", "published": "2026-05-15T02:33:32.179516+00:00", "lastModified": "2026-05-15T02:33:32.179518+00:00", "source": "USOM", "source_url": "https://www.usom.gov.tr/bildirim/tr-26-0216", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.0}, {"id": "USOM-72794", "description": "[USOM] TR-26-0215 (WordPress Eklenti G\u00fcvenlik Bildirimi) | ...", "score": 7.0, "severity": "HIGH", "published": "2026-05-15T02:33:32.179522+00:00", "lastModified": "2026-05-15T02:33:32.179523+00:00", "source": "USOM", "source_url": "https://www.usom.gov.tr/bildirim/tr-26-0215", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.0}, {"id": "USOM-62468", "description": "[USOM] TR-26-0214 (Moodle G\u00fcvenlik Bildirimi) | ...", "score": 7.0, "severity": "HIGH", "published": "2026-05-15T02:33:32.179527+00:00", "lastModified": "2026-05-15T02:33:32.179528+00:00", "source": "USOM", "source_url": "https://www.usom.gov.tr/bildirim/tr-26-0214", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.0}, {"id": "USOM-30975", "description": "[USOM] TR-26-0213 (Linux Kernel G\u00fcvenlik Bildirimi) | ...", "score": 7.0, "severity": "HIGH", "published": "2026-05-15T02:33:32.179532+00:00", "lastModified": "2026-05-15T02:33:32.179533+00:00", "source": "USOM", "source_url": "https://www.usom.gov.tr/bildirim/tr-26-0213", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 43.0}, {"id": "USOM-54579", "description": "[USOM] TR-26-0212 (Dell ECS/ObjectScale G\u00fcvenlik Bildirimi) | ...", "score": 7.0, "severity": "HIGH", "published": "2026-05-15T02:33:32.179537+00:00", "lastModified": "2026-05-15T02:33:32.179538+00:00", "source": "USOM", "source_url": "https://www.usom.gov.tr/bildirim/tr-26-0212", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.0}, {"id": "USOM-35196", "description": "[USOM] TR-26-0211 (Wikimedia Foundation MediaWiki G\u00fcvenlik Zafiyeti) | ...", "score": 7.0, "severity": "HIGH", "published": "2026-05-15T02:33:32.179542+00:00", "lastModified": "2026-05-15T02:33:32.179544+00:00", "source": "USOM", "source_url": "https://www.usom.gov.tr/bildirim/tr-26-0211", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.0}, {"id": "USOM-36047", "description": "[USOM] TR-26-0210 (OpenClaw G\u00fcvenlik Bildirimi) | ...", "score": 7.0, "severity": "HIGH", "published": "2026-05-15T02:33:32.179548+00:00", "lastModified": "2026-05-15T02:33:32.179549+00:00", "source": "USOM", "source_url": "https://www.usom.gov.tr/bildirim/tr-26-0210", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.0}, {"id": "USOM-51689", "description": "[USOM] TR-26-0209 (WSO2 \u00c7oklu \u00dcr\u00fcn G\u00fcvenlik Bildirimi ) | ...", "score": 7.0, "severity": "HIGH", "published": "2026-05-15T02:33:32.179557+00:00", "lastModified": "2026-05-15T02:33:32.179558+00:00", "source": "USOM", "source_url": "https://www.usom.gov.tr/bildirim/tr-26-0209", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.0}, {"id": "USOM-64673", "description": "[USOM] TR-26-0208 (D Link DIR-816 G\u00fcvenlik Bildirimi) | ...", "score": 7.0, "severity": "HIGH", "published": "2026-05-15T02:33:32.179562+00:00", "lastModified": "2026-05-15T02:33:32.179564+00:00", "source": "USOM", "source_url": "https://www.usom.gov.tr/bildirim/tr-26-0208", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.0}, {"id": "USOM-51700", "description": "[USOM] TR-26-0207 (Taiga Proje Y\u00f6netim Platformu G\u00fcvenlik Bildirimi ) | ...", "score": 7.0, "severity": "HIGH", "published": "2026-05-15T02:33:32.179568+00:00", "lastModified": "2026-05-15T02:33:32.179569+00:00", "source": "USOM", "source_url": "https://www.usom.gov.tr/bildirim/tr-26-0207", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.0}, {"id": "USOM-76466", "description": "[USOM] TR-26-0206 (SAP \u00c7oklu \u00dcr\u00fcn G\u00fcvenlik Bildirimi) | ...", "score": 7.0, "severity": "HIGH", "published": "2026-05-15T02:33:32.179573+00:00", "lastModified": "2026-05-15T02:33:32.179575+00:00", "source": "USOM", "source_url": "https://www.usom.gov.tr/bildirim/tr-26-0206", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.0}, {"id": "USOM-20038", "description": "[USOM] TR-26-0205 (Apple \u0130\u015fletim Sistemi G\u00fcvenlik Bildirimi) | ...", "score": 7.0, "severity": "HIGH", "published": "2026-05-15T02:33:32.179579+00:00", "lastModified": "2026-05-15T02:33:32.179580+00:00", "source": "USOM", "source_url": "https://www.usom.gov.tr/bildirim/tr-26-0205", "is_exploited": false, "epss": 0, "vendor": "APPLE", "mts_score": 43.0}, {"id": "USOM-47636", "description": "[USOM] TR-26-0204 (Nuclei G\u00fcvenlik Bildirimi) | ...", "score": 7.0, "severity": "HIGH", "published": "2026-05-15T02:33:32.179584+00:00", "lastModified": "2026-05-15T02:33:32.179586+00:00", "source": "USOM", "source_url": "https://www.usom.gov.tr/bildirim/tr-26-0204", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.0}, {"id": "USOM-22856", "description": "[USOM] TR-26-0203 (Mozilla Firefox/ESR G\u00fcvenlik Bildirimi) | ...", "score": 7.0, "severity": "HIGH", "published": "2026-05-15T02:33:32.179589+00:00", "lastModified": "2026-05-15T02:33:32.179591+00:00", "source": "USOM", "source_url": "https://www.usom.gov.tr/bildirim/tr-26-0203", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.0}, {"id": "USOM-87574", "description": "[USOM] TR-26-0202 (Go Project G\u00fcvenlik Bildirimi ) | ...", "score": 7.0, "severity": "HIGH", "published": "2026-05-15T02:33:32.179594+00:00", "lastModified": "2026-05-15T02:33:32.179596+00:00", "source": "USOM", "source_url": "https://www.usom.gov.tr/bildirim/tr-26-0202", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.0}, {"id": "USOM-90673", "description": "[USOM] TR-26-0201 (Argo CD G\u00fcvenlik Bildirimi) | ...", "score": 7.0, "severity": "HIGH", "published": "2026-05-15T02:33:32.179599+00:00", "lastModified": "2026-05-15T02:33:32.179601+00:00", "source": "USOM", "source_url": "https://www.usom.gov.tr/bildirim/tr-26-0201", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.0}, {"id": "USOM-75399", "description": "[USOM] TR-26-0200 (Axios HTTP Client G\u00fcvenlik Bildirimi) | ...", "score": 7.0, "severity": "HIGH", "published": "2026-05-15T02:33:32.179604+00:00", "lastModified": "2026-05-15T02:33:32.179606+00:00", "source": "USOM", "source_url": "https://www.usom.gov.tr/bildirim/tr-26-0200", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.0}, {"id": "USOM-46627", "description": "[USOM] TR-26-0199 (Ivanti EPMM G\u00fcvenlik Bildirimi) | ...", "score": 7.0, "severity": "HIGH", "published": "2026-05-15T02:33:32.179610+00:00", "lastModified": "2026-05-15T02:33:32.179611+00:00", "source": "USOM", "source_url": "https://www.usom.gov.tr/bildirim/tr-26-0199", "is_exploited": false, "epss": 0, "vendor": "IVANTI", "mts_score": 43.0}, {"id": "USOM-96528", "description": "[USOM] TR-26-0198 (GitHub Enterprise Server G\u00fcvenlik Bildirimi) | ...", "score": 7.0, "severity": "HIGH", "published": "2026-05-15T02:33:32.179615+00:00", "lastModified": "2026-05-15T02:33:32.179616+00:00", "source": "USOM", "source_url": "https://www.usom.gov.tr/bildirim/tr-26-0198", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.0}, {"id": "USOM-17074", "description": "[USOM] TR-26-0197 (Open5GS G\u00fcvenlik Zafiyeti) | ...", "score": 7.0, "severity": "HIGH", "published": "2026-05-15T02:33:32.179620+00:00", "lastModified": "2026-05-15T02:33:32.179621+00:00", "source": "USOM", "source_url": "https://www.usom.gov.tr/bildirim/tr-26-0197", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.0}, {"id": "USOM-10922", "description": "[USOM] TR-26-0196 (Linux Kernel G\u00fcvenlik Bildirimi) | ...", "score": 7.0, "severity": "HIGH", "published": "2026-05-15T02:33:32.179627+00:00", "lastModified": "2026-05-15T02:33:32.179629+00:00", "source": "USOM", "source_url": "https://www.usom.gov.tr/bildirim/tr-26-0196", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 43.0}, {"id": "USOM-10466", "description": "[USOM] TR-26-0195 (Hitachi Virtual Storage Platform One G\u00fcvenlik Bildirimi) | ...", "score": 7.0, "severity": "HIGH", "published": "2026-05-15T02:33:32.179632+00:00", "lastModified": "2026-05-15T02:33:32.179634+00:00", "source": "USOM", "source_url": "https://www.usom.gov.tr/bildirim/tr-26-0195", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.0}, {"id": "USOM-44075", "description": "[USOM] TR-26-0194 (Flowise AI G\u00fcvenlik Zafiyeti) | ...", "score": 7.0, "severity": "HIGH", "published": "2026-05-15T02:33:32.179638+00:00", "lastModified": "2026-05-15T02:33:32.179639+00:00", "source": "USOM", "source_url": "https://www.usom.gov.tr/bildirim/tr-26-0194", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.0}, {"id": "USOM-85426", "description": "[USOM] TR-26-0193 (React G\u00fcvenlik Zafiyeti ) | ...", "score": 7.0, "severity": "HIGH", "published": "2026-05-15T02:33:32.179643+00:00", "lastModified": "2026-05-15T02:33:32.179644+00:00", "source": "USOM", "source_url": "https://www.usom.gov.tr/bildirim/tr-26-0193", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.0}, {"id": "USOM-9396", "description": "[USOM] TR-26-0192 (JohnsonControls AC2000 G\u00fcvenlik Bildirimi) | ...", "score": 7.0, "severity": "HIGH", "published": "2026-05-15T02:33:32.179648+00:00", "lastModified": "2026-05-15T02:33:32.179650+00:00", "source": "USOM", "source_url": "https://www.usom.gov.tr/bildirim/tr-26-0192", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.0}, {"id": "USOM-79354", "description": "[USOM] TR-26-0191 (WatchGuard Agent G\u00fcvenlik Bildirimi) | ...", "score": 7.0, "severity": "HIGH", "published": "2026-05-15T02:33:32.179653+00:00", "lastModified": "2026-05-15T02:33:32.179655+00:00", "source": "USOM", "source_url": "https://www.usom.gov.tr/bildirim/tr-26-0191", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.0}, {"id": "USOM-48291", "description": "[USOM] TR-26-0190 (ZTE Cloud PC G\u00fcvenlik Bildirimi) | ...", "score": 7.0, "severity": "HIGH", "published": "2026-05-15T02:33:32.179659+00:00", "lastModified": "2026-05-15T02:33:32.179660+00:00", "source": "USOM", "source_url": "https://www.usom.gov.tr/bildirim/tr-26-0190", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.0}, {"id": "USOM-3218", "description": "[USOM] TR-26-0189 (Jupyter Notebook/JupyterLab G\u00fcvenlik Zafiyeti) | ...", "score": 7.0, "severity": "HIGH", "published": "2026-05-15T02:33:32.179664+00:00", "lastModified": "2026-05-15T02:33:32.179665+00:00", "source": "USOM", "source_url": "https://www.usom.gov.tr/bildirim/tr-26-0189", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.0}, {"id": "USOM-78621", "description": "[USOM] TR-26-0188 (HCL BigFix Service Management (SM) G\u00fcvenlik Bildirimi) | ...", "score": 7.0, "severity": "HIGH", "published": "2026-05-15T02:33:32.179669+00:00", "lastModified": "2026-05-15T02:33:32.179671+00:00", "source": "USOM", "source_url": "https://www.usom.gov.tr/bildirim/tr-26-0188", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.0}, {"id": "USOM-39440", "description": "[USOM] TR-26-0187 (WordPress Eklenti G\u00fcvenlik Bildirimi) | ...", "score": 7.0, "severity": "HIGH", "published": "2026-05-15T02:33:32.179675+00:00", "lastModified": "2026-05-15T02:33:32.179676+00:00", "source": "USOM", "source_url": "https://www.usom.gov.tr/bildirim/tr-26-0187", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.0}, {"id": "USOM-13154", "description": "[USOM] TR-26-0186 (Incus G\u00fcvenlik Bildirimi) | ...", "score": 7.0, "severity": "HIGH", "published": "2026-05-15T02:33:32.179680+00:00", "lastModified": "2026-05-15T02:33:32.179682+00:00", "source": "USOM", "source_url": "https://www.usom.gov.tr/bildirim/tr-26-0186", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.0}, {"id": "USOM-90157", "description": "[USOM] TR-26-0185 (Linux Kernel G\u00fcvenlik Bildirimi) | ...", "score": 7.0, "severity": "HIGH", "published": "2026-05-15T02:33:32.179686+00:00", "lastModified": "2026-05-15T02:33:32.179687+00:00", "source": "USOM", "source_url": "https://www.usom.gov.tr/bildirim/tr-26-0185", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 43.0}, {"id": "USOM-94374", "description": "[USOM] TR-26-0184 (Cisco \u00c7oklu \u00fcr\u00fcn G\u00fcvenlik Bildirimi) | ...", "score": 7.0, "severity": "HIGH", "published": "2026-05-15T02:33:32.179691+00:00", "lastModified": "2026-05-15T02:33:32.179693+00:00", "source": "USOM", "source_url": "https://www.usom.gov.tr/bildirim/tr-26-0184", "is_exploited": false, "epss": 0, "vendor": "CISCO", "mts_score": 43.0}, {"id": "USOM-82674", "description": "[USOM] TR-26-0183 (Google Chrome G\u00fcvenlik Bildirimi) | ...", "score": 7.0, "severity": "HIGH", "published": "2026-05-15T02:33:32.179697+00:00", "lastModified": "2026-05-15T02:33:32.179698+00:00", "source": "USOM", "source_url": "https://www.usom.gov.tr/bildirim/tr-26-0183", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 43.0}, {"id": "USOM-76494", "description": "[USOM] TR-26-0182 (DivvyDrive Bili\u015fim - DivvyDrive G\u00fcvenlik Bildirimi) | ...", "score": 7.0, "severity": "HIGH", "published": "2026-05-15T02:33:32.179704+00:00", "lastModified": "2026-05-15T02:33:32.179706+00:00", "source": "USOM", "source_url": "https://www.usom.gov.tr/bildirim/tr-26-0182", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.0}, {"id": "USOM-27021", "description": "[USOM] TR-26-0181 (T\u00dcB\u0130TAK B\u0130LGEM YTE - Liderahenk G\u00fcvenlik Bildirimi) | ...", "score": 7.0, "severity": "HIGH", "published": "2026-05-15T02:33:32.179711+00:00", "lastModified": "2026-05-15T02:33:32.179712+00:00", "source": "USOM", "source_url": "https://www.usom.gov.tr/bildirim/tr-26-0181", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.0}, {"id": "USOM-79519", "description": "[USOM] TR-26-0180 (Gosoft Yaz\u0131l\u0131m - Proticaret E-Ticaret Yaz\u0131l\u0131m\u0131 G\u00fcvenlik Bildirimi) | ...", "score": 7.0, "severity": "HIGH", "published": "2026-05-15T02:33:32.179716+00:00", "lastModified": "2026-05-15T02:33:32.179718+00:00", "source": "USOM", "source_url": "https://www.usom.gov.tr/bildirim/tr-26-0180", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.0}, {"id": "USOM-44442", "description": "[USOM] TR-26-0179 (Palo Alto Networks PAN-OS G\u00fcvenlik Bildirimi) | ...", "score": 7.0, "severity": "HIGH", "published": "2026-05-15T02:33:32.179722+00:00", "lastModified": "2026-05-15T02:33:32.179723+00:00", "source": "USOM", "source_url": "https://www.usom.gov.tr/bildirim/tr-26-0179", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.0}, {"id": "USOM-84081", "description": "[USOM] TR-26-0178 (D Link DI-8100 G\u00fcvenlik Bildirimi) | ...", "score": 7.0, "severity": "HIGH", "published": "2026-05-15T02:33:32.179727+00:00", "lastModified": "2026-05-15T02:33:32.179729+00:00", "source": "USOM", "source_url": "https://www.usom.gov.tr/bildirim/tr-26-0178", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.0}, {"id": "USOM-29205", "description": "[USOM] TR-26-0177 (Open vSwitch G\u00fcvenlik G\u00fcncellemesi) | ...", "score": 7.0, "severity": "HIGH", "published": "2026-05-15T02:33:32.179732+00:00", "lastModified": "2026-05-15T02:33:32.179734+00:00", "source": "USOM", "source_url": "https://www.usom.gov.tr/bildirim/tr-26-0177", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.0}, {"id": "USOM-61084", "description": "[USOM] TR-26-0176 (Frappe Framework ERPNext G\u00fcvenlik Zafiyeti) | ...", "score": 7.0, "severity": "HIGH", "published": "2026-05-15T02:33:32.179738+00:00", "lastModified": "2026-05-15T02:33:32.179739+00:00", "source": "USOM", "source_url": "https://www.usom.gov.tr/bildirim/tr-26-0176", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.0}, {"id": "USOM-13957", "description": "[USOM] TR-26-0175 (Jupyter Server G\u00fcvenlik Zafiyeti) | ...", "score": 7.0, "severity": "HIGH", "published": "2026-05-15T02:33:32.179743+00:00", "lastModified": "2026-05-15T02:33:32.179745+00:00", "source": "USOM", "source_url": "https://www.usom.gov.tr/bildirim/tr-26-0175", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.0}, {"id": "USOM-50206", "description": "[USOM] TR-26-0174 (Apache \u00c7oklu \u00dcr\u00fcn G\u00fcvenlik Bildirimi) | ...", "score": 7.0, "severity": "HIGH", "published": "2026-05-15T02:33:32.179748+00:00", "lastModified": "2026-05-15T02:33:32.179750+00:00", "source": "USOM", "source_url": "https://www.usom.gov.tr/bildirim/tr-26-0174", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.0}, {"id": "USOM-34820", "description": "[USOM] TR-26-0173 (Unisoc \u00c7oklu \u00dcr\u00fcn G\u00fcvenlik Bildirimi) | ...", "score": 7.0, "severity": "HIGH", "published": "2026-05-15T02:33:32.179754+00:00", "lastModified": "2026-05-15T02:33:32.179755+00:00", "source": "USOM", "source_url": "https://www.usom.gov.tr/bildirim/tr-26-0173", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.0}, {"id": "USOM-69260", "description": "[USOM] TR-26-0172 (Eclipse \u00c7oklu \u00dcr\u00fcn G\u00fcvenlik Bildirimi) | ...", "score": 7.0, "severity": "HIGH", "published": "2026-05-15T02:33:32.179759+00:00", "lastModified": "2026-05-15T02:33:32.179760+00:00", "source": "USOM", "source_url": "https://www.usom.gov.tr/bildirim/tr-26-0172", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.0}, {"id": "USOM-68047", "description": "[USOM] TR-26-0171 (Linux Kernel G\u00fcvenlik Bildirimi) | ...", "score": 7.0, "severity": "HIGH", "published": "2026-05-15T02:33:32.179764+00:00", "lastModified": "2026-05-15T02:33:32.179765+00:00", "source": "USOM", "source_url": "https://www.usom.gov.tr/bildirim/tr-26-0171", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 43.0}, {"id": "USOM-38336", "description": "[USOM] TR-26-0170 (PaperCut Hive Ricoh/MF G\u00fcvenlik Bildirimi) | ...", "score": 7.0, "severity": "HIGH", "published": "2026-05-15T02:33:32.179769+00:00", "lastModified": "2026-05-15T02:33:32.179770+00:00", "source": "USOM", "source_url": "https://www.usom.gov.tr/bildirim/tr-26-0170", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.0}, {"id": "USOM-27892", "description": "[USOM] TR-26-0169 (WordPress Eklenti G\u00fcvenlik Bildirimi) | ...", "score": 7.0, "severity": "HIGH", "published": "2026-05-15T02:33:32.179774+00:00", "lastModified": "2026-05-15T02:33:32.179775+00:00", "source": "USOM", "source_url": "https://www.usom.gov.tr/bildirim/tr-26-0169", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.0}, {"id": "USOM-13243", "description": "[USOM] TR-26-0168 (OpenClaw G\u00fcvenlik Bildirimi) | ...", "score": 7.0, "severity": "HIGH", "published": "2026-05-15T02:33:32.179779+00:00", "lastModified": "2026-05-15T02:33:32.179781+00:00", "source": "USOM", "source_url": "https://www.usom.gov.tr/bildirim/tr-26-0168", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.0}, {"id": "USOM-62027", "description": "[USOM] TR-26-0167 (Linux Kernel G\u00fcvenlik Bildirimi) | ...", "score": 7.0, "severity": "HIGH", "published": "2026-05-15T02:33:32.179784+00:00", "lastModified": "2026-05-15T02:33:32.179786+00:00", "source": "USOM", "source_url": "https://www.usom.gov.tr/bildirim/tr-26-0167", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 43.0}, {"id": "USOM-32679", "description": "[USOM] TR-26-0166 (Progress Software MOVEit G\u00fcvenlik Bildirimi) | ...", "score": 7.0, "severity": "HIGH", "published": "2026-05-15T02:33:32.179789+00:00", "lastModified": "2026-05-15T02:33:32.179791+00:00", "source": "USOM", "source_url": "https://www.usom.gov.tr/bildirim/tr-26-0166", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.0}, {"id": "USOM-20947", "description": "[USOM] TR-26-0165 (Apache \u00c7oklu \u00dcr\u00fcn G\u00fcvenlik Bildirimi) | ...", "score": 7.0, "severity": "HIGH", "published": "2026-05-15T02:33:32.179794+00:00", "lastModified": "2026-05-15T02:33:32.179796+00:00", "source": "USOM", "source_url": "https://www.usom.gov.tr/bildirim/tr-26-0165", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.0}, {"id": "USOM-25804", "description": "[USOM] TR-26-0164 (Traefik Proxy G\u00fcvenlik Zafiyeti) | ...", "score": 7.0, "severity": "HIGH", "published": "2026-05-15T02:33:32.179800+00:00", "lastModified": "2026-05-15T02:33:32.179801+00:00", "source": "USOM", "source_url": "https://www.usom.gov.tr/bildirim/tr-26-0164", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.0}, {"id": "USOM-70376", "description": "[USOM] TR-26-0163 (Oracle MCP Server Helper Tool G\u00fcvenlik Bildirimi) | ...", "score": 7.0, "severity": "HIGH", "published": "2026-05-15T02:33:32.179805+00:00", "lastModified": "2026-05-15T02:33:32.179807+00:00", "source": "USOM", "source_url": "https://www.usom.gov.tr/bildirim/tr-26-0163", "is_exploited": false, "epss": 0, "vendor": "ORACLE", "mts_score": 43.0}, {"id": "USOM-92486", "description": "[USOM] TR-26-0162 (Nix ve Lix Paket Y\u00f6neticisi G\u00fcvenlik Zafiyeti) | ...", "score": 7.0, "severity": "HIGH", "published": "2026-05-15T02:33:32.179811+00:00", "lastModified": "2026-05-15T02:33:32.179812+00:00", "source": "USOM", "source_url": "https://www.usom.gov.tr/bildirim/tr-26-0162", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.0}, {"id": "USOM-39561", "description": "[USOM] TR-26-0161 (D Link \u00c7oklu \u00dcr\u00fcn G\u00fcvenlik Bildirimi) | ...", "score": 7.0, "severity": "HIGH", "published": "2026-05-15T02:33:32.179816+00:00", "lastModified": "2026-05-15T02:33:32.179817+00:00", "source": "USOM", "source_url": "https://www.usom.gov.tr/bildirim/tr-26-0161", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.0}, {"id": "USOM-21959", "description": "[USOM] TR-26-0160 (OPPO ColorOS Assistant G\u00fcvenlik Zafiyeti) | ...", "score": 7.0, "severity": "HIGH", "published": "2026-05-15T02:33:32.179821+00:00", "lastModified": "2026-05-15T02:33:32.179822+00:00", "source": "USOM", "source_url": "https://www.usom.gov.tr/bildirim/tr-26-0160", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.0}, {"id": "USOM-77594", "description": "[USOM] TR-26-0159 (GnuTLS G\u00fcvenlik Bildirimi) | ...", "score": 7.0, "severity": "HIGH", "published": "2026-05-15T02:33:32.179826+00:00", "lastModified": "2026-05-15T02:33:32.179828+00:00", "source": "USOM", "source_url": "https://www.usom.gov.tr/bildirim/tr-26-0159", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.0}, {"id": "USOM-9066", "description": "[USOM] TR-26-0158 (Notepad++ G\u00fcvenlik Bildirimi) | ...", "score": 7.0, "severity": "HIGH", "published": "2026-05-15T02:33:32.179831+00:00", "lastModified": "2026-05-15T02:33:32.179833+00:00", "source": "USOM", "source_url": "https://www.usom.gov.tr/bildirim/tr-26-0158", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.0}, {"id": "USOM-90713", "description": "[USOM] TR-26-0157 (n8n Otomasyon G\u00fcvenlik Zafiyeti) | ...", "score": 7.0, "severity": "HIGH", "published": "2026-05-15T02:33:32.179837+00:00", "lastModified": "2026-05-15T02:33:32.179838+00:00", "source": "USOM", "source_url": "https://www.usom.gov.tr/bildirim/tr-26-0157", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.0}, {"id": "USOM-34072", "description": "[USOM] TR-26-0156 (WordPress Eklenti G\u00fcvenlik Bildirimi) | ...", "score": 7.0, "severity": "HIGH", "published": "2026-05-15T02:33:32.179842+00:00", "lastModified": "2026-05-15T02:33:32.179843+00:00", "source": "USOM", "source_url": "https://www.usom.gov.tr/bildirim/tr-26-0156", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.0}, {"id": "USOM-58922", "description": "[USOM] TR-26-0155 (Profelis Bili\u015fim - SambaBox G\u00fcvenlik Bildirimi) | ...", "score": 7.0, "severity": "HIGH", "published": "2026-05-15T02:33:32.179847+00:00", "lastModified": "2026-05-15T02:33:32.179849+00:00", "source": "USOM", "source_url": "https://www.usom.gov.tr/bildirim/tr-26-0155", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.0}, {"id": "USOM-10912", "description": "[USOM] TR-26-0154 (Cloudfoundry Route Services G\u00fcvenlik Bildirimi) | ...", "score": 7.0, "severity": "HIGH", "published": "2026-05-15T02:33:32.179853+00:00", "lastModified": "2026-05-15T02:33:32.179854+00:00", "source": "USOM", "source_url": "https://www.usom.gov.tr/bildirim/tr-26-0154", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.0}, {"id": "USOM-84996", "description": "[USOM] TR-26-0153 (IBM \u00c7oklu \u00dcr\u00fcn G\u00fcvenlik Bildirimi) | ...", "score": 7.0, "severity": "HIGH", "published": "2026-05-15T02:33:32.179858+00:00", "lastModified": "2026-05-15T02:33:32.179859+00:00", "source": "USOM", "source_url": "https://www.usom.gov.tr/bildirim/tr-26-0153", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.0}, {"id": "USOM-9077", "description": "[USOM] TR-26-0152 (Adblock Plus G\u00fcvenlik Zafiyeti) | ...", "score": 7.0, "severity": "HIGH", "published": "2026-05-15T02:33:32.179863+00:00", "lastModified": "2026-05-15T02:33:32.179864+00:00", "source": "USOM", "source_url": "https://www.usom.gov.tr/bildirim/tr-26-0152", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.0}, {"id": "USOM-70569", "description": "[USOM] TR-26-0151 (Acrel Electric \u00c7oklu \u00dcr\u00fcn G\u00fcvenlik Bildirimi) | ...", "score": 7.0, "severity": "HIGH", "published": "2026-05-15T02:33:32.179868+00:00", "lastModified": "2026-05-15T02:33:32.179869+00:00", "source": "USOM", "source_url": "https://www.usom.gov.tr/bildirim/tr-26-0151", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.0}, {"id": "USOM-51401", "description": "[USOM] TR-26-0150 (Totolink \u00c7oklu \u00dcr\u00fcn G\u00fcvenlik Bildirimi) | ...", "score": 7.0, "severity": "HIGH", "published": "2026-05-15T02:33:32.179873+00:00", "lastModified": "2026-05-15T02:33:32.179875+00:00", "source": "USOM", "source_url": "https://www.usom.gov.tr/bildirim/tr-26-0150", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.0}, {"id": "USOM-230", "description": "[USOM] TR-26-0149 (Edimax BR-6208AC G\u00fcvenlik Zafiyeti) | ...", "score": 7.0, "severity": "HIGH", "published": "2026-05-15T02:33:32.179879+00:00", "lastModified": "2026-05-15T02:33:32.179880+00:00", "source": "USOM", "source_url": "https://www.usom.gov.tr/bildirim/tr-26-0149", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.0}, {"id": "USOM-29703", "description": "[USOM] TR-26-0148 (Wavlink WL-WN570HA1 G\u00fcvenlik Zafiyeti) | ...", "score": 7.0, "severity": "HIGH", "published": "2026-05-15T02:33:32.179884+00:00", "lastModified": "2026-05-15T02:33:32.179885+00:00", "source": "USOM", "source_url": "https://www.usom.gov.tr/bildirim/tr-26-0148", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.0}, {"id": "USOM-96278", "description": "[USOM] TR-26-0147 (GeoVision \u00c7oklu \u00dcr\u00fcn G\u00fcvenlik Zafiyeti) | ...", "score": 7.0, "severity": "HIGH", "published": "2026-05-15T02:33:32.179889+00:00", "lastModified": "2026-05-15T02:33:32.179891+00:00", "source": "USOM", "source_url": "https://www.usom.gov.tr/bildirim/tr-26-0147", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.0}, {"id": "USOM-25885", "description": "[USOM] TR-26-0146 (WordPress Eklenti G\u00fcvenlik Bildirimi) | ...", "score": 7.0, "severity": "HIGH", "published": "2026-05-15T02:33:32.179894+00:00", "lastModified": "2026-05-15T02:33:32.179896+00:00", "source": "USOM", "source_url": "https://www.usom.gov.tr/bildirim/tr-26-0146", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.0}, {"id": "USOM-13378", "description": "[USOM] TR-26-0145 (Absolute Secure Access G\u00fcvenlik Bildirimi) | ...", "score": 7.0, "severity": "HIGH", "published": "2026-05-15T02:33:32.179899+00:00", "lastModified": "2026-05-15T02:33:32.179901+00:00", "source": "USOM", "source_url": "https://www.usom.gov.tr/bildirim/tr-26-0145", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.0}, {"id": "USOM-29186", "description": "[USOM] TR-26-0144 (Apache Neethi G\u00fcvenlik Bildirimi) | ...", "score": 7.0, "severity": "HIGH", "published": "2026-05-15T02:33:32.179904+00:00", "lastModified": "2026-05-15T02:33:32.179906+00:00", "source": "USOM", "source_url": "https://www.usom.gov.tr/bildirim/tr-26-0144", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.0}, {"id": "USOM-33289", "description": "[USOM] TR-26-0143 (Linux Kernel G\u00fcvenlik Bildirimi) | ...", "score": 7.0, "severity": "HIGH", "published": "2026-05-15T02:33:32.179909+00:00", "lastModified": "2026-05-15T02:33:32.179911+00:00", "source": "USOM", "source_url": "https://www.usom.gov.tr/bildirim/tr-26-0143", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 43.0}, {"id": "USOM-10303", "description": "[USOM] TR-26-0142 (Tegsoft Y\u00f6netim ve Bili\u015fim - Canl\u0131 Destek Uygulamas\u0131 G\u00fcvenlik Bildirimi) | ...", "score": 7.0, "severity": "HIGH", "published": "2026-05-15T02:33:32.179916+00:00", "lastModified": "2026-05-15T02:33:32.179917+00:00", "source": "USOM", "source_url": "https://www.usom.gov.tr/bildirim/tr-26-0142", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.0}, {"id": "USOM-44996", "description": "[USOM] TR-26-0141 (MeWare Yaz\u0131l\u0131m - PDKS G\u00fcvenlik Bildirimi) | ...", "score": 7.0, "severity": "HIGH", "published": "2026-05-15T02:33:32.179921+00:00", "lastModified": "2026-05-15T02:33:32.179922+00:00", "source": "USOM", "source_url": "https://www.usom.gov.tr/bildirim/tr-26-0141", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.0}, {"id": "CVE-2026-33844", "description": "Improper input validation in Azure Managed Instance for Apache Cassandra allows an authorized attacker to execute code over a network.", "score": 9.0, "severity": "CRITICAL", "published": "2026-05-07T22:16:34.420Z", "lastModified": "2026-05-08T19:48:15.363", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33844", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.0}, {"id": "CVE-2026-41588", "description": "RELATE is a web-based courseware package. Prior to commit 2f68e16, there is a timing attack vulnerability in course/auth.py \u2014 check_sign_in_key(). This issue has been patched via commit 2f68e16.", "score": 9.0, "severity": "CRITICAL", "published": "2026-05-08T15:16:43.363Z", "lastModified": "2026-05-12T21:09:52.837", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41588", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 43.0}, {"id": "CVE-2026-44413", "description": "In JetBrains TeamCity before 2026.1\n2025.11.5 authenticated users could expose server API to unauthorised access", "score": 8.2, "severity": "HIGH", "published": "2026-05-11T18:16:38.053Z", "lastModified": "2026-05-12T19:59:34.543", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44413", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 42.8}, {"id": "CVE-2026-42564", "description": "jotty\u00b7page is a self-hosted app for your checklists and notes. Prior to 1.22.0, an unauthenticated path traversal vulnerability exists in /api/app-icons/[filename]. The filename route parameter is joined into a filesystem path without traversal/boundary validation, allowing file reads outside data/u...", "score": 8.2, "severity": "HIGH", "published": "2026-05-11T22:22:11.417Z", "lastModified": "2026-05-13T17:31:40.840", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42564", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 42.8}, {"id": "CVE-2026-43886", "description": "Outline is a service that allows for collaborative documentation. From 0.84.0 to 1.6.1, a logic error in OAuthInterface.validateScope() uses Array.some() to validate requested OAuth scopes, causing the function to accept the entire scope array if any single scope is valid. An attacker can smuggle th...", "score": 8.2, "severity": "HIGH", "published": "2026-05-11T22:22:13.350Z", "lastModified": "2026-05-12T14:50:18.527", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43886", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 42.8}, {"id": "CVE-2026-43893", "description": "exiftool-vendored provides cross-platform Node.js access to ExifTool. Prior to 35.19.0, exiftool-vendored starts ExifTool in -stay_open True -@ - mode, where arguments are read from stdin one per line. In affected versions, several caller-supplied strings were interpolated into ExifTool arguments wi...", "score": 8.2, "severity": "HIGH", "published": "2026-05-11T22:22:14.033Z", "lastModified": "2026-05-13T18:27:58.823", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43893", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 42.8}, {"id": "CVE-2026-34259", "description": "Due to an OS Command Execution vulnerability in SAP Forecasting & Replenishment, an authenticated attacker with administrative authorizations could abuse a non-remote-enabled function to execute arbitrary operating system commands. Successful exploitation could allow the attacker to read or modify a...", "score": 8.2, "severity": "HIGH", "published": "2026-05-12T03:16:11.383Z", "lastModified": "2026-05-12T14:19:41.400", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34259", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 42.8}, {"id": "CVE-2026-39432", "description": "Missing Authorization vulnerability in Arraytics Timetics allows Exploiting Incorrectly Configured Access Control Security Levels.\n\nThis issue affects Timetics: from n/a through 1.0.53.", "score": 8.2, "severity": "HIGH", "published": "2026-05-12T09:16:40.337Z", "lastModified": "2026-05-12T14:03:52.757", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39432", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 42.8}, {"id": "CVE-2026-41713", "description": "A malicious user could craft input that is stored in conversation memory and later interpreted by the model in an unintended way. Applications using the affected advisor with user-controlled input may be susceptible to manipulation of model behavior across conversation turns.", "score": 8.2, "severity": "HIGH", "published": "2026-05-12T11:16:19.517Z", "lastModified": "2026-05-12T19:25:06.597", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41713", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 42.8}, {"id": "CVE-2026-35071", "description": "Dell PowerScale InsightIQ, versions 6.0.0 through 6.2.0, contains an improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution.", "score": 8.2, "severity": "HIGH", "published": "2026-05-12T14:17:02.240Z", "lastModified": "2026-05-12T19:49:35.160", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35071", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 42.8}, {"id": "CVE-2026-42260", "description": "Open-WebSearch is a multi-engine MCP server, CLI, and local daemon for agent web search and content retrieval. Prior to 2.1.7, isPublicHttpUrl / assertPublicHttpUrl in src/utils/urlSafety.ts do not recognize bracketed IPv6 literals and do not resolve DNS, which combine to allow non-blind SSRF with t...", "score": 8.2, "severity": "HIGH", "published": "2026-05-12T15:16:15.150Z", "lastModified": "2026-05-14T20:17:04.467", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42260", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 42.8}, {"id": "CVE-2026-43993", "description": "JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, the WAVS bridge's computeDataVerify called fetch() on agent-supplied URLs without validating scheme, port, or resolved IP, resulting in an SSRF vulnerability. This vulnerability is fixed in 0.x.y-security-1.", "score": 8.2, "severity": "HIGH", "published": "2026-05-12T17:16:21.380Z", "lastModified": "2026-05-13T17:00:37.097", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43993", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 42.8}, {"id": "CVE-2026-33833", "description": "Improper neutralization of special elements in output used by a downstream component ('injection') in Azure Machine Learning allows an unauthorized attacker to perform spoofing over a network.", "score": 8.2, "severity": "HIGH", "published": "2026-05-12T18:17:05.160Z", "lastModified": "2026-05-13T15:34:52.573", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33833", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 42.8}, {"id": "CVE-2026-43929", "description": "ssrfcheck is a library that checks if a string contains a potential SSRF attack. In 1.3.0 and earlier, ssrfcheck fails to block Server-Side Request Forgery attacks when the target private IP address is encoded as an IPv4-mapped IPv6 address (e.g. http://[::ffff:127.0.0.1]/). The WHATWG URL parser bu...", "score": 8.2, "severity": "HIGH", "published": "2026-05-12T18:17:28.970Z", "lastModified": "2026-05-13T18:24:31.310", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43929", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 42.8}, {"id": "CVE-2026-26289", "description": "PowerSYSTEM Center REST API endpoint for device account export allows an authenticated user with limited permissions to expose sensitive information normally restricted to administrative permissions only.", "score": 8.2, "severity": "HIGH", "published": "2026-05-12T22:16:32.823Z", "lastModified": "2026-05-13T15:52:56.850", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26289", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 42.8}, {"id": "CVE-2026-5787", "description": "An Improper Certificate Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to impersonate registered Sentry hosts and obtain valid CA-signed client certificates.", "score": 8.9, "severity": "HIGH", "published": "2026-05-07T16:16:22.620Z", "lastModified": "2026-05-07T20:12:18.333", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5787", "is_exploited": false, "epss": 0, "vendor": "IVANTI", "mts_score": 42.6}, {"id": "CVE-2026-42556", "description": "Postiz is an AI social media scheduling tool. From version 2.21.6 to before version 2.21.7, any authenticated user who can create a post can store arbitrary HTML in post content by tampering their own save request and send the public preview link /p/<postId>?share=true to another user. The preview p...", "score": 8.9, "severity": "HIGH", "published": "2026-05-08T23:16:39.373Z", "lastModified": "2026-05-13T15:58:40.900", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42556", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 42.6}, {"id": "CVE-2026-42609", "description": "Grav is a file-based Web platform. Prior to 2.0.0-beta.2, a business logic vulnerability in the Grav Admin Panel allows a low-privileged user (with only user creation permissions) to overwrite existing accounts, including the primary administrator. By creating a new user with a username that already...", "score": 8.1, "severity": "HIGH", "published": "2026-05-11T16:17:33.610Z", "lastModified": "2026-05-14T18:16:48.450", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42609", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 42.4}, {"id": "CVE-2026-7819", "description": "Symbolic-link path traversal (CWE-61, CWE-22) in pgAdmin 4 File Manager.\n\ncheck_access_permission used os.path.abspath, which resolves '..' but does not resolve symbolic links, while the subsequent kernel write follows symlinks. An authenticated user could plant a symbolic link inside their own stor...", "score": 8.1, "severity": "HIGH", "published": "2026-05-11T16:17:39.113Z", "lastModified": "2026-05-13T15:34:13.237", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7819", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 42.4}, {"id": "CVE-2026-30635", "description": "Command injection vulnerability in automagik-genie 2.5.27 MCP Server allows attackers to execute arbitrary commands via the view_task (aka view) in the readTranscriptFromCommit function in dist/mcp/server.js when a user reads from an external FORGE_BASE_URL.", "score": 8.1, "severity": "HIGH", "published": "2026-05-11T18:16:31.660Z", "lastModified": "2026-05-13T15:46:19.993", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-30635", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 42.4}, {"id": "CVE-2026-38566", "description": "HireFlow v1.2 does not implement CSRF token validation on any state-changing POST endpoint. All forms (password change at /profile, candidate deletion at /candidates/delete/<id>, feedback submission at /feedback/add/<id>, interview scheduling at /interviews/add) are vulnerable to CSRF. An attacker w...", "score": 8.1, "severity": "HIGH", "published": "2026-05-11T18:16:32.730Z", "lastModified": "2026-05-12T15:06:07.407", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-38566", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 42.4}, {"id": "CVE-2026-38568", "description": "HireFlow v1.2 is vulnerable to Incorrect Access Control. The application does not enforce object-level authorization on the /candidate/<id> and /interview/<id> endpoints. The route handlers retrieve records by the user-supplied ID without verifying that the requesting user is the owner or has an aut...", "score": 8.1, "severity": "HIGH", "published": "2026-05-11T18:16:32.970Z", "lastModified": "2026-05-12T15:05:31.120", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-38568", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 42.4}, {"id": "CVE-2026-42315", "description": "pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, when passing a folder name in the set_package_data() API function call inside the data object with key \"_folder\", there is no sanitization at all, allowing a user with Perms.MODIFY to specify arbitrary dire...", "score": 8.1, "severity": "HIGH", "published": "2026-05-11T18:16:35.260Z", "lastModified": "2026-05-13T17:26:28.013", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42315", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 42.4}, {"id": "CVE-2026-43640", "description": "Bitwarden Server prior to v2026.4.1 does not require master-password re-authentication when retrieving or rotating an organization's SCIM API key, allowing an authenticated user with SCIM management privileges to obtain the key using only a valid session.", "score": 8.1, "severity": "HIGH", "published": "2026-05-11T18:16:37.110Z", "lastModified": "2026-05-13T15:29:03.597", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43640", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 42.4}, {"id": "CVE-2026-28907", "description": "The issue was addressed with improved input validation. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may prevent Content Security Policy from being enfo...", "score": 8.1, "severity": "HIGH", "published": "2026-05-11T21:18:53.503Z", "lastModified": "2026-05-14T14:32:33.807", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28907", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 42.4}, {"id": "CVE-2026-43913", "description": "Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.35.5, Vaultwarden allows an unconfirmed organization owner to purge the entire organization vault. The organization invite flow uses a two-step process: accepting an invite transitions membership from Invited to Accepted, and a...", "score": 8.1, "severity": "HIGH", "published": "2026-05-11T23:20:22.120Z", "lastModified": "2026-05-13T19:29:54.533", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43913", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 42.4}, {"id": "CVE-2026-43938", "description": "YetAnotherForum.NET (YAF.NET) is a C# ASP.NET forum. Prior to 4.0.5 and 3.2.12, the application's database logger (YAFNET.Core/Logger/DbLogger.cs) captures the incoming request's User-Agent header into a JObject, serializes it with JsonConvert, and stores the result in the EventLog.Description colum...", "score": 8.1, "severity": "HIGH", "published": "2026-05-12T15:16:15.497Z", "lastModified": "2026-05-13T18:24:58.737", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43938", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 42.4}, {"id": "CVE-2026-43983", "description": "Pocket ID is an OIDC provider that allows users to authenticate with their passkeys to your services. Prior to 2.6.0, The createTokenFromRefreshToken function (oidc_service.go) validates the refresh token's cryptographic integrity but does not re-validate the user's current authorization state befor...", "score": 8.1, "severity": "HIGH", "published": "2026-05-12T15:16:15.797Z", "lastModified": "2026-05-13T22:48:09.327", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43983", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 42.4}, {"id": "CVE-2026-30808", "description": "Session Fixation vulnerability allows Session Hijacking via crafted session ID. This issue affects Pandora FMS: from 777 through 800", "score": 8.1, "severity": "HIGH", "published": "2026-05-12T16:16:12.973Z", "lastModified": "2026-05-13T14:35:28.190", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-30808", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 42.4}, {"id": "CVE-2026-40415", "description": "Use after free in Windows TCP/IP allows an unauthorized attacker to execute code over a network.", "score": 8.1, "severity": "HIGH", "published": "2026-05-12T18:17:19.537Z", "lastModified": "2026-05-13T15:34:52.573", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40415", "is_exploited": false, "epss": 0, "vendor": "WINDOWS", "mts_score": 42.4}, {"id": "CVE-2026-8430", "description": "SPIP versions prior to 4.4.14 contain a remote code execution vulnerability in the public space that is limited to certain nginx configurations, allowing attackers to execute arbitrary code in the context of the web server. Attackers can exploit this vulnerability through specific nginx configuratio...", "score": 8.1, "severity": "HIGH", "published": "2026-05-12T19:16:34.703Z", "lastModified": "2026-05-13T15:26:44.333", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8430", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 42.4}, {"id": "CVE-2026-44260", "description": "efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, the readonly flag set on the <efw:elFinder> JSP tag is intended to prevent file modifications. When protected=true, elfinder_checkRisk enforces that the client sends readonly=true (matching the session value), but no event handler checks ...", "score": 8.1, "severity": "HIGH", "published": "2026-05-12T22:16:36.417Z", "lastModified": "2026-05-13T16:16:55.437", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44260", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 42.4}, {"id": "CVE-2026-44304", "description": "Lemur manages TLS certificate creation. Prior to 1.9.0, Lemur's LDAP authentication module (lemur/auth/ldap.py) constructs LDAP search filters using unsanitized user input via Python string interpolation. An authenticated LDAP user can inject LDAP filter metacharacters through the username field to ...", "score": 8.1, "severity": "HIGH", "published": "2026-05-12T22:16:37.140Z", "lastModified": "2026-05-14T13:16:19.473", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44304", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 42.4}, {"id": "CVE-2026-44548", "description": "ChurchCRM is an open-source church management system. Prior to 7.3.2, top-level cross-site GET navigation from an attacker-controlled page to FundRaiserDelete.php, PropertyTypeDelete.php, or NoteDelete.php causes a logged-in ChurchCRM user with the relevant role to silently delete records, including...", "score": 8.1, "severity": "HIGH", "published": "2026-05-12T23:16:18.750Z", "lastModified": "2026-05-13T16:16:58.690", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44548", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 42.4}, {"id": "CVE-2026-41142", "description": "OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From versions 3.0.0 to before 3.2.9, 3.3.0 to before 3.3.11, and 3.4.0 to before 3.4.11, there is an integer overflow in ImageChannel::resize that leads to...", "score": 8.8, "severity": "HIGH", "published": "2026-05-07T04:16:26.020Z", "lastModified": "2026-05-08T17:00:32.007", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41142", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 42.2}, {"id": "CVE-2026-41139", "description": "Math.js is an extensive math library for JavaScript and Node.js. From version 13.1.0 to before version 15.2.0, arbitrary JavaScript can be executed via the expression parser of mathjs. This issue has been patched in version 15.2.0.", "score": 8.8, "severity": "HIGH", "published": "2026-05-07T06:16:04.273Z", "lastModified": "2026-05-08T17:06:03.997", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41139", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 42.2}, {"id": "CVE-2026-41143", "description": "YesWiki is a wiki system written in PHP. Prior to version 4.6.1, YesWiki bazar module contains a SQL injection vulnerability in tools/bazar/services/EntryManager.php at line 704. The $data['id_fiche'] value (sourced from $_POST['id_fiche']) is concatenated directly into a raw SQL query without any s...", "score": 8.8, "severity": "HIGH", "published": "2026-05-07T06:16:04.550Z", "lastModified": "2026-05-07T15:43:39.827", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41143", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 42.2}, {"id": "CVE-2026-6692", "description": "The Slider Revolution plugin for WordPress is vulnerable to Arbitrary File Upload in versions 7.0.0 to 7.0.10 via the '_get_media_url' and '_check_file_path' function. This is due to insufficient file type validation. This makes it possible for authenticated attackers, with subscriber-level access a...", "score": 8.8, "severity": "HIGH", "published": "2026-05-07T06:16:05.410Z", "lastModified": "2026-05-07T14:00:05.650", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6692", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 42.2}, {"id": "CVE-2026-3953", "description": "Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Gosoft Software Industry and Trade Ltd. Co. Proticaret E-Commerce allows Cross-Site Scripting (XSS), Reflected XSS.\n\nThis issue affects Proticaret E-Commerce: from v5.0.0 before V 6.0.1767.1383.", "score": 8.8, "severity": "HIGH", "published": "2026-05-07T12:16:16.810Z", "lastModified": "2026-05-07T14:44:16.370", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3953", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 42.2}, {"id": "CVE-2026-5784", "description": "Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Stored XSS.\n\nThis issue affects DivvyDrive: from 4.8.2.9 before 4.8.3.2.", "score": 8.8, "severity": "HIGH", "published": "2026-05-07T13:16:13.480Z", "lastModified": "2026-05-07T14:42:24.170", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5784", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 42.2}, {"id": "CVE-2026-6002", "description": "Improper neutralization of Script-Related HTML tags in a web page (basic XSS) vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Cross-Site Scripting (XSS).\n\nThis issue affects DivvyDrive: from 4.8.2.9 before 4.8.3.2.", "score": 8.8, "severity": "HIGH", "published": "2026-05-07T13:16:13.773Z", "lastModified": "2026-05-07T14:42:24.170", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6002", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 42.2}, {"id": "CVE-2026-30495", "description": "The Optoma CinemaX P2 projector (firmware TVOS-04.24.010.04.01, Android 8.0.0) exposes Android Debug Bridge (ADB) on TCP port 5555 over the network without requiring authentication. The device is configured with ro.adb.secure=0, which disables RSA key verification. Additionally, a functional su bina...", "score": 8.8, "severity": "HIGH", "published": "2026-05-07T14:16:01.983Z", "lastModified": "2026-05-08T23:16:34.750", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-30495", "is_exploited": false, "epss": 0, "vendor": "ANDROID", "mts_score": 42.2}, {"id": "CVE-2025-63705", "description": "NPM package node-ts-ocr 1.0.15 is vulnerable to OS Command Injection via the invokeImageOcr function in src/index.js.", "score": 8.8, "severity": "HIGH", "published": "2026-05-07T15:16:04.213Z", "lastModified": "2026-05-08T17:16:29.043", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-63705", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 42.2}, {"id": "CVE-2026-5786", "description": "An Improper Access Control vulnerability in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote authenticated attacker to gain administrative access.", "score": 8.8, "severity": "HIGH", "published": "2026-05-07T16:16:22.483Z", "lastModified": "2026-05-07T20:12:47.773", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5786", "is_exploited": false, "epss": 0, "vendor": "IVANTI", "mts_score": 42.2}, {"id": "CVE-2026-42215", "description": "GitPython is a python library used to interact with Git repositories. From version 3.1.30 to before version 3.1.47, GitPython blocks dangerous Git options such as --upload-pack and --receive-pack by default, but the equivalent Python kwargs upload_pack and receive_pack bypass that check. If an appli...", "score": 8.8, "severity": "HIGH", "published": "2026-05-07T19:16:01.640Z", "lastModified": "2026-05-11T17:45:39.707", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42215", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 42.2}, {"id": "CVE-2026-32207", "description": "Improper neutralization of input during web page generation ('cross-site scripting') in Azure Machine Learning allows an unauthorized attacker to perform spoofing over a network.", "score": 8.8, "severity": "HIGH", "published": "2026-05-07T22:16:33.900Z", "lastModified": "2026-05-08T19:55:25.213", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32207", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 42.2}, {"id": "CVE-2026-41900", "description": "OpenLearnX is an open-source, decentralized learning and assessment platform. Prior to version 2.0.3, a remote code execution (RCE) vulnerability was identified in the OpenLearnX code execution environment, allowing sandbox escape and arbitrary command execution. This issue has been patched in versi...", "score": 8.8, "severity": "HIGH", "published": "2026-05-08T04:16:18.710Z", "lastModified": "2026-05-08T16:08:15.570", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41900", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 42.2}, {"id": "CVE-2026-42203", "description": "LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1.80.5 to before version 1.83.7, the POST /prompts/test endpoint accepted user-supplied prompt templates and rendered them without sandboxing. A crafted template could run arbitrary code inside the Lit...", "score": 8.8, "severity": "HIGH", "published": "2026-05-08T04:16:19.450Z", "lastModified": "2026-05-13T17:14:58.667", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42203", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 42.2}, {"id": "CVE-2026-42271", "description": "LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1.74.2 to before version 1.83.7, two endpoints used to preview an MCP server before saving it \u2014 POST /mcp-rest/test/connection and POST /mcp-rest/test/tools/list \u2014 accepted a full server configuration ...", "score": 8.8, "severity": "HIGH", "published": "2026-05-08T04:16:21.820Z", "lastModified": "2026-05-08T20:04:50.543", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42271", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 42.2}, {"id": "CVE-2026-8137", "description": "A vulnerability has been found in Totolink X5000R 9.1.0u.6369_B20230113. This vulnerability affects the function sub_458E40 of the file /boafrm/formDdns. The manipulation of the argument submit-url leads to buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclose...", "score": 8.8, "severity": "HIGH", "published": "2026-05-08T05:16:11.620Z", "lastModified": "2026-05-08T15:45:49.503", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8137", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 42.2}, {"id": "CVE-2026-8138", "description": "A vulnerability was found in Tenda CX12L 16.03.53.12. This issue affects the function formSetPPTPServer of the file /goform/SetPptpServerCfg\u201d. The manipulation results in stack-based buffer overflow. The attack can be executed remotely. The exploit has been made public and could be used.", "score": 8.8, "severity": "HIGH", "published": "2026-05-08T05:16:11.833Z", "lastModified": "2026-05-11T13:00:50.460", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8138", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 42.2}, {"id": "CVE-2026-43284", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: esp: avoid in-place decrypt on shared skb frags\n\nMSG_SPLICE_PAGES can attach pages from a pipe directly to an skb. TCP\nmarks such skbs with SKBFL_SHARED_FRAG after skb_splice_from_iter(),\nso later paths that may modify packet...", "score": 8.8, "severity": "HIGH", "published": "2026-05-08T08:16:43.827Z", "lastModified": "2026-05-14T17:16:22.130", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43284", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 42.2}, {"id": "CVE-2026-5127", "description": "The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin for WordPress is vulnerable to Deserialization of Untrusted Data in versions up to, and including, 4.3.1 This is due to insufficient input validation and type checking on the wpuf_files par...", "score": 8.8, "severity": "HIGH", "published": "2026-05-08T09:16:08.803Z", "lastModified": "2026-05-08T15:46:11.563", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5127", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 42.2}, {"id": "CVE-2026-25077", "description": "Account users are allowed by default to register templates to be downloaded directly to the primary storage for deploying instances using the KVM hypervisor. Due to missing file name sanitization, an attacker can register malicious templates to execute arbitrary code on the KVM hosts. This can resul...", "score": 8.8, "severity": "HIGH", "published": "2026-05-08T13:16:36.133Z", "lastModified": "2026-05-10T15:16:27.330", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25077", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 42.2}, {"id": "CVE-2026-39816", "description": "The optional extension component TinkerpopClientService is missing the Restricted annotation with the Execute Code Required Permission in Apache NiFi 2.0.0-M1 through 2.8.0. The TinkerpopClientService supports configuration of ByteCode Submission for the Script Submission Type, enabling Groovy Scrip...", "score": 8.8, "severity": "HIGH", "published": "2026-05-08T14:16:32.667Z", "lastModified": "2026-05-09T02:16:07.763", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39816", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 42.2}, {"id": "CVE-2026-43322", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_sync: Fix UAF in le_read_features_complete\n\nThis fixes the following backtrace caused by hci_conn being freed\nbefore le_read_features_complete but after\nhci_le_read_remote_features_sync so hci_conn_del -> hci_cmd_syn...", "score": 8.8, "severity": "HIGH", "published": "2026-05-08T14:16:40.810Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43322", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 42.2}, {"id": "CVE-2026-43334", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: SMP: force responder MITM requirements before building the pairing response\n\nsmp_cmd_pairing_req() currently builds the pairing response from the\ninitiator auth_req before enforcing the local BT_SECURITY_HIGH\nrequirement...", "score": 8.8, "severity": "HIGH", "published": "2026-05-08T14:16:43.130Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43334", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 42.2}, {"id": "CVE-2026-43391", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnsfs: tighten permission checks for handle opening\n\nEven privileged services should not necessarily be able to see other\nprivileged service's namespaces so they can't leak information to each\nother. Use may_see_all_namespaces() hel...", "score": 8.8, "severity": "HIGH", "published": "2026-05-08T15:16:50.490Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43391", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 42.2}, {"id": "CVE-2026-43403", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnsfs: tighten permission checks for ns iteration ioctls\n\nEven privileged services should not necessarily be able to see other\nprivileged service's namespaces so they can't leak information to each\nother. Use may_see_all_namespaces(...", "score": 8.8, "severity": "HIGH", "published": "2026-05-08T15:16:51.783Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43403", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 42.2}, {"id": "CVE-2026-29202", "description": "Insufficient input validation of the `plugin` parameter of the `create_user` plugin allows arbitrary Perl code execution on behalf of the already authenticated account's system user.", "score": 8.8, "severity": "HIGH", "published": "2026-05-08T19:16:30.047Z", "lastModified": "2026-05-13T22:16:42.663", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29202", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 42.2}, {"id": "CVE-2026-29203", "description": "A chmod call in the cPanel Nova plugin's Cpanel::Nova::Connector follows symlinks, allowing setting root permissions on arbitrary system files or directories. That can cause DoS or local privilege escalation when an authenticated cPanel user places a symlink at a user-controlled legacy Nova path und...", "score": 8.8, "severity": "HIGH", "published": "2026-05-08T19:16:30.147Z", "lastModified": "2026-05-13T15:53:49.087", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29203", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 42.2}, {"id": "CVE-2026-42205", "description": "Avo is a framework to create admin panels for Ruby on Rails apps. Prior to version 3.31.2, a broken access control vulnerability was identified in the ActionsController of the Avo framework. Due to insecure action lookup logic, an authenticated user can execute any Action class (descendants of Avo::...", "score": 8.8, "severity": "HIGH", "published": "2026-05-08T22:16:31.820Z", "lastModified": "2026-05-12T19:16:32.450", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42205", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 42.2}, {"id": "CVE-2026-42605", "description": "AzuraCast is a self-hosted, all-in-one web radio management suite. Prior to version 0.23.6, the currentDirectory request parameter in the Flow.js media upload endpoint (POST /api/station/{station_id}/files/upload) is not sanitized for path traversal sequences. When combined with a local filesystem s...", "score": 8.8, "severity": "HIGH", "published": "2026-05-09T20:16:30.020Z", "lastModified": "2026-05-14T17:34:59.823", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42605", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 42.2}, {"id": "CVE-2026-8234", "description": "A security vulnerability has been detected in EFM ipTIME A8004T 14.18.2. This vulnerability affects the function formWifiBasicSet of the file /goform/WifiBasicSet. The manipulation of the argument security_5g leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has...", "score": 8.8, "severity": "HIGH", "published": "2026-05-10T07:16:08.740Z", "lastModified": "2026-05-13T15:32:56.063", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8234", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 42.2}, {"id": "CVE-2021-47935", "description": "Sentry 8.2.0 contains a remote code execution vulnerability that allows authenticated superusers to execute arbitrary commands by injecting malicious pickle-serialized objects through the audit log entry data parameter. Attackers can submit crafted POST requests to the admin audit log endpoint with ...", "score": 8.8, "severity": "HIGH", "published": "2026-05-10T13:16:29.693Z", "lastModified": "2026-05-14T17:16:03.740", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47935", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 42.2}, {"id": "CVE-2021-47937", "description": "e107 CMS 2.3.0 contains a remote code execution vulnerability that allows authenticated users with theme installation permissions to execute arbitrary commands by uploading malicious theme files. Attackers can upload a crafted theme package through the theme.php endpoint that deploys a web shell to ...", "score": 8.8, "severity": "HIGH", "published": "2026-05-10T13:16:29.960Z", "lastModified": "2026-05-12T14:24:15.210", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47937", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 42.2}, {"id": "CVE-2021-47938", "description": "ImpressCMS 1.4.2 contains a remote code execution vulnerability in the autotasks administrative interface that allows authenticated attackers to execute arbitrary PHP code by injecting malicious code into the sat_code parameter. Attackers can authenticate, submit a POST request to /modules/system/ad...", "score": 8.8, "severity": "HIGH", "published": "2026-05-10T13:16:30.100Z", "lastModified": "2026-05-12T14:24:15.210", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47938", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 42.2}, {"id": "CVE-2021-47939", "description": "Evolution CMS 3.1.6 contains a remote code execution vulnerability that allows authenticated users with module creation permissions to execute arbitrary system commands by injecting PHP code into module parameters. Attackers can send POST requests to /manager/index.php with malicious PHP code in the...", "score": 8.8, "severity": "HIGH", "published": "2026-05-10T13:16:30.233Z", "lastModified": "2026-05-12T14:24:15.210", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47939", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 42.2}, {"id": "CVE-2021-47943", "description": "TextPattern CMS 4.8.7 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands by uploading malicious PHP files through the file upload functionality. Attackers can upload a PHP shell via the Files section in the content area and execute comman...", "score": 8.8, "severity": "HIGH", "published": "2026-05-10T13:16:30.627Z", "lastModified": "2026-05-12T14:24:15.210", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47943", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 42.2}, {"id": "CVE-2021-47949", "description": "CyberPanel 2.1 contains a command execution vulnerability that allows authenticated attackers to read arbitrary files and execute remote code by exploiting symlink attacks through the filemanager controller endpoint. Attackers can manipulate the completeStartingPath parameter in POST requests to /fi...", "score": 8.8, "severity": "HIGH", "published": "2026-05-10T13:16:31.453Z", "lastModified": "2026-05-13T15:29:03.597", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47949", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 42.2}, {"id": "CVE-2022-50944", "description": "Aero CMS 0.0.1 contains a PHP code injection vulnerability that allows authenticated attackers to execute arbitrary PHP code by uploading malicious files through the image parameter. Attackers can upload PHP files with embedded code to the admin posts.php endpoint with source=add_post parameter, and...", "score": 8.8, "severity": "HIGH", "published": "2026-05-10T13:16:32.137Z", "lastModified": "2026-05-12T14:24:15.210", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50944", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 42.2}, {"id": "CVE-2026-8260", "description": "A vulnerability was found in D-Link DCS-935L up to 1.10.01. The impacted element is the function SetDeviceSettings of the file /web/cgi-bin/hnap/hnap_service of the component HNAP Service. The manipulation of the argument AdminPassword results in buffer overflow. The attack can be executed remotely....", "score": 8.8, "severity": "HIGH", "published": "2026-05-11T02:16:27.583Z", "lastModified": "2026-05-12T19:45:33.580", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8260", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 42.2}, {"id": "CVE-2026-21021", "description": "Improper input validation in Routines prior to SMR May-2026 Release 1 allows physical attackers to launch privileged activity.", "score": 6.8, "severity": "MEDIUM", "published": "2026-05-13T06:16:13.670Z", "lastModified": "2026-05-13T17:29:00.327", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21021", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 42.2}, {"id": "CVE-2026-24464", "description": "When running in Appliance mode, a directory traversal vulnerability exists in an undisclosed iControl REST endpoint that may allow an authenticated attacker with administrator role privileges to cross a security boundary and delete files.\u00a0 Note: Software versions which have reached End of Technical ...", "score": 6.8, "severity": "MEDIUM", "published": "2026-05-13T16:16:36.997Z", "lastModified": "2026-05-13T16:27:11.127", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24464", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 42.2}, {"id": "CVE-2026-36738", "description": "U-SPEED AC1200 Gigabit Wi-Fi Router (Model: T18-21K) V1.0 is vulnerable to Incorrect Access Control. The device exposes a UART interface that lacks authentication, authorization, or access control mechanisms. An attacker with physical access to the UART pins can connect to the interface and gain unr...", "score": 6.8, "severity": "MEDIUM", "published": "2026-05-13T16:16:40.707Z", "lastModified": "2026-05-14T15:16:45.500", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-36738", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 42.2}, {"id": "CVE-2026-36742", "description": "Hiseeu C90 v5.7.15 is vulnerable to Insecure Permissions. The UART bootloader is accessible when battery is disconnected (hidden/debug mode).", "score": 6.8, "severity": "MEDIUM", "published": "2026-05-13T16:16:40.977Z", "lastModified": "2026-05-14T13:16:17.527", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-36742", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 42.2}, {"id": "CVE-2026-42586", "description": "Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, the Netty Redis codec encoder (RedisEncoder) writes user-controlled string content directly to the network output buffer without validating or sanitizing CRLF (\\r\\n) characters. Since the R...", "score": 6.8, "severity": "MEDIUM", "published": "2026-05-13T19:17:24.323Z", "lastModified": "2026-05-14T19:16:36.110", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42586", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 42.2}, {"id": "CVE-2026-1322", "description": "GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.0 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with a read_api scoped OAuth application to create issues and add comments to issues in private projects due to ...", "score": 6.8, "severity": "MEDIUM", "published": "2026-05-14T06:16:21.340Z", "lastModified": "2026-05-14T16:20:43.240", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1322", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 42.2}, {"id": "CVE-2026-6008", "description": "Authorization bypass through User-Controlled key vulnerability in Im Park Information Technology, Electronics, Press, Publishing and Advertising, Education Ltd. Co. DijiDemi allows Privilege Abuse.\n\nThis issue affects DijiDemi: from v4.5.12.1 before v4.5.13.0.", "score": 6.8, "severity": "MEDIUM", "published": "2026-05-14T13:16:21.423Z", "lastModified": "2026-05-14T16:20:13.477", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6008", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 42.2}, {"id": "CVE-2026-32658", "description": "Dell Automation Platform versions prior to 2.0.0.0, contains a missing authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges.", "score": 8.0, "severity": "HIGH", "published": "2026-05-11T10:16:13.370Z", "lastModified": "2026-05-13T18:00:35.337", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32658", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 42.0}, {"id": "CVE-2026-4802", "description": "A flaw was found in Cockpit. This vulnerability allows a remote attacker to achieve arbitrary command execution on the host by exploiting unsanitized user-controlled parameters within crafted links in the system logs user interface (UI). An attacker can inject shell metacharacters and command substi...", "score": 8.0, "severity": "HIGH", "published": "2026-05-11T14:16:31.550Z", "lastModified": "2026-05-12T14:20:56.547", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4802", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 42.0}, {"id": "CVE-2026-41431", "description": "Zen is a firefox-based browser. Prior to 1.19.9b, Zen Browser ships a Mozilla Application Resource (MAR) updater (org.mozilla.updater) that has had all MAR signature verification stripped from the Firefox codebase it was forked from. The MAR files served to users contain zero cryptographic signature...", "score": 8.0, "severity": "HIGH", "published": "2026-05-11T18:16:34.280Z", "lastModified": "2026-05-13T15:37:58.427", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41431", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 42.0}, {"id": "CVE-2026-43639", "description": "Bitwarden Server prior to v2026.4.0 contains a missing authorization vulnerability that allows a provider service user to add an arbitrary organization to their provider via `POST /providers/{providerId}/clients/existing`, resulting in takeover of the target organization; self-hosted installations a...", "score": 8.0, "severity": "HIGH", "published": "2026-05-11T18:16:36.970Z", "lastModified": "2026-05-13T15:29:03.597", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43639", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 42.0}, {"id": "CVE-2023-27753", "description": "An arbitrary file upload vulnerability in MK-Auth 23.01K4.9 allows attackers to execute arbitrary code via uploading a crafted PHP file.", "score": 8.0, "severity": "HIGH", "published": "2026-05-12T16:16:11.200Z", "lastModified": "2026-05-13T15:48:11.537", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27753", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 42.0}, {"id": "CVE-2026-34332", "description": "Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to execute code over a network.", "score": 8.0, "severity": "HIGH", "published": "2026-05-12T18:17:07.127Z", "lastModified": "2026-05-14T15:25:29.693", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34332", "is_exploited": false, "epss": 0, "vendor": "WINDOWS", "mts_score": 42.0}, {"id": "CVE-2026-40368", "description": "Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.", "score": 8.0, "severity": "HIGH", "published": "2026-05-12T18:17:15.900Z", "lastModified": "2026-05-13T20:52:06.760", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40368", "is_exploited": false, "epss": 0, "vendor": "MICROSOFT", "mts_score": 42.0}, {"id": "CVE-2026-44184", "description": "Cleanuparr is a tool for automating the cleanup of unwanted or blocked files in Sonarr, Radarr, and supported download clients like qBittorrent.  Prior to 2.9.10, Cleanuparr's global CORS policy reflects every request Origin and combines it with AllowCredentials(). When DisableAuthForLocalAddresses ...", "score": 8.0, "severity": "HIGH", "published": "2026-05-12T18:17:29.583Z", "lastModified": "2026-05-13T17:32:22.420", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44184", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 42.0}, {"id": "CVE-2026-41505", "description": "RELATE is a web-based courseware package. Prior to commit 2f68e16, RELATE is vulnerable to predictable token generation in auth.py's make_sign_in_key() function and exam.py's gen_ticket_code() function. This issue has been patched via commit 2f68e16.", "score": 8.7, "severity": "HIGH", "published": "2026-05-07T15:16:07.010Z", "lastModified": "2026-05-07T15:53:49.717", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41505", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 41.8}, {"id": "CVE-2026-42275", "description": "zrok is software for sharing web services, files, and network resources. Prior to version 2.0.2, the zrok WebDAV drive backend (davServer.Dir) restricts path traversal through lexical normalization but does not prevent symlink following. When a symbolic link inside the shared DriveRoot points to a l...", "score": 8.7, "severity": "HIGH", "published": "2026-05-08T04:16:22.823Z", "lastModified": "2026-05-08T20:03:27.130", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42275", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 41.8}, {"id": "CVE-2026-41524", "description": "Brave CMS is an open-source CMS. Prior to commit 6c56603, page and article body content entered through the CKEditor rich-text editor is stored verbatim in the database and subsequently rendered with Laravel Blade's unescaped output directive {!! !!}. Any JavaScript or HTML injected by an editor-rol...", "score": 8.7, "severity": "HIGH", "published": "2026-05-08T15:16:40.253Z", "lastModified": "2026-05-08T22:16:30.473", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41524", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 41.8}, {"id": "CVE-2026-21018", "description": "Out-of-bounds write in SveService prior to SMR May-2026 Release 1 allows local privileged attackers to execute arbitrary code.", "score": 6.7, "severity": "MEDIUM", "published": "2026-05-13T06:16:13.270Z", "lastModified": "2026-05-13T17:31:48.793", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21018", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 41.8}, {"id": "CVE-2026-42919", "description": "A vulnerability exists in BIG-IP systems that may allow an authenticated attacker with administrative access to escalate their privileges. A successful exploit may allow the attacker to cross a security boundary.\n\n\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not ev...", "score": 6.7, "severity": "MEDIUM", "published": "2026-05-13T16:16:49.263Z", "lastModified": "2026-05-13T16:27:11.127", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42919", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 41.8}, {"id": "CVE-2026-42047", "description": "Inngest is a platform for running event-driven and scheduled background functions with queueing, retries, and step orchestration. Versions 3.22.0 through 3.53.1 contain a vulnerability that allows unauthenticated remote attackers to exfiltrate environment variables from the host process via the serv...", "score": 8.6, "severity": "HIGH", "published": "2026-05-07T21:16:29.980Z", "lastModified": "2026-05-13T14:06:01.727", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42047", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 41.4}, {"id": "CVE-2026-35435", "description": "Improper access control in Azure AI Foundry M365 published agents allows an unauthorized attacker to elevate privileges over a network.", "score": 8.6, "severity": "HIGH", "published": "2026-05-07T22:16:34.787Z", "lastModified": "2026-05-08T20:00:59.793", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35435", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 41.4}, {"id": "CVE-2026-4935", "description": "The OttoKit: All-in-One Automation Platform WordPress plugin before 1.1.23 does not properly sanitize user input before using it in a SQL statement, which could allow unauthenticated attackers to perform SQL injection attacks.", "score": 8.6, "severity": "HIGH", "published": "2026-05-08T07:16:29.327Z", "lastModified": "2026-05-08T15:47:53.060", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4935", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 41.4}, {"id": "CVE-2026-44339", "description": "PraisonAI is a multi-agent teams system. Prior to praisonai version 4.6.37 and praisonaiagents version 1.6.37, praisonaiagents resolves unresolved tool names against module globals and __main__ after it fails to match the declared tool list and the registry. With the default agent configuration, _pe...", "score": 8.6, "severity": "HIGH", "published": "2026-05-08T14:16:46.887Z", "lastModified": "2026-05-08T22:16:33.653", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44339", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 41.4}, {"id": "CVE-2026-41683", "description": "i18next-http-middleware is a middleware to be used with Node.js web frameworks like express or Fastify and also for Deno. Prior to version 3.9.3, i18next-http-middleware wrote user-controlled language values into the Content-Language response header after passing them through utils.escape(), which i...", "score": 8.6, "severity": "HIGH", "published": "2026-05-08T16:16:11.320Z", "lastModified": "2026-05-12T15:29:40.830", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41683", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 41.4}, {"id": "CVE-2026-41690", "description": "18next-http-middleware is a middleware to be used with Node.js web frameworks like express or Fastify and also for Deno. Versions prior to 3.9.3 allow an unauthenticated HTTP client to pollute Object.prototype in the Node.js process hosting the middleware, via two unvalidated entry points that reach...", "score": 8.6, "severity": "HIGH", "published": "2026-05-08T16:16:11.473Z", "lastModified": "2026-05-12T15:29:40.830", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41690", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 41.4}, {"id": "CVE-2026-29201", "description": "Insufficient input validation of the feature file name in `feature::LOADFEATUREFILE` adminbin call can cause arbitrary file read when a relative file path is passed.", "score": 8.6, "severity": "HIGH", "published": "2026-05-08T19:16:29.930Z", "lastModified": "2026-05-13T22:16:42.497", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29201", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 41.4}, {"id": "CVE-2026-42352", "description": "pygeoapi is a Python server implementation of the OGC API suite of standards. From version 0.23.0 to before version 0.23.3, OGC API  process execution requests can use the subscriber object to requests to internal HTTP services. This issue has been patched in version 0.23.3.", "score": 8.6, "severity": "HIGH", "published": "2026-05-08T23:16:38.317Z", "lastModified": "2026-05-12T16:41:36.477", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42352", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 41.4}, {"id": "CVE-2026-41705", "description": "Spring AI's MilvusVectorStore#doDelete(List) implementation is vulnerable to filter-expression injection via unsanitized document IDs.\nSpring AI 1.0.x: affected from 1.0.0 through latest 1.0.x; upgrade to 1.0.7 or greater. Spring AI 1.1.x: affected from 1.1.0 through latest 1.1.x; upgrade to 1.1.6 o...", "score": 8.6, "severity": "HIGH", "published": "2026-05-09T01:16:08.690Z", "lastModified": "2026-05-12T19:26:43.830", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41705", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 41.4}, {"id": "CVE-2026-33838", "description": "Double free in Windows Message Queuing allows an authorized attacker to elevate privileges locally.", "score": 7.8, "severity": "HIGH", "published": "2026-05-12T18:17:05.820Z", "lastModified": "2026-05-14T14:45:40.747", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33838", "is_exploited": false, "epss": 0, "vendor": "WINDOWS", "mts_score": 41.2}, {"id": "CVE-2026-43500", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nrxrpc: Also unshare DATA/RESPONSE packets when paged frags are present\n\nThe DATA-packet handler in rxrpc_input_call_event() and the RESPONSE\nhandler in rxrpc_verify_response() copy the skb to a linear one before\ncalling into the se...", "score": 7.8, "severity": "HIGH", "published": "2026-05-11T08:16:16.077Z", "lastModified": "2026-05-14T15:16:47.447", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43500", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 41.2}, {"id": "CVE-2026-3609", "description": "Wellbia's XIGNCODE3 xhunter1.sys kernel driver Privilege Escalation Vulnerability provides access to IRP_MJ_REITS command interface, which allows any user process to request a PROCESS_ALL_ACCESS.\r\nCross reference to KVE 2023-5589 (https://krcert.or.kr)", "score": 7.8, "severity": "HIGH", "published": "2026-05-11T18:16:33.560Z", "lastModified": "2026-05-13T14:17:35.900", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3609", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 41.2}, {"id": "CVE-2026-45004", "description": "OpenClaw before 2026.4.23 contains an arbitrary code execution vulnerability in the bundled plugin setup resolver that loads setup-api.js from process.cwd() during provider setup metadata resolution. Attackers can execute arbitrary JavaScript under the current user account by placing a malicious ext...", "score": 7.8, "severity": "HIGH", "published": "2026-05-11T18:16:40.673Z", "lastModified": "2026-05-13T14:13:43.970", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45004", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 41.2}, {"id": "CVE-2026-28840", "description": "A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.4. An app may be able to gain root privileges.", "score": 7.8, "severity": "HIGH", "published": "2026-05-11T21:18:51.307Z", "lastModified": "2026-05-12T15:46:08.190", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28840", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 41.2}, {"id": "CVE-2026-28915", "description": "A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to gain root privileges.", "score": 7.8, "severity": "HIGH", "published": "2026-05-11T21:18:54.000Z", "lastModified": "2026-05-14T14:02:11.390", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28915", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 41.2}, {"id": "CVE-2026-28919", "description": "A consistency issue was addressed with improved state handling. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to gain root privileges.", "score": 7.8, "severity": "HIGH", "published": "2026-05-11T21:18:54.317Z", "lastModified": "2026-05-12T17:10:01.120", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28919", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 41.2}, {"id": "CVE-2026-28951", "description": "An authorization issue was addressed with improved state management. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to gain root privileges.", "score": 7.8, "severity": "HIGH", "published": "2026-05-11T21:18:56.167Z", "lastModified": "2026-05-12T17:23:09.870", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28951", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 41.2}, {"id": "CVE-2026-42046", "description": "libcaca is a colour ASCII art library. In 0.99.beta20 and earlier, an integer overflow vulnerability in libcaca's canvas import functionality allows an attacker to cause a controlled heap out-of-bounds write (heap overflow) by supplying a crafted file in the \"caca\" format. Depending on the build con...", "score": 7.8, "severity": "HIGH", "published": "2026-05-11T22:22:11.130Z", "lastModified": "2026-05-13T18:31:17.630", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42046", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 41.2}, {"id": "CVE-2026-44411", "description": "A vulnerability has been identified in Solid Edge SE2026 (All versions < V226.0 Update 5). The affected application is vulnerable to uninitialized pointer access while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current pro...", "score": 7.8, "severity": "HIGH", "published": "2026-05-12T10:16:46.430Z", "lastModified": "2026-05-12T14:19:41.400", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44411", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 41.2}, {"id": "CVE-2026-44412", "description": "A vulnerability has been identified in Solid Edge SE2026 (All versions < V226.0 Update 5). The affected applications contain a stack based overflow vulnerability while parsing specially crafted PAR files.\r\nThis could allow an attacker to execute code in the context of the current process.", "score": 7.8, "severity": "HIGH", "published": "2026-05-12T10:16:46.567Z", "lastModified": "2026-05-12T14:19:41.400", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44412", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 41.2}, {"id": "CVE-2026-7432", "description": "A race condition in Ivanti Secure Access Client before 22.8R6 allows a locally authenticated user to escalate privileges to SYSTEM", "score": 7.8, "severity": "HIGH", "published": "2026-05-12T15:16:17.027Z", "lastModified": "2026-05-12T19:53:00.133", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7432", "is_exploited": false, "epss": 0, "vendor": "IVANTI", "mts_score": 41.2}, {"id": "CVE-2026-8110", "description": "Incorrect permissions assignment in\u00a0the agent of\u00a0Ivanti Endpoint Manager before\u00a0version 2024\u00a0SU6\u00a0allows a\u00a0local\u00a0authenticated\u00a0attacker to\u00a0escalate their privileges.", "score": 7.8, "severity": "HIGH", "published": "2026-05-12T15:16:17.770Z", "lastModified": "2026-05-12T19:18:08.873", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8110", "is_exploited": false, "epss": 0, "vendor": "IVANTI", "mts_score": 41.2}, {"id": "CVE-2026-31221", "description": "PyTorch-Lightning versions 2.6.0 and earlier contain an insecure deserialization vulnerability (CWE-502) in the checkpoint loading mechanism. The LightningModule.load_from_checkpoint() method, which is commonly used to load saved model states, internally calls torch.load() without setting the securi...", "score": 7.8, "severity": "HIGH", "published": "2026-05-12T16:16:14.020Z", "lastModified": "2026-05-14T18:54:35.520", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31221", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 41.2}, {"id": "CVE-2026-32204", "description": "External control of file name or path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.", "score": 7.8, "severity": "HIGH", "published": "2026-05-12T18:17:00.620Z", "lastModified": "2026-05-13T15:34:52.573", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32204", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 41.2}, {"id": "CVE-2026-33834", "description": "Improper access control in Windows Event Logging Service allows an authorized attacker to elevate privileges locally.", "score": 7.8, "severity": "HIGH", "published": "2026-05-12T18:17:05.293Z", "lastModified": "2026-05-14T14:49:09.040", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33834", "is_exploited": false, "epss": 0, "vendor": "WINDOWS", "mts_score": 41.2}, {"id": "CVE-2026-33835", "description": "Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.", "score": 7.8, "severity": "HIGH", "published": "2026-05-12T18:17:05.477Z", "lastModified": "2026-05-14T14:47:57.760", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33835", "is_exploited": false, "epss": 0, "vendor": "WINDOWS", "mts_score": 41.2}, {"id": "CVE-2026-33837", "description": "Heap-based buffer overflow in Windows TCP/IP allows an authorized attacker to elevate privileges locally.", "score": 7.8, "severity": "HIGH", "published": "2026-05-12T18:17:05.633Z", "lastModified": "2026-05-14T14:46:48.947", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33837", "is_exploited": false, "epss": 0, "vendor": "WINDOWS", "mts_score": 41.2}, {"id": "CVE-2026-33840", "description": "Use after free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.", "score": 7.8, "severity": "HIGH", "published": "2026-05-12T18:17:06.163Z", "lastModified": "2026-05-14T14:43:07.933", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33840", "is_exploited": false, "epss": 0, "vendor": "WINDOWS", "mts_score": 41.2}, {"id": "CVE-2026-33841", "description": "Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.", "score": 7.8, "severity": "HIGH", "published": "2026-05-12T18:17:06.297Z", "lastModified": "2026-05-14T14:42:30.310", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33841", "is_exploited": false, "epss": 0, "vendor": "WINDOWS", "mts_score": 41.2}, {"id": "CVE-2026-34330", "description": "Integer overflow or wraparound in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.", "score": 7.8, "severity": "HIGH", "published": "2026-05-12T18:17:06.757Z", "lastModified": "2026-05-14T15:27:35.480", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34330", "is_exploited": false, "epss": 0, "vendor": "WINDOWS", "mts_score": 41.2}, {"id": "CVE-2026-34333", "description": "Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.", "score": 7.8, "severity": "HIGH", "published": "2026-05-12T18:17:07.257Z", "lastModified": "2026-05-14T15:25:10.947", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34333", "is_exploited": false, "epss": 0, "vendor": "WINDOWS", "mts_score": 41.2}, {"id": "CVE-2026-34334", "description": "Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an authorized attacker to elevate privileges locally.", "score": 7.8, "severity": "HIGH", "published": "2026-05-12T18:17:07.447Z", "lastModified": "2026-05-14T15:23:57.317", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34334", "is_exploited": false, "epss": 0, "vendor": "WINDOWS", "mts_score": 41.2}, {"id": "CVE-2026-34336", "description": "Buffer over-read in Windows DWM Core Library allows an authorized attacker to disclose information locally.", "score": 7.8, "severity": "HIGH", "published": "2026-05-12T18:17:07.637Z", "lastModified": "2026-05-14T15:17:43.423", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34336", "is_exploited": false, "epss": 0, "vendor": "WINDOWS", "mts_score": 41.2}, {"id": "CVE-2026-34337", "description": "Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.", "score": 7.8, "severity": "HIGH", "published": "2026-05-12T18:17:07.803Z", "lastModified": "2026-05-14T15:16:39.907", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34337", "is_exploited": false, "epss": 0, "vendor": "WINDOWS", "mts_score": 41.2}, {"id": "CVE-2026-34338", "description": "Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.", "score": 7.8, "severity": "HIGH", "published": "2026-05-12T18:17:07.950Z", "lastModified": "2026-05-14T15:15:06.933", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34338", "is_exploited": false, "epss": 0, "vendor": "WINDOWS", "mts_score": 41.2}, {"id": "CVE-2026-34343", "description": "Heap-based buffer overflow in Windows Application Identity (AppID) Subsystem allows an authorized attacker to elevate privileges locally.", "score": 7.8, "severity": "HIGH", "published": "2026-05-12T18:17:08.820Z", "lastModified": "2026-05-14T14:58:23.927", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34343", "is_exploited": false, "epss": 0, "vendor": "WINDOWS", "mts_score": 41.2}, {"id": "CVE-2026-34344", "description": "Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.", "score": 7.8, "severity": "HIGH", "published": "2026-05-12T18:17:09.003Z", "lastModified": "2026-05-14T17:48:01.907", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34344", "is_exploited": false, "epss": 0, "vendor": "WINDOWS", "mts_score": 41.2}, {"id": "CVE-2026-34351", "description": "Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an authorized attacker to elevate privileges locally.", "score": 7.8, "severity": "HIGH", "published": "2026-05-12T18:17:09.660Z", "lastModified": "2026-05-14T17:44:38.370", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34351", "is_exploited": false, "epss": 0, "vendor": "WINDOWS", "mts_score": 41.2}, {"id": "CVE-2026-34636", "description": "Premiere Pro versions 26.0.2, 25.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", "score": 7.8, "severity": "HIGH", "published": "2026-05-12T18:17:09.917Z", "lastModified": "2026-05-13T14:31:42.957", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34636", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 41.2}, {"id": "CVE-2026-34637", "description": "Premiere Pro versions 26.0.2, 25.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", "score": 7.8, "severity": "HIGH", "published": "2026-05-12T18:17:10.070Z", "lastModified": "2026-05-13T14:30:22.117", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34637", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 41.2}, {"id": "CVE-2026-34638", "description": "Premiere Pro versions 26.0.2, 25.6.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", "score": 7.8, "severity": "HIGH", "published": "2026-05-12T18:17:10.190Z", "lastModified": "2026-05-13T14:28:31.203", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34638", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 41.2}, {"id": "CVE-2026-34639", "description": "Media Encoder versions 26.0.2, 25.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", "score": 7.8, "severity": "HIGH", "published": "2026-05-12T18:17:10.320Z", "lastModified": "2026-05-13T19:36:56.023", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34639", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 41.2}, {"id": "CVE-2026-34640", "description": "Media Encoder versions 26.0.2, 25.6.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", "score": 7.8, "severity": "HIGH", "published": "2026-05-12T18:17:10.447Z", "lastModified": "2026-05-13T19:36:49.640", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34640", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 41.2}, {"id": "CVE-2026-34642", "description": "After Effects versions 26.0, 25.6.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", "score": 7.8, "severity": "HIGH", "published": "2026-05-12T18:17:10.583Z", "lastModified": "2026-05-13T19:35:39.400", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34642", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 41.2}, {"id": "CVE-2026-34643", "description": "After Effects versions 26.0, 25.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", "score": 7.8, "severity": "HIGH", "published": "2026-05-12T18:17:10.707Z", "lastModified": "2026-05-13T19:35:33.863", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34643", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 41.2}, {"id": "CVE-2026-34644", "description": "After Effects versions 26.0, 25.6.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", "score": 7.8, "severity": "HIGH", "published": "2026-05-12T18:17:10.840Z", "lastModified": "2026-05-13T19:35:26.293", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34644", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 41.2}, {"id": "CVE-2026-34661", "description": "Illustrator versions 29.8.6, 30.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", "score": 7.8, "severity": "HIGH", "published": "2026-05-12T18:17:10.980Z", "lastModified": "2026-05-12T19:14:53.157", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34661", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 41.2}, {"id": "CVE-2026-34675", "description": "Substance3D - Painter versions 12.0.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", "score": 7.8, "severity": "HIGH", "published": "2026-05-12T18:17:11.387Z", "lastModified": "2026-05-12T19:51:46.540", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34675", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 41.2}, {"id": "CVE-2026-34676", "description": "Substance3D - Painter versions 12.0.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", "score": 7.8, "severity": "HIGH", "published": "2026-05-12T18:17:11.510Z", "lastModified": "2026-05-12T19:51:31.690", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34676", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 41.2}, {"id": "CVE-2026-34687", "description": "Illustrator versions 29.8.6, 30.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", "score": 7.8, "severity": "HIGH", "published": "2026-05-12T18:17:11.630Z", "lastModified": "2026-05-12T19:13:32.743", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34687", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 41.2}, {"id": "CVE-2026-35415", "description": "Integer overflow or wraparound in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally.", "score": 7.8, "severity": "HIGH", "published": "2026-05-12T18:17:11.757Z", "lastModified": "2026-05-14T15:57:13.470", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35415", "is_exploited": false, "epss": 0, "vendor": "WINDOWS", "mts_score": 41.2}, {"id": "CVE-2026-35417", "description": "Access of resource using incompatible type ('type confusion') in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.", "score": 7.8, "severity": "HIGH", "published": "2026-05-12T18:17:12.120Z", "lastModified": "2026-05-14T15:54:48.367", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35417", "is_exploited": false, "epss": 0, "vendor": "WINDOWS", "mts_score": 41.2}, {"id": "CVE-2026-35418", "description": "Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.", "score": 7.8, "severity": "HIGH", "published": "2026-05-12T18:17:12.277Z", "lastModified": "2026-05-14T15:53:46.030", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35418", "is_exploited": false, "epss": 0, "vendor": "WINDOWS", "mts_score": 41.2}, {"id": "CVE-2026-35420", "description": "Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.", "score": 7.8, "severity": "HIGH", "published": "2026-05-12T18:17:12.557Z", "lastModified": "2026-05-14T18:06:13.470", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35420", "is_exploited": false, "epss": 0, "vendor": "WINDOWS", "mts_score": 41.2}, {"id": "CVE-2026-35421", "description": "Heap-based buffer overflow in Windows GDI allows an unauthorized attacker to execute code locally.", "score": 7.8, "severity": "HIGH", "published": "2026-05-12T18:17:12.703Z", "lastModified": "2026-05-14T18:05:39.230", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35421", "is_exploited": false, "epss": 0, "vendor": "WINDOWS", "mts_score": 41.2}, {"id": "CVE-2026-40359", "description": "Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.", "score": 7.8, "severity": "HIGH", "published": "2026-05-12T18:17:14.673Z", "lastModified": "2026-05-13T15:34:52.573", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40359", "is_exploited": false, "epss": 0, "vendor": "MICROSOFT", "mts_score": 41.2}, {"id": "CVE-2026-40360", "description": "Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.", "score": 7.8, "severity": "HIGH", "published": "2026-05-12T18:17:14.817Z", "lastModified": "2026-05-13T15:34:52.573", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40360", "is_exploited": false, "epss": 0, "vendor": "MICROSOFT", "mts_score": 41.2}, {"id": "CVE-2026-40362", "description": "Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.", "score": 7.8, "severity": "HIGH", "published": "2026-05-12T18:17:15.077Z", "lastModified": "2026-05-13T15:34:52.573", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40362", "is_exploited": false, "epss": 0, "vendor": "MICROSOFT", "mts_score": 41.2}, {"id": "CVE-2026-40369", "description": "Untrusted pointer dereference in Windows Kernel allows an authorized attacker to elevate privileges locally.", "score": 7.8, "severity": "HIGH", "published": "2026-05-12T18:17:16.023Z", "lastModified": "2026-05-14T17:52:50.143", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40369", "is_exploited": false, "epss": 0, "vendor": "WINDOWS", "mts_score": 41.2}, {"id": "CVE-2026-40377", "description": "Heap-based buffer overflow in Windows Cryptographic Services allows an authorized attacker to elevate privileges locally.", "score": 7.8, "severity": "HIGH", "published": "2026-05-12T18:17:16.477Z", "lastModified": "2026-05-14T17:52:19.380", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40377", "is_exploited": false, "epss": 0, "vendor": "WINDOWS", "mts_score": 41.2}, {"id": "CVE-2026-40381", "description": "Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally.", "score": 7.8, "severity": "HIGH", "published": "2026-05-12T18:17:16.970Z", "lastModified": "2026-05-13T15:34:52.573", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40381", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 41.2}, {"id": "CVE-2026-40382", "description": "Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.", "score": 7.8, "severity": "HIGH", "published": "2026-05-12T18:17:17.097Z", "lastModified": "2026-05-13T15:34:52.573", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40382", "is_exploited": false, "epss": 0, "vendor": "WINDOWS", "mts_score": 41.2}, {"id": "CVE-2026-40397", "description": "Integer underflow (wrap or wraparound) in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.", "score": 7.8, "severity": "HIGH", "published": "2026-05-12T18:17:17.273Z", "lastModified": "2026-05-13T15:34:52.573", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40397", "is_exploited": false, "epss": 0, "vendor": "WINDOWS", "mts_score": 41.2}, {"id": "CVE-2026-40398", "description": "Heap-based buffer overflow in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.", "score": 7.8, "severity": "HIGH", "published": "2026-05-12T18:17:17.460Z", "lastModified": "2026-05-13T15:34:52.573", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40398", "is_exploited": false, "epss": 0, "vendor": "WINDOWS", "mts_score": 41.2}, {"id": "CVE-2026-40399", "description": "Stack-based buffer overflow in Windows TCP/IP allows an authorized attacker to elevate privileges locally.", "score": 7.8, "severity": "HIGH", "published": "2026-05-12T18:17:17.647Z", "lastModified": "2026-05-13T15:34:52.573", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40399", "is_exploited": false, "epss": 0, "vendor": "WINDOWS", "mts_score": 41.2}, {"id": "CVE-2026-40407", "description": "Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.", "score": 7.8, "severity": "HIGH", "published": "2026-05-12T18:17:18.613Z", "lastModified": "2026-05-13T15:34:52.573", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40407", "is_exploited": false, "epss": 0, "vendor": "WINDOWS", "mts_score": 41.2}, {"id": "CVE-2026-40408", "description": "Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.", "score": 7.8, "severity": "HIGH", "published": "2026-05-12T18:17:18.800Z", "lastModified": "2026-05-13T15:34:52.573", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40408", "is_exploited": false, "epss": 0, "vendor": "WINDOWS", "mts_score": 41.2}, {"id": "CVE-2026-40417", "description": "Weak authentication in Dynamics Business Central allows an authorized attacker to elevate privileges locally.", "score": 7.8, "severity": "HIGH", "published": "2026-05-12T18:17:19.817Z", "lastModified": "2026-05-13T15:34:52.573", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40417", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 41.2}, {"id": "CVE-2026-40418", "description": "Use after free in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.", "score": 7.8, "severity": "HIGH", "published": "2026-05-12T18:17:19.940Z", "lastModified": "2026-05-13T15:34:52.573", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40418", "is_exploited": false, "epss": 0, "vendor": "MICROSOFT", "mts_score": 41.2}, {"id": "CVE-2026-40419", "description": "Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.", "score": 7.8, "severity": "HIGH", "published": "2026-05-12T18:17:20.070Z", "lastModified": "2026-05-13T15:34:52.573", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40419", "is_exploited": false, "epss": 0, "vendor": "MICROSOFT", "mts_score": 41.2}, {"id": "CVE-2026-41088", "description": "External control of file name or path in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.", "score": 7.8, "severity": "HIGH", "published": "2026-05-12T18:17:20.573Z", "lastModified": "2026-05-13T15:34:52.573", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41088", "is_exploited": false, "epss": 0, "vendor": "WINDOWS", "mts_score": 41.2}, {"id": "CVE-2026-41095", "description": "Use after free in Data Deduplication allows an authorized attacker to elevate privileges locally.", "score": 7.8, "severity": "HIGH", "published": "2026-05-12T18:17:21.020Z", "lastModified": "2026-05-13T15:34:52.573", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41095", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 41.2}, {"id": "CVE-2026-41611", "description": "Improper neutralization of script-related html tags in a web page (basic xss) in Visual Studio Code allows an unauthorized attacker to execute code locally.", "score": 7.8, "severity": "HIGH", "published": "2026-05-12T18:17:22.980Z", "lastModified": "2026-05-13T15:34:52.573", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41611", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 41.2}, {"id": "CVE-2026-42831", "description": "Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.", "score": 7.8, "severity": "HIGH", "published": "2026-05-12T18:17:25.673Z", "lastModified": "2026-05-13T15:34:52.573", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42831", "is_exploited": false, "epss": 0, "vendor": "MICROSOFT", "mts_score": 41.2}, {"id": "CVE-2026-42896", "description": "Integer overflow or wraparound in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.", "score": 7.8, "severity": "HIGH", "published": "2026-05-12T18:17:26.470Z", "lastModified": "2026-05-14T14:31:34.470", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42896", "is_exploited": false, "epss": 0, "vendor": "WINDOWS", "mts_score": 41.2}, {"id": "CVE-2026-34681", "description": "Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", "score": 7.8, "severity": "HIGH", "published": "2026-05-12T19:16:31.313Z", "lastModified": "2026-05-13T19:40:12.757", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34681", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 41.2}, {"id": "CVE-2026-34682", "description": "Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", "score": 7.8, "severity": "HIGH", "published": "2026-05-12T19:16:31.447Z", "lastModified": "2026-05-13T19:40:17.447", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34682", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 41.2}, {"id": "CVE-2026-34683", "description": "Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", "score": 7.8, "severity": "HIGH", "published": "2026-05-12T19:16:31.603Z", "lastModified": "2026-05-13T20:16:21.083", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34683", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 41.2}, {"id": "CVE-2026-34684", "description": "Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", "score": 7.8, "severity": "HIGH", "published": "2026-05-12T19:16:31.807Z", "lastModified": "2026-05-13T20:16:21.197", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34684", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 41.2}, {"id": "CVE-2026-34690", "description": "After Effects versions 26.0, 25.6.4 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", "score": 7.8, "severity": "HIGH", "published": "2026-05-12T20:16:38.820Z", "lastModified": "2026-05-13T19:42:49.227", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34690", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 41.2}, {"id": "CVE-2025-65086", "description": "An Out-of-Bounds Write vulnerability is present in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions 12.6.1204.216 and prior that could allow an attacker to execute arbitrary code when a specially crafted VC6 file is being parsed.", "score": 7.8, "severity": "HIGH", "published": "2026-05-12T21:16:13.437Z", "lastModified": "2026-05-14T14:57:52.040", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65086", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 41.2}, {"id": "CVE-2025-65087", "description": "An Out-of-Bounds Read vulnerability is present in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions 12.6.1204.216 and prior that could allow an attacker to disclose information or execute arbitrary code when a specially crafted VC6 file is being parsed.", "score": 7.8, "severity": "HIGH", "published": "2026-05-12T21:16:13.570Z", "lastModified": "2026-05-14T14:57:34.480", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65087", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 41.2}, {"id": "CVE-2025-65088", "description": "An Out-of-Bounds Read vulnerability is present in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions 12.6.1204.216 and prior that could allow an attacker to disclose information or execute arbitrary code when a specially crafted VC6 file is being parsed.", "score": 7.8, "severity": "HIGH", "published": "2026-05-12T21:16:13.700Z", "lastModified": "2026-05-14T14:57:14.227", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65088", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 41.2}, {"id": "CVE-2026-8108", "description": "The installation of Fuji Tellus adds a driver to the kernel which grants all users read and write permissions.", "score": 7.8, "severity": "HIGH", "published": "2026-05-12T23:16:19.023Z", "lastModified": "2026-05-13T15:52:56.850", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8108", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 41.2}, {"id": "CVE-2026-36767", "description": "A path traversal vulnerability in the /content/images/add endpoint of shopizer v3.2.5 allows attackers write arbitrary files to any writeable path via a crafted POST request.", "score": 10.0, "severity": "CRITICAL", "published": "2026-04-30T17:16:26.267Z", "lastModified": "2026-04-30T18:16:29.947", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-36767", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 41.0}, {"id": "CVE-2026-35051", "description": "Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is an authentication bypass vulnerability in Traefik's ForwardAuth middleware when trustForwardHeader=false is configured and Traefik is deployed behind a trusted upstream proxy. This issue h...", "score": 10.0, "severity": "CRITICAL", "published": "2026-04-30T21:16:32.047Z", "lastModified": "2026-05-01T17:45:41.300", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35051", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 41.0}, {"id": "CVE-2026-39858", "description": "Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a high severity authentication bypass vulnerability in Traefik's ForwardAuth and snippet-based authentication middleware. Traefik's forwarded-header sanitization logic targets only canonic...", "score": 10.0, "severity": "CRITICAL", "published": "2026-04-30T21:16:32.313Z", "lastModified": "2026-05-01T17:44:36.067", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39858", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 41.0}, {"id": "CVE-2026-37541", "description": "Buffer overflow vulnerability in Open Vehicle Monitoring System 3 (OVMS3) 3.3.005. In canformat_gvret.cpp, the length field in GVRET binary data is not properly validated, allowing remote attackers to cause a denial of service or possibly execute arbitrary code via crafted GVRET frames.", "score": 10.0, "severity": "CRITICAL", "published": "2026-05-01T17:16:24.083Z", "lastModified": "2026-05-07T19:16:00.437", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-37541", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 41.0}, {"id": "CVE-2026-42369", "description": "GV-VMS V20 is a Video Monitoring Software used to gather the feeds of many surveillance cameras and manage other security devices. It is a native application accessed locally, but it is also possible to enable remote access via the \"WebCam Server\" feature.  Once enabled, it is possible to access to ...", "score": 10.0, "severity": "CRITICAL", "published": "2026-05-04T01:16:04.153Z", "lastModified": "2026-05-04T15:21:58.203", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42369", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 41.0}, {"id": "CVE-2026-7411", "description": "In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, inadequate path normalization in the Submodel HTTP API allows an unauthenticated remote attacker to perform a path traversal attack. By supplying a maliciously crafted fileName parameter during a file upload operation, an attacke...", "score": 10.0, "severity": "CRITICAL", "published": "2026-05-05T16:16:18.360Z", "lastModified": "2026-05-06T16:16:12.380", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7411", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 41.0}, {"id": "CVE-2026-40281", "description": "Gotenberg is a Docker-powered stateless API for PDF files. In versions 8.30.1 and earlier, the metadata write endpoint validates metadata keys for control characters but leaves metadata values unsanitized. A newline character in a metadata value splits the ExifTool stdin line into two separate argum...", "score": 10.0, "severity": "CRITICAL", "published": "2026-05-06T21:16:01.353Z", "lastModified": "2026-05-11T14:46:07.127", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40281", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 41.0}, {"id": "CVE-2026-42449", "description": "n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. In versions 2.47.4 through 2.47.13, the SDK embedder path (N8NDocumentationMCPServer constructor, getN8nApiClient(), and validateInstanceContext()), the synchronous URL validator in SSR...", "score": 8.5, "severity": "HIGH", "published": "2026-05-07T21:16:30.133Z", "lastModified": "2026-05-14T17:37:37.263", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42449", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 41.0}, {"id": "CVE-2026-8199", "description": "An authenticated user can cause excess memory usage via bitwise match expression AST processing of $bitsAllSet, $bitsAnySet, $bitsAllClear, and $bitsAnyClear. This contributes to memory pressure and may lead to availability loss by OOM.\n\nThis issue impacts MongoDB Server v7.0 versions prior to 7.0.3...", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-13T04:17:41.530Z", "lastModified": "2026-05-13T22:31:09.603", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8199", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 41.0}, {"id": "CVE-2026-7619", "description": "The Charitable \u2013 Donation Plugin for WordPress \u2013 Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to generic SQL Injection via the 's' parameter in all versions up to, and including, 1.8.10.4 due to insufficient escaping on the user supplied parameter and lack of suffic...", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-13T05:16:24.603Z", "lastModified": "2026-05-13T14:43:46.717", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7619", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 41.0}, {"id": "CVE-2026-4782", "description": "The Avada Builder plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.15.2 via the 'fusion_get_svg_from_file' function with the 'custom_svg' parameter of the 'fusion_section_separator' shortcode. This makes it possible for authenticated attackers, with S...", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-13T13:01:55.633Z", "lastModified": "2026-05-13T14:43:46.717", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4782", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 41.0}, {"id": "CVE-2026-5545", "description": "libcurl might in some circumstances reuse the wrong connection when asked to\ndo an authenticated HTTP(S) request after a Negotiate-authenticated one, when\nboth use the same host.\n\nlibcurl features a pool of recent connections so that subsequent requests can\nreuse an existing connection to avoid over...", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-13T13:01:56.190Z", "lastModified": "2026-05-13T19:31:07.633", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5545", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 41.0}, {"id": "CVE-2026-25107", "description": "ELECOM wireless LAN access point devices use a hard-coded cryptographic key when creating backups of configuration files. An attacker who knows the encryption key can tamper the configuration file of the product, and a victim administrator may be tricked to use a crafted configuration file.", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-13T13:16:37.160Z", "lastModified": "2026-05-13T15:47:10.327", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25107", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 41.0}, {"id": "CVE-2026-37428", "description": "qihang-wms commit 75c15a was discovered to contain a SQL injection vulnerability via the datascope parameter in the SysDeptMapper.xml file. This vulnerability allows attackers to access sensitive database information, including users' Personally Identifiable Information (PII).", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-13T14:17:27.320Z", "lastModified": "2026-05-13T19:17:12.127", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-37428", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 41.0}, {"id": "CVE-2026-37429", "description": "qihang-wms commit 75c15a was discovered to contain a SQL injection vulnerability via the datascope parameter in the SysUserMapper.xml file. This vulnerability allows attackers to access sensitive database information, including users' Personally Identifiable Information (PII) via a crafted SQL state...", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-13T14:17:32.287Z", "lastModified": "2026-05-13T19:17:12.330", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-37429", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 41.0}, {"id": "CVE-2026-4608", "description": "The ProfileGrid \u2013 User Profiles, Groups and Communities plugin for WordPress is vulnerable to blind SQL Injection via the 'rid' parameter in all versions up to, and including, 5.9.8.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL q...", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-13T14:17:58.357Z", "lastModified": "2026-05-13T14:43:46.717", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4608", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 41.0}, {"id": "CVE-2026-31156", "description": "A path injection vulnerability exists in OpenPLC v3 (2c82b0e79c53f8c1f1458eee15fec173400d6e1a) as the binary program compiled from glue_generator.cpp does not perform any validation on the file path parameters passed via the command line. The user-controlled input parameters are directly passed to t...", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-13T16:16:38.763Z", "lastModified": "2026-05-14T15:16:45.160", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31156", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 41.0}, {"id": "CVE-2026-35062", "description": "An authenticated iControl SOAP user may be able to obtain information of other accounts.\u00a0\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated.", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-13T16:16:40.400Z", "lastModified": "2026-05-13T16:27:11.127", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35062", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 41.0}, {"id": "CVE-2026-40460", "description": "When NGINX Plus or NGINX Open Source are configured to use the HTTP/3 QUIC\u00a0module, an attacker may be able to spoof their source IP address allowing for bypass of authorization or bypass of rate limiting.\u00a0\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-13T16:16:42.823Z", "lastModified": "2026-05-13T16:27:11.127", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40460", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 41.0}, {"id": "CVE-2026-40462", "description": "Incorrect permission assignment vulnerabilities exist in iControl REST and TMOS shell (tmsh) undisclosed command which may allow an authenticated attacker to view sensitive information.\u00a0 Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-13T16:16:42.960Z", "lastModified": "2026-05-13T17:16:20.340", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40462", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 41.0}, {"id": "CVE-2026-40699", "description": "A vulnerability exists in the undisclosed pages in the Configuration utility that may allow a low-privileged authenticated attacker to access to undisclosed sensitive information.\u00a0\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-13T16:16:43.730Z", "lastModified": "2026-05-13T17:16:20.730", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40699", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 41.0}, {"id": "CVE-2026-41219", "description": "An improper sanitization vulnerability exists in the BIG-IP QKView utility that allows a low-privileged attacker to read sensitive information from a QKView file.\u00a0 \n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-13T16:16:44.620Z", "lastModified": "2026-05-13T16:27:11.127", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41219", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 41.0}, {"id": "CVE-2026-41959", "description": "Incorrect permission assignment vulnerabilities exist in BIG-IP and BIG-IQ TMOS Shell (tmsh) network diagnostics commands and in BIG-IP iControl REST. These vulnerabilities may allow an authenticated attacker to view the network status of destination systems.\n\n\u00a0Note: Software versions which have rea...", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-13T16:16:46.000Z", "lastModified": "2026-05-13T16:27:11.127", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41959", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 41.0}, {"id": "CVE-2026-42781", "description": "When embedded Packet Velocity Acceleration (ePVA) acceleration is configured, undisclosed local ethernet traffic can cause an increase in ePVA and Traffic Management Microkernel (TMM) resource utilization.\u00a0\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-13T16:16:48.447Z", "lastModified": "2026-05-13T16:27:11.127", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42781", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 41.0}, {"id": "CVE-2026-42937", "description": "Incorrect permission assignment vulnerabilities exist in BIG-IP and BIG-IQ TMOS Shell (tmsh) arp\u00a0and ndp\u00a0commands, and in BIG-IP iControl REST. These vulnerabilities may allow an authenticated attacker to view adjacent network information.\u00a0\n\n\n\nNote: Software versions which have reached End of Techni...", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-13T16:16:50.050Z", "lastModified": "2026-05-13T16:27:11.127", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42937", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 41.0}, {"id": "CVE-2026-42946", "description": "A vulnerability exists in the ngx_http_scgi_module\u00a0and ngx_http_uwsgi_module\u00a0modules that may result in excessive memory allocation or an over-read of data. When scgi_pass\u00a0or uwsgi_pass\u00a0is configured, an unauthenticated attacker with man-in-the-middle (MITM) ability to control responses from an upst...", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-13T16:16:50.340Z", "lastModified": "2026-05-13T16:27:11.127", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42946", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 41.0}, {"id": "CVE-2026-44456", "description": "Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.16, bodyLimit() does not reliably enforce maxSize for requests without a usable Content-Length (e.g. Transfer-Encoding: chunked). Oversized requests can reach handlers and return 200 instead of 413. T...", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-13T16:16:57.567Z", "lastModified": "2026-05-13T18:34:43.090", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44456", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 41.0}, {"id": "CVE-2026-44000", "description": "vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, a sandbox boundary violation in vm2 allows host object identity to cross into the sandbox through host Promise resolution. When a host-side Promise that resolves to a host object is exposed to the sandbox, the value delivered to the sand...", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-13T18:16:16.590Z", "lastModified": "2026-05-14T15:35:36.290", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44000", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 41.0}, {"id": "CVE-2026-22677", "description": "Hermes WebUI prior to 0.51.44 - Release T contains a path traversal vulnerability in the session import endpoint that allows authenticated attackers to read arbitrary files by importing a crafted session with an unrestricted workspace value. Attackers can supply a blocked filesystem root in the work...", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-13T19:17:04.347Z", "lastModified": "2026-05-14T16:24:56.240", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22677", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 41.0}, {"id": "CVE-2026-42580", "description": "Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty's chunk size parser silently overflows int, enabling request smuggling attacks. This vulnerability is fixed in 4.2.13.Final and 4.1.133.Final.", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-13T19:17:23.490Z", "lastModified": "2026-05-14T19:16:35.967", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42580", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 41.0}, {"id": "CVE-2026-42585", "description": "Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty incorrectly parses malformed Transfer-Encoding, enabling request smuggling attacks. This vulnerability is fixed in 4.2.13.Final and 4.1.133.Final.", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-13T19:17:24.187Z", "lastModified": "2026-05-14T16:26:50.047", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42585", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 41.0}, {"id": "CVE-2026-28376", "description": "The Grafana Live push endpoint can be exploited to cause unbounded memory allocation by sending a large or streaming request body, potentially leading to out-of-memory conditions. An authenticated user with access to the Grafana Live API can trigger this issue.", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-13T20:16:19.760Z", "lastModified": "2026-05-14T19:16:31.730", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28376", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 41.0}, {"id": "CVE-2026-28379", "description": "A race condition in Grafana Live allows authenticated users with Viewer role to trigger a server crash by sending concurrent requests that cause a fatal map access error. This results in complete service unavailability requiring restart of the Grafana server.", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-13T20:16:19.920Z", "lastModified": "2026-05-14T19:16:31.880", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28379", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 41.0}, {"id": "CVE-2026-28380", "description": "Any Editor could delete any snapshot, even if they have no access to read or write them.", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-13T20:16:20.023Z", "lastModified": "2026-05-14T16:21:02.930", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28380", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 41.0}, {"id": "CVE-2026-28383", "description": "A request to the Grafana plugin resources endpoint can cause unbounded memory allocation by reading the entire request body into memory. An authenticated user can exploit this to trigger an out-of-memory condition, potentially causing a denial of service.", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-13T20:16:20.130Z", "lastModified": "2026-05-14T16:21:02.930", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28383", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 41.0}, {"id": "CVE-2026-33378", "description": "Using the $__timeGroup macro, one can achieve an OOM by overloading the server. This requires a SQL datasource. If the server is set up to auto-restart, the impact is minimal or non-existent, as the attack can take upwards of half an hour to crash the server.", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-13T20:16:20.583Z", "lastModified": "2026-05-14T16:21:02.930", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33378", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 41.0}, {"id": "CVE-2026-44423", "description": "ShellHub is a centralized SSH gateway. Prior to 0.24.2, GET /api/sessions/:uid returns the full session object for any authenticated caller, without scoping by the caller's tenant. An authenticated user can read session records (SSH username, device UID, remote IP, terminal type, authenticated flag,...", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-13T22:16:44.103Z", "lastModified": "2026-05-14T16:44:55.820", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44423", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 41.0}, {"id": "CVE-2026-44424", "description": "ShellHub is a centralized SSH gateway. Prior to 0.24.2, GET /api/devices/:uid returns the full device object whenever the caller is authenticated, without verifying that the device belongs to the caller's namespace (tenant). Any authenticated user (JWT or API Key) who knows or can guess a device UID...", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-13T22:16:44.257Z", "lastModified": "2026-05-14T16:44:55.820", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44424", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 41.0}, {"id": "CVE-2026-44426", "description": "ShellHub is a centralized SSH gateway. Prior to 0.24.2, GET /api/namespaces/:tenant returns the full namespace object \u2014 including\nthe members list (user IDs, e-mails, roles), settings, and device counts \u2014 to any caller authenticated by an API Key, for any tenant, regardless of the API Key's own tena...", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-13T22:16:44.557Z", "lastModified": "2026-05-14T20:14:30.007", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44426", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 41.0}, {"id": "CVE-2026-44440", "description": "ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.101.1 and 16.10.0, an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability on an endpoint allows an authenticated adjacent attacker to read arbitrary files. This vulnerability is ...", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-13T22:16:45.007Z", "lastModified": "2026-05-14T20:11:20.710", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44440", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 41.0}, {"id": "CVE-2026-44445", "description": "ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.104.3 and 16.12.0, an improper restriction of XML external entity (XXE) reference vulnerability in the EDI Module enables an authenticated attacker to read files from the local file system, including sensitive configura...", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-13T22:16:45.500Z", "lastModified": "2026-05-14T20:02:51.860", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44445", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 41.0}, {"id": "CVE-2026-5486", "description": "The Unlimited Elements for Elementor plugin for WordPress is vulnerable to SQL Injection via the 'data[filter_search]' parameter in the get_cat_addons AJAX action in versions up to and including 2.0.7. This is due to insufficient input sanitization and the use of deprecated escaping functions combin...", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-14T04:17:03.773Z", "lastModified": "2026-05-14T14:29:01.600", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5486", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 41.0}, {"id": "CVE-2026-1184", "description": "GitLab has remediated an issue in GitLab EE affecting all versions from 11.9 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to cause denial of service by uploading a specially crafted file due to improper validation.", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-14T06:16:21.190Z", "lastModified": "2026-05-14T16:20:43.240", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1184", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 41.0}, {"id": "CVE-2026-4524", "description": "GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.9.1 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to access confidential issue content in public projects without proper authorization due to improper authoriza...", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-14T06:16:23.677Z", "lastModified": "2026-05-14T16:20:43.240", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4524", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 41.0}, {"id": "CVE-2026-4527", "description": "GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.10 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to create unauthorized Jira subscriptions for a targeted user's namespace via a specially crafted link due to...", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-14T06:16:23.810Z", "lastModified": "2026-05-14T16:20:43.240", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4527", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 41.0}, {"id": "CVE-2026-8280", "description": "GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.3 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to cause denial of service through excessive memory consumption due to improper input validation.", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-14T06:16:26.207Z", "lastModified": "2026-05-14T18:50:20.213", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8280", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 41.0}, {"id": "CVE-2026-5193", "description": "The Essential Addons for Elementor \u2013 Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 6.5.13. This is due to insufficient role validation in the 'register_user' function, which only blocks the 'administrator' role....", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-14T07:16:19.977Z", "lastModified": "2026-05-14T14:28:41.283", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5193", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 41.0}, {"id": "CVE-2026-6225", "description": "The Taskbuilder \u2013 Project Management & Task Management Tool With Kanban Board plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'project_search' parameter in all versions up to, and including, 5.0.6 due to insufficient escaping on the user supplied parameter and lack of su...", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-14T07:16:20.373Z", "lastModified": "2026-05-14T14:28:41.283", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6225", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 41.0}, {"id": "CVE-2026-6670", "description": "The Media Sync plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.4.9 via the 'sub_dir' and 'media_items' parameters. This is due to insufficient validation of user-supplied file paths, which are not checked for directory traversal sequences or restricted to...", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-14T07:16:21.277Z", "lastModified": "2026-05-14T14:28:41.283", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6670", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 41.0}, {"id": "CVE-2026-6478", "description": "Covert timing channel in comparison of MD5-hashed password in PostgreSQL authentication allows an attacker to recover user credentials sufficient to authenticate.  This does not affect scram-sha-256 passwords, the default in all supported releases.  However, current databases may have MD5-hashed pas...", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-14T14:16:25.463Z", "lastModified": "2026-05-14T16:21:23.190", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6478", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 41.0}, {"id": "CVE-2026-44514", "description": "Kubetail is a real-time logging dashboard for Kubernetes. Prior to 0.14.0, Kubetail's dashboard exposes WebSocket endpoints that did not adequately validate the Origin header on connection upgrade. A malicious web page visited by a user with an active Kubetail session could open a WebSocket to the u...", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-14T17:16:23.043Z", "lastModified": "2026-05-14T18:31:45.970", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44514", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 41.0}, {"id": "CVE-2026-8550", "description": "Use after free in Google Lens in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-14T20:17:15.917Z", "lastModified": "2026-05-14T22:16:48.840", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8550", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 41.0}, {"id": "CVE-2026-8570", "description": "Type Confusion in V8 in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-14T20:17:19.260Z", "lastModified": "2026-05-14T22:16:50.443", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8570", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 41.0}, {"id": "CVE-2026-33356", "description": "In Meari IoT Cloud MQTT Broker deployments running EMQX 4.x, any authenticated low-privilege account can subscribe to global wildcard topics and receive telemetry from devices the user does not own. The broker enforces publish restrictions but does not enforce equivalent subscribe authorization at p...", "score": 7.7, "severity": "HIGH", "published": "2026-05-11T17:16:30.590Z", "lastModified": "2026-05-13T15:36:30.533", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33356", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.8}, {"id": "CVE-2026-44738", "description": "Grav is a file-based Web platform. Prior to 2.0.0-rc.2, the Twig sandbox allow-list permits any user with the admin.pages role to call config.toArray() from within a page body, dumping the entire merged site configuration \u2014 including all plugin secrets (SMTP passwords, AWS keys, OAuth client secrets...", "score": 7.7, "severity": "HIGH", "published": "2026-05-11T17:16:34.747Z", "lastModified": "2026-05-14T18:16:50.440", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44738", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.8}, {"id": "CVE-2026-43884", "description": "WWBN AVideo is an open source video platform. In versions up to and including 29.0, two endpoints (plugin/AI/receiveAsync.json.php and objects/EpgParser.php) in AVideo call isSSRFSafeURL() to validate user-supplied URLs, then fetch them using bare file_get_contents() without disabling PHP's automati...", "score": 7.7, "severity": "HIGH", "published": "2026-05-11T22:22:13.073Z", "lastModified": "2026-05-12T14:50:18.527", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43884", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.8}, {"id": "CVE-2026-43890", "description": "Outline is a service that allows for collaborative documentation. From 0.84.0 to 1.7.0, the subscriptions.create API endpoint in server/routes/api/subscriptions/subscriptions.ts exhibits a broken authorization pattern. When both collectionId and documentId are supplied in the request, the route hand...", "score": 7.7, "severity": "HIGH", "published": "2026-05-11T22:22:13.900Z", "lastModified": "2026-05-13T16:16:52.647", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43890", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.8}, {"id": "CVE-2026-27662", "description": "Affected devices do not properly restrict access to the web browser via the Control Panel when no corresponding security mechanisms are in place.\r\nThis could allow an unauthenticated attacker to gain unauthorized access to the web browser, potentially enabling the discovery of backdoors, performing ...", "score": 7.7, "severity": "HIGH", "published": "2026-05-12T10:16:45.540Z", "lastModified": "2026-05-12T14:19:41.400", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27662", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.8}, {"id": "CVE-2026-45218", "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Travel WP Travel wp-travel allows Blind SQL Injection.This issue affects WP Travel: from n/a through <= 11.4.0.", "score": 7.7, "severity": "HIGH", "published": "2026-05-12T11:16:21.100Z", "lastModified": "2026-05-12T14:03:52.757", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45218", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.8}, {"id": "CVE-2026-33821", "description": "Improper privilege management in Microsoft Dynamics 365 Customer Insights allows an authorized attacker to elevate privileges over a network.", "score": 7.7, "severity": "HIGH", "published": "2026-05-12T18:17:04.410Z", "lastModified": "2026-05-13T15:34:52.573", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33821", "is_exploited": false, "epss": 0, "vendor": "MICROSOFT", "mts_score": 40.8}, {"id": "CVE-2026-42141", "description": "Xibo is an open source digital signage platform with a web content management system and Windows display player software. Prior to 4.4.1, an authenticated Server-Side Request Forgery (SSRF) vulnerability in the Xibo CMS allows users with Library upload permissions to make arbitrary HTTP requests fro...", "score": 7.7, "severity": "HIGH", "published": "2026-05-12T18:17:23.920Z", "lastModified": "2026-05-13T15:43:05.440", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42141", "is_exploited": false, "epss": 0, "vendor": "WINDOWS", "mts_score": 40.8}, {"id": "CVE-2026-42832", "description": "Improper access control in Microsoft Office allows an unauthorized attacker to perform spoofing locally.", "score": 7.7, "severity": "HIGH", "published": "2026-05-12T18:17:25.800Z", "lastModified": "2026-05-13T15:34:52.573", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42832", "is_exploited": false, "epss": 0, "vendor": "MICROSOFT", "mts_score": 40.8}, {"id": "CVE-2026-42364", "description": "An os command injection vulnerability exists in the DdnsSetting.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted DDNS configuration can lead to arbitrary command execution. An attacker can modify a configuration value to trigger this vulnerability.", "score": 9.9, "severity": "CRITICAL", "published": "2026-05-04T01:16:03.470Z", "lastModified": "2026-05-05T02:45:23.433", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42364", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.6}, {"id": "CVE-2026-42368", "description": "A privilege escalation vulnerability exists in the Web Interface functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted HTTP request can lead to execute priviledged operation. An attacker can visit a webpage to trigger this vulnerability.", "score": 9.9, "severity": "CRITICAL", "published": "2026-05-04T01:16:04.020Z", "lastModified": "2026-05-05T02:43:48.037", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42368", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.6}, {"id": "CVE-2026-42809", "description": "Apache Polaris can issue broad temporary (\"vended\") storage credentials during\nstaged\ntable creation before the effective table location has been validated or\ndurably reserved. \nThose temporary credentials are meant to limit the scope\nof\naccessible table data and metadata, but this scope limitation ...", "score": 9.9, "severity": "CRITICAL", "published": "2026-05-04T17:16:26.307Z", "lastModified": "2026-05-12T13:28:35.540", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42809", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.6}, {"id": "CVE-2026-42810", "description": "Apache Polaris accepts literal `*` characters in namespace and table names. When it\nlater builds temporary S3 access policies for delegated table access, those\nsame characters appear to be reused unescaped in S3 IAM resource patterns\nand\n`s3:prefix` conditions.\n\n\n\nIn S3 IAM policy matching, `*` is t...", "score": 9.9, "severity": "CRITICAL", "published": "2026-05-04T17:16:26.493Z", "lastModified": "2026-05-12T13:28:53.393", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42810", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.6}, {"id": "CVE-2026-42811", "description": "In plain terms, Apache Polaris is supposed to issue short-lived GCS credentials\nthat\nonly work for one table's files, but a crafted namespace or table name can\ncause those credentials to work across the configured bucket instead.\n\n\nApache Polaris builds Google Cloud Storage downscoped credentials by...", "score": 9.9, "severity": "CRITICAL", "published": "2026-05-04T17:16:26.677Z", "lastModified": "2026-05-12T13:29:16.280", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42811", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 40.6}, {"id": "CVE-2026-42812", "description": "In Apache Iceberg, the table's metadata files are control files: they tell readers\nwhich data files belong to the table and which table version to read.\n\n\n\n`write.metadata.path` is an optional table property that tells Polaris\nwhere to\nwrite those metadata files. \nFor a table already registered in a...", "score": 9.9, "severity": "CRITICAL", "published": "2026-05-04T17:16:26.887Z", "lastModified": "2026-05-12T13:30:22.810", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42812", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.6}, {"id": "CVE-2026-43940", "description": "electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to version 3.7.16, the runWidget function in src/app/widgets/load-widget.js constructs a file path by directly concatenating user\u2011supplied widget identifiers without any sanitisation. Because runWidget is...", "score": 8.4, "severity": "HIGH", "published": "2026-05-08T04:16:23.023Z", "lastModified": "2026-05-08T19:17:53.237", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43940", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.6}, {"id": "CVE-2026-44334", "description": "PraisonAI is a multi-agent teams system. From version 4.5.139 to before version 4.6.32, CVE-2026-40287's fix gated tools.py auto-import behind PRAISONAI_ALLOW_LOCAL_TOOLS=true in two files (tool_resolver.py, api/call.py). A third import sink in praisonai/templates/tool_override.py was missed and rem...", "score": 8.4, "severity": "HIGH", "published": "2026-05-08T14:16:46.143Z", "lastModified": "2026-05-08T19:09:37.400", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44334", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.6}, {"id": "CVE-2026-8201", "description": "A use-after-free vulnerability exists in MongoDB's Field-Level Encryption (FLE) query analysis component, affecting client-side uses of mongocryptd and crypt_shared. Triggering this vulnerability requires control over the structure of a client's FLE-related query.\n\nThis issue impacts MongoDB Server\u2019...", "score": 6.4, "severity": "MEDIUM", "published": "2026-05-13T04:17:41.870Z", "lastModified": "2026-05-13T22:50:59.310", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8201", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.6}, {"id": "CVE-2026-6828", "description": "The Fluent Forms \u2013 Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'permission_message' parameter in all versions up to, and including, 6.2.1 due to insufficient input sanitization and output escaping. ...", "score": 6.4, "severity": "MEDIUM", "published": "2026-05-13T05:16:24.077Z", "lastModified": "2026-05-13T14:43:46.717", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6828", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.6}, {"id": "CVE-2026-6962", "description": "The Cost of Goods: Product Cost & Profit Calculator for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'alg_wc_cog_product_cost' and 'alg_wc_cog_product_profit' shortcodes in all versions up to, and including, 4.1.0 due to insufficient input sanitizati...", "score": 6.4, "severity": "MEDIUM", "published": "2026-05-13T05:16:24.213Z", "lastModified": "2026-05-13T14:43:46.717", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6962", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.6}, {"id": "CVE-2026-3004", "description": "The Snow Monkey Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018data-slick' attribute in all versions up to, and including, 24.1.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...", "score": 6.4, "severity": "MEDIUM", "published": "2026-05-13T08:16:16.647Z", "lastModified": "2026-05-13T14:43:46.717", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3004", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.6}, {"id": "CVE-2020-37225", "description": "Powie's WHOIS Domain Check 0.9.31 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject arbitrary JavaScript by exploiting unsanitized input fields in plugin settings. Attackers can submit malicious payloads through textarea and input elements in the ...", "score": 6.4, "severity": "MEDIUM", "published": "2026-05-13T16:16:34.127Z", "lastModified": "2026-05-13T17:07:21.030", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-37225", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.6}, {"id": "CVE-2026-5361", "description": "The Envira Gallery Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the REST API in versions up to and including 1.12.4. This is due to insufficient input sanitization in the update_gallery_data() function and improper output escaping in the gallery_init() function. The san...", "score": 6.4, "severity": "MEDIUM", "published": "2026-05-14T05:16:44.933Z", "lastModified": "2026-05-14T14:29:01.600", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5361", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.6}, {"id": "CVE-2026-5243", "description": "The The Plus Addons for Elementor \u2013 Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to stored cross-site scripting via the `menu_hover_click` parameter of the Navigation Menu Lite widget in all versions up to, and including, 6.4.11 due to insu...", "score": 6.4, "severity": "MEDIUM", "published": "2026-05-14T06:16:23.947Z", "lastModified": "2026-05-14T14:28:41.283", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5243", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.6}, {"id": "CVE-2026-3694", "description": "The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'text' attribute of the bt_bb_button shortcode in all versions up to, and including, 5.6.8. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it po...", "score": 6.4, "severity": "MEDIUM", "published": "2026-05-14T07:16:18.680Z", "lastModified": "2026-05-14T14:28:41.283", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3694", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.6}, {"id": "CVE-2026-6252", "description": "The Meta Field Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tagName' block attribute in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level ...", "score": 6.4, "severity": "MEDIUM", "published": "2026-05-14T07:16:20.513Z", "lastModified": "2026-05-14T14:28:41.283", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6252", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.6}, {"id": "CVE-2026-6174", "description": "The CC Child Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'more' parameter in all versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and ...", "score": 6.4, "severity": "MEDIUM", "published": "2026-05-14T09:16:27.353Z", "lastModified": "2026-05-14T14:28:41.283", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6174", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.6}, {"id": "CVE-2026-6504", "description": "The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title_tag' parameter in all versions up to, and including, 1.7.1058 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...", "score": 6.4, "severity": "MEDIUM", "published": "2026-05-14T09:16:27.680Z", "lastModified": "2026-05-14T14:28:41.283", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6504", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.6}, {"id": "CVE-2026-45213", "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RealMag777 BEAR woo-bulk-editor allows Blind SQL Injection.This issue affects BEAR: from n/a through <= 1.1.7.1.", "score": 7.6, "severity": "HIGH", "published": "2026-05-12T11:16:20.733Z", "lastModified": "2026-05-12T14:03:52.757", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45213", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.4}, {"id": "CVE-2026-45225", "description": "Heym before 0.0.21 contains a path traversal vulnerability in the file upload endpoint that allows authenticated users to write attacker-controlled files to arbitrary locations by supplying a crafted filename with traversal sequences. Attackers can exploit the unvalidated filename parameter in the u...", "score": 7.6, "severity": "HIGH", "published": "2026-05-12T22:16:37.990Z", "lastModified": "2026-05-14T20:17:09.223", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45225", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.4}, {"id": "CVE-2026-4670", "description": "Authentication bypass by primary weakness vulnerability in Progress Software MOVEit Automation allows Authentication Bypass.\n\nThis issue affects MOVEit Automation: from 2025.0.0 before 2025.0.9, from 2024.0.0 before 2024.1.8, versions prior to 2024.0.0.", "score": 9.8, "severity": "CRITICAL", "published": "2026-04-30T16:16:44.167Z", "lastModified": "2026-05-04T18:20:39.803", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4670", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.2}, {"id": "CVE-2022-50993", "description": "Weaver (Fanwei) E-office versions prior to 10.0_20221201 contain an unauthenticated arbitrary file upload vulnerability in the OfficeServer.php endpoint that allows remote attackers to upload malicious files by sending multipart POST requests with arbitrary filenames and disguised content types. Att...", "score": 9.8, "severity": "CRITICAL", "published": "2026-04-30T17:16:24.800Z", "lastModified": "2026-04-30T17:19:57.853", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50993", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.2}, {"id": "CVE-2025-71284", "description": "Synway SMG Gateway Management Software contains an OS command injection vulnerability in the RADIUS configuration endpoint at /en/9-2radius.php where the radius_address POST parameter is split and interpolated directly into a sed command without sanitization. An unauthenticated remote attacker can i...", "score": 9.8, "severity": "CRITICAL", "published": "2026-04-30T17:16:25.630Z", "lastModified": "2026-05-05T18:09:10.380", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71284", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.2}, {"id": "CVE-2026-33446", "description": "CVE-2026-33446 is a buffer overflow in the authentication sub-system of \nthe Secure Access client prior to 14.50. Attackers with control of a \nmodified server can send a special packet that can overwrite a small \nportion of memory conceivably leading to memory corruption or a denial \nof service.", "score": 9.8, "severity": "CRITICAL", "published": "2026-04-30T20:16:23.813Z", "lastModified": "2026-05-05T02:19:56.023", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33446", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.2}, {"id": "CVE-2026-33447", "description": "CVE-2026-33447 is a buffer overflow in a message parsing function of the\n Secure Access client prior to 14.50. Attackers with control of a \nmodified server can send a special packet that can overwrite a small \nportion of memory conceivably leading to memory corruption or denial of \nservice.", "score": 9.8, "severity": "CRITICAL", "published": "2026-04-30T20:16:23.957Z", "lastModified": "2026-05-05T02:26:55.637", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33447", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.2}, {"id": "CVE-2026-7538", "description": "A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function Vulnerability of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument proto leads to os command injection. The attack may be initiated remotely. The exploit...", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-01T02:16:04.533Z", "lastModified": "2026-05-01T15:26:24.553", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7538", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.2}, {"id": "CVE-2026-7546", "description": "A security vulnerability has been detected in Totolink NR1800X 9.1.0u.6279_B20210910. The impacted element is the function find_host_ip of the component lighttpd. Such manipulation of the argument Host leads to stack-based buffer overflow. The attack can be executed remotely. The exploit has been di...", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-01T03:16:01.270Z", "lastModified": "2026-05-01T15:26:24.553", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7546", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.2}, {"id": "CVE-2026-42994", "description": "Bitwarden CLI 2026.4.0 from 2026-04-22T21:57Z to 2026-04-22T23:30Z, when obtained from npm, had embedded malicious code. This is related to a Checkmarx supply chain incident.", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-01T05:16:01.510Z", "lastModified": "2026-05-04T18:23:38.433", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42994", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.2}, {"id": "CVE-2026-7567", "description": "The Temporary Login plugin for WordPress is vulnerable to Authentication Bypass in versions up to and including 1.0.0. This is due to improper input validation in the maybe_login_temporary_user() function, which fails to verify that the 'temp-login-token' GET parameter is a scalar string before proc...", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-01T10:15:58.080Z", "lastModified": "2026-05-01T15:26:24.553", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7567", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.2}, {"id": "CVE-2026-42778", "description": "The fix for CVE-2026-41409 was not applied to the 2.1.X and 2.2.X branches. Here was the original issue description:\n\n\n\n\nThe fix for CVE-2024-52046 in Apache MINA AbstractIoBuffer.getObject() was incomplete. The classname allowlist of classes allowed to be deserialized was applied too late after a s...", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-01T11:16:19.383Z", "lastModified": "2026-05-01T17:55:49.277", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42778", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.2}, {"id": "CVE-2026-42779", "description": "The fix for CVE-2026-41635 was not applied to the 2.1.X and 2.2.X branches. Here was the original issue description:\n\n\n\n\n\n\n\n\n\n\n\nApache MINA's AbstractIoBuffer.resolveClass() contains two branches, one of them (for static classes or primitive types) does not check the class at all, bypassing the clas...", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-01T11:16:19.537Z", "lastModified": "2026-05-01T17:55:28.940", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42779", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.2}, {"id": "CVE-2026-31705", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix out-of-bounds write in smb2_get_ea() EA alignment\n\nsmb2_get_ea() applies 4-byte alignment padding via memset() after\nwriting each EA entry. The bounds check on buf_free_len is performed\nbefore the value memcpy, but the a...", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-01T14:16:20.473Z", "lastModified": "2026-05-06T20:45:44.287", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31705", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 40.2}, {"id": "CVE-2026-31718", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix use-after-free in __ksmbd_close_fd() via durable scavenger\n\nWhen a durable file handle survives session disconnect (TCP close without\nSMB2_LOGOFF), session_fd_check() sets fp->conn = NULL to preserve the\nhandle for later...", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-01T14:16:21.963Z", "lastModified": "2026-05-06T21:07:36.920", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31718", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 40.2}, {"id": "CVE-2026-42482", "description": "A stack-based buffer overflow in mangle_to_hex_lower() and mangle_to_hex_upper() in src/rp_cpu.c in hashcat v7.1.2 allows an attacker to cause a denial of service or possibly execute arbitrary code via a crafted rule file, or via the -j or -k rule options used with password candidates of 128 or more...", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-01T14:16:22.577Z", "lastModified": "2026-05-01T19:16:32.830", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42482", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.2}, {"id": "CVE-2026-42483", "description": "A heap-based buffer overflow in the Kerberos hash parser in hashcat v7.1.2 allows an attacker to cause a denial of service or possibly execute arbitrary code via a crafted Kerberos hash file. The issue affects module_hash_decode in multiple Kerberos-related modules because account_info_len is calcul...", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-01T14:16:22.687Z", "lastModified": "2026-05-01T18:16:16.020", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42483", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.2}, {"id": "CVE-2026-42484", "description": "A heap-based buffer overflow in hex_to_binary in the PKZIP hash parser in hashcat v7.1.2 allows an attacker to cause a denial of service or possibly execute arbitrary code via a crafted PKZIP hash file. The issue affects modules 17200, 17210, 17220, 17225, and 17230. When data_type_enum<=1, attacker...", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-01T14:16:22.800Z", "lastModified": "2026-05-01T19:16:33.000", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42484", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.2}, {"id": "CVE-2026-43011", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/x25: Fix potential double free of skb\n\nWhen alloc_skb fails in x25_queue_rx_frame it calls kfree_skb(skb) at\nline 48 and returns 1 (error).\nThis error propagates back through the call chain:\n\nx25_queue_rx_frame returns 1\n    |\n...", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-01T15:16:44.993Z", "lastModified": "2026-05-07T20:26:58.903", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43011", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 40.2}, {"id": "CVE-2026-43037", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nip6_tunnel: clear skb2->cb[] in ip4ip6_err()\n\nOskar Kjos reported the following problem.\n\nip4ip6_err() calls icmp_send() on a cloned skb whose cb[] was written\nby the IPv6 receive path as struct inet6_skb_parm. icmp_send() passes\nI...", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-01T15:16:48.383Z", "lastModified": "2026-05-04T18:26:53.743", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43037", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 40.2}, {"id": "CVE-2026-43038", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: icmp: clear skb2->cb[] in ip6_err_gen_icmpv6_unreach()\n\nSashiko AI-review observed:\n\n  In ip6_err_gen_icmpv6_unreach(), the skb is an outer IPv4 ICMP error packet\n  where its cb contains an IPv4 inet_skb_parm. When skb is clo...", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-01T15:16:48.533Z", "lastModified": "2026-05-08T18:47:20.317", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43038", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 40.2}, {"id": "CVE-2026-43039", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ti: icssg-prueth: fix missing data copy and wrong recycle in ZC RX dispatch\n\nemac_dispatch_skb_zc() allocates a new skb via napi_alloc_skb() but\nnever copies the packet data from the XDP buffer into it. The skb is\npassed up th...", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-01T15:16:50.000Z", "lastModified": "2026-05-08T18:48:10.430", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43039", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 40.2}, {"id": "CVE-2026-42472", "description": "Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The session and cache handlers use unserialize() on data from Redis in the RedisHandler object.", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-01T16:16:31.587Z", "lastModified": "2026-05-05T19:39:58.510", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42472", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.2}, {"id": "CVE-2026-42473", "description": "Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The session and cache handlers use unserialize() on data from the filesystem in the FileHandler object.", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-01T16:16:31.703Z", "lastModified": "2026-05-05T19:39:58.510", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42473", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.2}, {"id": "CVE-2026-37531", "description": "AGL app-framework-main thru 17.1.12 contains a Zip Slip path traversal vulnerability (CWE-22) combined with a TOCTOU race condition (CWE-367) in the widget installation flow. The is_valid_filename function in wgtpkg-zip.c validates ZIP entry names but does not check for dot notation directory traver...", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-01T17:16:22.720Z", "lastModified": "2026-05-07T15:15:55.993", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-37531", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.2}, {"id": "CVE-2026-37534", "description": "Integer underflow vulnerability in Open-SAE-J1939 thru commit b6caf884df46435e539b1ecbf92b6c29b345bdfe (2025-11-30) in SAE_J1939_Read_Transport_Protocol_Data_Transfer,allows attackers to write to arbitrary memory via crafted sequence number from the CAN frame.", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-01T17:16:23.073Z", "lastModified": "2026-05-07T15:15:06.770", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-37534", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.2}, {"id": "CVE-2026-37539", "description": "Buffer overflow vulnerability in cannelloni v2.0.0 in CAN frame parsing in parser.cpp in function parseCANFrame, and decoder.cpp in function decodeFrame allowing remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted CAN FD frames.", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-01T17:16:23.803Z", "lastModified": "2026-05-05T20:24:04.853", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-37539", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.2}, {"id": "CVE-2026-4882", "description": "The User Registration Advanced Fields plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'URAF_AJAX::method_upload' function in all versions up to, and including, 1.6.20. This makes it possible for unauthenticated attackers to upload arbitrary fil...", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-02T05:16:00.933Z", "lastModified": "2026-05-05T19:17:22.860", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4882", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.2}, {"id": "CVE-2026-7458", "description": "The User Verification by PickPlugins plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.0.46. This is due to the use of a loose PHP comparison operator to validate OTP codes in the \"user_verification_form_wrap_process_otpLogin\" function. This makes it...", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-02T05:16:01.420Z", "lastModified": "2026-05-05T19:17:22.860", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7458", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.2}, {"id": "CVE-2026-7719", "description": "A security flaw has been discovered in Totolink WA300 5.2cu.7112_B20190227. The affected element is the function loginauth of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument http_host results in buffer overflow. The attack may be launched remotel...", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-04T02:15:58.657Z", "lastModified": "2026-05-04T15:18:40.077", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7719", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.2}, {"id": "CVE-2025-14320", "description": "Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Tegsoft Management and Information Services Trade Limited Company Online Support Application allows Reflected XSS.\n\nThis issue affects Online Support Application: from V3 through 31122025.", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-04T09:15:59.643Z", "lastModified": "2026-05-05T19:34:16.627", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14320", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.2}, {"id": "CVE-2026-7747", "description": "A security flaw has been discovered in Totolink N300RH 3.2.4-B20220812. Affected by this vulnerability is the function loginauth of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. Performing a manipulation of the argument Password results in buffer overflow. The attack can be initi...", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-04T09:16:01.117Z", "lastModified": "2026-05-04T15:17:58.710", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7747", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.2}, {"id": "CVE-2025-70067", "description": "Buffer Overflow vulnerability exists in Assimp versions up to 6.0.2 in the FBX Importer. The vulnerability occurs in aiMaterial::AddBinaryProperty, where a property key string from a crafted FBX file is copied into a fixed-size heap buffer using strcpy() without runtime length validation", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-04T14:16:29.350Z", "lastModified": "2026-05-05T19:47:31.297", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-70067", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.2}, {"id": "CVE-2026-24118", "description": "vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.0, VM2 suffers from a sandbox breakout vulnerability. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system. This issue has been patched in version 3.11.0.", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-04T17:16:21.643Z", "lastModified": "2026-05-08T19:30:38.780", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24118", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.2}, {"id": "CVE-2026-24120", "description": "vm2 is an open source vm/sandbox for Node.js. Prior to version 3.10.5, the fix for CVE-2023-37466 is insufficient and can be circumvented allowing attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system. This issue has been patched in version 3...", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-04T17:16:21.813Z", "lastModified": "2026-05-08T19:29:59.830", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24120", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.2}, {"id": "CVE-2026-24781", "description": "vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.0, VM2 suffers from a sandbox breakout vulnerability through the inspect function. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system. This issue has been patc...", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-04T17:16:21.960Z", "lastModified": "2026-05-08T19:29:32.053", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24781", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.2}, {"id": "CVE-2026-26332", "description": "vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.0, SuppressedError allows attackers to escape the sandbox and run arbitrary code. This issue has been patched in version 3.11.0.", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-04T17:16:22.403Z", "lastModified": "2026-05-06T12:24:36.910", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26332", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.2}, {"id": "CVE-2026-26956", "description": "vm2 is an open source vm/sandbox for Node.js. In version 3.10.4, vm2 is vulnerable to full sandbox escape with arbitrary code execution. Attacker code inside VM.run() obtains host process object and runs host commands with zero host cooperation. This issue has been patched in version 3.10.5.", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-04T17:16:22.553Z", "lastModified": "2026-05-08T19:15:17.833", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26956", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.2}, {"id": "CVE-2026-42027", "description": "Arbitrary Class Instantiation via Model Manifest in Apache OpenNLP ExtensionLoader\n\n\n\n\n\nVersions Affected: before 2.5.9, before 3.0.0-M3\n\n\n\n\n\nDescription:\u00a0\n\nThe ExtensionLoader.instantiateExtension(Class, String)\u00a0method loads a class by its fully-qualified name via Class.forName()\u00a0and invokes its no...", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-04T17:16:24.123Z", "lastModified": "2026-05-06T18:00:39.497", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42027", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.2}, {"id": "CVE-2026-42076", "description": "Evolver is a GEP-powered self-evolving engine for AI agents. Prior to version 1.69.3, a command injection vulnerability in the _extractLLM() function allows attackers to execute arbitrary shell commands on the server. The function constructs a curl command using string concatenation and passes it to...", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-04T17:16:24.440Z", "lastModified": "2026-05-07T15:46:40.943", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42076", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.2}, {"id": "CVE-2026-42373", "description": "D-Link DIR-605L Hardware Revision B2 (End-of-Life, EOL) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username \"Alphanetworks\" and the static password \"wrgn76_dlwbr_dir605L\" read from /etc/alpha_config/image_sign. The custom telnetd bina...", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-04T17:16:25.527Z", "lastModified": "2026-05-06T12:19:20.757", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42373", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.2}, {"id": "CVE-2026-42374", "description": "D-Link DIR-600L Hardware Revision B1 (End-of-Life) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username \"Alphanetworks\" and the static password \"wrgn61_dlwbr_dir600L\" read from /etc/alpha_config/image_sign. The custom telnetd binary ac...", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-04T17:16:25.703Z", "lastModified": "2026-05-06T12:18:13.507", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42374", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.2}, {"id": "CVE-2026-42375", "description": "D-Link DIR-600L Hardware Revision A1 (End-of-Life) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username \"Alphanetworks\" and the static password \"wrgn35_dlwbr_dir600l\" read from /etc/alpha_config/image_sign. The custom telnetd binary ac...", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-04T17:16:25.847Z", "lastModified": "2026-05-06T12:17:37.573", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42375", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.2}, {"id": "CVE-2026-42376", "description": "D-Link DIR-456U Hardware Revision A1 (End-of-Life, EOL) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /etc/init0.d/S80telnetd.sh with the username \"Alphanetworks\" and the static password \"whdrv01_dlob_dir456U\" read from /etc/config/image_sign. The custom telnetd...", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-04T17:16:26.000Z", "lastModified": "2026-05-11T19:39:19.977", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42376", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.2}, {"id": "CVE-2026-42796", "description": "Arelle before 2.39.10 contains an unauthenticated remote code execution vulnerability in the /rest/configure REST endpoint that accepts a plugins query parameter and forwards it to the plugin manager without authentication or authorization. Attackers can supply a URL to a malicious Python file throu...", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-04T18:16:32.520Z", "lastModified": "2026-05-05T19:50:11.910", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42796", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.2}, {"id": "CVE-2026-42233", "description": "n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, a flaw in the Oracle Database node's select operation allowed user-controlled input passed into the Limit field via expressions to be interpolated directly into the SQL query without sanitization or p...", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-04T19:16:05.847Z", "lastModified": "2026-05-06T18:07:22.830", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42233", "is_exploited": false, "epss": 0, "vendor": "ORACLE", "mts_score": 40.2}, {"id": "CVE-2026-42238", "description": "Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.8, nginx-ui exposes a backup restore endpoint (POST /api/restore) that is completely unauthenticated during the first 10 minutes after process startup on any fresh installation. An unauthenticated remote attacker can upl...", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-04T21:16:32.707Z", "lastModified": "2026-05-06T14:45:44.013", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42238", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.2}, {"id": "CVE-2026-5722", "description": "The MoreConvert Pro plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.9.14. This is due to the guest waitlist verification flow not invalidating or regenerating verification tokens when the customer email address is changed. This makes it possible fo...", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-05T02:16:05.020Z", "lastModified": "2026-05-05T19:09:32.000", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5722", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.2}, {"id": "CVE-2025-13618", "description": "The Mentoring plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.2.8. This is due to the plugin not properly restricting the roles that users can register with in the mentoring_process_registration() function. This makes it possible for unauthenticated...", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-05T03:15:58.913Z", "lastModified": "2026-05-05T19:09:32.000", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13618", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.2}, {"id": "CVE-2026-5294", "description": "The Geeky Bot plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.2.2. This is due to a nopriv AJAX route allowing attacker-controlled model/function dispatch and reaching a plugin installer helper that downloads and unzips attacker-supplied ZIP files into...", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-05T04:16:19.470Z", "lastModified": "2026-05-05T19:08:20.090", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5294", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.2}, {"id": "CVE-2026-7823", "description": "A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. Affected is the function setAppFilterCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument enable results in os command injection. The attack may be launched remotely. The exploit has been released to the p...", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-05T05:16:01.110Z", "lastModified": "2026-05-05T19:08:20.090", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7823", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.2}, {"id": "CVE-2023-54342", "description": "Eclipse Equinox OSGi versions 3.8 through 3.18 contain a remote code execution vulnerability in the console interface that allows unauthenticated attackers to execute arbitrary code by exploiting the fork command functionality. Attackers can establish a telnet connection to the OSGi console, perform...", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-05T12:16:15.650Z", "lastModified": "2026-05-05T19:47:31.297", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-54342", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.2}, {"id": "CVE-2023-54344", "description": "Eclipse Equinox OSGi 3.7.2 and earlier contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary commands by sending payloads to the console interface. Attackers can connect to the OSGi console port and send base64-encoded bash commands wrapped in fork...", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-05T12:16:16.710Z", "lastModified": "2026-05-05T19:47:31.297", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-54344", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.2}, {"id": "CVE-2026-7834", "description": "A security vulnerability has been detected in EFM ipTIME NAS1dual 1.5.24. This issue affects the function get_csrf_whites of the file /cgi/advanced/misc_main.cgi. Such manipulation leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and ...", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-05T14:16:09.687Z", "lastModified": "2026-05-05T19:09:32.000", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7834", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.2}, {"id": "CVE-2026-43067", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: handle wraparound when searching for blocks for indirect mapped blocks\n\nCommit 4865c768b563 (\"ext4: always allocate blocks only from groups\ninode can use\") restricts what blocks will be allocated for indirect\nblock based file...", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-05T16:16:15.937Z", "lastModified": "2026-05-08T13:16:37.597", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43067", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 40.2}, {"id": "CVE-2026-38429", "description": "OpenCMS v20 and before is vulnerable to XML External Entity (XXE) in the Admin Import DB feature due to insecure XML parsing of user supplied .zip files containing a manifest.xml.", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-05T17:17:04.547Z", "lastModified": "2026-05-06T19:16:36.710", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-38429", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.2}, {"id": "CVE-2026-38431", "description": "ERPNext v15.103.1 and before is vulnerable to Server-Side Template Injection (SSTI). An attacker with permission to create or edit email templates can inject template expressions that are executed on the server when the template is rendered.", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-05T17:17:04.670Z", "lastModified": "2026-05-08T17:06:43.360", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-38431", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.2}, {"id": "CVE-2026-7853", "description": "A weakness has been identified in D-Link DI-8100 16.07.26A1. Affected is the function sprintf of the file /auto_reboot.asp of the component HTTP Handler. This manipulation of the argument enable/time causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been made av...", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-05T18:16:04.123Z", "lastModified": "2026-05-06T17:40:13.487", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7853", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.2}, {"id": "CVE-2026-27960", "description": "OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. In versions 6.6.0 through 6.9.12, there is a privilege escalation vulnerability that can be exploited by unauthenticated attackers to query the API as any existing user, including the default admin a...", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-05T19:16:21.380Z", "lastModified": "2026-05-12T13:45:07.770", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27960", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.2}, {"id": "CVE-2026-38428", "description": "Kestra v1.3.3 and before is vulnerable to SQL Injection. The vulnerability occurs because user-controlled input from a GET parameter is directly concatenated into an SQL query without proper sanitization or parameterization. As a result, attackers can inject arbitrary SQL expressions into the databa...", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-05T19:16:21.910Z", "lastModified": "2026-05-08T19:24:29.867", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-38428", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.2}, {"id": "CVE-2026-7854", "description": "A security vulnerability has been detected in D-Link DI-8100 16.07.26A1. Affected by this vulnerability is the function url_rule_asp of the file /url_rule.asp of the component POST Parameter Handler. Such manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploi...", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-05T19:16:23.540Z", "lastModified": "2026-05-06T17:39:29.083", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7854", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.2}, {"id": "CVE-2026-34084", "description": "PhpSpreadsheet is a library for reading and writing spreadsheet files. In versions 1.30.2 and earlier, 2.0.0 through 2.1.14, 2.2.0 through 2.4.3, 3.3.0 through 3.10.3, and 4.0.0 through 5.5.0, when the filename argument to IOFactory::load() is user-controlled, an attacker can supply a PHP stream wra...", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-05T20:16:37.007Z", "lastModified": "2026-05-08T17:10:03.243", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34084", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.2}, {"id": "CVE-2026-35579", "description": "CoreDNS is a DNS server written in Go. In versions prior to 1.14.3, the gRPC, QUIC, DoH, and DoH3 transport implementations incorrectly handle TSIG authentication. For gRPC and QUIC, the server checks whether the TSIG key name exists in the configuration but never calls dns.TsigVerify() to validate ...", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-05T21:16:22.247Z", "lastModified": "2026-05-08T15:58:53.173", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35579", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.2}, {"id": "CVE-2026-28780", "description": "Heap-based Buffer Overflow vulnerability in mod_proxy_ajp of Apache HTTP Server.\nIf mod_proxy_ajp connects to a malicious AJP server this AJP server can send a malicious AJP message back to mod_proxy_ajp and cause it to write 4 attacker controlled bytes after the end of a heap based buffer.\n\nThis is...", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-05T22:16:00.390Z", "lastModified": "2026-05-06T20:31:10.843", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28780", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.2}, {"id": "CVE-2026-43125", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndlm: validate length in dlm_search_rsb_tree\n\nThe len parameter in dlm_dump_rsb_name() is not validated and comes\nfrom network messages. When it exceeds DLM_RESNAME_MAXLEN, it can\ncause out-of-bounds write in dlm_search_rsb_tree().\n...", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-06T12:16:29.450Z", "lastModified": "2026-05-08T17:57:31.783", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43125", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 40.2}, {"id": "CVE-2026-43185", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix signededness bug in smb_direct_prepare_negotiation()\n\nsmb_direct_prepare_negotiation() casts an unsigned __u32 value\nfrom sp->max_recv_size and req->preferred_send_size to a signed\nint before computing min_t(int, ...). A...", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-06T12:16:37.187Z", "lastModified": "2026-05-11T20:52:58.280", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43185", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 40.2}, {"id": "CVE-2026-43186", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: ioam: fix heap buffer overflow in __ioam6_fill_trace_data()\n\nOn the receive path, __ioam6_fill_trace_data() uses trace->nodelen\nto decide how much data to write for each node. It trusts this field\nas-is from the incoming pack...", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-06T12:16:37.300Z", "lastModified": "2026-05-11T20:40:56.187", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43186", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 40.2}, {"id": "CVE-2026-43198", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: fix potential race in tcp_v6_syn_recv_sock()\n\nCode in tcp_v6_syn_recv_sock() after the call to tcp_v4_syn_recv_sock()\nis done too late.\n\nAfter tcp_v4_syn_recv_sock(), the child socket is already visible\nfrom TCP ehash table an...", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-06T12:16:38.857Z", "lastModified": "2026-05-11T20:12:11.740", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43198", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 40.2}, {"id": "CVE-2026-43208", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: do not pass flow_id to set_rps_cpu()\n\nBlamed commit made the assumption that the RPS table for each receive\nqueue would have the same size, and that it would not change.\n\nCompute flow_id in set_rps_cpu(), do not assume we can ...", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-06T12:16:40.170Z", "lastModified": "2026-05-11T19:59:23.373", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43208", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 40.2}, {"id": "CVE-2026-41930", "description": "Vvveb before version 1.0.8.2 contains a hard-coded credentials vulnerability in its docker-compose-apache.yaml configuration that allows unauthenticated attackers to access the bundled phpMyAdmin container with pre-configured database credentials. Attackers can connect to the phpMyAdmin port to gain...", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-06T19:16:37.130Z", "lastModified": "2026-05-06T20:16:32.540", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41930", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.2}, {"id": "CVE-2026-43575", "description": "OpenClaw versions 2026.2.21 before 2026.4.10 contain an authentication bypass vulnerability in the sandbox noVNC helper route that exposes interactive browser session credentials. Attackers can access the noVNC helper route without bridge authentication to gain unauthorized access to the interactive...", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-06T20:16:33.100Z", "lastModified": "2026-05-07T17:03:55.283", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43575", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.2}, {"id": "CVE-2026-44109", "description": "OpenClaw before 2026.4.15 contains an authentication bypass vulnerability in Feishu webhook and card-action validation that allows unauthenticated requests to reach command dispatch. Missing encryptKey configuration and blank callback tokens fail open instead of rejecting requests, enabling attacker...", "score": 9.8, "severity": "CRITICAL", "published": "2026-05-06T20:16:34.620Z", "lastModified": "2026-05-07T19:40:45.520", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44109", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.2}, {"id": "CVE-2025-1978", "description": "Remote Code Execution Vulnerability in Hitachi Storage Navigator and the maintenance console in Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual St...", "score": 8.3, "severity": "HIGH", "published": "2026-05-07T09:16:26.017Z", "lastModified": "2026-05-13T19:15:52.813", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1978", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.2}, {"id": "CVE-2025-14341", "description": "Improperly controlled modification of Dynamically-Determined object attributes, Allocation of resources without limits or throttling vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Excessive Allocation, Flooding.\n\nThis issue affects DivvyDrive: from 4.8.2.19 before 4.8.3....", "score": 8.3, "severity": "HIGH", "published": "2026-05-07T14:16:00.660Z", "lastModified": "2026-05-07T14:42:56.070", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14341", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.2}, {"id": "CVE-2026-41490", "description": "Dagster is an orchestration platform for the development, production, and observation of data assets. Prior to Dagster Core version 1.13.1 and prior to Dagster libraries version 0.29.1, the DuckDB, Snowflake, BigQuery, and DeltaLake I/O managers constructed SQL WHERE clauses by interpolating dynamic...", "score": 8.3, "severity": "HIGH", "published": "2026-05-07T14:16:02.527Z", "lastModified": "2026-05-07T15:50:18.183", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41490", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.2}, {"id": "CVE-2026-41422", "description": "Daptin is a GraphQL/JSON-API headless CMS. Prior to version 0.11.4, the /aggregate/:typename endpoint accepted column and group query parameters that were passed verbatim to goqu.L() \u2014 a raw SQL literal expression builder \u2014 without any validation. This bypassed all parameterization and allowed authe...", "score": 8.3, "severity": "HIGH", "published": "2026-05-07T15:16:06.813Z", "lastModified": "2026-05-07T15:47:46.853", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41422", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.2}, {"id": "CVE-2026-43291", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: nfc: nci: Fix parameter validation for packet data\n\nSince commit 9c328f54741b (\"net: nfc: nci: Add parameter validation for\npacket data\") communication with nci nfc chips is not working any more.\n\nThe mentioned commit tries to...", "score": 8.3, "severity": "HIGH", "published": "2026-05-08T14:16:36.120Z", "lastModified": "2026-05-14T21:08:45.257", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43291", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 40.2}, {"id": "CVE-2026-42562", "description": "Plainpad is a self hosted note taking app. Prior to version 1.1.1, Plainpad allows a low-privilege authenticated user to self-escalate to administrator by submitting admin=true in PUT /api.php/v1/users/{id}. The endpoint directly persists the admin attribute from user input, and the escalated accoun...", "score": 8.3, "severity": "HIGH", "published": "2026-05-09T20:16:28.933Z", "lastModified": "2026-05-13T15:23:57.230", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42562", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.2}, {"id": "CVE-2026-2695", "description": "A command\ninjection vulnerability was discovered\u00a0in TeamViewer DEX Platform On-Premises\n(former 1E DEX Platform On-Premises) prior to version 9.2.\u00a0Improper input validation allows\nauthenticated users with at least questioner privileges to inject commands in specific\ninstructions. Exploitation could ...", "score": 6.3, "severity": "MEDIUM", "published": "2026-05-13T17:16:19.453Z", "lastModified": "2026-05-13T18:10:51.227", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2695", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.2}, {"id": "CVE-2026-33380", "description": "A vulnerability in SQL Expressions allows an authenticated attacker to read arbitrary files from the Grafana server's filesystem. Only instances with the sqlExpressions feature toggle enabled are vulnerable.", "score": 6.3, "severity": "MEDIUM", "published": "2026-05-13T20:16:20.697Z", "lastModified": "2026-05-14T16:21:02.930", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33380", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.2}, {"id": "CVE-2026-28940", "description": "The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5. Processing a maliciously crafted image may corrupt process memory.", "score": 7.5, "severity": "HIGH", "published": "2026-05-11T21:18:55.223Z", "lastModified": "2026-05-13T14:08:47.003", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28940", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.0}, {"id": "CVE-2026-28955", "description": "The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.", "score": 7.5, "severity": "HIGH", "published": "2026-05-11T21:18:56.570Z", "lastModified": "2026-05-13T21:16:44.147", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28955", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.0}, {"id": "CVE-2025-65418", "description": "docuFORM Managed Print Service Client 11.11c is vulnerable to a directory traversal allowing attackers to read arbitrary files via crafted url.", "score": 7.5, "severity": "HIGH", "published": "2026-05-11T16:17:29.267Z", "lastModified": "2026-05-12T18:16:36.280", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65418", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.0}, {"id": "CVE-2026-31247", "description": "Docling's JATS XML backend is vulnerable to XML Entity Expansion (XXE) attacks thru 2.61.0. The backend uses etree.parse() to parse XML files without disabling entity resolution. An attacker can craft a malicious XML file containing a nested entity expansion payload (XML Bomb). When processed by Doc...", "score": 7.5, "severity": "HIGH", "published": "2026-05-11T16:17:29.743Z", "lastModified": "2026-05-13T15:47:35.667", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31247", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.0}, {"id": "CVE-2026-34087", "description": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation OATHAuth.\n\nThis issue affects OATHAuth: from * before 1.43.7, 1.44.4, 1.45.2.", "score": 7.5, "severity": "HIGH", "published": "2026-05-11T16:17:30.023Z", "lastModified": "2026-05-14T17:02:00.787", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34087", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.0}, {"id": "CVE-2026-34088", "description": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki.\n\nThis issue affects MediaWiki: from * before 1.43.7, 1.44.4, 1.45.2.", "score": 7.5, "severity": "HIGH", "published": "2026-05-11T16:17:30.157Z", "lastModified": "2026-05-14T16:43:47.327", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34088", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.0}, {"id": "CVE-2026-34090", "description": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation CheckUser.\n\nThis issue affects CheckUser: from 1.45.0 before 1.45.2.", "score": 7.5, "severity": "HIGH", "published": "2026-05-11T16:17:30.407Z", "lastModified": "2026-05-14T16:42:57.203", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34090", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.0}, {"id": "CVE-2026-34091", "description": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki.\n\nThis issue affects MediaWiki: from * before 1.43.7, 1.44.4, 1.45.2.", "score": 7.5, "severity": "HIGH", "published": "2026-05-11T16:17:30.537Z", "lastModified": "2026-05-14T16:42:10.333", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34091", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.0}, {"id": "CVE-2026-34092", "description": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki.\n\n This vulnerability is associated with program files includes/Skin/Skin.Php.\n\n\n\nThis issue affects MediaWiki: from * before 1.43.7, 1.44.4, 1.45.2.", "score": 7.5, "severity": "HIGH", "published": "2026-05-11T16:17:30.663Z", "lastModified": "2026-05-14T16:41:03.460", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34092", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.0}, {"id": "CVE-2026-31248", "description": "Docling's METS GBS backend is vulnerable to XML Entity Expansion (XXE) attacks thru 2.61.0. The backend extracts and validates XML files from .tar.gz archives using etree.fromstring() without disabling entity resolution. An attacker can craft a malicious XML file with nested entity definitions (XML ...", "score": 7.5, "severity": "HIGH", "published": "2026-05-11T17:16:19.647Z", "lastModified": "2026-05-13T15:47:35.667", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31248", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.0}, {"id": "CVE-2026-33357", "description": "In Meari client applications embedding \"com.meari.sdk\" (including CloudEdge 5.5.0 build 220, Arenti 1.8.1 build 220, and related white-label <= 1.8.x), the integrated call path to openapi-euce.mearicloud.com can be abused to retrieve WAN IP data for arbitrary devices. The root cause is a server-side...", "score": 7.5, "severity": "HIGH", "published": "2026-05-11T17:16:30.730Z", "lastModified": "2026-05-13T15:36:30.533", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33357", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.0}, {"id": "CVE-2026-33359", "description": "In Meari IoT Cloud alert image storage on Alibaba OSS (latest observed; storage service version not disclosed), motion snapshots are retrievable without authentication, signed URLs, or expiry enforcement. URLs function as direct object references and remain valid beyond expected operational windows.", "score": 7.5, "severity": "HIGH", "published": "2026-05-11T17:16:30.843Z", "lastModified": "2026-05-13T15:36:30.533", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33359", "is_exploited": false, "epss": 0, "vendor": "WINDOWS", "mts_score": 40.0}, {"id": "CVE-2026-33361", "description": "In Meari IoT SDK image handling (libmrplayer.so) as observed in CloudEdge 5.5.0 (build 220), Arenti 1.8.1 (build 220), and related white-label apps (<= 1.8.x), baby monitor \".jpgx3\" files use reversible XOR over only the first 1024 bytes with a predictable key derivation model.", "score": 7.5, "severity": "HIGH", "published": "2026-05-11T17:16:30.970Z", "lastModified": "2026-05-13T15:36:30.533", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33361", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.0}, {"id": "CVE-2026-4890", "description": "A Denial of Service (DoS) vulnerability in the DNSSEC validation of dnsmasq allows remote attackers to cause a denial of service via a crafted DNS packet.", "score": 7.5, "severity": "HIGH", "published": "2026-05-11T18:16:41.273Z", "lastModified": "2026-05-12T14:15:46.747", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4890", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.0}, {"id": "CVE-2026-2614", "description": "A vulnerability in the `_create_model_version()` handler of `mlflow/server/handlers.py` in mlflow/mlflow versions 3.9.0 and earlier allows an unauthenticated remote attacker to read arbitrary files from the server's filesystem. The issue arises when a `CreateModelVersion` request includes the tag `m...", "score": 7.5, "severity": "HIGH", "published": "2026-05-11T20:25:41.423Z", "lastModified": "2026-05-13T15:53:49.087", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2614", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.0}, {"id": "CVE-2026-28846", "description": "A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. A remote attacker may be able to cause unexpected app ter...", "score": 7.5, "severity": "HIGH", "published": "2026-05-11T21:18:51.410Z", "lastModified": "2026-05-13T13:46:03.443", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28846", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.0}, {"id": "CVE-2026-28848", "description": "A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Sequoia 15.7.7, macOS Tahoe 26.5. A remote attacker may be able to cause unexpected system termination.", "score": 7.5, "severity": "HIGH", "published": "2026-05-11T21:18:51.607Z", "lastModified": "2026-05-12T15:46:16.207", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28848", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.0}, {"id": "CVE-2026-28860", "description": "The issue was addressed with improved input validation. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. A local attacker may be able to modify the state of the Keychain...", "score": 7.5, "severity": "HIGH", "published": "2026-05-11T21:18:51.707Z", "lastModified": "2026-05-12T15:46:29.583", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28860", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.0}, {"id": "CVE-2026-28872", "description": "A resource exhaustion issue was addressed with improved input validation. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.4 and iPadOS 26.4. A remote attacker may be able to cause a denial-of-service.", "score": 7.5, "severity": "HIGH", "published": "2026-05-11T21:18:51.977Z", "lastModified": "2026-05-13T14:03:48.277", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28872", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.0}, {"id": "CVE-2026-28873", "description": "This issue was addressed with additional entitlement checks. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.4 and iPadOS 26.4. An app may be able to circumvent App Privacy Report logging.", "score": 7.5, "severity": "HIGH", "published": "2026-05-11T21:18:52.077Z", "lastModified": "2026-05-14T14:01:44.163", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28873", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.0}, {"id": "CVE-2026-28883", "description": "A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.", "score": 7.5, "severity": "HIGH", "published": "2026-05-11T21:18:52.700Z", "lastModified": "2026-05-13T21:16:41.903", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28883", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.0}, {"id": "CVE-2026-28904", "description": "The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.", "score": 7.5, "severity": "HIGH", "published": "2026-05-11T21:18:53.210Z", "lastModified": "2026-05-13T21:16:42.580", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28904", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.0}, {"id": "CVE-2026-28905", "description": "The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.", "score": 7.5, "severity": "HIGH", "published": "2026-05-11T21:18:53.310Z", "lastModified": "2026-05-13T21:16:42.743", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28905", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.0}, {"id": "CVE-2026-28906", "description": "This issue was addressed through improved state management. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, visionOS 26.5. An attacker may be able to track users through their IP address.", "score": 7.5, "severity": "HIGH", "published": "2026-05-11T21:18:53.403Z", "lastModified": "2026-05-13T14:03:00.370", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28906", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.0}, {"id": "CVE-2026-28908", "description": "A denial of service issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to modify protected parts of the file system.", "score": 7.5, "severity": "HIGH", "published": "2026-05-11T21:18:53.607Z", "lastModified": "2026-05-12T17:10:16.113", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28908", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.0}, {"id": "CVE-2026-28913", "description": "The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.", "score": 7.5, "severity": "HIGH", "published": "2026-05-11T21:18:53.803Z", "lastModified": "2026-05-13T21:16:43.070", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28913", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.0}, {"id": "CVE-2026-28924", "description": "A race condition was addressed with improved handling of symbolic links. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to access Contacts without user consent.", "score": 7.5, "severity": "HIGH", "published": "2026-05-11T21:18:54.727Z", "lastModified": "2026-05-12T17:24:52.007", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28924", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.0}, {"id": "CVE-2026-28925", "description": "A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to cause unexpected system termination or write kernel memory.", "score": 7.5, "severity": "HIGH", "published": "2026-05-11T21:18:54.823Z", "lastModified": "2026-05-12T17:24:42.147", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28925", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.0}, {"id": "CVE-2026-28929", "description": "A logic issue was addressed with improved checks. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. Replying to an email could display remote images in Mail in Lockdown Mode.", "score": 7.5, "severity": "HIGH", "published": "2026-05-11T21:18:54.927Z", "lastModified": "2026-05-12T17:24:24.677", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28929", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.0}, {"id": "CVE-2026-28930", "description": "A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.5. An app may be able to access protected user data.", "score": 7.5, "severity": "HIGH", "published": "2026-05-11T21:18:55.027Z", "lastModified": "2026-05-14T14:01:31.000", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28930", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.0}, {"id": "CVE-2026-28936", "description": "The issue was addressed with improved checks. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sonoma 14.8.7, macOS Tahoe 26.5, visionOS 26.5. Processing a maliciously crafted file may lead to unexpected app termination.", "score": 7.5, "severity": "HIGH", "published": "2026-05-11T21:18:55.123Z", "lastModified": "2026-05-14T14:01:24.020", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28936", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.0}, {"id": "CVE-2026-28943", "description": "A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, watchOS 26.5. An app may be able to determine kernel memory layout.", "score": 7.5, "severity": "HIGH", "published": "2026-05-11T21:18:55.523Z", "lastModified": "2026-05-14T14:02:04.950", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28943", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.0}, {"id": "CVE-2026-28944", "description": "The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, visionOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.", "score": 7.5, "severity": "HIGH", "published": "2026-05-11T21:18:55.627Z", "lastModified": "2026-05-13T21:16:43.530", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28944", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.0}, {"id": "CVE-2026-28952", "description": "An integer overflow was addressed with improved input validation. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to cause unexpected system termination.", "score": 7.5, "severity": "HIGH", "published": "2026-05-11T21:18:56.263Z", "lastModified": "2026-05-13T14:08:26.420", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28952", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.0}, {"id": "CVE-2026-28953", "description": "The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.", "score": 7.5, "severity": "HIGH", "published": "2026-05-11T21:18:56.367Z", "lastModified": "2026-05-13T21:16:43.987", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28953", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.0}, {"id": "CVE-2026-28954", "description": "A file quarantine bypass was addressed with additional checks. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. A maliciously crafted disk image may bypass Gatekeeper checks.", "score": 7.5, "severity": "HIGH", "published": "2026-05-11T21:18:56.467Z", "lastModified": "2026-05-12T17:21:41.890", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28954", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.0}, {"id": "CVE-2026-28959", "description": "A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. An app may be able to cause unexpected system termination...", "score": 7.5, "severity": "HIGH", "published": "2026-05-11T21:18:56.990Z", "lastModified": "2026-05-13T14:36:21.417", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28959", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.0}, {"id": "CVE-2026-28962", "description": "This issue was addressed with improved access restrictions. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, visionOS 26.5. Processing maliciously crafted web content may disclose sensitive user information.", "score": 7.5, "severity": "HIGH", "published": "2026-05-11T21:18:57.187Z", "lastModified": "2026-05-13T21:16:44.443", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28962", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.0}, {"id": "CVE-2026-28964", "description": "An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 26.5 and iPadOS 26.5, visionOS 26.5. An app may be able to access sensitive user data.", "score": 7.5, "severity": "HIGH", "published": "2026-05-11T21:18:57.387Z", "lastModified": "2026-05-12T18:46:22.673", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28964", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.0}, {"id": "CVE-2026-28965", "description": "A privacy issue was addressed with improved checks. This issue is fixed in iOS 26.5 and iPadOS 26.5. A user may be able to view restricted content from the lock screen.", "score": 7.5, "severity": "HIGH", "published": "2026-05-11T21:18:57.493Z", "lastModified": "2026-05-12T18:46:25.137", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28965", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.0}, {"id": "CVE-2026-28969", "description": "A use after free issue was addressed with improved memory management. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. An app may be able to cause unexpected system term...", "score": 7.5, "severity": "HIGH", "published": "2026-05-11T21:18:57.700Z", "lastModified": "2026-05-12T17:15:25.340", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28969", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.0}, {"id": "CVE-2026-28974", "description": "This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. An app may be able to cause a denial-of-service.", "score": 7.5, "severity": "HIGH", "published": "2026-05-11T21:18:58.017Z", "lastModified": "2026-05-12T18:46:27.880", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28974", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.0}, {"id": "CVE-2026-28976", "description": "An information leakage was addressed with additional validation. This issue is fixed in macOS Tahoe 26.5. An app may be able to gain root privileges.", "score": 7.5, "severity": "HIGH", "published": "2026-05-11T21:18:58.117Z", "lastModified": "2026-05-13T14:35:08.763", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28976", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.0}, {"id": "CVE-2026-28983", "description": "A type confusion issue was addressed with improved checks. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. A remote attacker may be able to cause a denial of service.", "score": 7.5, "severity": "HIGH", "published": "2026-05-11T21:18:58.423Z", "lastModified": "2026-05-13T14:22:10.660", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28983", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.0}, {"id": "CVE-2026-28986", "description": "A race condition was addressed with additional validation. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, watchOS 26.5. An app may be able to cause unexpected system termination.", "score": 7.5, "severity": "HIGH", "published": "2026-05-11T21:18:58.623Z", "lastModified": "2026-05-12T17:16:27.283", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28986", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.0}, {"id": "CVE-2026-28987", "description": "A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, watchOS 26.5. An app may be able to leak sensitive kernel state.", "score": 7.5, "severity": "HIGH", "published": "2026-05-11T21:18:58.720Z", "lastModified": "2026-05-12T17:16:41.177", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28987", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.0}, {"id": "CVE-2026-28990", "description": "The issue was addressed with improved memory handling. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing a maliciously crafted image may corrupt process memory.", "score": 7.5, "severity": "HIGH", "published": "2026-05-11T21:18:58.917Z", "lastModified": "2026-05-12T18:46:30.053", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28990", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.0}, {"id": "CVE-2026-28991", "description": "An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. An app may be able to cause a denial-of-service.", "score": 7.5, "severity": "HIGH", "published": "2026-05-11T21:18:59.017Z", "lastModified": "2026-05-13T14:07:52.870", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28991", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.0}, {"id": "CVE-2026-39870", "description": "The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. Processing a maliciously crafted image may corrupt process memory.", "score": 7.5, "severity": "HIGH", "published": "2026-05-11T21:18:59.947Z", "lastModified": "2026-05-13T14:39:49.847", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39870", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.0}, {"id": "CVE-2026-39871", "description": "A path handling issue was addressed with improved logic. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to observe unprotected user data.", "score": 7.5, "severity": "HIGH", "published": "2026-05-11T21:19:00.050Z", "lastModified": "2026-05-12T17:17:16.833", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39871", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.0}, {"id": "CVE-2026-43652", "description": "A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.5. An app may be able to access protected user data.", "score": 7.5, "severity": "HIGH", "published": "2026-05-11T21:19:00.970Z", "lastModified": "2026-05-14T14:33:02.870", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43652", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.0}, {"id": "CVE-2026-43654", "description": "The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. An app may be able to disclose kernel memory.", "score": 7.5, "severity": "HIGH", "published": "2026-05-11T21:19:01.170Z", "lastModified": "2026-05-14T14:32:57.157", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43654", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.0}, {"id": "CVE-2026-43658", "description": "The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.", "score": 7.5, "severity": "HIGH", "published": "2026-05-11T21:19:01.487Z", "lastModified": "2026-05-13T21:16:47.350", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43658", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.0}, {"id": "CVE-2026-43660", "description": "A validation issue was addressed with improved logic. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may prevent Content Security Policy from being enforc...", "score": 7.5, "severity": "HIGH", "published": "2026-05-11T21:19:01.720Z", "lastModified": "2026-05-13T21:16:47.520", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43660", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.0}, {"id": "CVE-2026-43661", "description": "A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, watchOS 26.5. Processing a maliciously crafted image may corrupt process memory.", "score": 7.5, "severity": "HIGH", "published": "2026-05-11T21:19:01.823Z", "lastModified": "2026-05-12T17:51:34.147", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43661", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.0}, {"id": "CVE-2026-43668", "description": "A use after free issue was addressed with improved memory management. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. A remote attacker may be able to cause unexpected ...", "score": 7.5, "severity": "HIGH", "published": "2026-05-11T21:19:02.023Z", "lastModified": "2026-05-13T14:06:28.080", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43668", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.0}, {"id": "CVE-2026-43873", "description": "WWBN AVideo is an open source video platform. In versions up to and including 29.0, plugin/CloneSite/cloneClient.json.php echoes the local CloneSite shared secret ($objClone->myKey, a constant md5($global['systemRootPath'] . $global['salt'])) into the HTTP response body on every unauthenticated requ...", "score": 7.5, "severity": "HIGH", "published": "2026-05-11T22:22:11.703Z", "lastModified": "2026-05-12T14:50:18.527", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43873", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.0}, {"id": "CVE-2026-7287", "description": "** UNSUPPORTED WHEN ASSIGNED ** A buffer overflow vulnerability in the formWep(), formWlAc(), formPasswordSetup(), formUpgradeCert(), and formDelcert() functions of the \u201cwebs\u201d binary in Zyxel NWA1100-N customized firmware version 1.00(AACE.1)C0 could allow an attacker to trigger a denial-of-service ...", "score": 7.5, "severity": "HIGH", "published": "2026-05-12T04:16:29.637Z", "lastModified": "2026-05-12T15:11:29.503", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7287", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.0}, {"id": "CVE-2026-2993", "description": "The AI Chatbot & Workflow Automation by AIWU plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.4.17 due to insufficient escaping on user supplied parameters and lack of sufficient preparation on the existing SQL query in the getListForTbl() function. This makes ...", "score": 7.5, "severity": "HIGH", "published": "2026-05-12T09:16:40.030Z", "lastModified": "2026-05-12T14:03:52.757", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2993", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.0}, {"id": "CVE-2025-40833", "description": "The affected devices contain a null pointer dereference vulnerability while processing specially crafted IPv4 requests. This could allow an attacker to cause denial of service condition. A manual restart is required to recover the system.", "score": 7.5, "severity": "HIGH", "published": "2026-05-12T10:16:41.883Z", "lastModified": "2026-05-12T14:19:41.400", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40833", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.0}, {"id": "CVE-2025-40947", "description": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.1), RUGGEDCOM ROX MX5000RE (All versions < V2.17.1), RUGGEDCOM ROX RX1400 (All versions < V2.17.1), RUGGEDCOM ROX RX1500 (All versions < V2.17.1), RUGGEDCOM ROX RX1501 (All versions < V2.17.1), RUGGEDCOM ROX RX1510 (Al...", "score": 7.5, "severity": "HIGH", "published": "2026-05-12T10:16:43.053Z", "lastModified": "2026-05-12T14:19:41.400", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40947", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.0}, {"id": "CVE-2026-22925", "description": "A vulnerability has been identified in SIMATIC CN 4100 (All versions < V5.0). The affected application is susceptible to resource exhaustion when subjected to high volume of TCP SYN packets\r\nThis could allow an attacker to render the service unavailable and cause denial-of-service conditions by over...", "score": 7.5, "severity": "HIGH", "published": "2026-05-12T10:16:44.057Z", "lastModified": "2026-05-12T14:19:41.400", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22925", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.0}, {"id": "CVE-2026-33893", "description": "A vulnerability has been identified in Teamcenter V2312 (All versions < V2312.0014), Teamcenter V2406 (All versions < V2406.0012), Teamcenter V2412 (All versions < V2412.0009), Teamcenter V2506 (All versions < V2506.0005), Teamcenter V2512 (All versions). The affected application contains hardcoded ...", "score": 7.5, "severity": "HIGH", "published": "2026-05-12T10:16:45.913Z", "lastModified": "2026-05-12T14:19:41.400", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33893", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.0}, {"id": "CVE-2026-8159", "description": "multiparty@4.2.3 and lower versions are vulnerable to denial of service via regular expression backtracking in the Content-Disposition filename parameter parser. A crafted multipart upload with a long header value can cause regex matching to take seconds, blocking the event loop. Impact: any service...", "score": 7.5, "severity": "HIGH", "published": "2026-05-12T10:16:48.857Z", "lastModified": "2026-05-13T14:44:31.283", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8159", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.0}, {"id": "CVE-2026-8161", "description": "multiparty@4.2.3 and lower versions are vulnerable to denial of service via uncaught exception. By sending a multipart/form-data request with a field name that collides with an inherited Object.prototype property such as __proto__, constructor, or toString, the parser invokes .push() on the inherite...", "score": 7.5, "severity": "HIGH", "published": "2026-05-12T10:16:48.987Z", "lastModified": "2026-05-13T14:43:57.590", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8161", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.0}, {"id": "CVE-2026-8162", "description": "multiparty@4.2.3 and lower versions are vulnerable to denial of service via uncaught exception. By sending a multipart/form-data request with a Content-Disposition header whose filename* parameter contains a malformed percent-encoding, the parser invokes decodeURI on the value without try/catch. The...", "score": 7.5, "severity": "HIGH", "published": "2026-05-12T10:16:49.110Z", "lastModified": "2026-05-13T14:43:47.950", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8162", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.0}, {"id": "CVE-2026-41712", "description": "Spring AI's chat memory component contained a problematic default that, when not explicitly overridden, could result in unintended data exposure between users.", "score": 7.5, "severity": "HIGH", "published": "2026-05-12T11:16:19.403Z", "lastModified": "2026-05-12T19:26:04.083", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41712", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.0}, {"id": "CVE-2026-41284", "description": "Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117.\nOlder, unsupported versions may also be affected.\n\nUsers are recommended to upgrade t...", "score": 7.5, "severity": "HIGH", "published": "2026-05-12T16:16:15.933Z", "lastModified": "2026-05-14T18:59:48.383", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41284", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.0}, {"id": "CVE-2026-43513", "description": "Improper Handling of Case Sensitivity vulnerability in LockOutRealm in Apache Tomcat.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 8.5.0 through 8.5.100, from 7.0.0 through 7.0.109.\nOlder unsupported versions m...", "score": 7.5, "severity": "HIGH", "published": "2026-05-12T16:16:18.177Z", "lastModified": "2026-05-14T20:17:05.727", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43513", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.0}, {"id": "CVE-2025-46311", "description": "An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2. An app may be able to access sensitive user data.", "score": 7.5, "severity": "HIGH", "published": "2026-05-12T18:16:35.577Z", "lastModified": "2026-05-12T19:47:22.873", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46311", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.0}, {"id": "CVE-2026-31240", "description": "The mem0 1.0.0 server lacks authentication and authorization controls for its memory management API endpoints. Critical functions such as updating memory records (PUT /memories/{memory_id}) are exposed without any verification of the requester's identity or permissions. A remote attacker can exploit...", "score": 7.5, "severity": "HIGH", "published": "2026-05-12T18:16:52.443Z", "lastModified": "2026-05-14T20:17:03.757", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31240", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.0}, {"id": "CVE-2026-32161", "description": "Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Native WiFi Miniport Driver allows an unauthorized attacker to execute code over an adjacent network.", "score": 7.5, "severity": "HIGH", "published": "2026-05-12T18:16:57.290Z", "lastModified": "2026-05-14T14:54:15.077", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32161", "is_exploited": false, "epss": 0, "vendor": "WINDOWS", "mts_score": 40.0}, {"id": "CVE-2026-35424", "description": "Missing release of memory after effective lifetime in Windows Internet Key Exchange (IKE) Protocol allows an unauthorized attacker to deny service over a network.", "score": 7.5, "severity": "HIGH", "published": "2026-05-12T18:17:13.253Z", "lastModified": "2026-05-14T18:02:26.260", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35424", "is_exploited": false, "epss": 0, "vendor": "WINDOWS", "mts_score": 40.0}, {"id": "CVE-2026-40405", "description": "Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over a network.", "score": 7.5, "severity": "HIGH", "published": "2026-05-12T18:17:18.310Z", "lastModified": "2026-05-13T15:34:52.573", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40405", "is_exploited": false, "epss": 0, "vendor": "WINDOWS", "mts_score": 40.0}, {"id": "CVE-2026-40406", "description": "Use after free in Windows TCP/IP allows an unauthorized attacker to disclose information over a network.", "score": 7.5, "severity": "HIGH", "published": "2026-05-12T18:17:18.430Z", "lastModified": "2026-05-13T15:34:52.573", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40406", "is_exploited": false, "epss": 0, "vendor": "WINDOWS", "mts_score": 40.0}, {"id": "CVE-2026-41895", "description": "changedetection.io is a free open source web page change detection tool. In 0.54.9 and earlier, xpath_filter() switches to XML mode for XML/RSS content and creates etree.XMLParser(strip_cdata=False) without explicitly disabling external entity resolution, external DTD loading, or network-backed enti...", "score": 7.5, "severity": "HIGH", "published": "2026-05-12T18:17:23.493Z", "lastModified": "2026-05-13T22:39:00.723", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41895", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.0}, {"id": "CVE-2026-42899", "description": "Loop with unreachable exit condition ('infinite loop') in ASP.NET Core allows an unauthorized attacker to deny service over a network.", "score": 7.5, "severity": "HIGH", "published": "2026-05-12T18:17:26.733Z", "lastModified": "2026-05-13T18:39:43.843", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42899", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.0}, {"id": "CVE-2026-43891", "description": "changedetection.io is a free open source web page change detection tool. Prior to 0.55.1, the vulnerability is caused by trusting attacker-controlled snapshot paths restored from backup files. The vulnerable flow starts in the backup restore logic. When a backup ZIP is restored, the application extr...", "score": 7.5, "severity": "HIGH", "published": "2026-05-12T18:17:28.493Z", "lastModified": "2026-05-13T18:23:27.920", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43891", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.0}, {"id": "CVE-2026-44167", "description": "phpseclib is a PHP secure communications library. Prior to 1.0.29, 2.0.54, and 3.0.52, anyone loading untrusted ASN1 files (eg. X509 certificates, RSA PKCS8 private or public keys, etc). This is a bypass of CVE-2024-27355. This vulnerability is fixed in 1.0.29, 2.0.54, and 3.0.52.", "score": 7.5, "severity": "HIGH", "published": "2026-05-12T18:17:29.273Z", "lastModified": "2026-05-13T18:24:31.310", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44167", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.0}, {"id": "CVE-2026-23824", "description": "Vulnerabilities exist in a protocol-handling component of AOS-8 and AOS-10 Operating Systems. An unauthenticated attacker could exploit these vulnerabilities by sending specially crafted network messages to the affected service.  Due to insufficient input validation, successful exploitation may term...", "score": 7.5, "severity": "HIGH", "published": "2026-05-12T20:16:31.463Z", "lastModified": "2026-05-13T15:35:17.550", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23824", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.0}, {"id": "CVE-2026-23825", "description": "Vulnerabilities exist in a protocol-handling component of AOS-8 and AOS-10 Operating Systems. An unauthenticated attacker could exploit these vulnerabilities by sending specially crafted network messages to the affected service.  Due to insufficient input validation, successful exploitation may term...", "score": 7.5, "severity": "HIGH", "published": "2026-05-12T20:16:31.573Z", "lastModified": "2026-05-13T16:16:36.680", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23825", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.0}, {"id": "CVE-2026-23826", "description": "A vulnerability in a network management service of AOS-8 Operating System could allow an unauthenticated remote attacker to exploit this vulnerability by sending specially crafted network packets to the affected device, potentially resulting in a denial-of-service condition. Successful exploitation ...", "score": 7.5, "severity": "HIGH", "published": "2026-05-12T20:16:31.683Z", "lastModified": "2026-05-13T16:16:36.787", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23826", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.0}, {"id": "CVE-2026-23827", "description": "A heap-based buffer overflow vulnerability exists in a Network management service of AOS-8 and AOS-10 that could allow an unauthenticated remote attacker to achieve remote code execution. Successful exploitation could allow an unauthenticated attacker to execute arbitrary code as a privileged user o...", "score": 7.5, "severity": "HIGH", "published": "2026-05-12T20:16:31.797Z", "lastModified": "2026-05-13T16:16:36.890", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23827", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.0}, {"id": "CVE-2026-34645", "description": "Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorize...", "score": 7.5, "severity": "HIGH", "published": "2026-05-12T20:16:35.423Z", "lastModified": "2026-05-13T14:49:11.830", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34645", "is_exploited": false, "epss": 0, "vendor": "ADOBE", "mts_score": 40.0}, {"id": "CVE-2026-34646", "description": "Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorize...", "score": 7.5, "severity": "HIGH", "published": "2026-05-12T20:16:35.560Z", "lastModified": "2026-05-13T14:49:11.830", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34646", "is_exploited": false, "epss": 0, "vendor": "ADOBE", "mts_score": 40.0}, {"id": "CVE-2026-34648", "description": "Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to exhaust system resources, resultin...", "score": 7.5, "severity": "HIGH", "published": "2026-05-12T20:16:35.797Z", "lastModified": "2026-05-13T14:49:11.830", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34648", "is_exploited": false, "epss": 0, "vendor": "ADOBE", "mts_score": 40.0}, {"id": "CVE-2026-34649", "description": "Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to exhaust system resources, resultin...", "score": 7.5, "severity": "HIGH", "published": "2026-05-12T20:16:35.917Z", "lastModified": "2026-05-13T14:49:11.830", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34649", "is_exploited": false, "epss": 0, "vendor": "ADOBE", "mts_score": 40.0}, {"id": "CVE-2026-34650", "description": "Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to exhaust system resources, resultin...", "score": 7.5, "severity": "HIGH", "published": "2026-05-12T20:16:36.033Z", "lastModified": "2026-05-13T14:49:11.830", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34650", "is_exploited": false, "epss": 0, "vendor": "ADOBE", "mts_score": 40.0}, {"id": "CVE-2026-34651", "description": "Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to exhaust system resources, resultin...", "score": 7.5, "severity": "HIGH", "published": "2026-05-12T20:16:36.150Z", "lastModified": "2026-05-13T14:49:11.830", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34651", "is_exploited": false, "epss": 0, "vendor": "ADOBE", "mts_score": 40.0}, {"id": "CVE-2026-34652", "description": "Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a Dependency on Vulnerable Third-Party Component vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the applica...", "score": 7.5, "severity": "HIGH", "published": "2026-05-12T20:16:36.273Z", "lastModified": "2026-05-13T14:49:11.830", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34652", "is_exploited": false, "epss": 0, "vendor": "ADOBE", "mts_score": 40.0}, {"id": "CVE-2026-34665", "description": "CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service cond...", "score": 7.5, "severity": "HIGH", "published": "2026-05-12T20:16:37.013Z", "lastModified": "2026-05-13T14:49:11.830", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34665", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.0}, {"id": "CVE-2026-44240", "description": "basic-ftp is an FTP client for Node.js. Prior to 5.3.1, basic-ftp is vulnerable to client-side denial of service when parsing FTP control-channel multiline responses. A malicious or compromised FTP server can send an unterminated multiline response during the initial FTP banner phase, before authent...", "score": 7.5, "severity": "HIGH", "published": "2026-05-12T21:16:16.410Z", "lastModified": "2026-05-14T13:16:19.250", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44240", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.0}, {"id": "CVE-2026-40863", "description": "PhpSpreadsheet is a pure PHP library for reading and writing spreadsheet files. Prior to 1.30.4, 2.1.16, 2.4.5, 3.10.5, and 5.7.0, the SpreadsheetML XML reader (Reader\\Xml) does not validate the ss:Index row attribute against the maximum allowed row count (AddressRange::MAX_ROW = 1,048,576). An atta...", "score": 7.5, "severity": "HIGH", "published": "2026-05-12T22:16:33.783Z", "lastModified": "2026-05-13T18:01:19.827", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40863", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.0}, {"id": "CVE-2026-40902", "description": "PhpSpreadsheet is a pure PHP library for reading and writing spreadsheet files. Prior to 1.30.4, 2.1.16, 2.4.5, 3.10.5, and 5.7.0, the XLSX reader's ColumnAndRowAttributes::readRowAttributes() method reads row numbers from XML attributes without validating them against the spreadsheet maximum row li...", "score": 7.5, "severity": "HIGH", "published": "2026-05-12T22:16:33.923Z", "lastModified": "2026-05-14T14:50:17.350", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40902", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.0}, {"id": "CVE-2026-42268", "description": "ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. From 3.0.0 to before 3.0.15, there is an unhandled exception (std::out_of_range) caused by unsigned integer underflow in libmodsecurity3 if the user (administrator) uses a rule any of @veri...", "score": 7.5, "severity": "HIGH", "published": "2026-05-12T22:16:34.337Z", "lastModified": "2026-05-14T14:49:57.730", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42268", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.0}, {"id": "CVE-2026-42544", "description": "Granian is a Rust HTTP server for Python applications. From 1.2.0 to 2.7.4, Granian aborts a worker process when an unauthenticated client sends a WebSocket upgrade request whose Sec-WebSocket-Protocol header contains non-ASCII bytes. The crash happens in Granian's WebSocket scope construction path,...", "score": 7.5, "severity": "HIGH", "published": "2026-05-12T22:16:34.467Z", "lastModified": "2026-05-13T16:10:57.817", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42544", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.0}, {"id": "CVE-2026-42855", "description": "arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Prior to 3.3.8, the WebServer Digest authentication implementation in arduino-esp32 computes the authentication hash using the URI field from the client's Authorization header, witho...", "score": 7.5, "severity": "HIGH", "published": "2026-05-12T22:16:35.067Z", "lastModified": "2026-05-13T16:08:17.590", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42855", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.0}, {"id": "CVE-2026-44241", "description": "Micronaut Framework is a JVM-based full stack Java framework designed for building modular, easily testable JVM applications. From 4.3.0 to before 4.10.22, TimeConverterRegistrar caches DateTimeFormatter instances in an unbounded ConcurrentHashMap<String, DateTimeFormatter> whose key is derived from...", "score": 7.5, "severity": "HIGH", "published": "2026-05-12T22:16:35.473Z", "lastModified": "2026-05-13T16:16:54.930", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44241", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.0}, {"id": "CVE-2026-44296", "description": "Deskflow is a keyboard and mouse sharing app. Prior to 1.26.0.167, a remote, unauthenticated denial of service (DoS) vulnerability affects Deskflow servers running with TLS enabled (the default). When any TCP peer connects to the listening port and its first bytes do not parse as a valid TLS ClientH...", "score": 7.5, "severity": "HIGH", "published": "2026-05-12T22:16:36.707Z", "lastModified": "2026-05-13T16:10:57.817", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44296", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.0}, {"id": "CVE-2026-44302", "description": "Snappier is a high performance C# implementation of the Snappy compression algorithm. Prior to 1.3.1, Snappier.SnappyStream enters an uncatchable infinite loop when decompressing a malformed framed-format Snappy stream as small as 15 bytes. This vulnerability is fixed in 1.3.1.", "score": 7.5, "severity": "HIGH", "published": "2026-05-12T22:16:36.997Z", "lastModified": "2026-05-13T18:15:26.870", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44302", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.0}, {"id": "CVE-2026-1250", "description": "The Court Reservation \u2013 Manage Your Court Bookings Online plugin for WordPress is vulnerable to generic SQL Injection via the \u2018id\u2019 parameter in all versions up to, and including, 1.10.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQ...", "score": 7.5, "severity": "HIGH", "published": "2026-05-12T23:16:16.803Z", "lastModified": "2026-05-13T14:43:46.717", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1250", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 40.0}, {"id": "CVE-2026-41669", "description": "Admidio is an open-source user management solution. Prior to version 5.0.9, the Admidio SAML Identity Provider implementation discards the return value of its validateSignature() method at both call sites (handleSSORequest() line 418 and handleSLORequest() line 613). The method returns error strings...", "score": 8.2, "severity": "HIGH", "published": "2026-05-07T04:16:30.400Z", "lastModified": "2026-05-07T15:16:08.460", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41669", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 39.8}, {"id": "CVE-2026-41670", "description": "Admidio is an open-source user management solution. Prior to version 5.0.9, the SAML IdP implementation in Admidio's SSO module uses the AssertionConsumerServiceURL value directly from incoming SAML AuthnRequest messages as the destination for the SAML response, without validating it against the reg...", "score": 8.2, "severity": "HIGH", "published": "2026-05-07T04:16:30.993Z", "lastModified": "2026-05-07T15:16:08.560", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41670", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 39.8}, {"id": "CVE-2026-34327", "description": "Externally controlled reference to a resource in another sphere in Microsoft Partner Center allows an unauthorized attacker to perform spoofing over a network.", "score": 8.2, "severity": "HIGH", "published": "2026-05-07T22:16:34.540Z", "lastModified": "2026-05-08T20:03:28.287", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34327", "is_exploited": false, "epss": 0, "vendor": "MICROSOFT", "mts_score": 39.8}, {"id": "CVE-2026-43365", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfs: fix undersized l_iclog_roundoff values\n\nIf the superblock doesn't list a log stripe unit, we set the incore log\nroundoff value to 512.  This leads to corrupt logs and unmountable\nfilesystems in generic/617 on a disk with 4k ph...", "score": 8.2, "severity": "HIGH", "published": "2026-05-08T15:16:47.490Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43365", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 39.8}, {"id": "CVE-2026-43452", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: x_tables: guard option walkers against 1-byte tail reads\n\nWhen the last byte of options is a non-single-byte option kind, walkers\nthat advance with i += op[i + 1] ? : 1 can read op[i + 1] past the end\nof the option area....", "score": 8.2, "severity": "HIGH", "published": "2026-05-08T15:16:57.900Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43452", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 39.8}, {"id": "CVE-2026-43466", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Fix DMA FIFO desync on error CQE SQ recovery\n\nIn case of a TX error CQE, a recovery flow is triggered,\nmlx5e_reset_txqsq_cc_pc() resets dma_fifo_cc to 0 but not dma_fifo_pc,\ndesyncing the DMA FIFO producer and consumer.\n...", "score": 8.2, "severity": "HIGH", "published": "2026-05-08T15:16:59.543Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43466", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 39.8}, {"id": "CVE-2026-29972", "description": "nanoMODBUS through v1.22.0 has a stack-based buffer overflow in recv_read_registers_res() in nanomodbus.c. When a client calls nmbs_read_holding_registers() or nmbs_read_input_registers(), the library writes register data from the server response to the caller-provided buffer based on the response's...", "score": 8.2, "severity": "HIGH", "published": "2026-05-08T16:16:09.960Z", "lastModified": "2026-05-13T15:46:19.993", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29972", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 39.8}, {"id": "CVE-2026-41693", "description": "i18next-fs-backend is a backend layer for i18next using in Node.js and for Deno to load translations from the filesystem. Prior to version 2.6.4, i18next-fs-backend substitutes the lng and ns options directly into the configured loadPath / addPath templates and then read / write the resulting file f...", "score": 8.2, "severity": "HIGH", "published": "2026-05-08T16:16:11.613Z", "lastModified": "2026-05-12T15:29:40.830", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41693", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 39.8}, {"id": "CVE-2026-42353", "description": "i18next-http-middleware is a middleware to be used with Node.js web frameworks like express or Fastify and also for Deno. Prior to version 3.9.3, i18next-http-middleware passes the user-controlled lng and ns values from getResourcesHandler directly into i18next.services.backendConnector.load(languag...", "score": 8.2, "severity": "HIGH", "published": "2026-05-08T16:16:12.197Z", "lastModified": "2026-05-12T15:29:40.830", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42353", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 39.8}, {"id": "CVE-2021-47928", "description": "Opencart TMD Vendor System 3.x contains a blind SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the product_id parameter. Attackers can craft malicious SQL queries using time-based or content-based blind injection techni...", "score": 8.2, "severity": "HIGH", "published": "2026-05-10T13:16:28.863Z", "lastModified": "2026-05-12T14:24:15.210", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47928", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 39.8}, {"id": "CVE-2021-47930", "description": "Balbooa Joomla Forms Builder 2.0.6 contains an unauthenticated SQL injection vulnerability in the form submission handler that allows remote attackers to execute arbitrary SQL queries. Attackers can send POST requests to the com_baforms component with malicious JSON payloads in the 'id' field parame...", "score": 8.2, "severity": "HIGH", "published": "2026-05-10T13:16:29.163Z", "lastModified": "2026-05-12T14:47:03.570", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47930", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 39.8}, {"id": "CVE-2021-47941", "description": "WordPress Plugin Survey & Poll 1.5.7.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the wp_sap cookie parameter. Attackers can craft SQL payloads in the cookie to extract sensitive database informat...", "score": 8.2, "severity": "HIGH", "published": "2026-05-10T13:16:30.493Z", "lastModified": "2026-05-12T14:24:15.210", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47941", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 39.8}, {"id": "CVE-2024-51395", "description": "Buffer Overflow vulnerability in Ardupiot Copter Latest commit 92693e023793133e49a035daf37c14433e484778 allows a local attacker to cause a denial of service via the AP_SmartAudio::loop, AP_SmartAudio, AP_SmartAudio.cpp components.", "score": 6.2, "severity": "MEDIUM", "published": "2026-05-13T16:16:34.663Z", "lastModified": "2026-05-14T13:16:15.970", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51395", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 39.8}, {"id": "CVE-2024-48519", "description": "Buffer Overflow vulnerability in Ardupilot rover commit v.c56439b045162058df0ff136afea3081fcd06d38 allows a local attacker to cause a denial of service via the AP_InertialSensor_ADIS1647x.cpp, ArduRover, ADIS1647x Sensor component.", "score": 6.2, "severity": "MEDIUM", "published": "2026-05-13T17:16:18.193Z", "lastModified": "2026-05-14T13:16:14.943", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-48519", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 39.8}, {"id": "CVE-2026-41872", "description": "\"Kura Sushi Official App\" provided by EPG, Inc. is vulnerable to improper certificate validation. A man-in-the-middle attack may allow eavesdropping on, or altering, the communication on push notifications between the affected application and the relevant server.", "score": 7.4, "severity": "HIGH", "published": "2026-05-12T06:16:09.400Z", "lastModified": "2026-05-12T15:10:27.993", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41872", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 39.6}, {"id": "CVE-2026-27851", "description": "When safe filter is used with variable expansion, all following pipelines on the same string are incorrectly interpreted as safe too, enabling unsafe data to be unescaped. This can enable SQL / LDAP injection attacks when used in authentication. Avoid using safe filter until on fixed version. No pub...", "score": 7.4, "severity": "HIGH", "published": "2026-05-12T14:16:56.857Z", "lastModified": "2026-05-12T15:08:22.857", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27851", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 39.6}, {"id": "CVE-2026-40413", "description": "Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over an adjacent network.", "score": 7.4, "severity": "HIGH", "published": "2026-05-12T18:17:19.167Z", "lastModified": "2026-05-13T15:34:52.573", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40413", "is_exploited": false, "epss": 0, "vendor": "WINDOWS", "mts_score": 39.6}, {"id": "CVE-2026-40414", "description": "Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over an adjacent network.", "score": 7.4, "severity": "HIGH", "published": "2026-05-12T18:17:19.350Z", "lastModified": "2026-05-13T15:34:52.573", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40414", "is_exploited": false, "epss": 0, "vendor": "WINDOWS", "mts_score": 39.6}, {"id": "CVE-2026-41107", "description": "External control of file name or path in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network.", "score": 7.4, "severity": "HIGH", "published": "2026-05-12T18:17:22.077Z", "lastModified": "2026-05-13T15:34:52.573", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41107", "is_exploited": false, "epss": 0, "vendor": "MICROSOFT", "mts_score": 39.6}, {"id": "CVE-2026-42893", "description": "Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to perform tampering over a network.", "score": 7.4, "severity": "HIGH", "published": "2026-05-12T18:17:26.343Z", "lastModified": "2026-05-13T18:37:09.340", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42893", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 39.6}, {"id": "CVE-2026-34647", "description": "Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain u...", "score": 7.4, "severity": "HIGH", "published": "2026-05-12T20:16:35.677Z", "lastModified": "2026-05-13T14:49:11.830", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34647", "is_exploited": false, "epss": 0, "vendor": "ADOBE", "mts_score": 39.6}, {"id": "CVE-2026-36760", "description": "An issue in the fileMd5 parameter in the /a/file/upload endpoint of JeeSite v5.15.1 allows authenticated attackers with file upload permissions to execute a path traversal and write arbitrary files with whitelisted suffixes to arbitrary filesystem locations while chunked upload is enabled.", "score": 9.6, "severity": "CRITICAL", "published": "2026-04-30T17:16:26.050Z", "lastModified": "2026-04-30T18:16:28.927", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-36760", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 39.4}, {"id": "CVE-2026-25293", "description": "Buffer overflow due to incorrect authorization in PLC FW", "score": 9.6, "severity": "CRITICAL", "published": "2026-05-04T17:16:22.270Z", "lastModified": "2026-05-06T18:01:11.410", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25293", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 39.4}, {"id": "CVE-2026-42090", "description": "Notesnook is a note-taking app focused on user privacy & ease of use. Prior to Notesnook Web/Desktop version 3.3.15 and prior to Notesnook iOS/Android version 3.3.20, a stored XSS vulnerability in the note export flow can be escalated to remote code execution in the desktop app. The root cause is th...", "score": 9.6, "severity": "CRITICAL", "published": "2026-05-04T17:16:25.190Z", "lastModified": "2026-05-12T18:45:43.370", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42090", "is_exploited": false, "epss": 0, "vendor": "ANDROID", "mts_score": 39.4}, {"id": "CVE-2026-42087", "description": "OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. From version 6.7.0 to before version 7.0.0-rc3, a SQL injection vulnerability exists in the Time-Series Database (TSDB) component of COSMOS. The tsdb_lookup function in the cvt_mod...", "score": 9.6, "severity": "CRITICAL", "published": "2026-05-04T18:16:30.830Z", "lastModified": "2026-05-08T19:53:16.883", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42087", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 39.4}, {"id": "CVE-2026-42088", "description": "OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to version 7.0.0-rc3, the Script Runner widget allows users to execute Python and Ruby scripts directly from the openc3-COSMOS-script-runner-api container. Because all the do...", "score": 9.6, "severity": "CRITICAL", "published": "2026-05-04T18:16:31.007Z", "lastModified": "2026-05-13T20:47:46.973", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42088", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 39.4}, {"id": "CVE-2026-42235", "description": "n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an unauthenticated attacker could register a malicious MCP OAuth client with a crafted client_name. If a victim user authorized the OAuth consent dialog and a second user subsequently revoked that acc...", "score": 9.6, "severity": "CRITICAL", "published": "2026-05-04T19:16:06.173Z", "lastModified": "2026-05-06T18:05:44.303", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42235", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 39.4}, {"id": "CVE-2026-7908", "description": "Use after free in Fullscreen in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)", "score": 9.6, "severity": "CRITICAL", "published": "2026-05-06T19:16:39.097Z", "lastModified": "2026-05-06T23:41:13.650", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7908", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 39.4}, {"id": "CVE-2026-7910", "description": "Use after free in Views in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: High)", "score": 9.6, "severity": "CRITICAL", "published": "2026-05-06T19:16:39.287Z", "lastModified": "2026-05-12T20:16:46.490", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7910", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 39.4}, {"id": "CVE-2026-43581", "description": "OpenClaw before 2026.4.10 contains an improper network binding vulnerability in the sandbox browser CDP relay that exposes Chrome DevTools Protocol on 0.0.0.0. Attackers can access the DevTools protocol outside intended local sandbox boundaries by exploiting the overly broad binding configuration.", "score": 9.6, "severity": "CRITICAL", "published": "2026-05-06T20:16:33.920Z", "lastModified": "2026-05-07T14:41:17.497", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43581", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 39.4}, {"id": "CVE-2026-44112", "description": "OpenClaw before 2026.4.22 contains a time-of-check/time-of-use race condition in OpenShell sandbox filesystem writes that allows attackers to redirect writes outside the intended mount root. Attackers can exploit symlink swaps during filesystem operations to bypass sandbox restrictions and write fil...", "score": 9.6, "severity": "CRITICAL", "published": "2026-05-06T20:16:35.057Z", "lastModified": "2026-05-13T17:16:22.473", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44112", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 39.4}, {"id": "CVE-2026-7252", "description": "The WP-Optimize \u2013 Cache, Compress images, Minify & Clean database to boost page speed & performance plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the unscheduled_original_file_deletion function in all versions up to, and including, 4.5.2 Th...", "score": 8.1, "severity": "HIGH", "published": "2026-05-07T06:16:05.567Z", "lastModified": "2026-05-07T14:00:05.650", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7252", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 39.4}, {"id": "CVE-2025-9661", "description": "OS command injection vulneravility in the management gui (maintenance utility) of Hitachi Virtual Storage Platform One Block 23, 24, 26 and 28.\n\nThis issue affects Hitachi Virtual Storage Platform One Block 23/24/26/28: before DKCMAIN A3-04-21-40/00, ESM A3-04-21/00.", "score": 8.1, "severity": "HIGH", "published": "2026-05-07T08:16:00.317Z", "lastModified": "2026-05-08T16:59:28.053", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9661", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 39.4}, {"id": "CVE-2026-33588", "description": "Lack of user input validation in the file upload functionality of Open Notebook v1.8.3 allows the application user to create or modify files on the docker container via path traversal.", "score": 8.1, "severity": "HIGH", "published": "2026-05-07T11:16:01.020Z", "lastModified": "2026-05-07T20:00:33.230", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33588", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 39.4}, {"id": "CVE-2026-8092", "description": "Memory safety bugs present in Thunderbird ESR 140.10.1 and Thunderbird 150.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150.0.2, Firefox ESR 1...", "score": 8.1, "severity": "HIGH", "published": "2026-05-07T13:16:14.203Z", "lastModified": "2026-05-11T15:16:40.053", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8092", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 39.4}, {"id": "CVE-2026-8093", "description": "Memory safety bugs present in Thunderbird 150.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150.0.2 and Thunderbird 150.0.2.", "score": 8.1, "severity": "HIGH", "published": "2026-05-07T13:16:14.317Z", "lastModified": "2026-05-11T15:12:48.440", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8093", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 39.4}, {"id": "CVE-2026-41654", "description": "Weblate is a web based localization tool. Prior to version 5.17.1, an authenticated user with project.add permission (default on hosted Weblate SaaS and for any user holding an active billing/trial plan) can import a crafted project backup ZIP whose components/<name>.json contains an attacker-chosen...", "score": 8.1, "severity": "HIGH", "published": "2026-05-07T15:16:07.907Z", "lastModified": "2026-05-11T15:30:11.730", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41654", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 39.4}, {"id": "CVE-2026-42284", "description": "GitPython is a python library used to interact with Git repositories. Prior to version 3.1.47, _clone() validates multi_options as the original list, then executes shlex.split(\" \".join(multi_options)). A string like \"--branch main --config core.hooksPath=/x\" passes validation (starts with --branch),...", "score": 8.1, "severity": "HIGH", "published": "2026-05-07T19:16:01.783Z", "lastModified": "2026-05-08T23:16:36.250", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42284", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 39.4}, {"id": "CVE-2026-42239", "description": "Budibase is an open-source low-code platform. Prior to version 3.35.10, the budibase:auth cookie containing the JWT session token is set with httpOnly: false at packages/backend-core/src/utils/utils.ts:218. JavaScript can read this cookie via document.cookie. This means every XSS becomes a full acco...", "score": 8.1, "severity": "HIGH", "published": "2026-05-07T20:16:44.097Z", "lastModified": "2026-05-07T20:35:58.117", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42239", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 39.4}, {"id": "CVE-2026-41105", "description": "Server-side request forgery (ssrf) in Azure Notification Service allows an authorized attacker to elevate privileges over a network.", "score": 8.1, "severity": "HIGH", "published": "2026-05-07T22:16:35.183Z", "lastModified": "2026-05-14T14:27:25.660", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41105", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 39.4}, {"id": "CVE-2022-50994", "description": "DrayTek Vigor 2960 firmware versions prior to 1.5.1.4 contain an OS command injection vulnerability in the CGI login handler that allows unauthenticated remote attackers to execute arbitrary commands by injecting shell metacharacters into the formpassword parameter. Attackers can exploit unsanitized...", "score": 8.1, "severity": "HIGH", "published": "2026-05-08T13:16:34.150Z", "lastModified": "2026-05-08T15:48:43.467", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50994", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 39.4}, {"id": "CVE-2025-66172", "description": "The CloudStack Backup plugin has an improper access logic in versions 4.21.0.0 and 4.22.0.0. Anyone with authenticated user-account access in CloudStack 4.21.0.0+ environments, where this plugin is enabled and have access to specific APIs can restore a volume from any other user's backups and attach...", "score": 8.1, "severity": "HIGH", "published": "2026-05-08T13:16:35.607Z", "lastModified": "2026-05-12T13:30:53.190", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66172", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 39.4}, {"id": "CVE-2026-41491", "description": "Dapr is a portable, event-driven, runtime for building distributed applications across cloud and edge. From versions 1.3.0 to before 1.15.14, 1.16.0-rc.1 to before 1.16.14, and 1.17.0-rc.1 to before 1.17.5, a vulnerability has been found in Dapr that allows bypassing access control policies for serv...", "score": 8.1, "severity": "HIGH", "published": "2026-05-08T14:16:33.407Z", "lastModified": "2026-05-12T14:47:26.923", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41491", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 39.4}, {"id": "CVE-2026-41496", "description": "PraisonAI is a multi-agent teams system. Prior to praisonai version 4.6.9 and praisonaiagents version 1.6.9, the fix for CVE-2026-40315 added input validation to SQLiteConversationStore only. Nine sibling backends \u2014 MySQL, PostgreSQL, async SQLite/MySQL/PostgreSQL, Turso, SingleStore, Supabase, Surr...", "score": 8.1, "severity": "HIGH", "published": "2026-05-08T14:16:33.693Z", "lastModified": "2026-05-09T00:16:27.707", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41496", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 39.4}, {"id": "CVE-2026-43362", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix in-place encryption corruption in SMB2_write()\n\nSMB2_write() places write payload in iov[1..n] as part of rq_iov.\nsmb3_init_transform_rq() pointer-shares rq_iov, so crypt_message()\nencrypts iov[1] in-place, replaci...", "score": 8.1, "severity": "HIGH", "published": "2026-05-08T15:16:47.133Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43362", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 39.4}, {"id": "CVE-2026-43377", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: Don't log keys in SMB3 signing and encryption key generation\n\nWhen KSMBD_DEBUG_AUTH logging is enabled, generate_smb3signingkey() and\ngenerate_smb3encryptionkey() log the session, signing, encryption, and\ndecryption key byte...", "score": 8.1, "severity": "HIGH", "published": "2026-05-08T15:16:48.877Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43377", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 39.4}, {"id": "CVE-2026-41883", "description": "OmniFaces is a utility library for Faces. Prior to versions 1.14.2, 2.7.32, 3.14.16, 4.7.5, and 5.2.3, there is a server-side EL injection leading to Remote Code Execution (RCE). This affects applications that use CDNResourceHandler with a wildcard CDN mapping (e.g. libraryName:*=https://cdn.example...", "score": 8.1, "severity": "HIGH", "published": "2026-05-08T16:16:11.760Z", "lastModified": "2026-05-13T16:34:42.677", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41883", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 39.4}, {"id": "CVE-2026-8178", "description": "An issue exists in Amazon Redshift JDBC Driver versions prior to 2.2.2. Under certain conditions, the driver could load and execute arbitrary classes when processing JDBC connection URL parameters. An actor who can influence the connection URL could potentially execute code in the application contex...", "score": 8.1, "severity": "HIGH", "published": "2026-05-08T19:16:31.827Z", "lastModified": "2026-05-12T14:13:03.510", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8178", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 39.4}, {"id": "CVE-2026-7807", "description": "SmarterTools SmarterMail builds prior to 9560 contain a local file inclusion vulnerability in the /api/v1/report/summary/{type} API endpoint that allows authenticated users to read arbitrary .json files on the system. Attackers can exploit this vulnerability combined with weak encryption algorithms ...", "score": 8.1, "severity": "HIGH", "published": "2026-05-08T20:16:32.200Z", "lastModified": "2026-05-13T15:29:26.853", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7807", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 39.4}, {"id": "CVE-2026-44400", "description": "MailEnable Enterprise Premium 10.55 and earlier contains an improper authorization vulnerability in the WebAdmin mobile portal that allows attackers to bypass authentication checks by reusing AuthenticationToken cookies generated for low-privileged users. Attackers can obtain a token from the WebMai...", "score": 8.1, "severity": "HIGH", "published": "2026-05-08T21:16:28.260Z", "lastModified": "2026-05-13T15:30:03.317", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44400", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 39.4}, {"id": "CVE-2026-42452", "description": "Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.1.0, /users/login issues a temporary JWT (temp_token) for TOTP-enabled accounts. That token carries a pendingTOTP state and should only be valid for the second-factor flow...", "score": 8.1, "severity": "HIGH", "published": "2026-05-08T23:16:38.827Z", "lastModified": "2026-05-12T16:40:53.150", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42452", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 39.4}, {"id": "CVE-2026-6665", "description": "The SCRAM code in PgBouncer before 1.25.2 did not check the return value of strlcat() correctly when building the contents of the SCRAM client-final-message. A malicious backend that sends a SCRAM server-final-message with a long nonce can trigger a stack overflow.", "score": 8.1, "severity": "HIGH", "published": "2026-05-09T01:16:09.013Z", "lastModified": "2026-05-14T18:52:26.537", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6665", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 39.4}, {"id": "CVE-2026-42296", "description": "Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to versions 3.7.14 and 4.0.5, a user with create Workflow permission can bypass templateReferencing: Strict to get host network access, switch service accounts, override pod securit...", "score": 8.1, "severity": "HIGH", "published": "2026-05-09T04:16:25.563Z", "lastModified": "2026-05-12T19:16:32.817", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42296", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 39.4}, {"id": "CVE-2026-42606", "description": "AzuraCast is a self-hosted, all-in-one web radio management suite. Prior to version 0.23.6, the ApplyXForwarded middleware unconditionally trusts the client-supplied X-Forwarded-Host HTTP header with no trusted proxy allowlist. An unauthenticated attacker can poison the password reset URL sent to an...", "score": 8.1, "severity": "HIGH", "published": "2026-05-09T20:16:30.170Z", "lastModified": "2026-05-14T17:31:20.863", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42606", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 39.4}, {"id": "CVE-2026-44664", "description": "fast-xml-builder builds XML from JSON. In 1.1.5, the fix for CVE-2026-41650 in fast-xml-parser sanitizes -- sequences in XML comment content using .replace(/--/g, '- -'). This skip the values containing three consecutive dashes (e.g., --->...), allowing an attacker to break out of an XML comment and...", "score": 6.1, "severity": "MEDIUM", "published": "2026-05-13T16:16:58.937Z", "lastModified": "2026-05-13T16:58:09.717", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44664", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 39.4}, {"id": "CVE-2026-44665", "description": "fast-xml-builder builds XML from JSON. Prior to 1.1.7, when an input data has quotes in attribute values but process entities is not enabled, it breaks the attribute value into multiple attributes. This gives the room for an attacker to insert unwanted attributes to the XML/HTML. This vulnerability ...", "score": 6.1, "severity": "MEDIUM", "published": "2026-05-13T16:16:59.093Z", "lastModified": "2026-05-13T16:53:33.310", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44665", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 39.4}, {"id": "CVE-2026-45028", "description": "Astro is a web framework. Astro versions prior to 6.1.10 used AES-GCM encryption to protect the confidentiality and integrity of server island props and slots parameters, but did not bind the ciphertext to its intended component or parameter type. An attacker could replay one component's encrypted p...", "score": 6.1, "severity": "MEDIUM", "published": "2026-05-13T16:17:00.173Z", "lastModified": "2026-05-14T13:28:32.990", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45028", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 39.4}, {"id": "CVE-2026-44580", "description": "Next.js is a React framework for building full-stack web applications. From 13.0.0 to before 15.5.16 and 16.2.5, applications that use beforeInteractive scripts together with untrusted content can be vulnerable to cross-site scripting. In affected versions, serialized script content was not escaped ...", "score": 6.1, "severity": "MEDIUM", "published": "2026-05-13T18:16:18.260Z", "lastModified": "2026-05-14T18:33:34.170", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44580", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 39.4}, {"id": "CVE-2026-41255", "description": "CKAN is an open-source DMS (data management system) for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, Access to the views via tokens or unauthenticated requests marked the endpoint as not requiring CSRF protection. The marking was a member variable in flask-wtf.csrf.CSRFProtect()...", "score": 6.1, "severity": "MEDIUM", "published": "2026-05-13T19:17:22.127Z", "lastModified": "2026-05-14T16:26:50.047", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41255", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 39.4}, {"id": "CVE-2026-8496", "description": "A cross-site scripting (XSS) vulnerability exists in Alinto SOGo, version  5.12.7. A maliciously crafted ICS calendar invitation files allows arbitrary JavaScript execution within the authenticated SOGo webmail session. The issue occurs because SVG content embedded in the description field of an ICS...", "score": 6.1, "severity": "MEDIUM", "published": "2026-05-13T19:17:30.700Z", "lastModified": "2026-05-14T16:07:11.137", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8496", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 39.4}, {"id": "CVE-2026-44376", "description": "CubeCart is an ecommerce software solution. Prior to 6.7.0, an unauthenticated Reflected XSS vulnerability exists in the CubeCart v6.x search feature. Due to a logic flaw in classes/catalogue.class.php, user input is reflected without sanitization only when a search returns exactly one product. This...", "score": 6.1, "severity": "MEDIUM", "published": "2026-05-13T21:16:48.183Z", "lastModified": "2026-05-14T16:49:18.583", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44376", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 39.4}, {"id": "CVE-2025-15345", "description": "The MapGeo \u2013 Interactive Geo Maps plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'map' parameter in the display-map shortcode in all versions up to, and including, 1.6.27 due to insufficient input sanitization and output escaping. This makes it possible for unauthentica...", "score": 6.1, "severity": "MEDIUM", "published": "2026-05-14T06:16:21.027Z", "lastModified": "2026-05-14T14:29:01.600", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15345", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 39.4}, {"id": "CVE-2026-6417", "description": "The GLS Shipping for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'failed_orders' parameter in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inje...", "score": 6.1, "severity": "MEDIUM", "published": "2026-05-14T06:16:24.927Z", "lastModified": "2026-05-14T14:28:41.283", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6417", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 39.4}, {"id": "CVE-2026-24710", "description": "Northern.tech CFEngine Enterprise before 3.21.8, 3.24.3, and 3.27.0 allows XSS.", "score": 6.1, "severity": "MEDIUM", "published": "2026-05-14T15:16:44.710Z", "lastModified": "2026-05-14T17:06:08.693", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24710", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 39.4}, {"id": "CVE-2026-41932", "description": "Vvveb before 1.0.8.3 contains a stored cross-site scripting vulnerability in the customer signup flow where the Signup::addUser() controller copies raw POST username values into the display_name field before sanitization occurs. Attackers can submit HTML and script markup in the username field durin...", "score": 6.1, "severity": "MEDIUM", "published": "2026-05-14T15:16:45.730Z", "lastModified": "2026-05-14T16:24:56.240", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41932", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 39.4}, {"id": "CVE-2026-6433", "description": "The Custom css-js-php WordPress plugin through 2.0.7 does not properly sanitize user input before using it in a SQL query, and the result is passed to eval(), allowing unauthenticated users to execute arbitrary PHP code on the server.", "score": 7.3, "severity": "HIGH", "published": "2026-05-11T06:16:09.707Z", "lastModified": "2026-05-12T14:47:03.570", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6433", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 39.2}, {"id": "CVE-2025-10908", "description": "Due to a lack of user account state validation during authentication, locked user accounts can be successfully authenticated using Magic Link or Pass Key methods. This bypasses the intended security control that should prevent access to accounts that have been locked.\n\nThis vulnerability may allow u...", "score": 7.3, "severity": "HIGH", "published": "2026-05-11T10:16:12.590Z", "lastModified": "2026-05-13T15:25:04.383", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10908", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 39.2}, {"id": "CVE-2025-61311", "description": "A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_alerts.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable value.", "score": 7.3, "severity": "HIGH", "published": "2026-05-11T16:17:28.423Z", "lastModified": "2026-05-12T15:05:31.120", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61311", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 39.2}, {"id": "CVE-2025-61312", "description": "A reflected cross-site scripted (XSS) vulnerability in the acc-menu_pricess.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable value.", "score": 7.3, "severity": "HIGH", "published": "2026-05-11T16:17:28.530Z", "lastModified": "2026-05-12T15:05:31.120", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61312", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 39.2}, {"id": "CVE-2025-61313", "description": "A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_markeralerts.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable valu...", "score": 7.3, "severity": "HIGH", "published": "2026-05-11T16:17:28.637Z", "lastModified": "2026-05-12T15:05:31.120", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61313", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 39.2}, {"id": "CVE-2025-61314", "description": "A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_orderopt.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable value.", "score": 7.3, "severity": "HIGH", "published": "2026-05-11T16:17:28.743Z", "lastModified": "2026-05-12T15:05:31.120", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61314", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 39.2}, {"id": "CVE-2026-31249", "description": "CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e (2025-30-21) contains an insecure deserialization vulnerability (CWE-502) in its make_parquet_list.py data processing tool. The script loads PyTorch .pt files (utterance embeddings, speaker embeddings, speech tokens) using torch.load() w...", "score": 7.3, "severity": "HIGH", "published": "2026-05-11T17:16:19.820Z", "lastModified": "2026-05-12T18:16:53.120", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31249", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 39.2}, {"id": "CVE-2026-31250", "description": "CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e (2025-30-21) contains an insecure deserialization vulnerability (CWE-502) in its average_model.py model averaging tool. The script loads PyTorch checkpoint files (epoch_*.pt) for model averaging using torch.load() without enabling the we...", "score": 7.3, "severity": "HIGH", "published": "2026-05-11T17:16:19.950Z", "lastModified": "2026-05-12T20:16:33.087", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31250", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 39.2}, {"id": "CVE-2026-31251", "description": "CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e (2025-30-21) contains an insecure deserialization vulnerability (CWE-502) in its gRPC server component. When the server starts, it loads the speech synthesis model from a user-specified directory using torch.load() without enabling the w...", "score": 7.3, "severity": "HIGH", "published": "2026-05-11T17:16:20.070Z", "lastModified": "2026-05-12T20:16:33.700", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31251", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 39.2}, {"id": "CVE-2026-31253", "description": "The flash-attention training framework thru commit e724e2588cbe754beb97cf7c011b5e7e34119e62 (2025-13-04) contains an insecure deserialization vulnerability (CWE-502) in its checkpoint loading mechanism. The load_checkpoint() function in checkpoint.py and the checkpoint loading code in eval.py use to...", "score": 7.3, "severity": "HIGH", "published": "2026-05-11T17:16:20.307Z", "lastModified": "2026-05-12T20:16:34.110", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31253", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 39.2}, {"id": "CVE-2026-31254", "description": "The flash-attention project thru commit e724e2588cbe754beb97cf7c011b5e7e34119e62 (2025-13-04) contains a code injection vulnerability (CWE-94) in its training script. The script registers the Python eval() function as a Hydra configuration resolver under the name eval. This allows configuration file...", "score": 7.3, "severity": "HIGH", "published": "2026-05-11T17:16:20.423Z", "lastModified": "2026-05-12T20:16:34.317", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31254", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 39.2}, {"id": "CVE-2026-2291", "description": "dnsmasqs extract_name() function can be abused to cause a heap buffer overflow, allowing an attacker to inject false DNS cache entries, which could result in DNS lookups to redirect to an attacker-controlled IP address, or to cause a DoS.", "score": 7.3, "severity": "HIGH", "published": "2026-05-11T18:16:31.363Z", "lastModified": "2026-05-13T14:17:14.120", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2291", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 39.2}, {"id": "CVE-2026-36962", "description": "SQL Injection in MuuCMF T6 v1.9.4.20260115 allows an unauthenticated attacker to compromise the entire database, achieve unauthorized administrative access, and potentially gain remote code execution by writing malicious files to the server's file system via the keyword parameter in the /index/contr...", "score": 7.3, "severity": "HIGH", "published": "2026-05-11T18:16:32.483Z", "lastModified": "2026-05-12T20:16:39.590", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-36962", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 39.2}, {"id": "CVE-2026-36983", "description": "D-Link DCS-932L v2.18.01 is vulnerable to Command Injection in the function sub_42EF14 of the file /bin/alphapd. The manipulation of the argument LightSensorControl leads to command injection.", "score": 7.3, "severity": "HIGH", "published": "2026-05-11T18:16:32.610Z", "lastModified": "2026-05-12T19:36:42.187", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-36983", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 39.2}, {"id": "CVE-2026-44995", "description": "OpenClaw before 2026.4.20 contains an improper environment variable validation vulnerability in MCP stdio server configuration that allows attackers to execute arbitrary code. Malicious workspace configurations can pass dangerous startup variables like NODE_OPTIONS, LD_PRELOAD, or BASH_ENV to spawne...", "score": 7.3, "severity": "HIGH", "published": "2026-05-11T18:16:39.387Z", "lastModified": "2026-05-13T14:11:44.290", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44995", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 39.2}, {"id": "CVE-2026-5172", "description": "A buffer overflow in dnsmasq\u2019s extract_addresses() function allows an attacker to trigger a heap out-of-bounds read and crash by exploiting a malformed DNS response, enabling extract_name() to advance the pointer past the record\u2019s end.", "score": 7.3, "severity": "HIGH", "published": "2026-05-11T18:16:41.920Z", "lastModified": "2026-05-13T14:17:59.083", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5172", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 39.2}, {"id": "CVE-2026-8305", "description": "A vulnerability was detected in OpenClaw up to 2026.1.24. The impacted element is the function handleBlueBubblesWebhookRequest of the file extensions/bluebubbles/src/monitor.ts of the component bluebubbles Webhook. Performing a manipulation results in improper authentication. It is possible to initi...", "score": 7.3, "severity": "HIGH", "published": "2026-05-11T18:16:44.800Z", "lastModified": "2026-05-13T14:48:09.060", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8305", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 39.2}, {"id": "CVE-2022-4988", "description": "Alien::FreeImage versions through 1.001 for Perl contains several vulnerable libraries.\n\nAlien::FreeImage contains version 3.17.0 of the FreeImage library from 2017, which has known vulnerabilities such as CVE-2015-0852 and CVE-2025-65803.  The library embeds other images libraries that also have kn...", "score": 7.3, "severity": "HIGH", "published": "2026-05-11T20:19:35.017Z", "lastModified": "2026-05-13T14:16:55.330", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4988", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 39.2}, {"id": "CVE-2026-8321", "description": "A vulnerability was detected in inkeep agents 0.58.14. This vulnerability affects the function createDevContext of the file agents-api/src/middleware/runAuth.ts of the component runAuth Middleware. Performing a manipulation results in authentication bypass using alternate channel. The attack is poss...", "score": 7.3, "severity": "HIGH", "published": "2026-05-11T20:25:48.547Z", "lastModified": "2026-05-12T16:38:54.943", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8321", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 39.2}, {"id": "CVE-2026-37630", "description": "An issue in QuickJS-NG v.0.12.1 allows an attacker to execute arbitrary code via the js_mapped_arguments_mark function", "score": 7.3, "severity": "HIGH", "published": "2026-05-11T21:18:59.720Z", "lastModified": "2026-05-13T15:46:19.993", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-37630", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 39.2}, {"id": "CVE-2026-43655", "description": "An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, watchOS 26.5. An app may be able to cause unexpected system termination or read kernel memory.", "score": 7.3, "severity": "HIGH", "published": "2026-05-11T21:19:01.280Z", "lastModified": "2026-05-13T14:07:03.760", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43655", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 39.2}, {"id": "CVE-2026-43656", "description": "An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. Parsing a maliciously crafted file may lead to an unexpected app termination.", "score": 7.3, "severity": "HIGH", "published": "2026-05-11T21:19:01.380Z", "lastModified": "2026-05-13T14:06:59.377", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43656", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 39.2}, {"id": "CVE-2026-43887", "description": "Outline is a service that allows for collaborative documentation. From 0.84.0 to 1.6.1, the Outline comment section permits users to mention other users; however, the backend does not validate or sanitize the href attribute associated with these mentions. As a result, potentially dangerous protocols...", "score": 7.3, "severity": "HIGH", "published": "2026-05-11T22:22:13.493Z", "lastModified": "2026-05-12T15:13:21.560", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43887", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 39.2}, {"id": "CVE-2026-43914", "description": "Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.35.4, there is a security vulnerability in Vaultwarden that allows bypassing the login brute-force protection if email 2fa is enabled. If email 2fa is enabled, the unprotected 2fa-function send_email_login (email.rs, api endpoi...", "score": 7.3, "severity": "HIGH", "published": "2026-05-11T23:20:22.253Z", "lastModified": "2026-05-13T19:35:51.727", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43914", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 39.2}, {"id": "CVE-2026-33862", "description": "A vulnerability has been identified in Teamcenter V2312 (All versions < V2312.0014), Teamcenter V2406 (All versions < V2406.0012), Teamcenter V2412 (All versions < V2412.0009), Teamcenter V2506 (All versions < V2506.0005), Teamcenter V2512 (All versions). The affected application does not properly e...", "score": 7.3, "severity": "HIGH", "published": "2026-05-12T10:16:45.773Z", "lastModified": "2026-05-12T14:19:41.400", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33862", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 39.2}, {"id": "CVE-2026-8389", "description": "JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 150.0.3.", "score": 7.3, "severity": "HIGH", "published": "2026-05-12T14:17:11.930Z", "lastModified": "2026-05-13T17:23:05.003", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8389", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 39.2}, {"id": "CVE-2026-8390", "description": "Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150.0.3.", "score": 7.3, "severity": "HIGH", "published": "2026-05-12T14:17:12.050Z", "lastModified": "2026-05-14T18:53:56.003", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8390", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 39.2}, {"id": "CVE-2026-43939", "description": "YetAnotherForum.NET (YAF.NET) is a C# ASP.NET forum. Prior to 4.0.5 and 3.2.12, the thread posting and reply feature accepts user-supplied content via a a post or reply that is stored server-side and later rendered back into the thread page without adequate HTML sanitization or contextual output enc...", "score": 7.3, "severity": "HIGH", "published": "2026-05-12T15:16:15.647Z", "lastModified": "2026-05-13T18:24:58.737", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43939", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 39.2}, {"id": "CVE-2026-42498", "description": "Exposure of HTTP Authentication Header to unexpected hosts during WebSocket authentication vulnerability in Apache Tomcat.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.2 through 9.0.117, from 8.5.24 through 8.5.100, from 7.0.83 through 7...", "score": 7.3, "severity": "HIGH", "published": "2026-05-12T16:16:17.800Z", "lastModified": "2026-05-14T18:51:59.217", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42498", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 39.2}, {"id": "CVE-2026-5089", "description": "YAML::Syck versions before 1.38 for Perl  has an out-of-bounds read.\n\nThe base60 (sexagesimal) parsing code in perl_syck.h has a buffer underflow bug in both int#base60 and float#base60 handlers. When processing the leftmost segment of a colon-separated value (e.g., the 1 in 1:30:45), the inner whil...", "score": 7.3, "severity": "HIGH", "published": "2026-05-12T17:16:21.720Z", "lastModified": "2026-05-14T15:16:49.377", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5089", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 39.2}, {"id": "CVE-2026-32177", "description": "Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally.", "score": 7.3, "severity": "HIGH", "published": "2026-05-12T18:16:58.947Z", "lastModified": "2026-05-13T15:34:52.573", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32177", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 39.2}, {"id": "CVE-2026-35433", "description": "Improper input validation in .NET allows an unauthorized attacker to elevate privileges locally.", "score": 7.3, "severity": "HIGH", "published": "2026-05-12T18:17:13.710Z", "lastModified": "2026-05-13T15:34:52.573", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35433", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 39.2}, {"id": "CVE-2024-43384", "description": "A low privileged remote attacker can gain\u00a0the root password due to improper removal of sensitive information before storage or transfer.", "score": 8.0, "severity": "HIGH", "published": "2026-05-07T09:16:24.873Z", "lastModified": "2026-05-11T15:20:42.673", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43384", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 39.0}, {"id": "CVE-2025-66467", "description": "Missing MinIO policy cleanup on bucket deletion via Apache CloudStack allows users to retain access to buckets which they previously owned. If another user creates a new bucket with the same name, the previous owners can gain unauthorized read and write access to it by using the previously generated...", "score": 8.0, "severity": "HIGH", "published": "2026-05-08T13:16:35.720Z", "lastModified": "2026-05-11T12:57:20.683", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66467", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 39.0}, {"id": "CVE-2026-41951", "description": "Path traversal vulnerability exists in GROWI v7.5.0 and earlier, which may allow an attacker to execute arbitrary EJS templates on the server when an email server is running in GROWI.", "score": 7.2, "severity": "HIGH", "published": "2026-05-11T10:16:13.913Z", "lastModified": "2026-05-12T15:10:27.993", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41951", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 38.8}, {"id": "CVE-2026-43874", "description": "WWBN AVideo is an open source video platform. In versions up to and including 29.0, the server-side mitigation for the YPTSocket autoEvalCodeOnHTML eval sink (from CVE-2026-40911) only strips the payload when it sits under $json['msg'], but the relay function msgToResourceId() selects the outbound m...", "score": 7.2, "severity": "HIGH", "published": "2026-05-11T21:19:02.120Z", "lastModified": "2026-05-12T14:50:18.527", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43874", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 38.8}, {"id": "CVE-2026-6690", "description": "The LifePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'n' parameter of the lp_update_mds AJAX action in all versions up to, and including, 2.2.2. This is due to the `wp_ajax_nopriv_lp_update_mds` action being registered without nonce verification or capability check...", "score": 7.2, "severity": "HIGH", "published": "2026-05-12T09:16:55.940Z", "lastModified": "2026-05-12T14:03:52.757", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6690", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 38.8}, {"id": "CVE-2026-8051", "description": "OS command injection in Ivanti Virtual Traffic Manager before version 22.9r4 allows a remote authenticated attacker with admin privileges to achieve remote code execution.", "score": 7.2, "severity": "HIGH", "published": "2026-05-12T15:16:17.267Z", "lastModified": "2026-05-12T16:38:24.040", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8051", "is_exploited": false, "epss": 0, "vendor": "IVANTI", "mts_score": 38.8}, {"id": "CVE-2025-53681", "description": "An improper neutralization of special elements used in an SQL Command (\"SQL Injection&\") vulnerability [CWE-89] vulnerability in Fortinet FortiMail 7.6.0 through 7.6.3, FortiMail 7.4.0 through 7.4.5, FortiMail 7.2.0 through 7.2.8 allows an authenticated privileged attacker to execute unauthorized co...", "score": 7.2, "severity": "HIGH", "published": "2026-05-12T18:16:35.860Z", "lastModified": "2026-05-12T18:57:02.307", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53681", "is_exploited": false, "epss": 0, "vendor": "FORTINET", "mts_score": 38.8}, {"id": "CVE-2026-23820", "description": "A vulnerability in the command line interface of Access Points running AOS-10 and AOS-8 Instant could allow an authenticated remote attacker to execute system commands in a restricted shell environment. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying o...", "score": 7.2, "severity": "HIGH", "published": "2026-05-12T19:16:28.730Z", "lastModified": "2026-05-13T15:35:17.550", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23820", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 38.8}, {"id": "CVE-2026-23821", "description": "A vulnerability in the configuration processing logic of Access Points running AOS-10 could allow an authenticated remote attacker to execute system commands under certain pre-existing conditions. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operati...", "score": 7.2, "severity": "HIGH", "published": "2026-05-12T19:16:28.840Z", "lastModified": "2026-05-13T15:35:17.550", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23821", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 38.8}, {"id": "CVE-2026-23823", "description": "A vulnerability in the command line interface of Access Points running AOS-10 could allow an authenticated remote attacker to perform command injection. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system.\n\nNOTE: This vulnerability only im...", "score": 7.2, "severity": "HIGH", "published": "2026-05-12T19:16:29.053Z", "lastModified": "2026-05-13T15:35:17.550", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23823", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 38.8}, {"id": "CVE-2026-8431", "description": "An administrative user with access to configure webhooks can execute arbitrary commands by configuring and then triggering webhooks containing specific FreeMarker template syntax.\u00a0\n\n\n\nThis issue affects all MongoDB Ops Manager 7.0 versions and MongoDB Ops Manager versions 8.0.22 and prior.", "score": 7.2, "severity": "HIGH", "published": "2026-05-12T19:16:34.847Z", "lastModified": "2026-05-13T15:34:29.847", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8431", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 38.8}, {"id": "CVE-2026-44852", "description": "An authenticated remote code execution vulnerability exists in the AOS-8 and AOS-10 web-based management interface. A vulnerability in the certificate download functionality could allow an authenticated remote attacker to overwrite arbitrary files on the underlying operating system by exploiting imp...", "score": 7.2, "severity": "HIGH", "published": "2026-05-12T20:16:43.803Z", "lastModified": "2026-05-14T15:35:52.930", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44852", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 38.8}, {"id": "CVE-2026-44853", "description": "Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation could allow an authenticated remote attacker to upload arbitrary files to the underlying operating system, potentially leading to remote code execution as a pr...", "score": 7.2, "severity": "HIGH", "published": "2026-05-12T20:16:43.913Z", "lastModified": "2026-05-14T15:05:17.507", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44853", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 38.8}, {"id": "CVE-2026-44854", "description": "Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation could allow an authenticated remote attacker to upload arbitrary files to the underlying operating system, potentially leading to remote code execution as a pr...", "score": 7.2, "severity": "HIGH", "published": "2026-05-12T20:16:44.017Z", "lastModified": "2026-05-14T15:12:35.030", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44854", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 38.8}, {"id": "CVE-2026-44855", "description": "Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line interface of the AOS-8 and AOS-10 Operating Systems. An authenticated attacker with administrative privileges could exploit these vulnerabilities by sending special...", "score": 7.2, "severity": "HIGH", "published": "2026-05-12T20:16:44.117Z", "lastModified": "2026-05-14T18:42:23.697", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44855", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 38.8}, {"id": "CVE-2026-44856", "description": "Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line interface of the AOS-8 and AOS-10 Operating Systems. An authenticated attacker with administrative privileges could exploit these vulnerabilities by sending special...", "score": 7.2, "severity": "HIGH", "published": "2026-05-12T20:16:44.217Z", "lastModified": "2026-05-14T18:42:12.123", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44856", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 38.8}, {"id": "CVE-2026-44857", "description": "Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line interface of the AOS-8 and AOS-10 Operating Systems. An authenticated attacker with administrative privileges could exploit these vulnerabilities by sending special...", "score": 7.2, "severity": "HIGH", "published": "2026-05-12T20:16:44.317Z", "lastModified": "2026-05-14T18:42:02.370", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44857", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 38.8}, {"id": "CVE-2026-44858", "description": "Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line interface of the AOS-8 and AOS-10 Operating Systems. An authenticated attacker with administrative privileges could exploit these vulnerabilities by sending special...", "score": 7.2, "severity": "HIGH", "published": "2026-05-12T20:16:44.417Z", "lastModified": "2026-05-14T18:41:51.803", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44858", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 38.8}, {"id": "CVE-2026-44859", "description": "Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line interface of the AOS-8 and AOS-10 Operating Systems. An authenticated attacker with administrative privileges could exploit these vulnerabilities by sending special...", "score": 7.2, "severity": "HIGH", "published": "2026-05-12T20:16:44.517Z", "lastModified": "2026-05-14T18:41:38.317", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44859", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 38.8}, {"id": "CVE-2026-44860", "description": "SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with administrative privileges could exploit these vulnerabilities by injecting crafted input into parameters...", "score": 7.2, "severity": "HIGH", "published": "2026-05-12T20:16:44.620Z", "lastModified": "2026-05-14T18:41:29.713", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44860", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 38.8}, {"id": "CVE-2026-44861", "description": "SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with administrative privileges could exploit these vulnerabilities by injecting crafted input into parameters...", "score": 7.2, "severity": "HIGH", "published": "2026-05-12T20:16:44.720Z", "lastModified": "2026-05-14T18:41:11.913", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44861", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 38.8}, {"id": "CVE-2026-44862", "description": "SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with administrative privileges could exploit these vulnerabilities by injecting crafted input into parameters...", "score": 7.2, "severity": "HIGH", "published": "2026-05-12T20:16:44.820Z", "lastModified": "2026-05-14T18:41:00.140", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44862", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 38.8}, {"id": "CVE-2026-44863", "description": "SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with administrative privileges could exploit these vulnerabilities by injecting crafted input into parameters...", "score": 7.2, "severity": "HIGH", "published": "2026-05-12T20:16:44.923Z", "lastModified": "2026-05-14T18:40:48.773", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44863", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 38.8}, {"id": "CVE-2026-44864", "description": "SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with administrative privileges could exploit these vulnerabilities by injecting crafted input into parameters...", "score": 7.2, "severity": "HIGH", "published": "2026-05-12T20:16:45.033Z", "lastModified": "2026-05-14T18:40:33.983", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44864", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 38.8}, {"id": "CVE-2026-44865", "description": "Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system.", "score": 7.2, "severity": "HIGH", "published": "2026-05-12T20:16:45.137Z", "lastModified": "2026-05-13T19:17:29.640", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44865", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 38.8}, {"id": "CVE-2026-44866", "description": "Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system.", "score": 7.2, "severity": "HIGH", "published": "2026-05-12T20:16:45.243Z", "lastModified": "2026-05-13T16:16:59.390", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44866", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 38.8}, {"id": "CVE-2026-44867", "description": "Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system.", "score": 7.2, "severity": "HIGH", "published": "2026-05-12T20:16:45.350Z", "lastModified": "2026-05-14T18:19:20.210", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44867", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 38.8}, {"id": "CVE-2026-44868", "description": "Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system.", "score": 7.2, "severity": "HIGH", "published": "2026-05-12T20:16:45.467Z", "lastModified": "2026-05-14T18:17:14.707", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44868", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 38.8}, {"id": "CVE-2026-44869", "description": "Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system.", "score": 7.2, "severity": "HIGH", "published": "2026-05-12T20:16:45.583Z", "lastModified": "2026-05-14T18:15:27.957", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44869", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 38.8}, {"id": "CVE-2026-44870", "description": "Command injection vulnerabilities exist in the command line interface (CLI) service accessed by the PAPI protocol of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on the underlying opera...", "score": 7.2, "severity": "HIGH", "published": "2026-05-12T20:16:45.690Z", "lastModified": "2026-05-14T18:13:19.893", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44870", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 38.8}, {"id": "CVE-2026-44872", "description": "A command injection vulnerability exists in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation could allow an authenticated remote attacker to place arbitrary files on the underlying filesystem of the affected device.", "score": 7.2, "severity": "HIGH", "published": "2026-05-12T20:16:45.793Z", "lastModified": "2026-05-13T22:42:55.743", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44872", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 38.8}, {"id": "CVE-2026-44246", "description": "nnU-Net is a semantic segmentation framework that automatically adapts its pipeline to a dataset. Prior to 2.4.1, the nnU-Net Issue Triage workflow in .github/workflows/issue-triage.yml is vulnerable to Agentic Workflow Injection. The workflow sets allowed_non_write_users: ${{ github.event.issue.use...", "score": 7.2, "severity": "HIGH", "published": "2026-05-12T21:16:16.543Z", "lastModified": "2026-05-13T18:20:16.720", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44246", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 38.8}, {"id": "CVE-2026-44403", "description": "Wing FTP Server before 8.1.3 contains an authenticated remote code execution vulnerability in the session serialization mechanism that allows authenticated administrators to inject arbitrary Lua code through the domain admin mydirectory field. Attackers can exploit unsafe serialization of session va...", "score": 7.2, "severity": "HIGH", "published": "2026-05-12T21:16:16.667Z", "lastModified": "2026-05-14T14:50:51.863", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44403", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 38.8}, {"id": "CVE-2026-44871", "description": "Command injection vulnerabilities exist in the command line interface (CLI) service accessed by the PAPI protocol of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on the underlying opera...", "score": 7.2, "severity": "HIGH", "published": "2026-05-12T22:16:37.820Z", "lastModified": "2026-05-14T14:29:18.143", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44871", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 38.8}, {"id": "CVE-2026-43680", "description": "A Remote Code Execution vulnerability in Claris FileMaker Cloud allowed a user with Admin Console privileges to bypass a front-end restriction on OS Script schedule types and execute arbitrary operating system commands on the underlying host. This issue is fixed in FileMaker Cloud 2.22.0.5.", "score": 7.2, "severity": "HIGH", "published": "2026-05-12T23:16:17.870Z", "lastModified": "2026-05-14T13:53:04.090", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43680", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 38.8}, {"id": "CVE-2026-43685", "description": "A Remote Code Execution vulnerability in Claris FileMaker Cloud allowed a user with Admin Console privileges to inject arbitrary operating system commands through unsanitized input in the External ODBC Data Source connection test feature. This issue is fixed in FileMaker Cloud 2.22.0.5.", "score": 7.2, "severity": "HIGH", "published": "2026-05-12T23:16:17.973Z", "lastModified": "2026-05-14T13:52:51.037", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43685", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 38.8}, {"id": "CVE-2026-41571", "description": "Note Mark is an open-source note-taking application. In version 0.19.2, IsPasswordMatch in backend/db/models.go falls back to a hard-coded bcrypt(\"null\") placeholder whenever a user has no stored password. OIDC-registered users are created with an empty password, so anyone who submits password: \"nul...", "score": 9.4, "severity": "CRITICAL", "published": "2026-05-04T18:16:29.600Z", "lastModified": "2026-05-06T21:25:48.847", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41571", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 38.6}, {"id": "CVE-2026-43114", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_set_pipapo_avx2: don't return non-matching entry on expiry\n\nNew test case fails unexpectedly when avx2 matching functions are used.\n\nThe test first loads a ranomly generated pipapo set\nwith 'ipv4 . port' key, i.e.  n...", "score": 9.4, "severity": "CRITICAL", "published": "2026-05-06T10:16:25.163Z", "lastModified": "2026-05-08T17:54:04.753", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43114", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 38.6}, {"id": "CVE-2026-41520", "description": "Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.17.15, 1.18.9, and 1.19.3, the output of cilium-bugtool can contain sensitive data when the tool is run against Cilium deployments with WireGuard encryption enabled. This issue has been pat...", "score": 7.9, "severity": "HIGH", "published": "2026-05-08T23:16:35.597Z", "lastModified": "2026-05-13T16:49:52.277", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41520", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 38.6}, {"id": "CVE-2026-4873", "description": "A vulnerability exists where a connection requiring TLS incorrectly reuses an\nexisting unencrypted connection from the same connection pool. If an initial\ntransfer is made in clear-text (via IMAP, SMTP, or POP3), a subsequent request\nto that same host bypasses the TLS requirement and instead transmi...", "score": 5.9, "severity": "MEDIUM", "published": "2026-05-13T13:01:55.893Z", "lastModified": "2026-05-14T13:45:11.407", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4873", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 38.6}, {"id": "CVE-2026-6253", "description": "curl might erroneously pass on credentials for a first proxy to a second\nproxy.\n\nThis can happen when the following conditions are true:\n\n1. curl is setup to use specific different proxies for different URL schemes\n2. the first proxy needs credentials\n3. the second proxy uses no credentials\n4. while...", "score": 5.9, "severity": "MEDIUM", "published": "2026-05-13T13:01:56.570Z", "lastModified": "2026-05-14T13:40:53.190", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6253", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 38.6}, {"id": "CVE-2026-44577", "description": "Next.js is a React framework for building full-stack web applications. From 10.0.0 to before 15.5.16 and 16.2.5, when self-hosting Next.js with the default image loader, the Image Optimization API fetches local images entirely into memory without enforcing a maximum size limit. An attacker could cau...", "score": 5.9, "severity": "MEDIUM", "published": "2026-05-13T17:16:23.173Z", "lastModified": "2026-05-13T20:00:59.993", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44577", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 38.6}, {"id": "CVE-2026-33381", "description": "When a user's access to mint tokens for a service account is revoked, it is sometimes still possible to do so for a few seconds after the event. The user will eventually lose access to do this.", "score": 5.9, "severity": "MEDIUM", "published": "2026-05-13T20:16:20.803Z", "lastModified": "2026-05-14T16:21:02.930", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33381", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 38.6}, {"id": "CVE-2026-44448", "description": "ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.102.0 and 16.11.0, certain endpoints failed to enforce proper authorization checks, allowing users to modify data beyond their permitted role. This vulnerability is fixed in 15.102.0 and 16.11.0.", "score": 5.9, "severity": "MEDIUM", "published": "2026-05-13T22:16:45.913Z", "lastModified": "2026-05-14T16:29:06.413", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44448", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 38.6}, {"id": "CVE-2026-42597", "description": "Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, the /forms/chromium/convert/url and /forms/chromium/screenshot/url routes accept url=file:///tmp/... from anonymous callers. The default Chromium deny-list intentionally exempts file:///tmp/ so HTML/Markdown routes can load ...", "score": 5.9, "severity": "MEDIUM", "published": "2026-05-14T16:16:23.037Z", "lastModified": "2026-05-14T18:16:48.200", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42597", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 38.6}, {"id": "CVE-2026-6811", "description": "Stack exhaustion vulnerability in the MongoDB PHP driver can cause application crashes when processing deeply nested BSON documents in unusual circumstances when the source of these BSON documents is not MongoDB Server.", "score": 5.9, "severity": "MEDIUM", "published": "2026-05-14T22:16:45.137Z", "lastModified": "2026-05-14T22:16:45.137", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6811", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 38.6}, {"id": "CVE-2026-28941", "description": "The issue was addressed with improved checks. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, macOS Sequoia 15.7.7, macOS Tahoe 26.5. Processing a maliciously crafted file may lead to a denial-of-service or potentially disclose memory contents.", "score": 7.1, "severity": "HIGH", "published": "2026-05-11T21:18:55.327Z", "lastModified": "2026-05-13T14:37:28.323", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28941", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 38.4}, {"id": "CVE-2026-2393", "description": "A Server-Side Request Forgery (SSRF) vulnerability exists in MLflow versions prior to 3.9.0. The `_create_webhook()` function in `mlflow/server/handlers.py` accepts a user-controlled `url` parameter without validation, and the `_send_webhook_request()` function in `mlflow/webhooks/delivery.py` sends...", "score": 7.1, "severity": "HIGH", "published": "2026-05-11T18:16:31.500Z", "lastModified": "2026-05-13T15:53:49.087", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2393", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 38.4}, {"id": "CVE-2026-45001", "description": "OpenClaw before 2026.4.20 contains a guard bypass vulnerability in the agent-facing gateway config.patch and config.apply endpoints that fails to protect operator-trusted settings including sandbox policy, plugin enablement, gateway auth/TLS, hook routing, MCP server configuration, SSRF policy, and ...", "score": 7.1, "severity": "HIGH", "published": "2026-05-11T18:16:40.237Z", "lastModified": "2026-05-13T14:13:10.803", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45001", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 38.4}, {"id": "CVE-2026-45224", "description": "Crabbox before 0.9.0 contains a path traversal vulnerability in the Islo provider's workspace path resolution that allows attackers to supply absolute or relative paths that resolve outside the intended /workspace directory. Attackers can craft a malicious .crabbox.yaml or crabbox.yaml file with tra...", "score": 7.1, "severity": "HIGH", "published": "2026-05-11T19:16:28.297Z", "lastModified": "2026-05-12T14:47:42.170", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45224", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 38.4}, {"id": "CVE-2026-45430", "description": "The Salesforce module before 1.x-1.0.1 for Backdrop CMS does not properly use a random state parameter to protect the authorization flow against CSRF attacks.", "score": 7.1, "severity": "HIGH", "published": "2026-05-12T04:16:28.027Z", "lastModified": "2026-05-13T15:43:05.440", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45430", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 38.4}, {"id": "CVE-2026-25789", "description": "Affected devices do not properly validate and sanitize filenames on the Firmware Update page. This could allow a remote  attacker to social engineer the user into selecting the modified firmware file to be uploaded. This would result in malitcious JavaScript execution in the context of the authentic...", "score": 7.1, "severity": "HIGH", "published": "2026-05-12T10:16:45.037Z", "lastModified": "2026-05-12T14:19:41.400", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25789", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 38.4}, {"id": "CVE-2026-40401", "description": "Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service locally.", "score": 7.1, "severity": "HIGH", "published": "2026-05-12T18:17:17.820Z", "lastModified": "2026-05-13T15:34:52.573", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40401", "is_exploited": false, "epss": 0, "vendor": "WINDOWS", "mts_score": 38.4}, {"id": "CVE-2026-41101", "description": "Improper access control in Microsoft Office Word allows an authorized attacker to perform spoofing locally.", "score": 7.1, "severity": "HIGH", "published": "2026-05-12T18:17:21.630Z", "lastModified": "2026-05-13T15:34:52.573", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41101", "is_exploited": false, "epss": 0, "vendor": "MICROSOFT", "mts_score": 38.4}, {"id": "CVE-2026-41102", "description": "Improper access control in Microsoft Office PowerPoint allows an authorized attacker to perform spoofing locally.", "score": 7.1, "severity": "HIGH", "published": "2026-05-12T18:17:21.760Z", "lastModified": "2026-05-13T15:34:52.573", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41102", "is_exploited": false, "epss": 0, "vendor": "MICROSOFT", "mts_score": 38.4}, {"id": "CVE-2026-45226", "description": "Heym before 0.0.21 contains an authorization bypass vulnerability in workflow execution that allows authenticated users to execute arbitrary workflows by referencing victim workflow UUIDs without proper access validation. Attackers can create workflows with execute nodes or agent subWorkflowIds poin...", "score": 7.1, "severity": "HIGH", "published": "2026-05-12T22:16:38.127Z", "lastModified": "2026-05-13T15:26:44.333", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45226", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 38.4}, {"id": "CVE-2026-5371", "description": "The MonsterInsights \u2013 Google Analytics Dashboard for WordPress (Website Stats Made Easy) plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability checks on the get_ads_access_token() and reset_experience() functions in all versions up to, and inc...", "score": 7.1, "severity": "HIGH", "published": "2026-05-12T23:16:18.880Z", "lastModified": "2026-05-13T14:43:46.717", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5371", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 38.4}, {"id": "CVE-2026-7161", "description": "An insufficient encryption vulnerability exists in the Device Authentication functionality of GeoVision GV-IP Device Utility 9.0.5. Listening to broadcast packets can lead to credentials leak. An attacker can listen to broadcast messages to trigger this vulnerability.\n\n\nWhen interacting with various...", "score": 9.3, "severity": "CRITICAL", "published": "2026-05-04T01:16:04.447Z", "lastModified": "2026-05-05T02:39:53.860", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7161", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 38.2}, {"id": "CVE-2026-40797", "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Saleswonder LLC WebinarIgnition allows Blind SQL Injection.\n\nThis issue affects WebinarIgnition: from n/a through 4.08.253.", "score": 9.3, "severity": "CRITICAL", "published": "2026-05-05T07:16:00.440Z", "lastModified": "2026-05-05T19:08:20.090", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40797", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 38.2}, {"id": "CVE-2026-4430", "description": "Out-of-bounds write vulnerability in The Document Foundation LibreOffice via crafted OOXML documents with mismatched encryption salt parameters.\n\nThis issue affects\u00a0LibreOffice: from 26.2 before 26.2.3, from 25.8 before 25.8.7.", "score": 7.8, "severity": "HIGH", "published": "2026-05-07T08:16:00.967Z", "lastModified": "2026-05-08T16:48:01.610", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4430", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 38.2}, {"id": "CVE-2026-28201", "description": "An improper input validation, together with an overly permissive default CORS configuration in Open Notebook v1.8.1 allows remote attacker to trick a legitimate user to alter or delete arbitrary database entries via specially crafted malicious URL. Depending on the deployment, data exfiltration is a...", "score": 7.8, "severity": "HIGH", "published": "2026-05-07T11:16:00.747Z", "lastModified": "2026-05-07T20:20:10.207", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28201", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 38.2}, {"id": "CVE-2026-42214", "description": "Notepad Next is a cross-platform, reimplementation of Notepad++. Prior to version 0.14, NotepadNext's detectLanguageFromExtension() function interpolates a file's extension directly into a Lua script without sanitization. An attacker can craft a filename whose extension contains Lua code, which exec...", "score": 7.8, "severity": "HIGH", "published": "2026-05-07T19:16:01.497Z", "lastModified": "2026-05-12T20:24:32.747", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42214", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 38.2}, {"id": "CVE-2026-44244", "description": "GitPython is a python library used to interact with Git repositories. Prior to version 3.1.49, GitConfigParser.set_value() passes values to Python's configparser without validating for newlines. GitPython's own _write() converts embedded newlines into indented continuation lines (e.g. \\n becomes \\n\\...", "score": 7.8, "severity": "HIGH", "published": "2026-05-07T19:16:02.357Z", "lastModified": "2026-05-11T17:44:36.497", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44244", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 38.2}, {"id": "CVE-2026-43943", "description": "electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to version 3.7.9, a code execution (RCE) vulnerability exists in electerm's SFTP open with system editor or \"Edit with custom editor\" feature. When a user opts to edit a file using open with system editor...", "score": 7.8, "severity": "HIGH", "published": "2026-05-08T04:16:23.837Z", "lastModified": "2026-05-08T19:16:45.713", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43943", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 38.2}, {"id": "CVE-2022-26522", "description": "The socket connection handler in aswArPot.sys in the Avast and AVG Windows Anti Rootkit driver before 22.1 allows local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) due to a double fetch vulnerability at aswArPot+0xc4a3.", "score": 7.8, "severity": "HIGH", "published": "2026-05-08T05:16:08.893Z", "lastModified": "2026-05-08T16:02:14.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26522", "is_exploited": false, "epss": 0, "vendor": "WINDOWS", "mts_score": 38.2}, {"id": "CVE-2026-8148", "description": "NAVER MYBOX Explorer for Windows before 3.0.11.160 allows a local attacker to escalate privileges to NT AUTHORITY\\SYSTEM via registry manipulation due to improper privilege checks.", "score": 7.8, "severity": "HIGH", "published": "2026-05-08T05:16:12.030Z", "lastModified": "2026-05-11T12:59:38.827", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8148", "is_exploited": false, "epss": 0, "vendor": "WINDOWS", "mts_score": 38.2}, {"id": "CVE-2026-43290", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: uvcvideo: Return queued buffers on start_streaming() failure\n\nReturn buffers if streaming fails to start due to uvc_pm_get() error.\n\nThis bug may be responsible for a warning I got running\n\n    while :; do yavta -c3 /dev/vid...", "score": 7.8, "severity": "HIGH", "published": "2026-05-08T14:16:36.010Z", "lastModified": "2026-05-14T21:11:42.223", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43290", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 38.2}, {"id": "CVE-2026-43303", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/page_alloc: clear page->private in free_pages_prepare()\n\nSeveral subsystems (slub, shmem, ttm, etc.) use page->private but don't\nclear it before freeing pages.  When these pages are later allocated as\nhigh-order pages and split ...", "score": 7.8, "severity": "HIGH", "published": "2026-05-08T14:16:37.583Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43303", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 38.2}, {"id": "CVE-2026-43307", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: accel: adxl380: Avoid reading more entries than present in FIFO\n\nThe interrupt handler reads FIFO entries in batches of N samples, where N\nis the number of scan elements that have been enabled. However, the sensor\nfills the FI...", "score": 7.8, "severity": "HIGH", "published": "2026-05-08T14:16:38.027Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43307", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 38.2}, {"id": "CVE-2026-43321", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Properly mark live registers for indirect jumps\n\nFor a `gotox rX` instruction the rX register should be marked as used\nin the compute_insn_live_regs() function. Fix this.", "score": 7.8, "severity": "HIGH", "published": "2026-05-08T14:16:40.700Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43321", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 38.2}, {"id": "CVE-2026-43324", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: dummy-hcd: Fix interrupt synchronization error\n\nThis fixes an error in synchronization in the dummy-hcd driver.  The\nerror has a somewhat involved history.  The synchronization mechanism\nwas introduced by commit 7dbd8f4cabd9 (...", "score": 7.8, "severity": "HIGH", "published": "2026-05-08T14:16:41.060Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43324", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 38.2}, {"id": "CVE-2026-43329", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: flowtable: strictly check for maximum number of actions\n\nThe maximum number of flowtable hardware offload actions in IPv6 is:\n\n* ethernet mangling (4 payload actions, 2 for each ethernet address)\n* SNAT (4 payload action...", "score": 7.8, "severity": "HIGH", "published": "2026-05-08T14:16:42.520Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43329", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 38.2}, {"id": "CVE-2026-43330", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: caam - fix overflow on long hmac keys\n\nWhen a key longer than block size is supplied, it is copied and then\nhashed into the real key.  The memory allocated for the copy needs to\nbe rounded to DMA cache alignment, as otherwi...", "score": 7.8, "severity": "HIGH", "published": "2026-05-08T14:16:42.650Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43330", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 38.2}, {"id": "CVE-2026-43332", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nthermal: core: Fix thermal zone device registration error path\n\nIf thermal_zone_device_register_with_trips() fails after registering\na thermal zone device, it needs to wait for the tz->removal completion\nlike thermal_zone_device_un...", "score": 7.8, "severity": "HIGH", "published": "2026-05-08T14:16:42.880Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43332", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 38.2}, {"id": "CVE-2026-43339", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: prevent possible UaF in addrconf_permanent_addr()\n\nThe mentioned helper try to warn the user about an exceptional\ncondition, but the message is delivered too late, accessing the ipv6\nafter its possible deletion.\n\nReorder the ...", "score": 7.8, "severity": "HIGH", "published": "2026-05-08T14:16:43.777Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43339", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 38.2}, {"id": "CVE-2026-41570", "description": "PHPUnit is a testing framework for PHP. In versions 12.5.21 and 13.1.5, PHPUnit forwards PHP INI settings to child processes (used for isolated/PHPT test execution) as -d name=value command-line arguments without neutralizing INI metacharacters. Because PHP's INI parser interprets \" as a string deli...", "score": 7.8, "severity": "HIGH", "published": "2026-05-08T15:16:40.420Z", "lastModified": "2026-05-08T19:45:25.910", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41570", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 38.2}, {"id": "CVE-2026-43352", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ni3c: mipi-i3c-hci: Correct RING_CTRL_ABORT handling in DMA dequeue\n\nThe logic used to abort the DMA ring contains several flaws:\n\n 1. The driver unconditionally issues a ring abort even when the ring has\n    already stopped.\n 2. Th...", "score": 7.8, "severity": "HIGH", "published": "2026-05-08T15:16:45.937Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43352", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 38.2}, {"id": "CVE-2026-43353", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ni3c: mipi-i3c-hci: Fix race in DMA ring dequeue\n\nThe HCI DMA dequeue path (hci_dma_dequeue_xfer()) may be invoked for\nmultiple transfers that timeout around the same time.  However, the\nfunction is not serialized and can race with ...", "score": 7.8, "severity": "HIGH", "published": "2026-05-08T15:16:46.043Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43353", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 38.2}, {"id": "CVE-2026-43366", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/kbuf: check if target buffer list is still legacy on recycle\n\nThere's a gap between when the buffer was grabbed and when it\npotentially gets recycled, where if the list is empty, someone could've\nupgraded it to a ring prov...", "score": 7.8, "severity": "HIGH", "published": "2026-05-08T15:16:47.623Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43366", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 38.2}, {"id": "CVE-2026-43368", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915: Fix potential overflow of shmem scatterlist length\n\nWhen a scatterlists table of a GEM shmem object of size 4 GB or more is\npopulated with pages allocated from a folio, unsigned int .length\nattribute of a scatterlist may ...", "score": 7.8, "severity": "HIGH", "published": "2026-05-08T15:16:47.840Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43368", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 38.2}, {"id": "CVE-2026-43370", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix use-after-free race in VM acquire\n\nReplace non-atomic vm->process_info assignment with cmpxchg()\nto prevent race when parent/child processes sharing a drm_file\nboth try to acquire the same VM after fork().\n\n(cherry ...", "score": 7.8, "severity": "HIGH", "published": "2026-05-08T15:16:48.067Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43370", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 38.2}, {"id": "CVE-2026-43374", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: nexthop: fix percpu use-after-free in remove_nh_grp_entry\n\nWhen removing a nexthop from a group, remove_nh_grp_entry() publishes\nthe new group via rcu_assign_pointer() then immediately frees the\nremoved entry's percpu stats wi...", "score": 7.8, "severity": "HIGH", "published": "2026-05-08T15:16:48.547Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43374", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 38.2}, {"id": "CVE-2026-43408", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nceph: add a bunch of missing ceph_path_info initializers\n\nceph_mdsc_build_path() must be called with a zero-initialized\nceph_path_info parameter, or else the following\nceph_mdsc_free_path_info() may crash.\n\nExample crash (on Linux ...", "score": 7.8, "severity": "HIGH", "published": "2026-05-08T15:16:52.397Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43408", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 38.2}, {"id": "CVE-2026-43433", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nrust_binder: avoid reading the written value in offsets array\n\nWhen sending a transaction, its offsets array is first copied into the\ntarget proc's vma, and then the values are read back from there. This is\nnormally fine because th...", "score": 7.8, "severity": "HIGH", "published": "2026-05-08T15:16:55.607Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43433", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 38.2}, {"id": "CVE-2026-43434", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nrust_binder: check ownership before using vma\n\nWhen installing missing pages (or zapping them), Rust Binder will look\nup the vma in the mm by address, and then call vm_insert_page (or\nzap_page_range_single). However, if the vma is ...", "score": 7.8, "severity": "HIGH", "published": "2026-05-08T15:16:55.713Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43434", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 38.2}, {"id": "CVE-2026-43437", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: pcm: fix use-after-free on linked stream runtime in snd_pcm_drain()\n\nIn the drain loop, the local variable 'runtime' is reassigned to a\nlinked stream's runtime (runtime = s->runtime at line 2157).  After\nreleasing the stream ...", "score": 7.8, "severity": "HIGH", "published": "2026-05-08T15:16:56.037Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43437", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 38.2}, {"id": "CVE-2026-43438", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched_ext: Remove redundant css_put() in scx_cgroup_init()\n\nThe iterator css_for_each_descendant_pre() walks the cgroup hierarchy\nunder cgroup_lock(). It does not increment the reference counts on\nyielded css structs.\n\nAccording to...", "score": 7.8, "severity": "HIGH", "published": "2026-05-08T15:16:56.160Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43438", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 38.2}, {"id": "CVE-2026-43447", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\niavf: fix PTP use-after-free during reset\n\nCommit 7c01dbfc8a1c5f (\"iavf: periodically cache PHC time\") introduced a\nworker to cache PHC time, but failed to stop it during reset or disable.\n\nThis creates a race condition where `iavf...", "score": 7.8, "severity": "HIGH", "published": "2026-05-08T15:16:57.217Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43447", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 38.2}, {"id": "CVE-2026-43454", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: Fix for duplicate device in netdev hooks\n\nWhen handling NETDEV_REGISTER notification, duplicate device\nregistration must be avoided since the device may have been added by\nnft_netdev_hook_alloc() already when ...", "score": 7.8, "severity": "HIGH", "published": "2026-05-08T15:16:58.160Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43454", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 38.2}, {"id": "CVE-2026-43456", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbonding: fix type confusion in bond_setup_by_slave()\n\nkernel BUG at net/core/skbuff.c:2306!\nOops: invalid opcode: 0000 [#1] SMP KASAN NOPTI\nRIP: 0010:pskb_expand_head+0xa08/0xfe0 net/core/skbuff.c:2306\nRSP: 0018:ffffc90004aff760 EF...", "score": 7.8, "severity": "HIGH", "published": "2026-05-08T15:16:58.387Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43456", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 38.2}, {"id": "CVE-2026-43461", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: amlogic: spifc-a4: Fix DMA mapping error handling\n\nFix three bugs in aml_sfc_dma_buffer_setup() error paths:\n1. Unnecessary goto: When the first DMA mapping (sfc->daddr) fails,\n   nothing needs cleanup. Use direct return inste...", "score": 7.8, "severity": "HIGH", "published": "2026-05-08T15:16:58.977Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43461", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 38.2}, {"id": "CVE-2026-42301", "description": "pyp2spec generates working Fedora RPM spec file for Python projects. Prior to version 0.14.1, pyp2spec was writing PyPI package metadata (e.g. the summary field) into the generated spec file without escaping RPM macro directives. When a packager then runs rpmbuild, those directives get evaluated, so...", "score": 7.8, "severity": "HIGH", "published": "2026-05-09T04:16:25.923Z", "lastModified": "2026-05-13T16:49:32.233", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42301", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 38.2}, {"id": "CVE-2026-42311", "description": "Pillow is a Python imaging library. From version 10.3.0 to before version 12.2.0, processing a malicious PSD file could lead to memory corruption, potentially resulting in a crash or arbitrary code execution. This issue has been patched in version 12.2.0.", "score": 7.8, "severity": "HIGH", "published": "2026-05-09T06:16:10.430Z", "lastModified": "2026-05-14T20:27:45.590", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42311", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 38.2}, {"id": "CVE-2021-47945", "description": "Argus Surveillance DVR 4.0 contains an unquoted service path vulnerability in the DVRWatchdog service that allows local attackers to escalate privileges by exploiting the service binary path. Attackers can place a malicious executable in the Program Files directory to be executed with LocalSystem pr...", "score": 7.8, "severity": "HIGH", "published": "2026-05-10T13:16:30.897Z", "lastModified": "2026-05-13T15:30:24.603", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47945", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 38.2}, {"id": "CVE-2026-42926", "description": "When NGINX Open Source is configured to proxy HTTP/2 traffic by setting proxy_http_version\u00a0to 2, and also uses proxy_set_body, an attacker may be able to inject frame headers and payload bytes to the upstream peer.\u00a0 Note: Software versions which have reached End of Technical Support (EoTS) are not e...", "score": 5.8, "severity": "MEDIUM", "published": "2026-05-13T16:16:49.640Z", "lastModified": "2026-05-13T16:27:11.127", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42926", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 38.2}, {"id": "CVE-2026-44002", "description": "vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, vm2's CallSite wrapper class (intended as a safe wrapper for V8's native CallSite) blocks getThis() and getFunction() to prevent host object leakage, but allows getFileName() to return unsanitized host absolute paths. Any sandboxed code ...", "score": 5.8, "severity": "MEDIUM", "published": "2026-05-13T18:16:16.857Z", "lastModified": "2026-05-14T15:23:29.507", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44002", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 38.2}, {"id": "CVE-2026-42581", "description": "Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, HttpObjectDecoder strips a conflicting Content-Length header when a request carries both Transfer-Encoding: chunked and Content-Length, but only for HTTP/1.1 messages. The guard is absent f...", "score": 5.8, "severity": "MEDIUM", "published": "2026-05-13T19:17:23.627Z", "lastModified": "2026-05-14T16:26:50.047", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42581", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 38.2}, {"id": "CVE-2026-3160", "description": "GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to view Jira issues outside the configured project scope due to an integration filter functioning only as a disp...", "score": 5.8, "severity": "MEDIUM", "published": "2026-05-14T06:16:22.657Z", "lastModified": "2026-05-14T16:20:43.240", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3160", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 38.2}, {"id": "CVE-2026-44312", "description": "css_parser is a Ruby CSS parser. Prior to 2.1.0 and 1.22.0, the CSS Parser gem does not validate HTTPS connections, allowing a Man-in-the-Middle (MITM) attacker to inject or modify CSS content when stylesheets are loaded via HTTPS. The connection is established with OpenSSL::SSL::VERIFY_NONE, meanin...", "score": 5.8, "severity": "MEDIUM", "published": "2026-05-14T17:16:22.393Z", "lastModified": "2026-05-14T18:13:33.660", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44312", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 38.2}, {"id": "CVE-2026-34342", "description": "Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Print Spooler Components allows an authorized attacker to elevate privileges locally.", "score": 7.0, "severity": "HIGH", "published": "2026-05-12T18:17:08.640Z", "lastModified": "2026-05-14T14:59:29.583", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34342", "is_exploited": false, "epss": 0, "vendor": "WINDOWS", "mts_score": 38.0}, {"id": "CVE-2026-7818", "description": "Deserialization of untrusted data (CWE-502) in pgAdmin 4 FileBackedSessionManager.\n\nThe session manager performed unsafe deserialization of session-file contents (using Python's standard object-serialization module) before performing any HMAC integrity check. Any file dropped into the sessions direc...", "score": 7.0, "severity": "HIGH", "published": "2026-05-11T16:17:38.847Z", "lastModified": "2026-05-13T15:34:13.237", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7818", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 38.0}, {"id": "CVE-2026-33839", "description": "Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.", "score": 7.0, "severity": "HIGH", "published": "2026-05-12T18:17:06.007Z", "lastModified": "2026-05-14T14:44:16.780", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33839", "is_exploited": false, "epss": 0, "vendor": "WINDOWS", "mts_score": 38.0}, {"id": "CVE-2026-34331", "description": "Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.", "score": 7.0, "severity": "HIGH", "published": "2026-05-12T18:17:06.943Z", "lastModified": "2026-05-14T15:26:36.233", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34331", "is_exploited": false, "epss": 0, "vendor": "WINDOWS", "mts_score": 38.0}, {"id": "CVE-2026-34340", "description": "Use after free in Windows Projected File System allows an authorized attacker to elevate privileges locally.", "score": 7.0, "severity": "HIGH", "published": "2026-05-12T18:17:08.303Z", "lastModified": "2026-05-14T15:12:46.383", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34340", "is_exploited": false, "epss": 0, "vendor": "WINDOWS", "mts_score": 38.0}, {"id": "CVE-2026-34341", "description": "Double free in Windows Link-Layer Discovery Protocol (LLDP) allows an authorized attacker to elevate privileges locally.", "score": 7.0, "severity": "HIGH", "published": "2026-05-12T18:17:08.457Z", "lastModified": "2026-05-14T15:00:43.037", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34341", "is_exploited": false, "epss": 0, "vendor": "WINDOWS", "mts_score": 38.0}, {"id": "CVE-2026-34345", "description": "Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.", "score": 7.0, "severity": "HIGH", "published": "2026-05-12T18:17:09.190Z", "lastModified": "2026-05-14T17:46:59.393", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34345", "is_exploited": false, "epss": 0, "vendor": "WINDOWS", "mts_score": 38.0}, {"id": "CVE-2026-34347", "description": "Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.", "score": 7.0, "severity": "HIGH", "published": "2026-05-12T18:17:09.360Z", "lastModified": "2026-05-14T17:45:54.743", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34347", "is_exploited": false, "epss": 0, "vendor": "WINDOWS", "mts_score": 38.0}, {"id": "CVE-2026-35416", "description": "Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.", "score": 7.0, "severity": "HIGH", "published": "2026-05-12T18:17:11.940Z", "lastModified": "2026-05-14T15:55:54.047", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35416", "is_exploited": false, "epss": 0, "vendor": "WINDOWS", "mts_score": 38.0}, {"id": "CVE-2026-40410", "description": "Use after free in Windows SMB Client allows an authorized attacker to elevate privileges locally.", "score": 7.0, "severity": "HIGH", "published": "2026-05-12T18:17:18.990Z", "lastModified": "2026-05-13T15:34:52.573", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40410", "is_exploited": false, "epss": 0, "vendor": "WINDOWS", "mts_score": 38.0}, {"id": "CVE-2026-42825", "description": "Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.", "score": 7.0, "severity": "HIGH", "published": "2026-05-12T18:17:25.293Z", "lastModified": "2026-05-14T14:26:04.703", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42825", "is_exploited": false, "epss": 0, "vendor": "WINDOWS", "mts_score": 38.0}, {"id": "CVE-2026-41688", "description": "Wallos is an open-source, self-hostable personal subscription tracker. In versions 4.8.4 and prior, the incomplete SSRF fix in Wallos validates webhook URLs via gethostbyname() but passes the original hostname to cURL without CURLOPT_RESOLVE pinning on 10 of 11 outbound HTTP endpoints, leaving a DNS...", "score": 7.7, "severity": "HIGH", "published": "2026-05-07T15:16:09.253Z", "lastModified": "2026-05-07T15:45:05.947", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41688", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 37.8}, {"id": "CVE-2026-41905", "description": "FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, Helper::sanitizeRemoteUrl() in app/Misc/Helper.php follows HTTP redirects via curlGetLastRedirectedUrl() but then re-validates the original URL instead of the final redirect destination. An a...", "score": 7.7, "severity": "HIGH", "published": "2026-05-07T19:16:01.220Z", "lastModified": "2026-05-07T21:16:29.870", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41905", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 37.8}, {"id": "CVE-2026-42345", "description": "FastGPT is an AI Agent building platform. In versions 4.14.11 and prior, FastGPT's isInternalAddress() function in packages/service/common/system/utils.ts blocks cloud metadata endpoints using a fullUrl.startsWith() check against a hardcoded list. This check can be bypassed using at least 7 differen...", "score": 7.7, "severity": "HIGH", "published": "2026-05-08T23:16:37.320Z", "lastModified": "2026-05-12T16:40:21.437", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42345", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 37.8}, {"id": "CVE-2026-44520", "description": "Docling-Graph turns documents into validated Pydantic objects, then builds a directed knowledge graph with explicit semantic relationships. Prior to 1.5.1, the URLInputHandler class in docling_graph/core/input/handlers.py makes HTTP requests to user-supplied URLs without validating whether the targe...", "score": 5.7, "severity": "MEDIUM", "published": "2026-05-14T18:16:50.010Z", "lastModified": "2026-05-14T18:27:25.110", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44520", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 37.8}, {"id": "CVE-2025-14543", "description": "Improper Restriction of XML External Entity Reference vulnerability in Connext Professional (Core Libraries) allows Serialized Data External Linking.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.1, from 6.1.0 before 6.1.*, from 6.0.0 before 6.0.*, from 5.3...", "score": 9.1, "severity": "CRITICAL", "published": "2026-04-30T16:16:40.420Z", "lastModified": "2026-05-04T13:02:38.027", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14543", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 37.4}, {"id": "CVE-2026-7482", "description": "Ollama before 0.17.1 contains a heap out-of-bounds read vulnerability in the GGUF model loader. The /api/create endpoint accepts an attacker-supplied GGUF file in which the declared tensor offset and size exceed the file's actual length; during quantization in fs/ggml/gguf.go and server/quantization...", "score": 9.1, "severity": "CRITICAL", "published": "2026-05-04T13:16:01.727Z", "lastModified": "2026-05-11T12:27:11.917", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7482", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 37.4}, {"id": "CVE-2026-40682", "description": "XML External Entity (XXE) via Unsanitized Dictionary Parsing in Apache OpenNLP DictionaryEntryPersistor\n\n\nVersions Affected: before 2.5.9, before 3.0.0-M3\n\n\nDescription: The DictionaryEntryPersistor class initializes a static SAXParserFactory at class-load time without enabling FEATURE_SECURE_PROCES...", "score": 9.1, "severity": "CRITICAL", "published": "2026-05-04T17:16:23.657Z", "lastModified": "2026-05-06T18:00:49.673", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40682", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 37.4}, {"id": "CVE-2026-43534", "description": "OpenClaw before 2026.4.10 contains an input validation vulnerability that allows external hook metadata to be enqueued as trusted system events. Attackers can supply malicious hook names to escalate untrusted input into higher-trust agent context.", "score": 9.1, "severity": "CRITICAL", "published": "2026-05-05T12:16:19.750Z", "lastModified": "2026-05-07T01:53:35.683", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43534", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 37.4}, {"id": "CVE-2026-43566", "description": "OpenClaw versions 2026.4.7 before 2026.4.14 contain a privilege escalation vulnerability where heartbeat owner downgrade logic skips webhook wake events carrying untrusted content. Attackers can exploit this by sending untrusted webhook wake events to preserve owner-like execution context when the r...", "score": 9.1, "severity": "CRITICAL", "published": "2026-05-05T12:16:20.040Z", "lastModified": "2026-05-07T01:53:09.827", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43566", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 37.4}, {"id": "CVE-2026-34408", "description": "An issue was discovered in Gambio 4.9.2.0 (patched in 2024-02 v1.0.0 for GX4 v4.0.0.0 to v4.9.2.0). The password reset function can be bypassed to set arbitrary passwords for arbitrary accounts if the ID is known.", "score": 9.1, "severity": "CRITICAL", "published": "2026-05-05T14:16:08.623Z", "lastModified": "2026-05-06T18:16:03.223", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34408", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 37.4}, {"id": "CVE-2026-36356", "description": "The GoAhead web server on MeiG Smart FORGE_SLT711 devices (firmware MDM9607.LE.1.0-00110-STD.PROD-1) allows unauthenticated OS command injection via the /action/SetRemoteAccessCfg endpoint.", "score": 9.1, "severity": "CRITICAL", "published": "2026-05-05T14:16:08.873Z", "lastModified": "2026-05-07T15:53:49.717", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-36356", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 37.4}, {"id": "CVE-2026-43071", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndcache: Limit the minimal number of bucket to two\n\nThere is an OOB read problem on dentry_hashtable when user sets\n'dhash_entries=1':\n  BUG: unable to handle page fault for address: ffff888b30b774b0\n  #PF: supervisor read access in...", "score": 9.1, "severity": "CRITICAL", "published": "2026-05-05T16:16:16.420Z", "lastModified": "2026-05-08T13:16:37.870", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43071", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 37.4}, {"id": "CVE-2026-40010", "description": "Missing invocation of Servlet http web request method changeSessionId after session binding can be exploited for a\u00a0session fixation attack in Apache Wicket.\n\nThis issue affects Apache Wicket: from 8.0.0 through 8.17.0, 9.0.0, from 10.0.0 through 10.8.0.\n\nUsers are recommended to upgrade to version 1...", "score": 9.1, "severity": "CRITICAL", "published": "2026-05-06T10:16:20.093Z", "lastModified": "2026-05-07T13:16:10.557", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40010", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 37.4}, {"id": "CVE-2026-43083", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ioam6: fix OOB and missing lock\n\nWhen trace->type.bit6 is set:\n\n    if (trace->type.bit6) {\n        ...\n        queue = skb_get_tx_queue(dev, skb);\n        qdisc = rcu_dereference(queue->qdisc);\n\nThis code can lead to an out-o...", "score": 9.1, "severity": "CRITICAL", "published": "2026-05-06T10:16:21.493Z", "lastModified": "2026-05-08T13:16:38.550", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43083", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 37.4}, {"id": "CVE-2026-43117", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: tracepoints: get correct superblock from dentry in event btrfs_sync_file()\n\nIf overlay is used on top of btrfs, dentry->d_sb translates to overlay's\nsuper block and fsid assignment will lead to a crash.\n\nUse file_inode(file)...", "score": 9.1, "severity": "CRITICAL", "published": "2026-05-06T10:16:25.513Z", "lastModified": "2026-05-08T17:43:39.250", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43117", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 37.4}, {"id": "CVE-2026-43197", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetconsole: avoid OOB reads, msg is not nul-terminated\n\nmsg passed to netconsole from the console subsystem is not guaranteed\nto be nul-terminated. Before recent\ncommit 7eab73b18630 (\"netconsole: convert to NBCON console infrastruc...", "score": 9.1, "severity": "CRITICAL", "published": "2026-05-06T12:16:38.740Z", "lastModified": "2026-05-11T20:11:44.147", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43197", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 37.4}, {"id": "CVE-2026-5081", "description": "Apache::Session::Generate::ModUniqueId versions from 1.54 through 1.94 for Perl session ids are insecure.\n\nApache::Session::Generate::ModUniqueId (added in version 1.54) uses the value of the UNIQUE_ID environment variable for the session id. The UNIQUE_ID variable is set by the Apache mod_unique_id...", "score": 9.1, "severity": "CRITICAL", "published": "2026-05-06T13:16:09.833Z", "lastModified": "2026-05-07T14:52:27.380", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5081", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 37.4}, {"id": "CVE-2026-43578", "description": "OpenClaw versions 2026.3.31 before 2026.4.10 contain a privilege escalation vulnerability where heartbeat owner downgrade detection misses local background async exec completion events. Attackers can exploit this by providing untrusted completion content to leave a run in a more privileged context t...", "score": 9.1, "severity": "CRITICAL", "published": "2026-05-06T20:16:33.510Z", "lastModified": "2026-05-07T17:04:24.023", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43578", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 37.4}, {"id": "CVE-2025-68060", "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPMart Team Member allows Blind SQL Injection.\n\nThis issue affects Team Member: from n/a through 8.5.", "score": 7.6, "severity": "HIGH", "published": "2026-05-07T09:16:26.640Z", "lastModified": "2026-05-07T14:00:48.567", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68060", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 37.4}, {"id": "CVE-2026-41904", "description": "FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, a user with updateAutoReply permission can store an XSS payload in the mailbox auto-reply message. The payload is rendered unescaped in the auto-reply email sent to every customer who contact...", "score": 7.6, "severity": "HIGH", "published": "2026-05-07T19:16:01.087Z", "lastModified": "2026-05-07T20:16:43.753", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41904", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 37.4}, {"id": "CVE-2026-43510", "description": "manage.get.gov is the .gov TLD registrar maintained by CISA. manage.get.gov allows an organization administrator to assign domain manager privileges for domains not already in another organization. Fixed in 1.176.0 on or around 2026-04-30.", "score": 7.6, "severity": "HIGH", "published": "2026-05-07T20:16:44.753Z", "lastModified": "2026-05-07T20:32:03.640", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43510", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 37.4}, {"id": "CVE-2026-43350", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: require a full NFS mode SID before reading mode bits\n\nparse_dacl() treats an ACE SID matching sid_unix_NFS_mode as an NFS\nmode SID and reads sid.sub_auth[2] to recover the mode bits.\n\nThat assumes the ACE carries three...", "score": 7.6, "severity": "HIGH", "published": "2026-05-08T14:16:45.123Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43350", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 37.4}, {"id": "CVE-2026-42224", "description": "ipl/web is a set of common web components for php projects. Prior to version 0.13.1, the vulnerability allows an attacker to inject malicious Javascript into a victim's browser to run it in the context of Icinga Web. The victim needs to visit a specifically prepared website and may have no immediate...", "score": 7.6, "severity": "HIGH", "published": "2026-05-08T23:16:35.990Z", "lastModified": "2026-05-13T16:49:32.233", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42224", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 37.4}, {"id": "CVE-2025-29338", "description": "NXP moal.ko Wi-Fi driver 5.1.7.10 FW version from v17.92.1.p149.43 To v17.92.1.p149.157 was discovered to contain a buffer overflow via the mod_para parameter in the woal_init_module_param function.", "score": 5.6, "severity": "MEDIUM", "published": "2026-05-13T16:16:35.190Z", "lastModified": "2026-05-14T16:16:19.160", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-29338", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 37.4}, {"id": "CVE-2026-42312", "description": "pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the set_config_value() API method (@permission(Perms.SETTINGS)) in src/pyload/core/api/__init__.py gates security-sensitive options behind a hand-maintained allowlist ADMIN_ONLY_CORE_OPTIONS. The option (\"g...", "score": 6.8, "severity": "MEDIUM", "published": "2026-05-11T18:16:34.833Z", "lastModified": "2026-05-13T17:26:28.013", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42312", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 37.2}, {"id": "CVE-2026-45025", "description": "WeGIA is a web manager for charitable institutions. In versions prior to 3.7.3, a Stored Cross-Site Scripting (XSS) vulnerability allows an authenticated user to inject malicious JavaScript into the \"Etapas de um Processo\" (html/atendido/etapa_processo.php) page, which is executed when user access t...", "score": 6.8, "severity": "MEDIUM", "published": "2026-05-11T20:25:46.907Z", "lastModified": "2026-05-13T17:03:32.490", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45025", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 37.2}, {"id": "CVE-2026-45026", "description": "WeGIA is a web manager for charitable institutions. In versions prior to 3.7.3, a Stored Cross-Site Scripting (XSS) vulnerability allows an authenticated user to inject malicious JavaScript into the Processo de Aceita\u00e7\u00e3o (html/atendido/processo_aceitacao.php) page, which is executed when user access...", "score": 6.8, "severity": "MEDIUM", "published": "2026-05-11T20:25:47.070Z", "lastModified": "2026-05-13T17:03:32.490", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45026", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 37.2}, {"id": "CVE-2026-43875", "description": "WWBN AVideo is an open source video platform. In versions up to and including 29.0, plugin/MobileManager/oauth2.php completes an OAuth login by sending an HTTP 302 Location: oauth2Success.php?user=<email>&pass=<HASH> where <HASH> is the victim's stored password hash (md5(hash(\"whirlpool\", sha1(passw...", "score": 6.8, "severity": "MEDIUM", "published": "2026-05-11T22:22:11.843Z", "lastModified": "2026-05-12T14:50:18.527", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43875", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 37.2}, {"id": "CVE-2026-43901", "description": "Wireshark MCP is an MCP Server that turns tshark into a structured analysis interface, then layers in optional Wireshark suite utilities. In 1.1.5 and earlier, wireshark-mcp exposes a wireshark_export_objects MCP tool that accepts an attacker-controlled dest_dir parameter and passes it to tshark's -...", "score": 6.8, "severity": "MEDIUM", "published": "2026-05-11T23:20:21.697Z", "lastModified": "2026-05-13T16:16:52.987", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43901", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 37.2}, {"id": "CVE-2026-43911", "description": "Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.35.5, refresh tokens are not invalidated when the user's security_stamp is rotated by some security-sensitive operations (password change, KDF change, key rotation, email change, org admin password reset, emergency access takeo...", "score": 6.8, "severity": "MEDIUM", "published": "2026-05-11T23:20:21.837Z", "lastModified": "2026-05-13T15:40:16.613", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43911", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 37.2}, {"id": "CVE-2025-40948", "description": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.1), RUGGEDCOM ROX MX5000RE (All versions < V2.17.1), RUGGEDCOM ROX RX1400 (All versions < V2.17.1), RUGGEDCOM ROX RX1500 (All versions < V2.17.1), RUGGEDCOM ROX RX1501 (All versions < V2.17.1), RUGGEDCOM ROX RX1510 (Al...", "score": 6.8, "severity": "MEDIUM", "published": "2026-05-12T10:16:43.203Z", "lastModified": "2026-05-12T14:19:41.400", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40948", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 37.2}, {"id": "CVE-2026-33603", "description": "Attacker can use a specially crafted base64 exchange between Dovecot and Client to fake SCRAM TLS channel binding. This requires that the attacker is able to position itself between Dovecot and the client connection. If successful, the attacker can eavesdrop communications between Dovecot and client...", "score": 6.8, "severity": "MEDIUM", "published": "2026-05-12T14:17:01.600Z", "lastModified": "2026-05-12T15:08:22.857", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33603", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 37.2}, {"id": "CVE-2026-44305", "description": "Lemur manages TLS certificate creation. Prior to 1.9.0, when LDAP TLS is enabled (LDAP_USE_TLS = True), Lemur's LDAP authentication module unconditionally disables TLS certificate verification at the global ldap module level. This allows a man-in-the-middle attacker positioned between Lemur and the ...", "score": 6.8, "severity": "MEDIUM", "published": "2026-05-12T22:16:37.280Z", "lastModified": "2026-05-13T17:24:36.160", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44305", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 37.2}, {"id": "CVE-2026-42370", "description": "A stack overflow vulnerability exists in the WebCam Server Login functionality of GeoVision GV-VMS V20 20.0.2. A specially crafted HTTP request can lead to an arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability.", "score": 9.0, "severity": "CRITICAL", "published": "2026-05-04T01:16:04.310Z", "lastModified": "2026-05-05T02:42:39.910", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42370", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 37.0}, {"id": "CVE-2026-7372", "description": "A stack overflow vulnerability exists in the WebCam Server Login functionality of GeoVision GV-VMS V20 20.0.2. A specially crafted HTTP request can lead to an arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability.\n\n#### Stack-overflow via uncons...", "score": 9.0, "severity": "CRITICAL", "published": "2026-05-04T01:16:04.730Z", "lastModified": "2026-05-05T02:38:55.450", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7372", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 37.0}, {"id": "CVE-2026-40981", "description": "When using Google Secrets Manager as a backend for the Spring Cloud Config server a client can craft a request to the config server potentially exposing secrets from unintended GCP projects.\nSpring Cloud Config 3.1.x: affected from 3.1.0 through 3.1.13 (inclusive); upgrade to 3.1.14 or greater (Ente...", "score": 7.5, "severity": "HIGH", "published": "2026-05-07T04:16:24.607Z", "lastModified": "2026-05-12T20:34:01.130", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40981", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 37.0}, {"id": "CVE-2026-41640", "description": "NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to version 2.0.39, the queryParentSQL() function in the core database package constructs a recursive CTE query by joining nodeIds with string concatenation instead of using paramete...", "score": 7.5, "severity": "HIGH", "published": "2026-05-07T04:16:28.277Z", "lastModified": "2026-05-12T16:51:23.737", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41640", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 37.0}, {"id": "CVE-2026-4348", "description": "The BetterDocs Pro plugin for WordPress is vulnerable to SQL Injection via the `get_current_letter_docs` and `docs_sort_by_letter` AJAX actions in all versions up to, and including, 3.7.0. This is due to the `limit` POST parameter being interpolated directly into a SQL query string before being pass...", "score": 7.5, "severity": "HIGH", "published": "2026-05-07T06:16:05.240Z", "lastModified": "2026-05-07T14:00:05.650", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4348", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 37.0}, {"id": "CVE-2026-6805", "description": "Vulnerability on the external sharing feature in Cryptobox allows an attacker knowing a sharing link URL to retrieve information from the server allowing an offline brute-force attack of the access code associated to this sharing link.", "score": 7.5, "severity": "HIGH", "published": "2026-05-07T10:16:06.340Z", "lastModified": "2026-05-11T16:37:56.233", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6805", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 37.0}, {"id": "CVE-2026-41642", "description": "GoBGP is an open source Border Gateway Protocol (BGP) implementation in the Go Programming Language. In version 4.3.0, a remote Denial of Service (DoS) vulnerability exists in GoBGP due to a nil pointer dereference. When a malformed BGP UPDATE message contains an unrecognized Path Attribute marked a...", "score": 7.5, "severity": "HIGH", "published": "2026-05-07T12:16:17.460Z", "lastModified": "2026-05-07T19:46:05.597", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41642", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 37.0}, {"id": "CVE-2026-41643", "description": "GoBGP is an open source Border Gateway Protocol (BGP) implementation in the Go Programming Language. Prior to version 4.3.0, a remote Denial of Service (DoS) vulnerability exists in GoBGP where a malformed BGP UPDATE message can trigger a runtime error: index out of range panic. This occurs during t...", "score": 7.5, "severity": "HIGH", "published": "2026-05-07T12:16:17.623Z", "lastModified": "2026-05-07T19:43:46.187", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41643", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 37.0}, {"id": "CVE-2026-42285", "description": "GoBGP is an open source Border Gateway Protocol (BGP) implementation in the Go Programming Language. In version 4.4.0, an unauthenticated remote BGP peer can trigger a fatal panic in GoBGP by sending a specially crafted BGP UPDATE message. When the server receives a message with inconsistent attribu...", "score": 7.5, "severity": "HIGH", "published": "2026-05-07T12:16:18.180Z", "lastModified": "2026-05-11T15:22:48.177", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42285", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 37.0}, {"id": "CVE-2025-65122", "description": "Regex Denial of Service in youtube-regex npm package through version 1.0.5.", "score": 7.5, "severity": "HIGH", "published": "2026-05-07T16:16:17.810Z", "lastModified": "2026-05-07T18:50:20.783", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65122", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 37.0}, {"id": "CVE-2026-33811", "description": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash.", "score": 7.5, "severity": "HIGH", "published": "2026-05-07T20:16:42.770Z", "lastModified": "2026-05-12T20:23:02.333", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33811", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 37.0}, {"id": "CVE-2026-33814", "description": "When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.", "score": 7.5, "severity": "HIGH", "published": "2026-05-07T20:16:42.880Z", "lastModified": "2026-05-13T14:41:59.520", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33814", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 37.0}, {"id": "CVE-2026-39820", "description": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations.", "score": 7.5, "severity": "HIGH", "published": "2026-05-07T20:16:43.187Z", "lastModified": "2026-05-13T15:10:58.650", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39820", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 37.0}, {"id": "CVE-2026-39836", "description": "The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL (0).", "score": 7.5, "severity": "HIGH", "published": "2026-05-07T20:16:43.593Z", "lastModified": "2026-05-13T15:11:10.310", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39836", "is_exploited": false, "epss": 0, "vendor": "WINDOWS", "mts_score": 37.0}, {"id": "CVE-2026-42499", "description": "Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322.", "score": 7.5, "severity": "HIGH", "published": "2026-05-07T20:16:44.540Z", "lastModified": "2026-05-13T16:59:17.563", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42499", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 37.0}, {"id": "CVE-2026-42501", "description": "A malicious module proxy can exploit a flaw in the go command's validation of module checksums to bypass checksum database validation. This vulnerability affects any user using an untrusted module proxy (GOMODPROXY) or checksum database (GOSUMDB). A malicious module proxy can serve altered versions ...", "score": 7.5, "severity": "HIGH", "published": "2026-05-07T20:16:44.643Z", "lastModified": "2026-05-13T16:59:42.223", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42501", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 37.0}, {"id": "CVE-2026-26129", "description": "Improper neutralization of special elements in M365 Copilot allows an unauthorized attacker to disclose information over a network.", "score": 7.5, "severity": "HIGH", "published": "2026-05-07T22:16:33.607Z", "lastModified": "2026-05-08T19:53:02.500", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26129", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 37.0}, {"id": "CVE-2026-26164", "description": "Improper neutralization of special elements in output used by a downstream component ('injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network.", "score": 7.5, "severity": "HIGH", "published": "2026-05-07T22:16:33.773Z", "lastModified": "2026-05-08T19:53:26.070", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26164", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 37.0}, {"id": "CVE-2026-33111", "description": "Improper neutralization of special elements used in a command ('command injection') in Copilot Chat (Microsoft Edge) allows an unauthorized attacker to disclose information over a network.", "score": 7.5, "severity": "HIGH", "published": "2026-05-07T22:16:34.157Z", "lastModified": "2026-05-14T14:31:11.830", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33111", "is_exploited": false, "epss": 0, "vendor": "MICROSOFT", "mts_score": 37.0}, {"id": "CVE-2026-7541", "description": "A denial of service vulnerability was identified in GitHub Enterprise Server that allowed an unauthenticated attacker to cause service disruption by sending crafted requests with deeply nested JSON payloads to an unauthenticated API endpoint. The endpoint parsed user-controlled JSON request bodies w...", "score": 7.5, "severity": "HIGH", "published": "2026-05-07T22:16:36.917Z", "lastModified": "2026-05-11T17:19:36.250", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7541", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 37.0}, {"id": "CVE-2023-42346", "description": "Alkacon OpenCms before 16 allows XXE when the <!DOCTYPE> refers to an external host.", "score": 7.5, "severity": "HIGH", "published": "2026-05-08T05:16:09.850Z", "lastModified": "2026-05-11T20:20:58.467", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42346", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 37.0}, {"id": "CVE-2024-27686", "description": "Mikrotik RouterOS (x86) 6.40.5 through 6.49.10 (fixed in 7) allows a remote attacker to cause a denial of service (device crash) via crafted packet data to the SMB service on TCP port 445.", "score": 7.5, "severity": "HIGH", "published": "2026-05-08T06:16:09.003Z", "lastModified": "2026-05-08T16:02:14.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27686", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 37.0}, {"id": "CVE-2024-46508", "description": "yeti-platform yeti before 2.1.12 allows attackers to generate valid JWT tokens is the secret is not changed (by setting YETI_AUTH_SECRET_KEY to a value other than SECRET).", "score": 7.5, "severity": "HIGH", "published": "2026-05-08T06:16:09.963Z", "lastModified": "2026-05-08T19:58:25.380", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-46508", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 37.0}, {"id": "CVE-2026-41493", "description": "YARD is a Ruby Documentation tool. Prior to version 0.9.42, a path traversal vulnerability was discovered in YARD when using yard server to serve documentation. This bug would allow unsanitized HTTP requests to access arbitrary files on the machine of a yard server host under certain conditions. Thi...", "score": 7.5, "severity": "HIGH", "published": "2026-05-08T14:16:33.550Z", "lastModified": "2026-05-12T14:38:35.307", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41493", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 37.0}, {"id": "CVE-2026-43296", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteontx2-af: Workaround SQM/PSE stalls by disabling sticky\n\nNIX SQ manager sticky mode is known to cause stalls when multiple SQs\nshare an SMQ and transmit concurrently. Additionally, PSE may deadlock\non transitions between sticky...", "score": 7.5, "severity": "HIGH", "published": "2026-05-08T14:16:36.727Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43296", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 37.0}, {"id": "CVE-2026-43336", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nlib/crypto: chacha: Zeroize permuted_state before it leaves scope\n\nSince the ChaCha permutation is invertible, the local variable\n'permuted_state' is sufficient to compute the original 'state', and thus\nthe key, even after the perm...", "score": 7.5, "severity": "HIGH", "published": "2026-05-08T14:16:43.383Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43336", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 37.0}, {"id": "CVE-2026-43345", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ipa: fix event ring index not programmed for IPA v5.0+\n\nFor IPA v5.0+, the event ring index field moved from CH_C_CNTXT_0 to\nCH_C_CNTXT_1. The v5.0 register definition intended to define this\nfield in the CH_C_CNTXT_1 fmask ar...", "score": 7.5, "severity": "HIGH", "published": "2026-05-08T14:16:44.547Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43345", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 37.0}, {"id": "CVE-2026-43347", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: dts: qcom: monaco: Reserve full Gunyah metadata region\n\nWe observe spurious \"Synchronous External Abort\" exceptions\n(ESR=0x96000010) and kernel crashes on Monaco-based platforms.\nThese faults are caused by the kernel inadver...", "score": 7.5, "severity": "HIGH", "published": "2026-05-08T14:16:44.777Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43347", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 37.0}, {"id": "CVE-2026-44340", "description": "PraisonAI is a multi-agent teams system. Prior to version 4.6.37, the _safe_extractall helper that all recipe pull, recipe publish, and recipe unpack flows route through validates each archive member's name for absolute paths, .. segments, and resolved-path escape \u2014 but does not validate member.link...", "score": 7.5, "severity": "HIGH", "published": "2026-05-08T14:16:47.040Z", "lastModified": "2026-05-08T19:04:18.107", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44340", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 37.0}, {"id": "CVE-2026-38361", "description": "An issue in fohrloop dash-uploader v.0.1.0 through v.0.7.0a2 allows a remote attacker to execute arbitrary code via the dash_uploader/httprequesthandler.py, dash_uploader/upload.py in the Upload function and max_file_size parameter, dash_uploader/configure_upload.py components", "score": 7.5, "severity": "HIGH", "published": "2026-05-08T15:16:37.120Z", "lastModified": "2026-05-12T20:55:00.800", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-38361", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 37.0}, {"id": "CVE-2026-41584", "description": "ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.1 and prior to zebra-chain version 6.0.2, Orchard transactions contain a rk field which is a randomized validating key and also an elliptic curve point. The Zcash specification allows the field to be the identity (a \"zero\" v...", "score": 7.5, "severity": "HIGH", "published": "2026-05-08T15:16:41.240Z", "lastModified": "2026-05-08T18:21:13.283", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41584", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 37.0}, {"id": "CVE-2026-43373", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ncsi: fix skb leak in error paths\n\nEarly return paths in NCSI RX and AEN handlers fail to release\nthe received skb, resulting in a memory leak.\n\nSpecifically, ncsi_aen_handler() returns on invalid AEN packets\nwithout consuming...", "score": 7.5, "severity": "HIGH", "published": "2026-05-08T15:16:48.423Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43373", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 37.0}, {"id": "CVE-2026-43385", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: Fix rcu_tasks stall in threaded busypoll\n\nI was debugging a NIC driver when I noticed that when I enable\nthreaded busypoll, bpftrace hangs when starting up. dmesg showed:\n\n  rcu_tasks_wait_gp: rcu_tasks grace period number 85 ...", "score": 7.5, "severity": "HIGH", "published": "2026-05-08T15:16:49.830Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43385", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 37.0}, {"id": "CVE-2026-43405", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nlibceph: Use u32 for non-negative values in ceph_monmap_decode()\n\nThis patch fixes unnecessary implicit conversions that change signedness\nof blob_len and num_mon in ceph_monmap_decode().\nCurrently blob_len and num_mon are (signed)...", "score": 7.5, "severity": "HIGH", "published": "2026-05-08T15:16:52.013Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43405", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 37.0}, {"id": "CVE-2026-43441", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: bonding: Fix nd_tbl NULL dereference when IPv6 is disabled\n\nWhen booting with the 'ipv6.disable=1' parameter, the nd_tbl is never\ninitialized because inet6_init() exits before ndisc_init() is called\nwhich initializes it. If bo...", "score": 7.5, "severity": "HIGH", "published": "2026-05-08T15:16:56.523Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43441", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 37.0}, {"id": "CVE-2026-43462", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: spacemit: Fix error handling in emac_tx_mem_map()\n\nThe DMA mappings were leaked on mapping error. Free them with the\nexisting emac_free_tx_buf() function.", "score": 7.5, "severity": "HIGH", "published": "2026-05-08T15:16:59.080Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43462", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 37.0}, {"id": "CVE-2026-43464", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: RX, Fix XDP multi-buf frag counting for legacy RQ\n\nXDP multi-buf programs can modify the layout of the XDP buffer when the\nprogram calls bpf_xdp_pull_data() or bpf_xdp_adjust_tail(). The\nreferenced commit in the fixes ta...", "score": 7.5, "severity": "HIGH", "published": "2026-05-08T15:16:59.283Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43464", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 37.0}, {"id": "CVE-2026-43469", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nxprtrdma: Decrement re_receiving on the early exit paths\n\nIn the event that rpcrdma_post_recvs() fails to create a work request\n(due to memory allocation failure, say) or otherwise exits early, we\nshould decrement ep->re_receiving ...", "score": 7.5, "severity": "HIGH", "published": "2026-05-08T15:16:59.957Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43469", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 37.0}, {"id": "CVE-2026-44498", "description": "ZEBRA is a Zcash node written entirely in Rust. Prior to version 4.4.0, Zebra's block validator undercounts transparent signature operations against the 20000-sigop block limit (MAX_BLOCK_SIGOPS), allowing it to accept blocks that zcashd rejects with bad-blk-sigops. A miner who produces such a block...", "score": 7.5, "severity": "HIGH", "published": "2026-05-08T15:17:01.637Z", "lastModified": "2026-05-08T18:40:55.383", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44498", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 37.0}, {"id": "CVE-2026-29974", "description": "An issue was discovered in kosma minmea 0.3.0. The minmea_scan functions format specifier copies NMEA field data to a caller-provided buffer without a size parameter. Applications using minmea_scan on untrusted input are vulnerable to a stack buffer overflow.", "score": 7.5, "severity": "HIGH", "published": "2026-05-08T16:16:10.090Z", "lastModified": "2026-05-12T14:51:21.830", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29974", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 37.0}, {"id": "CVE-2026-29975", "description": "lwjson 1.8.1 contains an improper input validation vulnerability in the streaming JSON parser (lwjson_stream.c). The end-of-string detection logic incorrectly identifies escaped quote characters by only checking the immediately preceding character rather than counting consecutive backslashes, causin...", "score": 7.5, "severity": "HIGH", "published": "2026-05-08T16:16:10.213Z", "lastModified": "2026-05-12T14:51:21.830", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29975", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 37.0}, {"id": "CVE-2026-41886", "description": "locize is a localization platform that connects code and i18n setup. Prior to version 4.0.21, the locize client SDK registers a window.addEventListener(\"message\", \u2026) handler that dispatches to registered internal handlers (editKey, commitKey, commitKeys, isLocizeEnabled, requestInitialize, \u2026) withou...", "score": 7.5, "severity": "HIGH", "published": "2026-05-08T16:16:12.060Z", "lastModified": "2026-05-13T16:34:42.677", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41886", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 37.0}, {"id": "CVE-2026-6659", "description": "Crypt::PasswdMD5 versions through 1.42 for Perl generates insecure random values for salts.\n\nThe built-in rand function is predictable, and unsuitable for cryptography.", "score": 7.5, "severity": "HIGH", "published": "2026-05-08T18:16:34.183Z", "lastModified": "2026-05-12T16:45:18.893", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6659", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 37.0}, {"id": "CVE-2026-42189", "description": "Russh is a Rust SSH client & server library. Prior to version 0.60.1, a pre-authentication denial-of-service vulnerability exists in the server's keyboard-interactive authentication handler. A malicious client can crash any russh-based server that implements keyboard-interactive auth (e.g., for 2FA/...", "score": 7.5, "severity": "HIGH", "published": "2026-05-08T20:16:31.443Z", "lastModified": "2026-05-14T18:07:22.943", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42189", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 37.0}, {"id": "CVE-2026-42351", "description": "pygeoapi is a Python server implementation of the OGC API suite of standards. From version 0.23.0 to before version 0.23.3, a raw string path concatenation vulnerability in pygeoapi's STAC FileSystemProvider plugin can allow for requests to STAC collection based collections to expose directories wit...", "score": 7.5, "severity": "HIGH", "published": "2026-05-08T23:16:38.170Z", "lastModified": "2026-05-12T16:41:36.477", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42351", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 37.0}, {"id": "CVE-2026-6664", "description": "An integer overflow in network packet parsing code in PgBouncer before 1.25.2 bypasses a boundary check and can lead to a crash. An unauthenticated remote attacker can crash PgBouncer with a malformed SCRAM authentication packet.", "score": 7.5, "severity": "HIGH", "published": "2026-05-09T01:16:08.863Z", "lastModified": "2026-05-14T18:52:42.090", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6664", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 37.0}, {"id": "CVE-2026-41311", "description": "LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to version 10.25.7, a circular block reference in {% layout %} / {% block %} causes an infinite recursive loop, consuming all available memory (~4GB) and crashing the Node.js process with FATAL ERROR: JavaScrip...", "score": 7.5, "severity": "HIGH", "published": "2026-05-09T04:16:21.913Z", "lastModified": "2026-05-14T18:40:51.280", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41311", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 37.0}, {"id": "CVE-2026-42294", "description": "Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to versions 3.7.14 and 4.0.5, the Webhook Interceptor loads the entire request body into memory before authenticating the request or verifying its signature. This occurs on the /api...", "score": 7.5, "severity": "HIGH", "published": "2026-05-09T04:16:24.903Z", "lastModified": "2026-05-14T18:34:34.543", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42294", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 37.0}, {"id": "CVE-2026-42574", "description": "apko allows users to build and publish OCI container images built from apk packages. From version 0.14.8 to before version 1.2.5, a crafted .apk could install a TypeSymlink tar entry whose target pointed outside the build root, and a subsequent directory-creation or file-write entry in the same or l...", "score": 7.5, "severity": "HIGH", "published": "2026-05-09T20:16:29.420Z", "lastModified": "2026-05-13T15:23:57.230", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42574", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 37.0}, {"id": "CVE-2026-42575", "description": "apko allows users to build and publish OCI container images built from apk packages. Prior to version 1.2.7, apko verifies the signature on APKINDEX.tar.gz but never compares individually downloaded .apk packages against the checksum recorded in the signed index. The checksum is parsed and available...", "score": 7.5, "severity": "HIGH", "published": "2026-05-09T20:16:29.573Z", "lastModified": "2026-05-13T15:23:57.230", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42575", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 37.0}, {"id": "CVE-2026-7258", "description": "In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, some functions, including urldecode(), pass signed char to ctype functions (like\u00a0isxdigit()). On the systems with default signed char and optimized table-lookup ctype functions - such as NetBSD - t...", "score": 7.5, "severity": "HIGH", "published": "2026-05-10T05:16:11.360Z", "lastModified": "2026-05-12T17:41:43.347", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7258", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 37.0}, {"id": "CVE-2026-7262", "description": "In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, when a SOAP server has a typemap configured, the decoding process contains a mistake which checks the wrong variable in case of missing value element.\u00a0 This leads to\u00a0dereferences a NULL pointer, ca...", "score": 7.5, "severity": "HIGH", "published": "2026-05-10T05:16:11.780Z", "lastModified": "2026-05-12T17:39:15.740", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7262", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 37.0}, {"id": "CVE-2026-7568", "description": "In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, the metaphone() function in ext/standard/metaphone.c uses a signed int variable to track the current position within the input string. If a string longer than 2,147,483,647 bytes is passed, a signe...", "score": 7.5, "severity": "HIGH", "published": "2026-05-10T05:16:11.920Z", "lastModified": "2026-05-12T17:38:55.947", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7568", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 37.0}, {"id": "CVE-2026-7263", "description": "In PHP versions 8.4.* before 8.4.21 and 8.5.* before 8.5.6, DOMNode::C14N()\u00a0method may process the XML data incorrectly, causing a circular linked list in the data structure representing the XML document. This may cause subsequent processing of the XML document to enter infinite loop, causing denial...", "score": 7.5, "severity": "HIGH", "published": "2026-05-10T06:16:08.343Z", "lastModified": "2026-05-12T17:35:49.510", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7263", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 37.0}, {"id": "CVE-2021-47944", "description": "memono Notepad 4.2 contains a denial of service vulnerability that allows attackers to crash the application by pasting excessively long character buffers into note fields. Attackers can generate a payload containing 350000 repeated characters and paste it twice into a new note to trigger an applica...", "score": 7.5, "severity": "HIGH", "published": "2026-05-10T13:16:30.760Z", "lastModified": "2026-05-13T15:30:24.603", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47944", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 37.0}, {"id": "CVE-2026-45180", "description": "Catalyst::Plugin::Statsd versions through 0.10.0 for Perl may leak session ids.\n\nIf the communication channel to the statsd daemon is not secured (for example, by sending UDP packets to a host on another network), then users' session ids may be leaked.  This may allow an attacker to use session ids ...", "score": 7.5, "severity": "HIGH", "published": "2026-05-10T21:16:29.170Z", "lastModified": "2026-05-12T16:48:58.260", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45180", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 37.0}, {"id": "CVE-2026-8177", "description": "XML::LibXML versions through 2.0210 for Perl read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences.\n\nA node name ending in the middle of a multi byte UTF-8 sequence causes the parser to read past the end of the input string into adjacent heap memory.\n\nA...", "score": 7.5, "severity": "HIGH", "published": "2026-05-10T21:16:30.003Z", "lastModified": "2026-05-12T16:48:58.260", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8177", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 37.0}, {"id": "CVE-2026-21015", "description": "Incorrect default permissions in FactoryCamera prior to SMR May-2026 Release 1 allows local attacker to access unique identifier.", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-13T06:16:12.980Z", "lastModified": "2026-05-13T17:52:06.383", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21015", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 37.0}, {"id": "CVE-2026-21016", "description": "Incorrect privilege assignment in LocationManager prior to SMR May-2026 Release 1 allows local attackers to access sensitive information.", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-13T06:16:13.140Z", "lastModified": "2026-05-13T17:51:14.763", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21016", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 37.0}, {"id": "CVE-2026-21022", "description": "Improper handling of insufficient permissions in Routines prior to SMR May-2026 Release 1 allows local attackers to access sensitive information.", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-13T06:16:13.800Z", "lastModified": "2026-05-13T17:26:37.493", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21022", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 37.0}, {"id": "CVE-2025-14767", "description": "The WPC Badge Management for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'text' attribute of the `wpcbm_best_seller` shortcode in all versions up to, and including, 3.1.6 due to insufficient input sanitization and output escaping. This makes it possible for ...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-13T08:16:15.027Z", "lastModified": "2026-05-13T14:43:46.717", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14767", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 37.0}, {"id": "CVE-2020-37169", "description": "WordPress Plugin ultimate-member 2.1.3 contains a local file inclusion vulnerability that allows authenticated attackers to include arbitrary files by manipulating the pack parameter in class-admin-upgrade.php. Attackers can send POST requests with malicious pack values to include unintended PHP fil...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-13T16:16:32.747Z", "lastModified": "2026-05-13T17:07:21.030", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-37169", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 37.0}, {"id": "CVE-2020-37174", "description": "WOOF Products Filter for WooCommerce 1.2.3 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by entering XSS payloads in design tab textfields. Attackers can inject JavaScript code through fields like 'Text for block toggle' and ...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-13T16:16:32.880Z", "lastModified": "2026-05-13T17:07:21.030", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-37174", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 37.0}, {"id": "CVE-2024-51394", "description": "Buffer Overflow vulnerability in Ardupiot Copter Latest commit 92693e023793133e49a035daf37c14433e484778 allows a local attacker to cause a denial of service via the AP_MSP::loop, AP_MSP, AP_MSP.cpp components.", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-13T16:16:34.553Z", "lastModified": "2026-05-13T18:16:11.147", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51394", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 37.0}, {"id": "CVE-2026-44479", "description": "Vercel\u2019s AI Cloud is a unified platform for building modern applications. From 50.16.0 to 52.0.0,  hen the Vercel CLI runs in non-interactive mode (--non-interactive or auto-detected AI agent), commands that cannot complete autonomously emit JSON payloads with suggested follow-up commands. If the us...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-13T16:16:58.400Z", "lastModified": "2026-05-13T16:58:40.557", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44479", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 37.0}, {"id": "CVE-2026-43996", "description": "OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, the bounds check in TGAInput::decode_pixel computes k + palbytespp as unsigned 32-bit arithmetic. When k = 0xFFFFFFFC and palbytespp = 4, ...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-14T20:17:07.300Z", "lastModified": "2026-05-14T21:21:10.620", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43996", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 37.0}, {"id": "CVE-2026-26946", "description": "Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0,\u00a0contains an improper privilege management vulnerability in the OS. A high privileged attacker with local access could potentially exploit this vulnerability, leading to elevation of privileges.", "score": 6.7, "severity": "MEDIUM", "published": "2026-05-11T10:16:13.247Z", "lastModified": "2026-05-12T17:19:30.210", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26946", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.8}, {"id": "CVE-2026-0541", "description": "ACAP applications can gain elevated privileges due to improper input validation during the installation process, potentially leading to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an a...", "score": 6.7, "severity": "MEDIUM", "published": "2026-05-12T07:16:09.200Z", "lastModified": "2026-05-12T14:13:03.510", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0541", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.8}, {"id": "CVE-2026-0804", "description": "An ACAP configuration file lacked sufficient input validation, which could allow a path traversal attack leading to potential privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker co...", "score": 6.7, "severity": "MEDIUM", "published": "2026-05-12T07:16:09.597Z", "lastModified": "2026-05-12T14:13:03.510", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0804", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.8}, {"id": "CVE-2026-40638", "description": "Dell PowerScale InsightIQ, versions 5.0.0 through 6.2.0, contains an execution with unnecessary privileges vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to elevation of privileges.", "score": 6.7, "severity": "MEDIUM", "published": "2026-05-12T14:17:04.270Z", "lastModified": "2026-05-12T19:49:19.097", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40638", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.8}, {"id": "CVE-2025-53680", "description": "An improper neutralization of special elements used in an OS command (\"OS Command Injection\") vulnerability [CWE-78] vulnerability in Fortinet FortiAP 7.6.0 through 7.6.2, FortiAP 7.4.0 through 7.4.5, FortiAP 7.2 all versions, FortiAP 7.0 all versions, FortiAP 6.4 all versions, FortiAP-U 7.0.0 throu...", "score": 6.7, "severity": "MEDIUM", "published": "2026-05-12T18:16:35.687Z", "lastModified": "2026-05-12T18:57:02.307", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53680", "is_exploited": false, "epss": 0, "vendor": "FORTINET", "mts_score": 36.8}, {"id": "CVE-2025-53870", "description": "An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiAP 7.6.0 through 7.6.2, FortiAP 7.4.0 through 7.4.5, FortiAP 7.2 all versions, FortiAP 7.0 all versions, FortiAP 6.4 all versions, FortiAP-W2 7.4.0 through 7.4.4, FortiAP-W2 7...", "score": 6.7, "severity": "MEDIUM", "published": "2026-05-12T18:16:36.140Z", "lastModified": "2026-05-12T18:57:02.307", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53870", "is_exploited": false, "epss": 0, "vendor": "FORTINET", "mts_score": 36.8}, {"id": "CVE-2026-21530", "description": "Double free in Windows Rich Text Edit allows an authorized attacker to elevate privileges locally.", "score": 6.7, "severity": "MEDIUM", "published": "2026-05-12T18:16:38.703Z", "lastModified": "2026-05-14T14:56:04.283", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21530", "is_exploited": false, "epss": 0, "vendor": "WINDOWS", "mts_score": 36.8}, {"id": "CVE-2026-32170", "description": "Double free in Windows Rich Text Edit Control allows an authorized attacker to elevate privileges locally.", "score": 6.7, "severity": "MEDIUM", "published": "2026-05-12T18:16:58.377Z", "lastModified": "2026-05-14T14:52:57.937", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32170", "is_exploited": false, "epss": 0, "vendor": "WINDOWS", "mts_score": 36.8}, {"id": "CVE-2026-41097", "description": "Reliance on a component that is not updateable in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.", "score": 6.7, "severity": "MEDIUM", "published": "2026-05-12T18:17:21.343Z", "lastModified": "2026-05-13T15:34:52.573", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41097", "is_exploited": false, "epss": 0, "vendor": "WINDOWS", "mts_score": 36.8}, {"id": "CVE-2026-42011", "description": "A flaw was found in gnutls. This vulnerability occurs because permitted name constraints were incorrectly ignored when previous Certificate Authorities (CAs) only had excluded name constraints. A remote attacker could exploit this to bypass critical name constraint checks during certificate validati...", "score": 7.4, "severity": "HIGH", "published": "2026-05-07T15:16:09.760Z", "lastModified": "2026-05-14T23:16:36.667", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42011", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.6}, {"id": "CVE-2026-7821", "description": "Improper certificate validation in Ivanti EPMM before\u00a0versions 12.6.1.1, 12.7.0.1, and 12.8.0.1\u00a0allows a remote unauthenticated attacker\u00a0to enroll a device belonging to a restricted set of unenrolled devices, leading to information disclosure about EPMM appliance and\u00a0impacting\u00a0on the integrity of th...", "score": 7.4, "severity": "HIGH", "published": "2026-05-07T16:16:23.450Z", "lastModified": "2026-05-07T20:09:25.060", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7821", "is_exploited": false, "epss": 0, "vendor": "IVANTI", "mts_score": 36.6}, {"id": "CVE-2026-40213", "description": "OpenStack Cyborg before 16.0.1 uses rule:allow (check_str='@') as the default policy for multiple API endpoints. This unconditionally authorizes any request carrying a valid Keystone token regardless of roles, project membership, or scope. An authenticated user with zero role assignments can complet...", "score": 7.4, "severity": "HIGH", "published": "2026-05-07T22:16:34.910Z", "lastModified": "2026-05-08T16:16:10.770", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40213", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.6}, {"id": "CVE-2026-42264", "description": "Axios is a promise based HTTP client for the browser and Node.js. From version 1.0.0 to before version 1.15.2, fFive config properties (auth, baseURL, socketPath, beforeRedirect, and insecureHTTPParser) in the HTTP adapter are read via direct property access without hasOwnProperty guards, making the...", "score": 7.4, "severity": "HIGH", "published": "2026-05-08T04:16:20.313Z", "lastModified": "2026-05-13T17:53:45.307", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42264", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.6}, {"id": "CVE-2026-34354", "description": "Akamai Guardicore Platform Agent (GPA) and Zero Trust Client on Linux and macOS allow TOCTOU-based local privilege escalation. The GPA service creates an IPC socket in the world-writable /tmp directory. It accepts unauthenticated IPC control messages. This enables a TOCTOU vulnerability in the Handl...", "score": 7.4, "severity": "HIGH", "published": "2026-05-08T16:16:10.510Z", "lastModified": "2026-05-12T15:10:27.993", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34354", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 36.6}, {"id": "CVE-2026-7051", "description": "The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 8.9.0. This is due to a missing ownership verification in the B2S_Post_Tools::deleteUserPublishPost() and B2S_Post_Tools::deleteUserSchedPost() functi...", "score": 5.4, "severity": "MEDIUM", "published": "2026-05-13T05:16:24.340Z", "lastModified": "2026-05-13T14:43:46.717", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7051", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.6}, {"id": "CVE-2026-40703", "description": "A cross-site request forgery (CSRF) vulnerability exists in the dashboard of the BIG-IP Configuration utility.\u00a0 Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.", "score": 5.4, "severity": "MEDIUM", "published": "2026-05-13T16:16:44.020Z", "lastModified": "2026-05-13T16:27:11.127", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40703", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.6}, {"id": "CVE-2026-44576", "description": "Next.js is a React framework for building full-stack web applications. From 14.2.0 to before 15.5.16 and 16.2.5, applications using React Server Components can be vulnerable to cache poisoning when shared caches do not correctly partition response variants. Under affected conditions, an attacker can...", "score": 5.4, "severity": "MEDIUM", "published": "2026-05-13T17:16:23.040Z", "lastModified": "2026-05-14T13:44:18.270", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44576", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.6}, {"id": "CVE-2026-45228", "description": "Quark Drive before 0.8.5 contains a stored cross-site scripting vulnerability in the System Configuration page where the template renders push_config key names using Vue.js's v-html directive without escaping. Authenticated attackers can inject HTML or JavaScript payloads as key names through the PO...", "score": 5.4, "severity": "MEDIUM", "published": "2026-05-13T21:16:49.583Z", "lastModified": "2026-05-14T16:24:56.240", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45228", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.6}, {"id": "CVE-2026-44425", "description": "ShellHub is a centralized SSH gateway. Prior to 0.24.2, the device list endpoint accepts user-controlled identifiers in the the name field of each filter property in the base64-encoded filter query parameter and the sort_by query parameter, which are then passed directly as BSON/SQL keys in the data...", "score": 5.4, "severity": "MEDIUM", "published": "2026-05-13T22:16:44.400Z", "lastModified": "2026-05-14T16:44:55.820", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44425", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.6}, {"id": "CVE-2025-12669", "description": "GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.11 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to inject HTML and JavaScript into email notifications sent to other users due to improper input sanitization.", "score": 5.4, "severity": "MEDIUM", "published": "2026-05-14T06:16:19.370Z", "lastModified": "2026-05-14T16:20:43.240", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12669", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.6}, {"id": "CVE-2026-3829", "description": "The WP Encryption \u2013 One Click Free SSL Certificate & SSL / HTTPS Redirect, Security & SSL Scan plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the 'wple_basic_get_requests' function in all versions up to, and including, 7.8.5.10. This makes...", "score": 5.4, "severity": "MEDIUM", "published": "2026-05-14T06:16:22.933Z", "lastModified": "2026-05-14T14:29:01.600", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3829", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.6}, {"id": "CVE-2026-6335", "description": "GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.11 before 18.11.3 that under certain conditions could have allowed an authenticated user to execute arbitrary code in another user's browser session due to improper sanitization.", "score": 5.4, "severity": "MEDIUM", "published": "2026-05-14T06:16:24.780Z", "lastModified": "2026-05-14T16:20:43.240", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6335", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.6}, {"id": "CVE-2026-43644", "description": "podinfo through 6.11.2 contains a reflected cross-site scripting vulnerability in the /echo and /api/echo endpoints where the echoHandler writes request body content directly to the response without setting explicit Content-Type or X-Content-Type-Options headers. Attackers can craft cross-origin HTM...", "score": 5.4, "severity": "MEDIUM", "published": "2026-05-14T13:16:18.770Z", "lastModified": "2026-05-14T18:15:05.433", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43644", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.6}, {"id": "CVE-2026-6472", "description": "Missing authorization in PostgreSQL CREATE TYPE allows an object creator to hijack other queries that use search_path to find user-defined types, including extension-defined types.  That is to say, the victim will execute arbitrary SQL functions of the attacker's choice.  Versions before PostgreSQL ...", "score": 5.4, "severity": "MEDIUM", "published": "2026-05-14T14:16:24.757Z", "lastModified": "2026-05-14T16:21:23.190", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6472", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.6}, {"id": "CVE-2025-62310", "description": "HCL AION is affected by a vulnerability where encryption is not enforced for certain data transmissions or operations. This may expose sensitive information to potential interception or unauthorized access under specific conditions.", "score": 5.4, "severity": "MEDIUM", "published": "2026-05-14T17:16:18.190Z", "lastModified": "2026-05-14T17:22:46.577", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62310", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.6}, {"id": "CVE-2025-62313", "description": "HCL AION is affected by a vulnerability where adequate protections against brute-force attempts are not enforced. This may allow repeated authentication attempts, potentially leading to unauthorized access or account compromise under certain conditions.", "score": 5.4, "severity": "MEDIUM", "published": "2026-05-14T17:16:18.660Z", "lastModified": "2026-05-14T17:22:46.577", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62313", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.6}, {"id": "CVE-2026-20209", "description": "A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker with read-only permissions to elevate their privileges from low to high and perform actions as a high-privileged user.\r\n\r\nThis vulnerability exists because sensitive...", "score": 5.4, "severity": "MEDIUM", "published": "2026-05-14T17:16:19.750Z", "lastModified": "2026-05-14T17:19:57.600", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20209", "is_exploited": false, "epss": 0, "vendor": "CISCO", "mts_score": 36.6}, {"id": "CVE-2026-20210", "description": "A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker with read-only permissions to modify configurations and perform unauthorized actions on an affected system.\r\n\r\nThis vulnerability exists because of a failure to reda...", "score": 5.4, "severity": "MEDIUM", "published": "2026-05-14T17:16:20.057Z", "lastModified": "2026-05-14T17:19:57.600", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20210", "is_exploited": false, "epss": 0, "vendor": "CISCO", "mts_score": 36.6}, {"id": "CVE-2026-8539", "description": "Script injection in SanitizerAPI in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: High)", "score": 5.4, "severity": "MEDIUM", "published": "2026-05-14T20:17:14.760Z", "lastModified": "2026-05-14T22:16:48.000", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8539", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 36.6}, {"id": "CVE-2026-8561", "description": "Incorrect security UI in Fullscreen in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)", "score": 5.4, "severity": "MEDIUM", "published": "2026-05-14T20:17:18.213Z", "lastModified": "2026-05-14T22:16:49.697", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8561", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 36.6}, {"id": "CVE-2026-7470", "description": "A flaw has been found in Tenda 4G300 US_4G300V1.0Mt_V1.01.42_CN_TDC01. Affected is the function sub_427C3C of the file /goform/SafeMacFilter. This manipulation of the argument page causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been published and m...", "score": 8.8, "severity": "HIGH", "published": "2026-04-30T03:16:01.740Z", "lastModified": "2026-04-30T20:41:24.100", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7470", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.2}, {"id": "CVE-2026-5402", "description": "TLS protocol dissector heap overflow in Wireshark 4.6.0 to 4.6.4 allows denial of service and possible code execution", "score": 8.8, "severity": "HIGH", "published": "2026-04-30T07:16:37.847Z", "lastModified": "2026-05-01T19:26:27.377", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5402", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.2}, {"id": "CVE-2026-36956", "description": "A Cross-Site Request Forgery (CSRF) vulnerability exists in the web management interface of the Dbit N300 T1 Pro wireless router V1.0.0. The router fails to implement proper CSRF protection mechanisms such as anti-CSRF tokens or strict Origin/Referer validation for administrative API endpoints. An a...", "score": 8.8, "severity": "HIGH", "published": "2026-04-30T15:16:22.740Z", "lastModified": "2026-05-05T00:09:06.320", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-36956", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.2}, {"id": "CVE-2026-36960", "description": "A Cross-Site Request Forgery (CSRF) vulnerability exists in the web management interface of the U-SPEED N300 Rounter V1.0.0. The device does not implement CSRF protection mechanisms such as anti-CSRF tokens or strict Origin/Referer validation for administrative API endpoints. An attacker can craft a...", "score": 8.8, "severity": "HIGH", "published": "2026-04-30T16:16:43.300Z", "lastModified": "2026-04-30T17:16:31.920", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-36960", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.2}, {"id": "CVE-2026-36762", "description": "An issue in the fileEntityId parameter in the /a/file/upload endpoint of JeeSite v5.15.1 allows authenticated attackers with file upload permissions to execute a path traversal and write arbitrary files with whitelisted suffixes to arbitrary filesystem locations.", "score": 8.8, "severity": "HIGH", "published": "2026-04-30T18:16:29.263Z", "lastModified": "2026-05-04T18:16:28.487", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-36762", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.2}, {"id": "CVE-2026-36765", "description": "An XML external entity (XXE) vulnerability in the /designer/loadReport endpoint of SpringBlade v4.8.0 allows authenticated attackers to execute arbitrary code via injecting a crafted payload.", "score": 8.8, "severity": "HIGH", "published": "2026-04-30T18:16:29.707Z", "lastModified": "2026-05-04T18:16:28.650", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-36765", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.2}, {"id": "CVE-2026-6389", "description": "IBM Turbonomic prometurbo agent 8.16.0 through 8.17.6 IBM Turbonomic Application Resource Management grants excessive cluster\u2011wide permissions, including unrestricted read access to all secrets. An attacker that compromises the operator or its service account can exfiltrate sensitive credentials, es...", "score": 8.8, "severity": "HIGH", "published": "2026-04-30T22:16:26.207Z", "lastModified": "2026-05-05T00:17:29.920", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6389", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.2}, {"id": "CVE-2026-6543", "description": "IBM Langflow Desktop 1.0.0 through 1.8.4 Langflow allows an attacker to execute arbitrary commands with the privileges of the process running Langflow. This allows reading sensitive environment variables (API keys, DB credentials), modifying files, or launching further attacks on the internal networ...", "score": 8.8, "severity": "HIGH", "published": "2026-04-30T22:16:26.467Z", "lastModified": "2026-05-11T17:04:58.980", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6543", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.2}, {"id": "CVE-2026-7503", "description": "A vulnerability was detected in code-projects for Plugin 4.1.2cu.5137. The impacted element is the function setWiFiMultipleConfig in the library /lib/cste_modules/wireless.so of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument wepkey2 results in buffer overflow. The attack can be laun...", "score": 8.8, "severity": "HIGH", "published": "2026-04-30T22:16:26.920Z", "lastModified": "2026-05-01T15:26:24.553", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7503", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.2}, {"id": "CVE-2026-7551", "description": "HKUDS OpenHarness contains a remote code execution vulnerability in the /bridge slash command that allows remote senders accepted by configuration to execute arbitrary operating system commands. Attackers can invoke the /bridge spawn command with attacker-controlled command text that is forwarded to...", "score": 8.8, "severity": "HIGH", "published": "2026-04-30T22:16:27.097Z", "lastModified": "2026-05-04T18:22:28.753", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7551", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.2}, {"id": "CVE-2026-7512", "description": "A flaw has been found in UTT HiPER 1200GW up to 2.5.3-1703. The affected element is the function strcpy of the file /goform/formUser. Executing a manipulation can lead to buffer overflow. The attack can be launched remotely. The exploit has been published and may be used.", "score": 8.8, "severity": "HIGH", "published": "2026-05-01T00:16:25.257Z", "lastModified": "2026-05-01T15:26:24.553", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7512", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.2}, {"id": "CVE-2026-7513", "description": "A vulnerability has been found in UTT HiPER 1200GW up to 2.5.3-170306. The impacted element is the function strcpy of the file /goform/formRemoteControl. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.", "score": 8.8, "severity": "HIGH", "published": "2026-05-01T00:16:25.443Z", "lastModified": "2026-05-01T15:26:24.553", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7513", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.2}, {"id": "CVE-2026-7548", "description": "A vulnerability was detected in Totolink NR1800X 9.1.0u.6279_B20210910. This affects the function sub_41A68C of the file /cgi-bin/cstecgi.cgi. Performing a manipulation of the argument setUssd results in command injection. The attack is possible to be carried out remotely. The exploit is now public ...", "score": 8.8, "severity": "HIGH", "published": "2026-05-01T03:16:01.467Z", "lastModified": "2026-05-01T15:26:24.553", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7548", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.2}, {"id": "CVE-2026-3772", "description": "The WP Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.9.2. This is due to missing nonce verification in the 'add_plugins_page' and 'add_themes_page' functions. This makes it possible for unauthenticated attackers to overwrite arbitra...", "score": 8.8, "severity": "HIGH", "published": "2026-05-01T12:16:16.713Z", "lastModified": "2026-05-01T15:26:24.553", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3772", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.2}, {"id": "CVE-2026-31706", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: validate num_aces and harden ACE walk in smb_inherit_dacl()\n\nsmb_inherit_dacl() trusts the on-disk num_aces value from the parent\ndirectory's DACL xattr and uses it to size a heap allocation:\n\n  aces_base = kmalloc(sizeof(st...", "score": 8.8, "severity": "HIGH", "published": "2026-05-01T14:16:20.597Z", "lastModified": "2026-05-06T20:27:43.123", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31706", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 36.2}, {"id": "CVE-2026-31709", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: validate the whole DACL before rewriting it in cifsacl\n\nbuild_sec_desc() and id_mode_to_cifs_acl() derive a DACL pointer from a\nserver-supplied dacloffset and then use the incoming ACL to rebuild the\nchmod/chown securi...", "score": 8.8, "severity": "HIGH", "published": "2026-05-01T14:16:20.950Z", "lastModified": "2026-05-07T06:16:03.867", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31709", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 36.2}, {"id": "CVE-2026-31717", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: validate owner of durable handle on reconnect\n\nCurrently, ksmbd does not verify if the user attempting to reconnect\nto a durable handle is the same user who originally opened the file.\nThis allows any authenticated user to h...", "score": 8.8, "severity": "HIGH", "published": "2026-05-01T14:16:21.860Z", "lastModified": "2026-05-06T21:08:51.140", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31717", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 36.2}, {"id": "CVE-2026-31735", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\niommupt: Fix short gather if the unmap goes into a large mapping\n\nunmap has the odd behavior that it can unmap more than requested if the\nending point lands within the middle of a large or contiguous IOPTE.\n\nIn this case the gather...", "score": 8.8, "severity": "HIGH", "published": "2026-05-01T15:16:36.140Z", "lastModified": "2026-05-07T16:52:11.137", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31735", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 36.2}, {"id": "CVE-2026-31739", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: tegra - Add missing CRYPTO_ALG_ASYNC\n\nThe tegra crypto driver failed to set the CRYPTO_ALG_ASYNC on its\nasynchronous algorithms, causing the crypto API to select them for users\nthat request only synchronous algorithms.  Thi...", "score": 8.8, "severity": "HIGH", "published": "2026-05-01T15:16:36.600Z", "lastModified": "2026-05-07T19:00:05.323", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31739", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 36.2}, {"id": "CVE-2026-31773", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: SMP: derive legacy responder STK authentication from MITM state\n\nThe legacy responder path in smp_random() currently labels the stored\nSTK as authenticated whenever pending_sec_level is BT_SECURITY_HIGH.\nThat reflects wh...", "score": 8.8, "severity": "HIGH", "published": "2026-05-01T15:16:40.587Z", "lastModified": "2026-05-11T20:38:06.777", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31773", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 36.2}, {"id": "CVE-2026-43018", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_event: fix potential UAF in hci_le_remote_conn_param_req_evt\n\nhci_conn lookup and field access must be covered by hdev lock in\nhci_le_remote_conn_param_req_evt, otherwise it's possible it is freed\nconcurrently.\n\nExte...", "score": 8.8, "severity": "HIGH", "published": "2026-05-01T15:16:45.980Z", "lastModified": "2026-05-08T14:15:26.283", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43018", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 36.2}, {"id": "CVE-2026-43048", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: core: Mitigate potential OOB by removing bogus memset()\n\nThe memset() in hid_report_raw_event() has the good intention of\nclearing out bogus data by zeroing the area from the end of the incoming\ndata string to the assumed end ...", "score": 8.8, "severity": "HIGH", "published": "2026-05-01T15:16:51.193Z", "lastModified": "2026-05-07T19:07:05.250", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43048", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 36.2}, {"id": "CVE-2026-37536", "description": "miaofng/uds-c commit e506334e270d77b20c0bc259ac6c7d8c9b702b7a (2016-10-05) contains a stack buffer overflow in send_diagnostic_request. A 6-byte stack buffer (MAX_DIAGNOSTIC_PAYLOAD_SIZE=6) receives memcpy at offset 1+pid_length with payload_length bytes. MAX_UDS_REQUEST_PAYLOAD_LENGTH=7, so 1+2+7=1...", "score": 8.8, "severity": "HIGH", "published": "2026-05-01T17:16:23.373Z", "lastModified": "2026-05-07T15:53:49.717", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-37536", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.2}, {"id": "CVE-2026-42468", "description": "Buffer overflow vulnerability in Open Vehicle Monitoring System 3 (OVMS3) 3.3.005. In canformat_pcap.cpp , the parser's phdr.len field is not properly validated, allowing remote attackers to cause a denial of service or possibly execute arbitrary code via crafted PCAP input.", "score": 8.8, "severity": "HIGH", "published": "2026-05-01T17:16:25.150Z", "lastModified": "2026-05-07T19:16:01.927", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42468", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.2}, {"id": "CVE-2026-6963", "description": "The WP Mail Gateway plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wmg_save_provider_config AJAX action in all versions up to, and including, 1.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update...", "score": 8.8, "severity": "HIGH", "published": "2026-05-02T05:16:01.250Z", "lastModified": "2026-05-05T19:17:22.860", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6963", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.2}, {"id": "CVE-2026-7641", "description": "The Import and export users and customers plugin for WordPress is vulnerable to Privilege Escalation in all versions up to and including 2.0.8 via the `save_extra_user_profile_fields()` function. This is due to an incomplete blocklist that correctly restricts capability meta keys for the primary sit...", "score": 8.8, "severity": "HIGH", "published": "2026-05-02T05:16:01.953Z", "lastModified": "2026-05-05T19:17:22.860", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7641", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.2}, {"id": "CVE-2026-2052", "description": "The Widget Options \u2013 Advanced Conditional Visibility for Gutenberg Blocks & Classic Widgets plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.2.2 via the Display Logic feature. This is due to the plugin using eval() on user-supplied Display Logic exp...", "score": 8.8, "severity": "HIGH", "published": "2026-05-02T08:16:27.123Z", "lastModified": "2026-05-05T19:15:59.927", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2052", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.2}, {"id": "CVE-2026-7607", "description": "A security vulnerability has been detected in TRENDnet TEW-821DAP 1.12B01. Impacted is the function auto_update_firmware of the component Firmware Udpate. The manipulation of the argument str leads to buffer overflow. The attack may be initiated remotely. The vendor explains: \"That firmware version ...", "score": 8.8, "severity": "HIGH", "published": "2026-05-02T08:16:28.197Z", "lastModified": "2026-05-06T20:23:57.667", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7607", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.2}, {"id": "CVE-2026-7489", "description": "CTMS developed by Sunnet has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.", "score": 8.8, "severity": "HIGH", "published": "2026-05-02T10:16:18.803Z", "lastModified": "2026-05-12T18:31:55.223", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7489", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.2}, {"id": "CVE-2026-7674", "description": "A flaw has been found in Shenzhen Libituo Technology LBT-T300-HW1 up to 1.2.8. This issue affects the function start_single_service of the component Web Management Interface. Executing a manipulation of the argument vpn_pptp_server/vpn_l2tp_server can lead to buffer overflow. The attack can be execu...", "score": 8.8, "severity": "HIGH", "published": "2026-05-03T02:17:12.993Z", "lastModified": "2026-05-04T15:19:34.637", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7674", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.2}, {"id": "CVE-2026-7675", "description": "A vulnerability has been found in Shenzhen Libituo Technology LBT-T300-HW1 up to 1.2.8. Impacted is the function start_lan of the file /apply.cgi. The manipulation of the argument Channel/ApCliSsid leads to buffer overflow. The attack is possible to be carried out remotely. The exploit has been disc...", "score": 8.8, "severity": "HIGH", "published": "2026-05-03T03:16:15.613Z", "lastModified": "2026-05-04T15:19:34.637", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7675", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.2}, {"id": "CVE-2026-7684", "description": "A security vulnerability has been detected in Edimax BR-6428nC up to 1.16. This impacts an unknown function of the file /goform/setWAN. Such manipulation of the argument pptpDfGateway\u00a0 leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be u...", "score": 8.8, "severity": "HIGH", "published": "2026-05-03T07:16:25.200Z", "lastModified": "2026-05-05T19:30:15.207", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7684", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.2}, {"id": "CVE-2026-7685", "description": "A vulnerability was detected in Edimax BR-6208AC up to 1.02. Affected is an unknown function of the file /goform/setWAN. Performing a manipulation of the argument pptpDfGateway\u00a0 results in buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used. The vendor wa...", "score": 8.8, "severity": "HIGH", "published": "2026-05-03T07:16:25.390Z", "lastModified": "2026-05-05T19:30:15.207", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7685", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.2}, {"id": "CVE-2026-7717", "description": "A vulnerability was determined in Totolink WA300 5.2cu.7112_B20190227. This issue affects the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Executing a manipulation of the argument File can lead to buffer overflow. The attack can be launched remo...", "score": 8.8, "severity": "HIGH", "published": "2026-05-04T01:16:05.380Z", "lastModified": "2026-05-04T15:18:40.077", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7717", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.2}, {"id": "CVE-2026-7748", "description": "A weakness has been identified in Totolink N300RH 3.2.4-B20220812. Affected by this issue is the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Executing a manipulation of the argument FileName can lead to buffer overflow. The attack can be launched rem...", "score": 8.8, "severity": "HIGH", "published": "2026-05-04T10:16:00.850Z", "lastModified": "2026-05-04T15:17:58.710", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7748", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.2}, {"id": "CVE-2026-7749", "description": "A security vulnerability has been detected in Totolink N300RH 3.2.4-B20220812. This affects the function setWanConfig of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument priDns leads to buffer overflow. The attack may be initiated remotely. The ex...", "score": 8.8, "severity": "HIGH", "published": "2026-05-04T10:16:01.040Z", "lastModified": "2026-05-04T15:17:58.710", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7749", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.2}, {"id": "CVE-2026-7750", "description": "A vulnerability was detected in Totolink N300RH 3.2.4-B20220812. This vulnerability affects the function setMacFilterRules of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument mac_address results in buffer overflow. The attack may be launched remot...", "score": 8.8, "severity": "HIGH", "published": "2026-05-04T10:16:01.203Z", "lastModified": "2026-05-04T15:17:58.710", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7750", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.2}, {"id": "CVE-2026-24072", "description": "An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .htaccess authors to read files with the privileges of the httpd user.\n\nUsers are recommended to upgrade to version 2.4.67, which fixes this issue.", "score": 8.8, "severity": "HIGH", "published": "2026-05-04T13:16:00.297Z", "lastModified": "2026-05-04T20:27:50.263", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24072", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.2}, {"id": "CVE-2025-58074", "description": "A privilege escalation vulnerability exists during the installation of Norton Secure VPN via the Microsoft Store. A low-privilege user can replace files during the installation process, which may result in deletion of arbitrary files that can lead to elevation of privileges.", "score": 8.8, "severity": "HIGH", "published": "2026-05-04T14:16:28.480Z", "lastModified": "2026-05-04T15:22:52.850", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58074", "is_exploited": false, "epss": 0, "vendor": "MICROSOFT", "mts_score": 36.2}, {"id": "CVE-2026-23918", "description": "Double Free and possible RCE vulnerability in Apache HTTP Server with the HTTP/2 protocol.\n\nThis issue affects Apache HTTP Server: 2.4.66.\n\nUsers are recommended to upgrade to version 2.4.67, which fixes the issue.", "score": 8.8, "severity": "HIGH", "published": "2026-05-04T15:16:03.583Z", "lastModified": "2026-05-04T20:24:58.200", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23918", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.2}, {"id": "CVE-2026-29514", "description": "NetBox versions 4.3.5 through 4.5.4 contain a remote code execution vulnerability in the RenderTemplateMixin.get_environment_params() method that allows authenticated users with exporttemplate or configtemplate permissions to execute arbitrary code by specifying malicious Python callables in the env...", "score": 8.8, "severity": "HIGH", "published": "2026-05-04T17:16:22.880Z", "lastModified": "2026-05-05T19:47:31.297", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29514", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.2}, {"id": "CVE-2026-42372", "description": "D-Link DIR-605L Hardware Revision A1 (End-of-Life, EOL) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username \"Alphanetworks\" and the static password \"wrgn35_dlwbr_dir605l\" read from /etc/alpha_config/image_sign. The custom telnetd bina...", "score": 8.8, "severity": "HIGH", "published": "2026-05-04T17:16:25.347Z", "lastModified": "2026-05-06T12:20:47.373", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42372", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.2}, {"id": "CVE-2026-0073", "description": "In adbd_tls_verify_cert of auth.cpp, there is a possible bypass of wireless ADB mutual authentication due to a logic error in the code. This could lead to remote (proximal/adjacent) code execution as the shell user with no additional execution privileges needed. User interaction is not needed for ex...", "score": 8.8, "severity": "HIGH", "published": "2026-05-04T18:16:26.013Z", "lastModified": "2026-05-05T19:54:49.267", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0073", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.2}, {"id": "CVE-2026-42229", "description": "n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, a flaw in the SeaTable node's row:search and row:get operations allowed user-controlled input to be concatenated directly into SQL query strings without escaping or parameterization. In workflows wher...", "score": 8.8, "severity": "HIGH", "published": "2026-05-04T19:16:05.060Z", "lastModified": "2026-05-06T14:56:49.967", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42229", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.2}, {"id": "CVE-2026-42231", "description": "n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, a flaw in the xml2js library used to parse XML request bodies in n8n's webhook handler allowed prototype pollution via a crafted XML payload. An authenticated user with permission to create or modify ...", "score": 8.8, "severity": "HIGH", "published": "2026-05-04T19:16:05.417Z", "lastModified": "2026-05-06T17:14:03.970", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42231", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.2}, {"id": "CVE-2026-42232", "description": "n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an authenticated user with permission to create or modify workflows could achieve global prototype pollution via the XML Node leading to RCE when combined with other nodes exploiting the prototype pol...", "score": 8.8, "severity": "HIGH", "published": "2026-05-04T19:16:05.610Z", "lastModified": "2026-05-06T17:15:28.223", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42232", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.2}, {"id": "CVE-2026-42234", "description": "n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an authenticated user with permission to create or modify workflows containing a Python Code Node could escape the sandbox and achieve arbitrary code execution on the task runner container. This issue...", "score": 8.8, "severity": "HIGH", "published": "2026-05-04T19:16:06.017Z", "lastModified": "2026-05-06T18:05:52.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42234", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.2}, {"id": "CVE-2026-42237", "description": "n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the fix for GHSA-f3f2-mcxc-pwjx did not cover the Snowflake node or the legacy MySQL v1 node. Both nodes construct SQL queries by directly interpolating user-controlled table names, column names, and ...", "score": 8.8, "severity": "HIGH", "published": "2026-05-04T19:16:06.483Z", "lastModified": "2026-05-06T17:16:17.040", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42237", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.2}, {"id": "CVE-2023-54345", "description": "Frappe Framework ERPNext 13.4.0 contains a sandbox escape vulnerability in RestrictedPython that allows authenticated users with System Manager role to execute arbitrary code by exploiting frame introspection. Attackers can create a server script via the /app/server-script endpoint and access the gi...", "score": 8.8, "severity": "HIGH", "published": "2026-05-05T12:16:16.850Z", "lastModified": "2026-05-05T20:07:56.160", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-54345", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.2}, {"id": "CVE-2023-54348", "description": "ERPGo SaaS 3.9 contains a CSV injection vulnerability that allows authenticated attackers to execute arbitrary code by injecting formula payloads into vendor name fields. Attackers can add malicious formulas like =10+20+cmd|' /C calc'!A0 in the vendor creation form, which execute when the exported C...", "score": 8.8, "severity": "HIGH", "published": "2026-05-05T12:16:17.300Z", "lastModified": "2026-05-05T19:50:11.910", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-54348", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.2}, {"id": "CVE-2026-42434", "description": "OpenClaw versions 2026.4.5 before 2026.4.10 contain a sandbox escape vulnerability allowing sandboxed agents to override exec routing by specifying host=node. Attackers can bypass sandbox boundaries and route execution to remote nodes instead of intended sandbox paths.", "score": 8.8, "severity": "HIGH", "published": "2026-05-05T12:16:17.767Z", "lastModified": "2026-05-05T19:47:31.297", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42434", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.2}, {"id": "CVE-2026-42435", "description": "OpenClaw versions from 2026.2.22 before 2026.4.12 contain an insufficient shell-wrapper detection vulnerability allowing attackers to inject environment variable assignments at the argv level. Attackers can bypass exec preflight handling to manipulate high-risk shell variables like SHELLOPTS and PS4...", "score": 8.8, "severity": "HIGH", "published": "2026-05-05T12:16:17.910Z", "lastModified": "2026-05-05T19:47:31.297", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42435", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.2}, {"id": "CVE-2026-43530", "description": "OpenClaw versions 2026.2.23 before 2026.4.12 contain a weakened exec approval binding vulnerability in busybox and toybox applet execution that allows attackers to obscure which applet would actually run. Attackers can exploit opaque multi-call binaries to bypass exec approval mechanisms and weaken ...", "score": 8.8, "severity": "HIGH", "published": "2026-05-05T12:16:19.200Z", "lastModified": "2026-05-07T15:57:29.260", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43530", "is_exploited": false, "epss": 0, "vendor": "APPLE", "mts_score": 36.2}, {"id": "CVE-2026-43569", "description": "OpenClaw before 2026.4.9 contains an authentication bypass vulnerability allowing untrusted workspace plugins to be auto-enabled during non-interactive onboarding when provider auth choices are shadowed. Attackers can exploit this by crafting malicious workspace plugins that are automatically select...", "score": 8.8, "severity": "HIGH", "published": "2026-05-05T12:16:20.493Z", "lastModified": "2026-05-07T01:52:25.843", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43569", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.2}, {"id": "CVE-2026-43571", "description": "OpenClaw before 2026.4.10 contains a plugin trust bypass vulnerability that allows channel setup catalog lookups to resolve workspace plugin shadows before bundled channel plugins. Attackers can exploit this by crafting malicious workspace plugins that bypass intended trust gates during setup-time p...", "score": 8.8, "severity": "HIGH", "published": "2026-05-05T12:16:20.880Z", "lastModified": "2026-05-07T16:03:35.987", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43571", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.2}, {"id": "CVE-2026-6261", "description": "The Betheme theme for WordPress is vulnerable to Arbitrary File Upload in versions up to, and including, 28.4. This is due to the upload_icons() function workflow moving and unzipping user-controlled ZIP files into a public uploads directory without validating extracted file types. This makes it pos...", "score": 8.8, "severity": "HIGH", "published": "2026-05-05T12:16:21.453Z", "lastModified": "2026-05-05T19:08:20.090", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6261", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.2}, {"id": "CVE-2026-31195", "description": "The ping diagnostic handler in /bin/httpd_clientside for ALTICE LABS / SFR France GR140DG and GR140IG fibre CPE/Router/Gateway, inserts unsanitized user input into a system() call, allowing authenticated remote attackers to execute arbitrary commands as root via crafted destAddr parameters using she...", "score": 8.8, "severity": "HIGH", "published": "2026-05-05T16:16:11.183Z", "lastModified": "2026-05-07T15:15:06.770", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31195", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.2}, {"id": "CVE-2026-31196", "description": "The traceroute diagnostic handler in /bin/httpd_clientside for ALTICE LABS / SFR France GR140DG and GR140IG fibre CPE/Router/Gateway, inserts unsanitized user input into a system() call, allowing authenticated remote attackers to execute arbitrary commands as root via crafted destAddr parameters usi...", "score": 8.8, "severity": "HIGH", "published": "2026-05-05T16:16:11.290Z", "lastModified": "2026-05-07T15:15:06.770", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31196", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.2}, {"id": "CVE-2026-23479", "description": "Redis is an in-memory data structure store. In redis-server from 7.2.0 until 8.6.3, the unblock client flow does not handle an error return from `processCommandAndResetClient` when re-executing a blocked command. If a blocked client is evicted during this flow, an authenticated attacker can trigger ...", "score": 8.8, "severity": "HIGH", "published": "2026-05-05T17:17:02.577Z", "lastModified": "2026-05-06T15:53:38.033", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23479", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.2}, {"id": "CVE-2026-25243", "description": "Redis is an in-memory data structure store. In versions of redis-server up to 8.6.3, the RESTORE command does not properly validate serialized values. An authenticated attacker with permission to execute RESTORE can supply a crafted serialized payload that triggers invalid memory access and may lead...", "score": 8.8, "severity": "HIGH", "published": "2026-05-05T17:17:03.667Z", "lastModified": "2026-05-06T16:16:41.060", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25243", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.2}, {"id": "CVE-2026-25588", "description": "RedisTimeSeries is a time-series module for Redis. In all versions before 1.12.14 of RedisTimeSeries, the module does not properly validate serialized values processed through the Redis RESTORE command. An authenticated attacker with permission to execute RESTORE on a server with the RedisTimeSeries...", "score": 8.8, "severity": "HIGH", "published": "2026-05-05T17:17:03.800Z", "lastModified": "2026-05-07T13:46:38.477", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25588", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.2}, {"id": "CVE-2026-25589", "description": "RedisBloom is a probabilistic data structures module for Redis. In all versions of RedisBloom before 2.8.20, the module does not properly validate serialized values processed through the Redis RESTORE command. An authenticated attacker with permission to execute RESTORE on a server with the RedisBlo...", "score": 8.8, "severity": "HIGH", "published": "2026-05-05T17:17:03.940Z", "lastModified": "2026-05-07T13:44:17.907", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25589", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.2}, {"id": "CVE-2026-7855", "description": "A vulnerability was detected in D-Link DI-8100 16.07.26A1. Affected by this issue is the function tggl_asp of the file /tggl.asp of the component HTTP Request Handler. Performing a manipulation of the argument Name results in buffer overflow. The attack can be initiated remotely. The exploit is now ...", "score": 8.8, "severity": "HIGH", "published": "2026-05-05T19:16:23.710Z", "lastModified": "2026-05-06T17:38:18.593", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7855", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.2}, {"id": "CVE-2026-33324", "description": "SQLBot is an intelligent Text-to-SQL system based on large language models and RAG. In versions 1.7.0 and earlier, the Text2SQL chat interface is vulnerable to prompt injection. The user-provided question parameter is directly concatenated into the LLM prompt without filtering or escaping, and the S...", "score": 8.8, "severity": "HIGH", "published": "2026-05-05T20:16:36.317Z", "lastModified": "2026-05-08T19:22:59.910", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33324", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.2}, {"id": "CVE-2026-34458", "description": "Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, an INI injection vulnerability allows any standard local user to bypass configuration restrictions (EditAdminOnly and ConfigPassword) and inject arbitrary directives into the global Sandbox...", "score": 8.8, "severity": "HIGH", "published": "2026-05-05T20:16:37.163Z", "lastModified": "2026-05-07T19:48:58.380", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34458", "is_exploited": false, "epss": 0, "vendor": "WINDOWS", "mts_score": 36.2}, {"id": "CVE-2026-34459", "description": "Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, the SbieSvc proxy service's GetRawInputDeviceInfoSlave handler contains two vulnerabilities that can be chained for sandbox escape. First, when a sandboxed process sends an IPC request with...", "score": 8.8, "severity": "HIGH", "published": "2026-05-05T20:16:37.317Z", "lastModified": "2026-05-07T19:48:32.553", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34459", "is_exploited": false, "epss": 0, "vendor": "WINDOWS", "mts_score": 36.2}, {"id": "CVE-2026-34464", "description": "Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, NamedPipeServer::OpenHandler copies the server field from NAMED_PIPE_OPEN_REQ into a fixed WCHAR pipename[160] stack buffer using wcscat without verifying null termination. The handler only...", "score": 8.8, "severity": "HIGH", "published": "2026-05-05T20:16:37.773Z", "lastModified": "2026-05-07T19:46:41.970", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34464", "is_exploited": false, "epss": 0, "vendor": "WINDOWS", "mts_score": 36.2}, {"id": "CVE-2026-35397", "description": "Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, a path traversal vulnerability in the REST API allows an authenticated user to escape the configured root_dir and access sibling directories whose names begin with the same prefix as the root_dir. For example...", "score": 8.8, "severity": "HIGH", "published": "2026-05-05T20:16:38.223Z", "lastModified": "2026-05-08T19:11:44.387", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35397", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.2}, {"id": "CVE-2026-39849", "description": "Pi-hole FTL is the core engine of the Pi-hole network-level advertisement and tracker blocker. In versions before 6.6.1, the `dns.interface` configuration field in Pi-hole FTL accepted newline characters without validation, allowing an attacker to inject arbitrary directives into the generated dnsma...", "score": 8.8, "severity": "HIGH", "published": "2026-05-05T21:16:22.677Z", "lastModified": "2026-05-12T16:27:27.253", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39849", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.2}, {"id": "CVE-2026-40068", "description": "In versions 2.1.63 through 2.1.83 of Claude Code, the folder trust determination logic used the git worktree commondir file without validating its contents. An attacker could craft a malicious repository with a commondir file pointing to a path the victim had previously trusted, causing Claude Code ...", "score": 8.8, "severity": "HIGH", "published": "2026-05-05T21:16:23.093Z", "lastModified": "2026-05-12T16:21:46.630", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40068", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.2}, {"id": "CVE-2026-7841", "description": "A remote code execution vulnerability\nexists in Notification Settings on GeoVision GV-ASWeb 6.2.0. An authenticated\nuser with System Setting permissions can execute arbitrary commands on the\nserver by sending a crafted HTTP POST request to the ASWebCommon.srf backend\nendpoint to bypass the frontend ...", "score": 8.8, "severity": "HIGH", "published": "2026-05-06T08:16:04.490Z", "lastModified": "2026-05-07T15:15:06.770", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7841", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.2}, {"id": "CVE-2026-43110", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: brcmfmac: validate bsscfg indices in IF events\n\nbrcmf_fweh_handle_if_event() validates the firmware-provided interface\nindex before it touches drvr->iflist[], but it still uses the raw\nbsscfgidx field as an array index withou...", "score": 8.8, "severity": "HIGH", "published": "2026-05-06T10:16:24.690Z", "lastModified": "2026-05-08T20:14:50.097", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43110", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 36.2}, {"id": "CVE-2026-43112", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/smb/client: fix out-of-bounds read in cifs_sanitize_prepath\n\nWhen cifs_sanitize_prepath is called with an empty string or a string\ncontaining only delimiters (e.g., \"/\"), the current logic attempts to\ncheck *(cursor2 - 1) before...", "score": 8.8, "severity": "HIGH", "published": "2026-05-06T10:16:24.927Z", "lastModified": "2026-05-08T19:43:23.620", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43112", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 36.2}, {"id": "CVE-2026-43113", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: wl1251: validate packet IDs before indexing tx_frames\n\nwl1251_tx_packet_cb() uses the firmware completion ID directly to index\nthe fixed 16-entry wl->tx_frames[] array. The ID is a raw u8 from the\ncompletion block, and the ca...", "score": 8.8, "severity": "HIGH", "published": "2026-05-06T10:16:25.050Z", "lastModified": "2026-05-08T17:58:54.773", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43113", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 36.2}, {"id": "CVE-2025-31951", "description": "HCL BigFix RunBookAI is affected by a Unvalidated Command Input / Potential Command Smuggling vulnerability. A flaw in a component's input handling was identified that could permit unauthorized command execution.", "score": 8.8, "severity": "HIGH", "published": "2026-05-06T12:16:26.087Z", "lastModified": "2026-05-06T19:05:56.337", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31951", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.2}, {"id": "CVE-2026-43158", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfs: fix freemap adjustments when adding xattrs to leaf blocks\n\nxfs/592 and xfs/794 both trip this assertion in the leaf block freemap\nadjustment code after ~20 minutes of running on my test VMs:\n\n ASSERT(ichdr->firstused >= ichdr-...", "score": 8.8, "severity": "HIGH", "published": "2026-05-06T12:16:33.697Z", "lastModified": "2026-05-13T21:20:41.473", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43158", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 36.2}, {"id": "CVE-2026-43172", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: fix 22000 series SMEM parsing\n\nIf the firmware were to report three LMACs (which doesn't\nexist in hardware) then using \"fwrt->smem_cfg.lmac[2]\" is\nan overrun of the array. Reject such and use IWL_FW_CHECK\ninstead of ...", "score": 8.8, "severity": "HIGH", "published": "2026-05-06T12:16:35.583Z", "lastModified": "2026-05-13T14:56:38.797", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43172", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 36.2}, {"id": "CVE-2026-43176", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw89: pci: validate release report content before using for RTL8922DE\n\nThe commit 957eda596c76\n(\"wifi: rtw89: pci: validate sequence number of TX release report\")\ndoes validation on existing chips, which somehow a release re...", "score": 8.8, "severity": "HIGH", "published": "2026-05-06T12:16:36.083Z", "lastModified": "2026-05-12T20:01:03.450", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43176", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 36.2}, {"id": "CVE-2026-43187", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfs: delete attr leaf freemap entries when empty\n\nBack in commit 2a2b5932db6758 (\"xfs: fix attr leaf header freemap.size\nunderflow\"), Brian Foster observed that it's possible for a small\nfreemap at the end of the end of the xattr e...", "score": 8.8, "severity": "HIGH", "published": "2026-05-06T12:16:37.440Z", "lastModified": "2026-05-11T20:38:50.157", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43187", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 36.2}, {"id": "CVE-2026-43215", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: Fix locking usage for tcon fields\n\nWe used to use the cifs_tcp_ses_lock to protect a lot of objects\nthat are not just the server, ses or tcon lists. We later introduced\nsrv_lock, ses_lock and tc_lock to protect fields within ...", "score": 8.8, "severity": "HIGH", "published": "2026-05-06T12:16:41.063Z", "lastModified": "2026-05-11T19:44:10.940", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43215", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 36.2}, {"id": "CVE-2026-43232", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: wan: farsync: Fix use-after-free bugs caused by unfinished tasklets\n\nWhen the FarSync T-series card is being detached, the fst_card_info is\ndeallocated in fst_remove_one(). However, the fst_tx_task or fst_int_task\nmay still be...", "score": 8.8, "severity": "HIGH", "published": "2026-05-06T12:16:43.223Z", "lastModified": "2026-05-12T19:08:04.757", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43232", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 36.2}, {"id": "CVE-2026-43239", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: prevent races in ->query_interfaces()\n\nIt was possible for two query interface works to be concurrently trying\nto update the interfaces.\n\nPrevent this by checking and updating iface_last_update under\niface_lock.", "score": 8.8, "severity": "HIGH", "published": "2026-05-06T12:16:44.217Z", "lastModified": "2026-05-12T18:53:28.560", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43239", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 36.2}, {"id": "CVE-2026-43249", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\n9p/xen: protect xen_9pfs_front_free against concurrent calls\n\nThe xenwatch thread can race with other back-end change notifications\nand call xen_9pfs_front_free() twice, hitting the observed general\nprotection fault due to a double...", "score": 8.8, "severity": "HIGH", "published": "2026-05-06T12:16:45.493Z", "lastModified": "2026-05-11T13:10:20.973", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43249", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 36.2}, {"id": "CVE-2026-43283", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ethernet: ec_bhf: Fix dma_free_coherent() dma handle\n\ndma_free_coherent() in error path takes priv->rx_buf.alloc_len as\nthe dma handle. This would lead to improper unmapping of the buffer.\n\nChange the dma handle to priv->rx_bu...", "score": 8.8, "severity": "HIGH", "published": "2026-05-06T12:16:49.817Z", "lastModified": "2026-05-08T19:08:43.663", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43283", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 36.2}, {"id": "CVE-2026-20034", "description": "A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authenticated, remote attacker to execute arbitrary code on an affected device.\r\n\r\nThis vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability ...", "score": 8.8, "severity": "HIGH", "published": "2026-05-06T17:16:20.093Z", "lastModified": "2026-05-06T18:59:53.230", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20034", "is_exploited": false, "epss": 0, "vendor": "CISCO", "mts_score": 36.2}, {"id": "CVE-2026-29080", "description": "A SQL injection vulnerability in `FilterEngine.create_sqla_query()` allows any authenticated Rucio user to execute arbitrary SQL against the backend database through the DID search endpoint (`GET /dids/<scope>/dids/search`). On Oracle deployments attacker-controlled filter keys and values are interp...", "score": 8.8, "severity": "HIGH", "published": "2026-05-06T17:16:22.457Z", "lastModified": "2026-05-11T15:07:20.577", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29080", "is_exploited": false, "epss": 0, "vendor": "ORACLE", "mts_score": 36.2}, {"id": "CVE-2026-42503", "description": "gopls by default communicates via pipe. However, -port and -listen flags are supported as means of debugging.\nIf -listen is given a value without an explicit host (e.g. :8080), or -port is used, gopls will listen on 0.0.0.0.\u00a0\nAs a result, users might\u00a0inadvertently cause gopls to bind 0.0.0.0.\nThis c...", "score": 8.8, "severity": "HIGH", "published": "2026-05-06T17:16:23.417Z", "lastModified": "2026-05-07T15:53:49.717", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42503", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.2}, {"id": "CVE-2026-7875", "description": "NanoClaw version 1.2.0 and prior contains a host/container filesystem boundary vulnerability in outbound attachment handling and outbox cleanup that allows a compromised or prompt-injected container to read files outside the intended outbox directory by supplying crafted messages_out.id and content....", "score": 8.8, "severity": "HIGH", "published": "2026-05-06T17:16:24.250Z", "lastModified": "2026-05-07T17:15:59.737", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7875", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.2}, {"id": "CVE-2026-29090", "description": "### Summary\n\nA SQL injection vulnerability exists in Rucio versions 1.30.0 and later before 35.8.5, 38.5.5, 39.4.2, and 40.1.1, in `FilterEngine.create_postgres_query()`. This allows any authenticated Rucio user to execute arbitrary SQL against the PostgreSQL metadata database through the DID search...", "score": 8.8, "severity": "HIGH", "published": "2026-05-06T18:16:02.953Z", "lastModified": "2026-05-11T15:00:58.143", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29090", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.2}, {"id": "CVE-2026-41934", "description": "Vvveb before version 1.0.8.2 contains an authenticated remote code execution vulnerability in the admin code editor that allows low-privilege authenticated users to execute arbitrary code by exploiting insufficient file extension restrictions. Attackers with editor, author, contributor, or site_admi...", "score": 8.8, "severity": "HIGH", "published": "2026-05-06T19:16:37.417Z", "lastModified": "2026-05-06T19:20:35.690", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41934", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.2}, {"id": "CVE-2026-41938", "description": "Vvveb before version 1.0.8.2 contains an unrestricted file upload vulnerability in the media upload handler that allows authenticated users with media-upload permissions to bypass extension restrictions by uploading a .htaccess file to map .phtml extensions to the PHP handler. Attackers can upload a...", "score": 8.8, "severity": "HIGH", "published": "2026-05-06T19:16:37.680Z", "lastModified": "2026-05-06T20:16:32.993", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41938", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.2}, {"id": "CVE-2026-7896", "description": "Integer overflow in Blink in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)", "score": 8.8, "severity": "HIGH", "published": "2026-05-06T19:16:37.870Z", "lastModified": "2026-05-06T23:43:25.843", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7896", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 36.2}, {"id": "CVE-2026-7898", "description": "Use after free in Chromoting in Google Chrome on Linux prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code via malicious network traffic. (Chromium security severity: Critical)", "score": 8.8, "severity": "HIGH", "published": "2026-05-06T19:16:38.100Z", "lastModified": "2026-05-06T23:43:09.530", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7898", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 36.2}, {"id": "CVE-2026-7899", "description": "Out of bounds read and write in V8 in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)", "score": 8.8, "severity": "HIGH", "published": "2026-05-06T19:16:38.200Z", "lastModified": "2026-05-06T23:42:56.900", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7899", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 36.2}, {"id": "CVE-2026-7901", "description": "Use after free in ANGLE in Google Chrome on Mac prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)", "score": 8.8, "severity": "HIGH", "published": "2026-05-06T19:16:38.403Z", "lastModified": "2026-05-06T23:42:42.183", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7901", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 36.2}, {"id": "CVE-2026-7902", "description": "Out of bounds memory access in V8 in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)", "score": 8.8, "severity": "HIGH", "published": "2026-05-06T19:16:38.503Z", "lastModified": "2026-05-10T14:16:51.360", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7902", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 36.2}, {"id": "CVE-2026-7903", "description": "Integer overflow in ANGLE in Google Chrome on Mac,Windows prior to 148.0.7778.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)", "score": 8.8, "severity": "HIGH", "published": "2026-05-06T19:16:38.597Z", "lastModified": "2026-05-06T23:42:19.480", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7903", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 36.2}, {"id": "CVE-2026-7906", "description": "Use after free in SVG in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)", "score": 8.8, "severity": "HIGH", "published": "2026-05-06T19:16:38.900Z", "lastModified": "2026-05-06T23:42:01.563", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7906", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 36.2}, {"id": "CVE-2026-7907", "description": "Use after free in DOM in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)", "score": 8.8, "severity": "HIGH", "published": "2026-05-06T19:16:39.000Z", "lastModified": "2026-05-06T23:41:21.227", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7907", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 36.2}, {"id": "CVE-2026-7921", "description": "Use after free in Passwords in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)", "score": 8.8, "severity": "HIGH", "published": "2026-05-06T19:16:40.377Z", "lastModified": "2026-05-06T23:38:24.027", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7921", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 36.2}, {"id": "CVE-2026-7926", "description": "Use after free in PresentationAPI in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)", "score": 8.8, "severity": "HIGH", "published": "2026-05-06T19:16:40.940Z", "lastModified": "2026-05-06T23:37:41.080", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7926", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 36.2}, {"id": "CVE-2026-7927", "description": "Type Confusion in Runtime in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)", "score": 8.8, "severity": "HIGH", "published": "2026-05-06T19:16:41.037Z", "lastModified": "2026-05-06T23:37:29.700", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7927", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 36.2}, {"id": "CVE-2026-7928", "description": "Use after free in WebRTC in Google Chrome on Windows prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)", "score": 8.8, "severity": "HIGH", "published": "2026-05-06T19:16:41.140Z", "lastModified": "2026-05-06T23:37:10.013", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7928", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 36.2}, {"id": "CVE-2026-7930", "description": "Insufficient validation of untrusted input in Cookies in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)", "score": 8.8, "severity": "HIGH", "published": "2026-05-06T19:16:41.343Z", "lastModified": "2026-05-06T23:36:52.777", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7930", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 36.2}, {"id": "CVE-2026-7938", "description": "Use after free in CSS in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)", "score": 8.8, "severity": "HIGH", "published": "2026-05-06T19:16:42.113Z", "lastModified": "2026-05-06T23:34:05.913", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7938", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 36.2}, {"id": "CVE-2026-7940", "description": "Use after free in V8 in Google Chrome prior to 148.0.7778.96 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code inside a sandbox via a crafted Chrome Extension. (Chromium security severity: Medium)", "score": 8.8, "severity": "HIGH", "published": "2026-05-06T19:16:42.323Z", "lastModified": "2026-05-06T23:33:48.200", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7940", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 36.2}, {"id": "CVE-2026-7951", "description": "Out of bounds write in WebRTC in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)", "score": 8.8, "severity": "HIGH", "published": "2026-05-06T19:16:43.410Z", "lastModified": "2026-05-07T02:07:07.333", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7951", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 36.2}, {"id": "CVE-2026-7957", "description": "Out of bounds write in Media in Google Chrome on Mac, iOS prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)", "score": 8.8, "severity": "HIGH", "published": "2026-05-06T19:16:44.160Z", "lastModified": "2026-05-07T17:04:42.473", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7957", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 36.2}, {"id": "CVE-2026-7973", "description": "Integer overflow in Dawn in Google Chrome on Windows prior to 148.0.7778.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)", "score": 8.8, "severity": "HIGH", "published": "2026-05-06T19:16:48.173Z", "lastModified": "2026-05-06T23:29:40.630", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7973", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 36.2}, {"id": "CVE-2026-7974", "description": "Use after free in Blink in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)", "score": 8.8, "severity": "HIGH", "published": "2026-05-06T19:16:48.273Z", "lastModified": "2026-05-06T23:28:48.393", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7974", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 36.2}, {"id": "CVE-2026-7980", "description": "Use after free in WebAudio in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)", "score": 8.8, "severity": "HIGH", "published": "2026-05-06T19:16:48.860Z", "lastModified": "2026-05-06T23:23:40.757", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7980", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 36.2}, {"id": "CVE-2026-7984", "description": "Use after free in ReadingMode in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)", "score": 8.8, "severity": "HIGH", "published": "2026-05-06T19:16:49.280Z", "lastModified": "2026-05-06T23:21:35.400", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7984", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 36.2}, {"id": "CVE-2026-7987", "description": "Use after free in WebRTC in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)", "score": 8.8, "severity": "HIGH", "published": "2026-05-06T19:16:49.577Z", "lastModified": "2026-05-06T23:20:47.043", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7987", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 36.2}, {"id": "CVE-2026-7988", "description": "Type Confusion in WebRTC in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)", "score": 8.8, "severity": "HIGH", "published": "2026-05-06T19:16:49.677Z", "lastModified": "2026-05-06T23:20:36.123", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7988", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 36.2}, {"id": "CVE-2026-7991", "description": "Use after free in UI in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)", "score": 8.8, "severity": "HIGH", "published": "2026-05-06T19:16:49.977Z", "lastModified": "2026-05-06T23:19:55.290", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7991", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 36.2}, {"id": "CVE-2026-7992", "description": "Insufficient validation of untrusted input in UI in Google Chrome on Linux, ChromeOS prior to 148.0.7778.96 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Medium)", "score": 8.8, "severity": "HIGH", "published": "2026-05-06T19:16:50.080Z", "lastModified": "2026-05-06T23:19:45.137", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7992", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 36.2}, {"id": "CVE-2026-7995", "description": "Out of bounds read in AdFilter in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)", "score": 8.8, "severity": "HIGH", "published": "2026-05-06T19:16:50.370Z", "lastModified": "2026-05-06T23:19:07.370", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7995", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 36.2}, {"id": "CVE-2026-8000", "description": "Insufficient validation of untrusted input in ChromeDriver in Google Chrome on Windows prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Low)", "score": 8.8, "severity": "HIGH", "published": "2026-05-06T19:16:50.953Z", "lastModified": "2026-05-07T13:39:07.147", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8000", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 36.2}, {"id": "CVE-2026-8002", "description": "Use after free in Audio in Google Chrome on Mac prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low)", "score": 8.8, "severity": "HIGH", "published": "2026-05-06T19:16:51.180Z", "lastModified": "2026-05-07T14:03:50.963", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8002", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 36.2}, {"id": "CVE-2026-8016", "description": "Use after free in WebRTC in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low)", "score": 8.8, "severity": "HIGH", "published": "2026-05-06T19:16:52.557Z", "lastModified": "2026-05-07T15:29:36.257", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8016", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 36.2}, {"id": "CVE-2026-40076", "description": "OpenMRS Core is an open source electronic medical record system platform. In versions 2.7.8 and earlier and versions 2.8.0 through 2.8.5, the module upload endpoint at POST `/openmrs/ws/rest/v1/module` is vulnerable to a Zip Slip path traversal attack. During automatic extraction of uploaded .omod a...", "score": 8.8, "severity": "HIGH", "published": "2026-05-06T20:16:31.727Z", "lastModified": "2026-05-11T14:55:45.457", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40076", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.2}, {"id": "CVE-2026-43584", "description": "OpenClaw before 2026.4.10 contains an insufficient environment variable denylist vulnerability in its exec environment policy that allows operator-supplied overrides of high-risk interpreter startup variables including VIMINIT, EXINIT, LUA_INIT, and HOSTALIASES. Attackers can exploit this by manipul...", "score": 8.8, "severity": "HIGH", "published": "2026-05-06T20:16:34.333Z", "lastModified": "2026-05-07T19:36:47.607", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43584", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.2}, {"id": "CVE-2026-44110", "description": "OpenClaw before 2026.4.15 contains an authorization bypass vulnerability in Matrix room control-command authorization that trusts DM pairing-store entries. Attackers with DM-paired sender IDs can execute room control commands without being in configured allowlists by posting in bot rooms, potentiall...", "score": 8.8, "severity": "HIGH", "published": "2026-05-06T20:16:34.760Z", "lastModified": "2026-05-07T19:41:01.260", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44110", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.2}, {"id": "CVE-2026-44115", "description": "OpenClaw before 2026.4.22 contains an exec allowlist analysis vulnerability allowing shell expansion hiding in unquoted heredoc bodies. Attackers can bypass allowlist validation by embedding shell expansion tokens in heredoc bodies to execute unapproved commands at runtime.", "score": 8.8, "severity": "HIGH", "published": "2026-05-06T20:16:35.497Z", "lastModified": "2026-05-07T17:07:46.103", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44115", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.2}, {"id": "CVE-2026-8090", "description": "Use-after-free in the DOM: Networking component. This vulnerability was fixed in Firefox 150.0.2, Firefox ESR 140.10.2, Firefox ESR 115.35.2, Thunderbird 150.0.2, and Thunderbird 140.10.2.", "score": 7.3, "severity": "HIGH", "published": "2026-05-07T13:16:13.967Z", "lastModified": "2026-05-08T20:08:50.323", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8090", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.2}, {"id": "CVE-2026-8083", "description": "A vulnerability was found in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects an unknown part of the file /ajax.php?action=save_user. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit has been made public and could be u...", "score": 7.3, "severity": "HIGH", "published": "2026-05-07T19:16:02.787Z", "lastModified": "2026-05-07T19:48:55.360", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8083", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.2}, {"id": "CVE-2026-8098", "description": "A security vulnerability has been detected in code-projects Feedback System 1.0. Impacted is an unknown function of the file /admin/checklogin.php. Such manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly an...", "score": 7.3, "severity": "HIGH", "published": "2026-05-07T21:16:30.900Z", "lastModified": "2026-05-11T15:11:48.807", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8098", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.2}, {"id": "CVE-2026-6411", "description": "This vulnerability, in the MAXHUB Pivot client application versions \nprior to v1.36.2, may allow an attacker to obtain encrypted tenant email\n addresses and related metadata from any tenant. Due to the presence of a\n hardcoded AES key within the application, the encrypted data can be \ndecrypted, ena...", "score": 7.3, "severity": "HIGH", "published": "2026-05-07T23:16:32.987Z", "lastModified": "2026-05-08T16:08:15.570", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6411", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.2}, {"id": "CVE-2026-8126", "description": "A flaw has been found in SourceCodester Comment System 1.0. This issue affects some unknown processing of the file post_comment.php. This manipulation of the argument Name causes sql injection. Remote exploitation of the attack is possible. The exploit has been published and may be used.", "score": 7.3, "severity": "HIGH", "published": "2026-05-08T03:16:25.143Z", "lastModified": "2026-05-08T15:41:07.867", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8126", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.2}, {"id": "CVE-2026-8128", "description": "A vulnerability was found in SourceCodester SUP Online Shopping 1.0. The affected element is an unknown function of the file /admin/viewmsg.php. Performing a manipulation of the argument msgid results in sql injection. The attack is possible to be carried out remotely. The exploit has been made publ...", "score": 7.3, "severity": "HIGH", "published": "2026-05-08T03:16:25.553Z", "lastModified": "2026-05-08T15:41:07.867", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8128", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.2}, {"id": "CVE-2026-8129", "description": "A vulnerability was determined in SourceCodester SUP Online Shopping 1.0. The impacted element is an unknown function of the file wishlist.php. Executing a manipulation of the argument delwlistid can lead to sql injection. The attack may be performed from remote. The exploit has been publicly disclo...", "score": 7.3, "severity": "HIGH", "published": "2026-05-08T04:16:24.420Z", "lastModified": "2026-05-08T15:41:07.867", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8129", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.2}, {"id": "CVE-2026-8130", "description": "A vulnerability was identified in SourceCodester SUP Online Shopping 1.0. This affects an unknown function of the file /admin/message.php. The manipulation of the argument seenid leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be us...", "score": 7.3, "severity": "HIGH", "published": "2026-05-08T04:16:24.687Z", "lastModified": "2026-05-08T15:41:07.867", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8130", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.2}, {"id": "CVE-2026-8131", "description": "A security flaw has been discovered in SourceCodester SUP Online Shopping 1.0. This impacts an unknown function of the file /admin/replymsg.php. The manipulation of the argument msgid results in sql injection. It is possible to launch the attack remotely. The exploit has been released to the public ...", "score": 7.3, "severity": "HIGH", "published": "2026-05-08T04:16:24.913Z", "lastModified": "2026-05-08T15:41:07.867", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8131", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.2}, {"id": "CVE-2026-8132", "description": "A weakness has been identified in CodeAstro Leave Management System 1.0. Affected is an unknown function of the file /login.php. This manipulation of the argument txt_username causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and could be u...", "score": 7.3, "severity": "HIGH", "published": "2026-05-08T04:16:25.153Z", "lastModified": "2026-05-08T15:45:49.503", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8132", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.2}, {"id": "CVE-2026-8133", "description": "A security vulnerability has been detected in zyx0814 FilePress up to 2.2.0. Affected by this vulnerability is an unknown functionality of the file dzz/shares/admin.php of the component Shares Filelist API. Such manipulation of the argument order leads to sql injection. The attack can be launched re...", "score": 7.3, "severity": "HIGH", "published": "2026-05-08T04:16:26.160Z", "lastModified": "2026-05-08T15:47:03.413", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8133", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.2}, {"id": "CVE-2023-42344", "description": "Alkacon OpenCms before 10.5.1 allows remote unauthenticated attackers to obtain sensitive information via a cmis-online/query XXE attack on a Chemistry servlet.", "score": 7.3, "severity": "HIGH", "published": "2026-05-08T05:16:09.560Z", "lastModified": "2026-05-08T15:58:49.383", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42344", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.2}, {"id": "CVE-2024-33288", "description": "Prison Management System Using PHP v1.0 was discovered to contain a SQL injection vulnerability via the username on the Admin login page.", "score": 7.3, "severity": "HIGH", "published": "2026-05-08T06:16:09.293Z", "lastModified": "2026-05-08T18:16:31.953", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-33288", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.2}, {"id": "CVE-2024-45257", "description": "A Command Injection issue in the payload build page in BYOB (Build Your Own Botnet) 2.0 allows attackers to execute arbitrary commands on the server via a crafted build parameter. This occurs in freeze in core/generators.py.", "score": 7.3, "severity": "HIGH", "published": "2026-05-08T06:16:09.687Z", "lastModified": "2026-05-08T18:16:32.337", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45257", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.2}, {"id": "CVE-2024-46507", "description": "A SSTI (server side template injection) vulnerability in the custom template export function in yeti-platform yeti before 2.1.12 allows attackers to execute code on the application server.", "score": 7.3, "severity": "HIGH", "published": "2026-05-08T06:16:09.840Z", "lastModified": "2026-05-08T19:52:49.787", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-46507", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.2}, {"id": "CVE-2024-53326", "description": "LINQPad before 5.52.01 Pro edition is vulnerable to Unsafe Deserialization in LINQPad.AutoRefManager::PopulateFromCache(), leading to code execution.", "score": 7.3, "severity": "HIGH", "published": "2026-05-08T06:16:10.223Z", "lastModified": "2026-05-08T20:16:29.550", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53326", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.2}, {"id": "CVE-2025-55449", "description": "AstrBotDevs AstrBot 3.5.15 has Advanced_System_for_Text_Response_and_Bot_Operations_Tool as the hardcoded private key used to sign a JWT.", "score": 7.3, "severity": "HIGH", "published": "2026-05-08T07:16:28.047Z", "lastModified": "2026-05-12T13:49:53.330", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55449", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.2}, {"id": "CVE-2025-67888", "description": "An issue was discovered in Control Web Panel (CWP) before 0.9.8.1209. User input passed via the \"key\" GET parameter to /admin/index.php (when the \"api\" parameter is set) is not properly sanitized before being used to execute OS commands. This can be exploited by unauthenticated attackers to inject a...", "score": 7.3, "severity": "HIGH", "published": "2026-05-08T07:16:28.487Z", "lastModified": "2026-05-08T16:02:14.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67888", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.2}, {"id": "CVE-2026-44338", "description": "PraisonAI is a multi-agent teams system. From version 2.5.6 to before version 4.6.34, PraisonAI ships a legacy Flask API server with authentication disabled by default. When that server is used, any caller that can reach it can access /agents and trigger the configured agents.yaml workflow through /...", "score": 7.3, "severity": "HIGH", "published": "2026-05-08T14:16:46.733Z", "lastModified": "2026-05-08T19:06:32.713", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44338", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.2}, {"id": "CVE-2026-43459", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: soc-core: flush delayed work before removing DAIs and widgets\n\nWhen a sound card is unbound while a PCM stream is open, a\nuse-after-free can occur in snd_soc_dapm_stream_event(), called from\nthe close_delayed_work workqueue h...", "score": 7.3, "severity": "HIGH", "published": "2026-05-08T15:16:58.753Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43459", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 36.2}, {"id": "CVE-2026-8216", "description": "A vulnerability was identified in Industrial Application Software IAS Canias ERP 8.03. This issue affects the function iasServerRemoteInterface.doAction of the component Java RMI Session Management. Such manipulation leads to improper authentication. The attack can be launched remotely. The vendor w...", "score": 7.3, "severity": "HIGH", "published": "2026-05-10T01:16:08.263Z", "lastModified": "2026-05-11T15:08:09.893", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8216", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.2}, {"id": "CVE-2025-14755", "description": "The Cost Calculator Builder plugin for WordPress is vulnerable to Unauthenticated Price Manipulation and Insecure Direct Object Reference (IDOR) in all versions up to, and including, 4.0.1 only when used in combination with Cost Calculator Builder PRO. This is due to the ccb_woocommerce_payment AJAX...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-13T05:16:12.470Z", "lastModified": "2026-05-13T14:43:46.717", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14755", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.2}, {"id": "CVE-2025-9987", "description": "The Broadstreet plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.53.1 via the get_sponsored_meta() AJAX action. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract data from password protec...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-13T05:16:13.483Z", "lastModified": "2026-05-13T14:43:46.717", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9987", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.2}, {"id": "CVE-2025-14033", "description": "The ilGhera Support System for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_ticket_content_callback' function in all versions up to, and including, 1.3.0. This makes it possible for unauthenticated attackers to view any s...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-13T06:16:12.747Z", "lastModified": "2026-05-13T14:43:46.717", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14033", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.2}, {"id": "CVE-2026-6965", "description": "The Tutor LMS \u2013 eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to and including 3.9.9. This is due to the `get_course_id_by()` function unconditionally trusting the user-supplied `course` GET parameter as the authoritative c...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-13T06:16:15.087Z", "lastModified": "2026-05-13T14:43:46.717", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6965", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.2}, {"id": "CVE-2026-2515", "description": "The Hostinger Reach \u2013 AI-Powered Email Marketing for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'handle_ajax_action' function in all versions up to, and including, 1.3.8. This makes it possible for authenticated attacker...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-13T13:01:39.920Z", "lastModified": "2026-05-13T14:43:46.717", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2515", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.2}, {"id": "CVE-2026-6429", "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, libcurl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-13T13:01:56.930Z", "lastModified": "2026-05-14T14:18:02.240", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6429", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.2}, {"id": "CVE-2026-7009", "description": "When curl is told to use the Certificate Status Request TLS extension, often\nreferred to as *OCSP stapling*, to verify that the server certificate is\nvalid, it fails to detect OCSP problems and instead wrongly consider the\nresponse as fine.", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-13T13:01:57.100Z", "lastModified": "2026-05-14T14:17:05.223", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7009", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.2}, {"id": "CVE-2026-7168", "description": "Successfully using libcurl to do a transfer over a specific HTTP proxy\n(`proxyA`) with **Digest** authentication and then changing the proxy host to\na second one (`proxyB`) for a second transfer, reusing the same handle, makes\nlibcurl wrongly pass on the `Proxy-Authorization:` header field meant for...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-13T13:01:57.200Z", "lastModified": "2026-05-14T14:12:48.457", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7168", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.2}, {"id": "CVE-2026-8463", "description": "Crypt::Argon2 versions from 0.017 before 0.031 for Perl perform a heap out-of-bounds read in argon2_verify on empty encoded input.\n\nThe auto-detect form of argon2_verify passes encoded_len - 1 as the length argument to memchr without checking that encoded_len is non-zero. When the encoded string is ...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-13T14:18:17.140Z", "lastModified": "2026-05-13T19:23:38.790", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8463", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.2}, {"id": "CVE-2026-34019", "description": "When Bidirectional Forwarding Detection (BFD) is configured in Static and Dynamic routing protocols, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to stop processing BFD packets and cause the configured routing protocol to fail over.\u00a0 Note: Software versions which have reach...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-13T16:16:39.680Z", "lastModified": "2026-05-13T16:27:11.127", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34019", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.2}, {"id": "CVE-2026-40435", "description": "When configured, IP-based access restrictions for httpd\u00a0do not cover all endpoints, which may allow connections from blocked addresses.\u00a0\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-13T16:16:42.697Z", "lastModified": "2026-05-13T16:27:11.127", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40435", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.2}, {"id": "CVE-2026-44288", "description": "protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.5.6 and 8.0.2, protobufjs includes a minimal UTF-8 decoder that accepted overlong UTF-8 byte sequences and decoded them to their canonical characters instead of replacing them. An attacker who can provide protobuf bi...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-13T16:16:55.587Z", "lastModified": "2026-05-13T17:01:38.423", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44288", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.2}, {"id": "CVE-2026-44292", "description": "protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.5.6 and 8.0.2, protobufjs generated message constructors copied enumerable properties from a provided properties object without filtering the __proto__ key. If an application constructed a message from an attacker-co...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-13T16:16:56.123Z", "lastModified": "2026-05-13T20:58:32.597", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44292", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.2}, {"id": "CVE-2026-44294", "description": "protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.5.6 and 8.0.2, protobufjs generated JavaScript property accessors from schema-controlled field and oneof names. Certain control characters in field names were not escaped before being embedded into generated function...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-13T16:16:56.380Z", "lastModified": "2026-05-13T20:55:23.860", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44294", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.2}, {"id": "CVE-2026-44431", "description": "urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via ProxyManager.connection_from_url().urlopen(..., assert_same_host=False) still forward these sensitive headers. This vulnerability is fixed in 2.7.0.", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-13T16:16:57.150Z", "lastModified": "2026-05-14T13:56:27.263", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44431", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.2}, {"id": "CVE-2026-44457", "description": "Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.18, Cache Middleware does not skip caching for responses that declare per-user variance via Vary: Authorization or Vary: Cookie. As a result, a response cached for one authenticated user may be served...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-13T16:16:57.700Z", "lastModified": "2026-05-13T18:34:01.020", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44457", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.2}, {"id": "CVE-2026-45740", "description": "protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.5.8 and 8.2.0, protobufjs could recurse without a depth limit while expanding nested JSON descriptors through Root.fromJSON() and Namespace.addJSON(). A crafted JSON descriptor with deeply nested namespace definition...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-13T16:17:00.520Z", "lastModified": "2026-05-13T20:50:15.587", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45740", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.2}, {"id": "CVE-2026-44003", "description": "vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, vm2's code transformer has a performance optimization that skips AST analysis when the code does not contain catch, import, or async keywords. This fast-path bypass allows sandboxed code to directly access the internal VM2_INTERNAL_STATE...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-13T18:16:16.997Z", "lastModified": "2026-05-14T15:22:34.950", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44003", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.2}, {"id": "CVE-2026-33584", "description": "Exposed Keycloak management \nservice in the Arqit Symmetric Key Agreement Platform enables unauthorized access to sensitive debug \ninformation such as metrics and\n health data.\u00a0This issue affects Symmetric Key Agreement Platform: before 26.03.", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-13T19:17:07.183Z", "lastModified": "2026-05-14T17:19:49.973", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33584", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.2}, {"id": "CVE-2026-44248", "description": "Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, the MQTT 5 header Properties section is parsed and buffered before any message size limit is applied. Specifically, in MqttDecoder, the decodeVariableHeader() method is called before the by...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-13T19:17:27.143Z", "lastModified": "2026-05-14T16:26:50.047", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44248", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.2}, {"id": "CVE-2026-44373", "description": "Nitro is a next generation server toolkit. Prior to 3.0.260429-beta, an attacker could bypass a proxy route rule by sending percent-encoded path traversal (..%2f) in the URL, causing Nitro to forward a request that the upstream resolved outside the configured scope. This vulnerability is fixed in 3....", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-13T21:16:48.033Z", "lastModified": "2026-05-14T16:57:26.740", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44373", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.2}, {"id": "CVE-2026-44195", "description": "OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.7, a logic flaw in the OPNsense lockout_handler allows an unauthenticated attacker to continuously reset the authentication failure counter for their IP address. By interjecting a crafted username containing a success keyword (...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-13T22:16:43.820Z", "lastModified": "2026-05-14T17:18:18.640", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44195", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.2}, {"id": "CVE-2026-6145", "description": "The User Registration & Membership plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 5.1.5. This is due to the is_admin_creation_process() method relying solely on the presence of action=createuser in the $_REQUEST superglobal without performing any au...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-14T09:16:26.290Z", "lastModified": "2026-05-14T14:28:41.283", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6145", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.2}, {"id": "CVE-2026-6206", "description": "The MW WP Form plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 5.1.2 via the _get_post_property_from_querystring() function due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to extrac...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-14T09:16:27.497Z", "lastModified": "2026-05-14T14:28:41.283", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6206", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.2}, {"id": "CVE-2026-45205", "description": "Uncontrolled Recursion vulnerability in Apache Commons.\n\nWhen processing an untrusted configuration file, Commons Configuration will throw a StackOverflowError for YAML input with cycles.\nThis issue affects Apache Commons: from 2.2 before 2.15.0.\n\nUsers are recommended to upgrade to version 2.15.0, ...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-14T12:16:35.687Z", "lastModified": "2026-05-14T21:16:48.047", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45205", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.2}, {"id": "CVE-2026-41933", "description": "Vvveb before 1.0.8.3 contains a directory listing information disclosure vulnerability that allows unauthenticated attackers to enumerate files and directories by accessing multiple paths lacking proper index directives in .htaccess files. Attackers can access directories such as admin asset paths, ...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-14T15:16:45.873Z", "lastModified": "2026-05-14T16:24:56.240", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41933", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.2}, {"id": "CVE-2026-42592", "description": "Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, FilterOutboundURL resolves the hostname, checks the resolved IPs against the private-address deny-list, and returns only the error. It discards the resolved addresses. Chromium later performs its own DNS resolution when it n...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-14T16:16:22.307Z", "lastModified": "2026-05-14T19:16:36.233", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42592", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.2}, {"id": "CVE-2026-42593", "description": "Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, pdfengines/merge, pdfengines/split, libreoffice/convert, chromium/convert/url, chromium/convert/html, and chromium/convert/markdown accept stampSource=pdf + stampExpression=/path and watermarkSource=pdf + watermarkExpression...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-14T16:16:22.450Z", "lastModified": "2026-05-14T20:17:05.160", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42593", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.2}, {"id": "CVE-2026-42572", "description": "Hatchet is a platform for orchestrating background tasks, AI agents, and durable workflows at scale. Prior to 0.83.39, a missing authorization directive on the GET /api/v1/stable/dags/tasks endpoint caused Hatchet's tenant-membership check to be skipped for this route. A user authenticated to any te...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-14T18:16:47.943Z", "lastModified": "2026-05-14T18:26:39.827", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42572", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.2}, {"id": "CVE-2026-8516", "description": "Insufficient validation of untrusted input in DataTransfer in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: C...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-14T20:17:12.320Z", "lastModified": "2026-05-14T22:16:45.980", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8516", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 36.2}, {"id": "CVE-2026-8535", "description": "Out of bounds read in Media in Google Chrome on Linux and ChromeOS prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted JPEG file. (Chromium security severity: High)", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-14T20:17:14.350Z", "lastModified": "2026-05-14T22:16:47.700", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8535", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 36.2}, {"id": "CVE-2026-8538", "description": "Insufficient validation of untrusted input in GPU in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform a denial of service via a crafted HTML page. (Chromium security severity: High)", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-14T20:17:14.650Z", "lastModified": "2026-05-14T22:16:47.840", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8538", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 36.2}, {"id": "CVE-2026-8541", "description": "Out of bounds read in UI in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-14T20:17:14.970Z", "lastModified": "2026-05-14T22:16:48.133", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8541", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 36.2}, {"id": "CVE-2026-8543", "description": "Out of bounds read in FileSystem in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-14T20:17:15.173Z", "lastModified": "2026-05-14T22:16:48.420", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8543", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 36.2}, {"id": "CVE-2026-8546", "description": "Out of bounds read in GPU in Google Chrome on Mac and Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-14T20:17:15.500Z", "lastModified": "2026-05-14T22:16:48.557", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8546", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 36.2}, {"id": "CVE-2026-8582", "description": "Object lifecycle issue in Dawn in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-14T20:17:20.600Z", "lastModified": "2026-05-14T22:16:51.220", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8582", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 36.2}, {"id": "CVE-2026-8583", "description": "Insufficient policy enforcement in WebXR in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-14T20:17:20.703Z", "lastModified": "2026-05-14T22:16:51.373", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8583", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 36.2}, {"id": "CVE-2026-45248", "description": "Hedera Guardian through 3.5.1 contains an authentication bypass vulnerability in the GET /api/v1/demo/registered-users endpoint that allows unauthenticated attackers to retrieve sensitive user information. Attackers can access the endpoint without providing authentication credentials to obtain usern...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-14T22:16:45.000Z", "lastModified": "2026-05-14T22:16:45.000", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45248", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.2}, {"id": "CVE-2026-28847", "description": "The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-11T21:18:51.507Z", "lastModified": "2026-05-14T14:32:50.940", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28847", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.0}, {"id": "CVE-2026-28918", "description": "An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Parsing a maliciously crafted file may lead to an unexpected app termination.", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-11T21:18:54.210Z", "lastModified": "2026-05-13T13:57:36.450", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28918", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.0}, {"id": "CVE-2026-8109", "description": "An exposed dangerous method\u00a0on\u00a0the Core Server of\u00a0Ivanti Endpoint Manager\u00a0before\u00a0version\u00a02024 SU6\u00a0allows a\u00a0remote authenticated\u00a0attacker to\u00a0leak access credentials.", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-12T15:16:17.420Z", "lastModified": "2026-05-12T19:18:29.283", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8109", "is_exploited": false, "epss": 0, "vendor": "IVANTI", "mts_score": 36.0}, {"id": "CVE-2026-5084", "description": "WebDyne::Session versions through 2.075 for Perl generates the session id insecurely.\n\nThe session handler generates the session id from an MD5 hash seeded with a call to the built-in rand() function. The rand function is passed a maximum value based on the process id, the epoch time and the referen...", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-11T08:16:16.210Z", "lastModified": "2026-05-12T16:48:58.260", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5084", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.0}, {"id": "CVE-2026-41018", "description": "The Elasticsearch logging provider, when configured with a `host` URL that embeds credentials (for example `https://user:password@server.example.com:9200`), wrote the full host URL \u2014 including the embedded credentials \u2014 into task logs. Any user with task-log read permission could harvest the backend...", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-11T09:16:25.990Z", "lastModified": "2026-05-13T14:22:04.903", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41018", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.0}, {"id": "CVE-2026-43826", "description": "The OpenSearch logging provider, when configured with a `host` URL that embeds credentials (for example `https://user:password@server.example.com:9200`), wrote the full host URL \u2014 including the embedded credentials \u2014 into task logs. Any user with task-log read permission could harvest the backend cr...", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-11T09:16:26.143Z", "lastModified": "2026-05-13T14:05:21.357", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43826", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.0}, {"id": "CVE-2026-31246", "description": "GPT-Pilot thru commit 0819827ce20346ef5f25b3fe29293cb448840565 (2025-09-03) contains a command injection vulnerability (CWE-78) in the Executor.run() method. During project execution, when the system prompts the user to confirm or modify a command to be run, it accepts free-text input without proper...", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-11T16:17:29.623Z", "lastModified": "2026-05-13T15:47:35.667", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31246", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.0}, {"id": "CVE-2026-42610", "description": "Grav is a file-based Web platform. Prior to 2.0.0-beta.2, a low-privileged user (EX: Content Editor with only pages.update permissions) can bypass the existing Twig sandbox restrictions by utilizing the grav['accounts'] service. Attacker can programmatically load administrative user objects and extr...", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-11T16:17:33.957Z", "lastModified": "2026-05-12T16:16:49.410", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42610", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.0}, {"id": "CVE-2026-44197", "description": "Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user without the ability to edit a page could access revisions of the page through the revision compare view if they knew the primary key of two revisions. This could potentially result in disc...", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-11T16:17:34.823Z", "lastModified": "2026-05-12T15:58:58.510", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44197", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.0}, {"id": "CVE-2026-44199", "description": "Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user with limited access to form pages could delete submissions to form pages they don't have access to by crafting a form submission to delete submissions on a page they do have access to for ...", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-11T16:17:35.430Z", "lastModified": "2026-05-12T15:58:28.273", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44199", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.0}, {"id": "CVE-2026-44200", "description": "Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user with limited access to pages could copy a page they don't have access to to an area of the site they do. Once coped, they'd be able to view its contents, and potentially publish it. Permis...", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-11T16:17:35.713Z", "lastModified": "2026-05-12T15:57:27.673", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44200", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.0}, {"id": "CVE-2026-7817", "description": "Local file inclusion (LFI) and server-side request forgery (SSRF) vulnerabilities in pgAdmin 4 LLM API configuration endpoints.\n\nUser-supplied api_key_file and api_url preferences were passed to the LLM provider clients without validation. An authenticated user could read arbitrary server-side files...", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-11T16:17:38.590Z", "lastModified": "2026-05-13T15:34:13.237", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7817", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.0}, {"id": "CVE-2026-7820", "description": "Improper restriction of excessive authentication attempts (CWE-307) in pgAdmin 4.\n\npgAdmin enforces MAX_LOGIN_ATTEMPTS only inside its custom /authenticate/login view. Flask-Security's default /login view, which is registered automatically by security.init_app() and is reachable on every server, nev...", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-11T16:17:39.497Z", "lastModified": "2026-05-13T15:34:13.237", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7820", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.0}, {"id": "CVE-2026-42314", "description": "pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, package folder names are sanitized using insufficient string replacement. The pattern ....// becomes .._ after replacement (partial removal), leaving .. which can be exploited when the path is later resolve...", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-11T18:16:35.123Z", "lastModified": "2026-05-13T17:26:28.013", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42314", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.0}, {"id": "CVE-2026-42316", "description": "kafka-sink-azure-kusto Kafka Connect plugin is the official Microsoft sink for Azure Data Explorer (Kusto). Prior to 5.2.3, kafka-sink-azure-kusto did not sanitize user-controlled values inside the kusto.tables.topics.mapping configuration. The db, table, mapping, and format fields of each mapping e...", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-11T18:16:35.400Z", "lastModified": "2026-05-13T16:53:33.310", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42316", "is_exploited": false, "epss": 0, "vendor": "MICROSOFT", "mts_score": 36.0}, {"id": "CVE-2026-42883", "description": "Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the GET /api/libraries/:id/download endpoint validates that the requesting user has access to the library specified in the URL path, but fetches downloadable items solely by attacker-provided IDs without constraining them...", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-11T20:25:44.593Z", "lastModified": "2026-05-13T18:29:40.453", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42883", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.0}, {"id": "CVE-2026-28902", "description": "The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-11T21:18:53.017Z", "lastModified": "2026-05-14T14:32:44.607", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28902", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.0}, {"id": "CVE-2026-28903", "description": "The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-11T21:18:53.113Z", "lastModified": "2026-05-14T14:32:39.643", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28903", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.0}, {"id": "CVE-2026-28920", "description": "An information leakage was addressed with additional validation. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Visiting a maliciously crafted website may leak sensiti...", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-11T21:18:54.427Z", "lastModified": "2026-05-14T14:01:36.967", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28920", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.0}, {"id": "CVE-2026-28922", "description": "This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to access private information.", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-11T21:18:54.530Z", "lastModified": "2026-05-13T14:37:44.660", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28922", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.0}, {"id": "CVE-2026-28942", "description": "A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-11T21:18:55.427Z", "lastModified": "2026-05-14T14:32:26.840", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28942", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.0}, {"id": "CVE-2026-28946", "description": "A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5, macOS Tahoe 26.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-11T21:18:55.740Z", "lastModified": "2026-05-13T21:16:43.690", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28946", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.0}, {"id": "CVE-2026-28956", "description": "A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing a maliciously crafted media file may lead to unexpected app termina...", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-11T21:18:56.670Z", "lastModified": "2026-05-13T14:08:21.617", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28956", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.0}, {"id": "CVE-2026-28972", "description": "An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. An app may be able to cause unexpected system...", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-11T21:18:57.907Z", "lastModified": "2026-05-13T14:08:09.053", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28972", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.0}, {"id": "CVE-2026-34960", "description": "barebox prior to version 2026.04.0 contains an out-of-bounds read vulnerability in DHCP option parsing within the dhcp_message_type() function that fails to verify the options pointer remains within received packet bounds. An attacker on the same broadcast domain can send a crafted DHCP Offer or ACK...", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-11T22:22:10.847Z", "lastModified": "2026-05-13T15:29:03.597", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34960", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.0}, {"id": "CVE-2026-43889", "description": "Outline is a service that allows for collaborative documentation. Prior to 1.7.0, the shares.create API accepts both collectionId and documentId simultaneously and, when published=false, only verifies read access for each\u2014skipping the \"share\" permission check. A subsequent shares.update authorizes p...", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-11T22:22:13.760Z", "lastModified": "2026-05-12T14:50:18.527", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43889", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.0}, {"id": "CVE-2026-7010", "description": "HTTP::Tiny versions before 0.093 for Perl do not validate CRLF in HTTP request lines or control field header values.\n\nThe unvalidated inputs are the method and URI in the request line, the URL host that becomes the `Host:` header, and HTTP/1.1 control data field values.\n\nAn attacker who controls one...", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-11T22:22:14.750Z", "lastModified": "2026-05-12T16:48:58.260", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7010", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.0}, {"id": "CVE-2026-40135", "description": "An OS Command Injection vulnerability exists in the SAP NetWeaver Application Server for ABAP and ABAP Platform that allows an authenticated attacker with administrative access to execute specially crafted shell commands on the server, bypassing the logging mechanism. This allows the execution of un...", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-12T03:16:12.430Z", "lastModified": "2026-05-12T14:19:41.400", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40135", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.0}, {"id": "CVE-2026-7255", "description": "** UNSUPPORTED WHEN ASSIGNED ** An improper restriction of excessive authentication attempts vulnerability in the web management interface of Zyxel WRE6505 v2 firmware version V1.00(ABDV.3)C0 could allow an adjacent attacker on the LAN to brute-force the password and bypass authentication.", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-12T04:16:29.143Z", "lastModified": "2026-05-13T14:48:05.873", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7255", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.0}, {"id": "CVE-2026-5028", "description": "The Eight Day Week Print Workflow plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'title' parameter in the `pp-get-articles` AJAX action in all versions up to, and including, 1.2.6. This is due to insufficient escaping on the user supplied parameter and lack of sufficien...", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-12T09:16:54.670Z", "lastModified": "2026-05-12T14:03:52.757", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5028", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.0}, {"id": "CVE-2026-8388", "description": "Incorrect boundary conditions in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 150.0.3.", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-12T14:17:11.813Z", "lastModified": "2026-05-12T19:48:21.497", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8388", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.0}, {"id": "CVE-2026-40300", "description": "Zulip is an open-source team collaboration tool. Prior to 12.0, With message_edit_history_visibility_policy set to \"moves\", /api/v1/messages/{id}/history still returns historical content values, allowing low-privilege users to recover text that was edited away from other users' messages. This vulner...", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-12T17:16:20.150Z", "lastModified": "2026-05-13T18:58:14.040", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40300", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.0}, {"id": "CVE-2026-31241", "description": "The mem0 1.0.0 server lacks authentication and authorization controls for its memory deletion API endpoint (DELETE /memories). The endpoint allows unauthenticated users to delete memory records by specifying arbitrary user identifiers (e.g., user_id, run_id, agent_id) in the request query parameters...", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-12T18:16:52.557Z", "lastModified": "2026-05-14T18:34:56.720", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31241", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.0}, {"id": "CVE-2026-31243", "description": "The mem0 1.0.0 server lacks authentication and authorization controls for its memory reset and table re-creation functionality accessible via the DELETE /memories endpoint. An unauthenticated attacker can send a DELETE request that triggers a reset operation, leading to the execution of a CREATE TAB...", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-12T18:16:52.783Z", "lastModified": "2026-05-14T18:38:15.123", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31243", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.0}, {"id": "CVE-2026-31244", "description": "The mem0 1.0.0 server lacks authentication and authorization controls for its memory deletion API endpoint (DELETE /memories/{memory_id}). The endpoint allows unauthenticated users to delete arbitrary memory records without verifying their identity or permissions. A remote attacker can exploit this ...", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-12T18:16:52.897Z", "lastModified": "2026-05-14T18:38:33.120", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31244", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.0}, {"id": "CVE-2026-34350", "description": "Null pointer dereference in Windows Storport Miniport Driver allows an unauthorized attacker to deny service over a network.", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-12T18:17:09.540Z", "lastModified": "2026-05-14T17:44:55.450", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34350", "is_exploited": false, "epss": 0, "vendor": "WINDOWS", "mts_score": 36.0}, {"id": "CVE-2026-35422", "description": "Authentication bypass using an alternate path or channel in Windows TCP/IP allows an authorized attacker to bypass a security feature over a network.", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-12T18:17:12.883Z", "lastModified": "2026-05-14T18:04:43.973", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35422", "is_exploited": false, "epss": 0, "vendor": "WINDOWS", "mts_score": 36.0}, {"id": "CVE-2026-40374", "description": "Exposure of sensitive information to an unauthorized actor in Power Automate allows an authorized attacker to disclose information over a network.", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-12T18:17:16.347Z", "lastModified": "2026-05-13T15:34:52.573", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40374", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.0}, {"id": "CVE-2026-42175", "description": "requests-hardened is a library that overrides the default behaviors of the requests library, and adds new security features. Prior to , the SSRF protection in requests-hardened fails to block IP addresses within the RFC 6598 Shared Address Space (100.64.0.0/10). An attacker who can supply arbitrary ...", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-12T18:17:24.073Z", "lastModified": "2026-05-13T18:24:31.310", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42175", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.0}, {"id": "CVE-2026-42830", "description": "Untrusted search path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-12T18:17:25.540Z", "lastModified": "2026-05-14T14:26:13.290", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42830", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.0}, {"id": "CVE-2026-42891", "description": "User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-12T18:17:26.207Z", "lastModified": "2026-05-14T14:26:49.890", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42891", "is_exploited": false, "epss": 0, "vendor": "MICROSOFT", "mts_score": 36.0}, {"id": "CVE-2026-44204", "description": "Shelf is a platform for tracking physical assets. From 1.12 to before 1.20.1, a SQL injection vulnerability in the sortBy query parameter on the /assets route allows any authenticated user (any role) to execute arbitrary SQL and read data from any table in the database, including data belonging to o...", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-12T18:17:29.883Z", "lastModified": "2026-05-14T13:16:18.993", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44204", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.0}, {"id": "CVE-2026-42191", "description": "OpenTelemetry.Exporter.OpenTelemetryProtocol is the OTLP (OpenTelemetry Protocol) exporter implementation. From 1.8.0 to 1.15.2, the OTLP disk retry feature in OpenTelemetry.Exporter.OpenTelemetryProtocol silently fell back to Path.GetTempPath() when OTEL_DOTNET_EXPERIMENTAL_OTLP_RETRY=disk was set ...", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-12T20:16:41.000Z", "lastModified": "2026-05-13T18:16:44.010", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42191", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.0}, {"id": "CVE-2026-44222", "description": "vLLM is an inference and serving engine for large language models (LLMs). From 0.6.1 to before 0.20.0, there is a a Token Injection vulnerability in vLLM\u2019s multimodal processing. Unauthenticated, text-only prompts that spell special tokens are interpreted as control. Image and video placeholder sequ...", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-12T20:16:43.160Z", "lastModified": "2026-05-14T15:38:19.560", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44222", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.0}, {"id": "CVE-2026-44223", "description": "vLLM is an inference and serving engine for large language models (LLMs). From  to before 0.20.0, the extract_hidden_states speculative decoding proposer in vLLM returns a tensor with an incorrect shape after the first decode step, causing a RuntimeError that crashes the EngineCore process. The cras...", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-12T20:16:43.293Z", "lastModified": "2026-05-14T15:37:26.150", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44223", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.0}, {"id": "CVE-2025-15463", "description": "The The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 0.9.2.3. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes ...", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-12T23:16:15.883Z", "lastModified": "2026-05-13T15:26:44.333", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15463", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 36.0}, {"id": "CVE-2026-35228", "description": "Vulnerability in the Oracle MCP Server Helper Tool product of Oracle Open Source Projects (component: helper tool). The supported versions that is affected is 1.0.1-1.0.156. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle MCP Server ...", "score": 8.7, "severity": "HIGH", "published": "2026-05-05T04:16:16.530Z", "lastModified": "2026-05-05T19:47:31.297", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35228", "is_exploited": false, "epss": 0, "vendor": "ORACLE", "mts_score": 35.8}, {"id": "CVE-2026-41002", "description": "The base directory (`spring.cloud.config.server.git.basedir`) used by the Spring Cloud Config Server to clone Git repositories to is susceptible to time-of-check-time-of-use (TOCTOU) attacks.\nSpring Cloud Config 3.1.x: affected from 3.1.0 through 3.1.13 (inclusive); upgrade to 3.1.14 or greater (Ent...", "score": 7.2, "severity": "HIGH", "published": "2026-05-07T04:16:25.707Z", "lastModified": "2026-05-12T17:29:53.063", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41002", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 35.8}, {"id": "CVE-2026-41641", "description": "NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to version 2.0.39, the checkSQL() validation function that blocks dangerous SQL keywords (e.g., pg_read_file, LOAD_FILE, dblink) is applied on the collections:create and sqlCollecti...", "score": 7.2, "severity": "HIGH", "published": "2026-05-07T06:16:05.073Z", "lastModified": "2026-05-07T20:23:22.440", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41641", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 35.8}, {"id": "CVE-2026-7413", "description": "A hidden, persistent backdoor was found in Yarbo firmware v2.3.9 that provides remote, unauthenticated (or weakly authenticated) access to privileged functionality. The backdoor is undocumented, cannot be disabled via user-facing settings, and survives factory reset and ordinary firmware updates.", "score": 7.2, "severity": "HIGH", "published": "2026-05-07T17:15:59.343Z", "lastModified": "2026-05-14T17:54:50.453", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7413", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 35.8}, {"id": "CVE-2026-44742", "description": "Postorius through 1.3.13 does not escape HTML in the message subject when rendering it in the Held messages pop-up, as exploited in the wild in May 2026.", "score": 7.2, "severity": "HIGH", "published": "2026-05-07T19:16:02.500Z", "lastModified": "2026-05-14T17:42:47.040", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44742", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 35.8}, {"id": "CVE-2026-7330", "description": "The Auto Affiliate Links plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 6.8.8 This is due to insufficient input sanitization on the 'url' POST parameter in the aal_url_stats_save_action() function and a complete absence of output escaping in aal_d...", "score": 7.2, "severity": "HIGH", "published": "2026-05-08T09:16:10.100Z", "lastModified": "2026-05-08T15:46:11.563", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7330", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 35.8}, {"id": "CVE-2025-67486", "description": "Dolibarr is an enterprise resource planning (ERP) and customer relationship management (CRM) software package. Versions 22.0.2 and earlier contains an authenticated remote code execution vulnerability in the user extrafields functionality. User-controlled input from the \"computed value\" field is pas...", "score": 7.2, "severity": "HIGH", "published": "2026-05-08T15:16:35.043Z", "lastModified": "2026-05-12T20:54:07.690", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67486", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 35.8}, {"id": "CVE-2026-3828", "description": "Some Hikvision switch products (discontinued since December 2023) are vulnerable to authenticated remote command execution due to insufficient input validation. Attackers with valid credentials can exploit this flaw by sending crafted packets containing malicious commands to affected devices, leadin...", "score": 7.2, "severity": "HIGH", "published": "2026-05-09T09:16:09.107Z", "lastModified": "2026-05-12T16:42:18.330", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3828", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 35.8}, {"id": "CVE-2025-9973", "description": "Due to not validating the organization context when executing adaptive authentication flows, the WSO2 Identity Server allows adaptive authentication logic to be triggered on unintended organizations. A malicious actor with privileges to configure adaptive authentication within one organization can l...", "score": 6.4, "severity": "MEDIUM", "published": "2026-05-11T12:16:11.050Z", "lastModified": "2026-05-13T15:25:04.383", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9973", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 35.6}, {"id": "CVE-2026-43876", "description": "WWBN AVideo is an open source video platform. In versions up to and including 29.0, objects/notifySubscribers.json.php takes the raw message POST parameter and passes it into sendSiteEmail(), which substitutes it directly into an HTML email template (via str_replace on the {message} placeholder) and...", "score": 6.4, "severity": "MEDIUM", "published": "2026-05-11T22:22:11.983Z", "lastModified": "2026-05-13T16:16:52.447", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43876", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 35.6}, {"id": "CVE-2026-2300", "description": "The BJ Lazy Load plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `filter_images()` function in all versions up to, and including, 1.0.9. This is due to the use of regex-based HTML processing (`preg_replace`) that does not properly handle HTML attribute boundaries when repla...", "score": 6.4, "severity": "MEDIUM", "published": "2026-05-12T09:16:39.623Z", "lastModified": "2026-05-12T14:03:52.757", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2300", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 35.6}, {"id": "CVE-2026-4859", "description": "The SP Blog Designer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'design' attribute of the `wpsbd_post_carousel` shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated at...", "score": 6.4, "severity": "MEDIUM", "published": "2026-05-12T09:16:54.390Z", "lastModified": "2026-05-12T14:03:52.757", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4859", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 35.6}, {"id": "CVE-2026-4920", "description": "The Next Date plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'default' shortcode attribute in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, ...", "score": 6.4, "severity": "MEDIUM", "published": "2026-05-12T09:16:54.530Z", "lastModified": "2026-05-12T14:03:52.757", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4920", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 35.6}, {"id": "CVE-2026-5340", "description": "The Fancy Image Show plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `fancy-img-show` shortcode in all versions up to, and including, 9.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...", "score": 6.4, "severity": "MEDIUM", "published": "2026-05-12T09:16:54.810Z", "lastModified": "2026-05-12T14:03:52.757", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5340", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 35.6}, {"id": "CVE-2026-5715", "description": "The Voyage Plus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' attribute of the 'post-content' shortcode in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for a...", "score": 6.4, "severity": "MEDIUM", "published": "2026-05-12T09:16:55.097Z", "lastModified": "2026-05-12T14:03:52.757", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5715", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 35.6}, {"id": "CVE-2026-6237", "description": "The Quick Table plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'style' attribute of the 'qtbl' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authentic...", "score": 6.4, "severity": "MEDIUM", "published": "2026-05-12T09:16:55.230Z", "lastModified": "2026-05-12T14:03:52.757", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6237", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 35.6}, {"id": "CVE-2026-6247", "description": "The scratchblocks for WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'element' attribute of the 'scratchblocks' shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it po...", "score": 6.4, "severity": "MEDIUM", "published": "2026-05-12T09:16:55.370Z", "lastModified": "2026-05-12T14:03:52.757", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6247", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 35.6}, {"id": "CVE-2026-6256", "description": "The Credits Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link' attribute of the 'credits' shortcode in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for aut...", "score": 6.4, "severity": "MEDIUM", "published": "2026-05-12T09:16:55.503Z", "lastModified": "2026-05-12T14:03:52.757", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6256", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 35.6}, {"id": "CVE-2026-6913", "description": "The Shortcodely plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'widget_area' parameter in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access ...", "score": 6.4, "severity": "MEDIUM", "published": "2026-05-12T09:16:56.633Z", "lastModified": "2026-05-12T14:03:52.757", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6913", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 35.6}, {"id": "CVE-2026-7659", "description": "The Advanced Social Media Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `social` shortcode in all versions up to, and including, 1.2. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authentic...", "score": 6.4, "severity": "MEDIUM", "published": "2026-05-12T09:16:57.860Z", "lastModified": "2026-05-12T14:03:52.757", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7659", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 35.6}, {"id": "CVE-2026-7661", "description": "The Bootstrap Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `box` shortcode in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attack...", "score": 6.4, "severity": "MEDIUM", "published": "2026-05-12T09:16:58.000Z", "lastModified": "2026-05-12T14:03:52.757", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7661", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 35.6}, {"id": "CVE-2026-42469", "description": "Buffer overflow vulnerability in Open Vehicle Monitoring System 3 (OVMS3) 3.3.005. In canformat_canswitch.cpp the parser does not properly validate a CANswitch DLC value, allowing remote attackers to cause a denial of service or possibly execute arbitrary code via crafted CANswitch frames.", "score": 8.6, "severity": "HIGH", "published": "2026-05-01T17:16:25.260Z", "lastModified": "2026-05-07T19:16:02.073", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42469", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 35.4}, {"id": "CVE-2026-42365", "description": "A guessable session cookie vulnerability exists in the Web Interface functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted series of HTTP requests can lead to an authentication bypas. An attacker can bruteforce session cookies to trigger this vulnerability.", "score": 8.6, "severity": "HIGH", "published": "2026-05-04T01:16:03.620Z", "lastModified": "2026-05-05T02:44:42.050", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42365", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 35.4}, {"id": "CVE-2026-42079", "description": "PPTAgent is an agentic framework for reflective PowerPoint generation. Prior to commit 418491a, PPTAgent is vulnerable to arbitrary code execution via Python eval() of LLM-generated code with builtins in scope. This issue has been patched via commit 418491a.", "score": 8.6, "severity": "HIGH", "published": "2026-05-04T17:16:24.887Z", "lastModified": "2026-05-05T20:19:04.323", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42079", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 35.4}, {"id": "CVE-2026-43533", "description": "OpenClaw before 2026.4.10 contains an arbitrary file read vulnerability in QQBot media tags that allows attackers to reference host-local paths outside the intended media storage boundary. Attackers can craft malicious reply text containing media tags to disclose arbitrary local files through outbou...", "score": 8.6, "severity": "HIGH", "published": "2026-05-05T12:16:19.610Z", "lastModified": "2026-05-07T01:53:48.660", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43533", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 35.4}, {"id": "CVE-2026-7412", "description": "In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, the Operation Delegation feature fails to validate the destination URI of delegated requests. An unauthenticated remote attacker can exploit this design flaw to force the BaSyx server to execute blind HTTP POST requests to arbitr...", "score": 8.6, "severity": "HIGH", "published": "2026-05-05T16:16:18.480Z", "lastModified": "2026-05-06T16:16:12.510", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7412", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 35.4}, {"id": "CVE-2026-43139", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm6: fix uninitialized saddr in xfrm6_get_saddr()\n\nxfrm6_get_saddr() does not check the return value of\nipv6_dev_get_saddr(). When ipv6_dev_get_saddr() fails to find a suitable\nsource address (returns -EADDRNOTAVAIL), saddr->in6 ...", "score": 8.6, "severity": "HIGH", "published": "2026-05-06T12:16:31.227Z", "lastModified": "2026-05-13T18:41:39.200", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43139", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 35.4}, {"id": "CVE-2026-44116", "description": "OpenClaw before 2026.4.22 contains a server-side request forgery vulnerability in the Zalo plugin's sendPhoto function that fails to validate outbound photo URLs through the SSRF guard. Attackers can bypass SSRF protection by providing malicious photo URLs to the Zalo Bot API, enabling unauthorized ...", "score": 8.6, "severity": "HIGH", "published": "2026-05-06T20:16:35.637Z", "lastModified": "2026-05-07T17:07:36.797", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44116", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 35.4}, {"id": "CVE-2026-41660", "description": "Admidio is an open-source user management solution. Prior to version 5.0.9, a logic error in Admidio's two-factor authentication reset inverts the authorization check. Non-admin users cannot remove their own TOTP configuration, but they can remove other users' TOTP, including administrators. A group...", "score": 7.1, "severity": "HIGH", "published": "2026-05-07T04:16:29.740Z", "lastModified": "2026-05-07T14:51:01.740", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41660", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 35.4}, {"id": "CVE-2026-41644", "description": "monetr is a budgeting application for recurring expenses. Prior to version 1.12.5, a server-side request forgery (SSRF) vulnerability in monetr's Lunch Flow integration allowed any authenticated user on a self-hosted instance to cause the monetr server to issue HTTP GET requests to arbitrary URLs su...", "score": 7.1, "severity": "HIGH", "published": "2026-05-07T12:16:17.810Z", "lastModified": "2026-05-11T16:40:30.673", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41644", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 35.4}, {"id": "CVE-2026-42010", "description": "A flaw was found in gnutls. Servers configured with RSA-PSK (Rivest\u2013Shamir\u2013Adleman \u2013 Pre-Shared Key) wrongfully matched usernames containing a NUL character with truncated usernames. A remote attacker could exploit this by sending a specially crafted username, leading to an authentication bypass. Th...", "score": 7.1, "severity": "HIGH", "published": "2026-05-07T12:16:17.977Z", "lastModified": "2026-05-14T23:16:36.520", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42010", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 35.4}, {"id": "CVE-2026-41554", "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bricks Builder allows Reflected XSS.\n\nThis issue affects Bricks Builder: from n/a through 1.9.2 to 2.2.", "score": 7.1, "severity": "HIGH", "published": "2026-05-07T14:16:02.710Z", "lastModified": "2026-05-07T14:56:14.870", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41554", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 35.4}, {"id": "CVE-2026-41906", "description": "FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.214, the Change Customer modal correctly hides out-of-scope customers through the mailbox-filtered search endpoint, but the backend conversation_change_customer action accepts any supplied custome...", "score": 7.1, "severity": "HIGH", "published": "2026-05-07T19:16:01.357Z", "lastModified": "2026-05-08T15:16:43.663", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41906", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 35.4}, {"id": "CVE-2026-44243", "description": "GitPython is a python library used to interact with Git repositories. Prior to version 3.1.48, a vulnerability in GitPython allows attackers who can supply a crafted reference path to an application using GitPython to write, overwrite, move, or delete files outside the repository\u2019s .git directory vi...", "score": 7.1, "severity": "HIGH", "published": "2026-05-07T19:16:02.227Z", "lastModified": "2026-05-07T21:12:00.777", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44243", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 35.4}, {"id": "CVE-2026-42261", "description": "PromptHub is an all-in-one AI toolbox for prompt, skill, and agent management. From version 0.4.9 to before version 0.5.4, apps/web/src/routes/skills.ts exposes an authenticated endpoint POST /api/skills/fetch-remote that fetches a user-supplied URL server-side and reflects the response body (up to ...", "score": 7.1, "severity": "HIGH", "published": "2026-05-08T04:16:20.107Z", "lastModified": "2026-05-12T14:06:59.550", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42261", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 35.4}, {"id": "CVE-2026-41576", "description": "Brave CMS is an open-source CMS. Prior to commit 6c56603, the contact form is publicly accessible (no authentication required). User-supplied message text is passed through PHP's nl2br() function, which converts newlines to <br> tags but does not escape HTML. The resulting string is then passed to a...", "score": 7.1, "severity": "HIGH", "published": "2026-05-08T15:16:40.910Z", "lastModified": "2026-05-08T15:58:49.383", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41576", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 35.4}, {"id": "CVE-2026-43442", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring: fix physical SQE bounds check for SQE_MIXED 128-byte ops\n\nWhen IORING_SETUP_SQE_MIXED is used without IORING_SETUP_NO_SQARRAY,\nthe boundary check for 128-byte SQE operations in io_init_req()\nvalidated the logical SQ head ...", "score": 7.1, "severity": "HIGH", "published": "2026-05-08T15:16:56.663Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43442", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 35.4}, {"id": "CVE-2026-41432", "description": "New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system. Prior to version 0.12.10, a vulnerability exists in the Stripe webhook handler that allows an unauthenticated attacker to forge webhook events and credit arbitrary quota to their account without ...", "score": 7.1, "severity": "HIGH", "published": "2026-05-08T23:16:35.457Z", "lastModified": "2026-05-13T18:29:40.453", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41432", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 35.4}, {"id": "CVE-2025-62305", "description": "HCL AION is affected by a vulnerability where certain operations may trigger out-of-band interactions, potentially resulting in unintended disclosure of sensitive information. Such behaviour may allow exposure of data to external systems under specific conditions.", "score": 5.1, "severity": "MEDIUM", "published": "2026-05-14T17:16:16.307Z", "lastModified": "2026-05-14T17:22:46.577", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62305", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 35.4}, {"id": "CVE-2025-62308", "description": "HCL AION is affected by a vulnerability where sensitive backend infrastructure details may be exposed. Exposure of such information could reveal internal system architecture or configuration details, which may potentially assist in further analysis or targeted actions under certain conditions", "score": 5.1, "severity": "MEDIUM", "published": "2026-05-14T17:16:17.913Z", "lastModified": "2026-05-14T17:22:46.577", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62308", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 35.4}, {"id": "CVE-2026-8264", "description": "A weakness has been identified in Tenda AC6 15.03.06.23. Affected by this vulnerability is the function formWifiApScan of the file /goform/WifiApScan of the component httpd. Executing a manipulation of the argument wl2g.public.country/wl5g.public.country can lead to os command injection. It is possi...", "score": 6.3, "severity": "MEDIUM", "published": "2026-05-11T04:16:17.023Z", "lastModified": "2026-05-11T17:04:06.110", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8264", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 35.2}, {"id": "CVE-2025-8325", "description": "The software fails to enforce role-based access controls for certain Gateway API invocations. Users with the 'Internal/Everyone' role can invoke these APIs, bypassing intended permission checks. This same vulnerability also affects Internal Service APIs, potentially exposing them in WSO2 APIM 3.x ve...", "score": 6.3, "severity": "MEDIUM", "published": "2026-05-11T10:16:13.037Z", "lastModified": "2026-05-13T15:25:04.383", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8325", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 35.2}, {"id": "CVE-2025-65416", "description": "docuFORM Managed Print Service Client 11.11c is vulnerable to arbitrary file upload via pmupdate.php.", "score": 6.3, "severity": "MEDIUM", "published": "2026-05-11T16:17:29.057Z", "lastModified": "2026-05-12T15:05:31.120", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65416", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 35.2}, {"id": "CVE-2026-8344", "description": "A weakness has been identified in D-Link DIR-816 1.10CNB05_R1B011D88210. Affected by this vulnerability is the function sub_445E7C of the file /goform/formDMZ.cgi. This manipulation causes command injection. It is possible to initiate the attack remotely. The exploit has been made available to the p...", "score": 6.3, "severity": "MEDIUM", "published": "2026-05-11T22:22:14.977Z", "lastModified": "2026-05-12T19:56:03.490", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8344", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 35.2}, {"id": "CVE-2026-8345", "description": "A security vulnerability has been detected in D-Link DIR-816 1.10CNB05_R1B011D88210. Affected by this issue is the function sub_445E7C of the file /goform/singlePortForward. Such manipulation of the argument ip_address leads to command injection. It is possible to launch the attack remotely. The exp...", "score": 6.3, "severity": "MEDIUM", "published": "2026-05-11T23:20:22.813Z", "lastModified": "2026-05-12T19:55:38.630", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8345", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 35.2}, {"id": "CVE-2026-8346", "description": "A vulnerability was detected in D-Link DIR-816 1.10CNB05_R1B011D88210. This affects the function portForward. Performing a manipulation of the argument ip_address results in command injection. The attack can be initiated remotely. The exploit is now public and may be used.", "score": 6.3, "severity": "MEDIUM", "published": "2026-05-12T00:17:03.433Z", "lastModified": "2026-05-12T19:55:06.467", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8346", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 35.2}, {"id": "CVE-2026-40133", "description": "Due to missing authorization check in SAP S/4HANA Condition Maintenance, an authenticated attacker could gain unauthorized access to view and modify condition table records, resulting in low impact on the confidentiality and integrity of the data. Additionally, this vulnerability may prevent the leg...", "score": 6.3, "severity": "MEDIUM", "published": "2026-05-12T03:16:12.177Z", "lastModified": "2026-05-12T14:19:41.400", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40133", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 35.2}, {"id": "CVE-2026-41610", "description": "Improper neutralization of input during web page generation ('cross-site scripting') in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.", "score": 6.3, "severity": "MEDIUM", "published": "2026-05-12T18:17:22.847Z", "lastModified": "2026-05-13T15:34:52.573", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41610", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 35.2}, {"id": "CVE-2026-34664", "description": "Substance3D - Designer versions 15.1.0 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories out...", "score": 6.3, "severity": "MEDIUM", "published": "2026-05-12T19:16:31.157Z", "lastModified": "2026-05-13T19:40:05.580", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34664", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 35.2}, {"id": "CVE-2026-35555", "description": "PowerSYSTEM Center feature for device project groups allows an authenticated user with limited permissions to perform an unauthorized deletion of project groups.", "score": 6.3, "severity": "MEDIUM", "published": "2026-05-12T22:16:33.630Z", "lastModified": "2026-05-13T15:52:56.850", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35555", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 35.2}, {"id": "CVE-2026-42439", "description": "OpenClaw before 2026.4.10 contains a server-side request forgery policy bypass vulnerability in the browser tabs action select and close routes. Attackers can bypass configured browser SSRF policy protections by exploiting the /tabs/action endpoint to perform unauthorized tab navigation operations.", "score": 8.5, "severity": "HIGH", "published": "2026-05-05T12:16:18.490Z", "lastModified": "2026-05-07T01:59:18.467", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42439", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 35.0}, {"id": "CVE-2026-5788", "description": "An Improper Access Control in Ivanti EPMM before\u00a0versions 12.6.1.1, 12.7.0.1, and 12.8.0.1\u00a0allows a remote unauthenticated attacker to invoke arbitrary methods.", "score": 7.0, "severity": "HIGH", "published": "2026-05-07T16:16:22.733Z", "lastModified": "2026-05-07T20:11:27.477", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5788", "is_exploited": false, "epss": 0, "vendor": "IVANTI", "mts_score": 35.0}, {"id": "CVE-2026-41051", "description": "csync2 uses insecure temporary directories when compiled with C99 or later, allowing for TOCTOU style attacks on the temporary directories.", "score": 5.0, "severity": "MEDIUM", "published": "2026-05-13T13:01:53.787Z", "lastModified": "2026-05-13T20:16:21.487", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41051", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 35.0}, {"id": "CVE-2025-27852", "description": "The locally served web site on the Garmin WDU (v1 1.4.6 and v2 5.0) allows a reflected cross site scripting (XSS) attack. This allows an attacker on the local network segment to execute arbitrary JavaScript code within the context of the WDU webpage. Full administrator level access to the device is ...", "score": 5.0, "severity": "MEDIUM", "published": "2026-05-13T21:16:41.350Z", "lastModified": "2026-05-14T17:06:08.693", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27852", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 35.0}, {"id": "CVE-2026-44441", "description": "ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.106.0 and 16.16.0, a malicious user could send a crafted request to an endpoint, which would lead to the server making an HTTP call to a service of the user's choice. This vulnerability is fixed in 15.106.0 and 16.16.0.", "score": 5.0, "severity": "MEDIUM", "published": "2026-05-13T22:16:45.177Z", "lastModified": "2026-05-14T20:10:48.240", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44441", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 35.0}, {"id": "CVE-2026-43894", "description": "jq is a command-line JSON processor. In 1.8.1 and earlier, when decNumberFromString is given a number literal of INT_MAX-1 (2147483646) digits, the D2U() macro overflows during signed-int arithmetic. The wrapped negative value bypasses the heap-allocation size check, causes the function to use a 30-...", "score": 6.2, "severity": "MEDIUM", "published": "2026-05-11T18:16:37.250Z", "lastModified": "2026-05-13T17:01:10.463", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43894", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 34.8}, {"id": "CVE-2026-43896", "description": "jq is a command-line JSON processor. In 1.8.1 and earlier, unbounded recursion in jv_object_merge_recursive() allows a crafted jq program to crash the process with a segfault. The function is reachable through the * operator when both operands are objects.", "score": 6.2, "severity": "MEDIUM", "published": "2026-05-11T18:16:37.530Z", "lastModified": "2026-05-13T22:34:34.033", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43896", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 34.8}, {"id": "CVE-2026-28897", "description": "A buffer overflow was addressed with improved input validation. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. A local user may be able to cause unexpected system term...", "score": 6.2, "severity": "MEDIUM", "published": "2026-05-11T21:18:52.803Z", "lastModified": "2026-05-12T17:27:58.013", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28897", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 34.8}, {"id": "CVE-2026-28977", "description": "The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing a maliciously crafted file may lead to unexpected app te...", "score": 6.2, "severity": "MEDIUM", "published": "2026-05-11T21:18:58.217Z", "lastModified": "2026-05-14T14:01:08.457", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28977", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 34.8}, {"id": "CVE-2026-28985", "description": "A null pointer dereference was addressed with improved input validation. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5. An attacker on the local network may be able to cause a denial-of-service.", "score": 6.2, "severity": "MEDIUM", "published": "2026-05-11T21:18:58.520Z", "lastModified": "2026-05-13T14:08:02.203", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28985", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 34.8}, {"id": "CVE-2026-43653", "description": "The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5. An attacker on the local network may be able to cause a denial-of-service.", "score": 6.2, "severity": "MEDIUM", "published": "2026-05-11T21:19:01.070Z", "lastModified": "2026-05-13T14:39:27.647", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43653", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 34.8}, {"id": "CVE-2026-43666", "description": "An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. An attacker on the local network may be able t...", "score": 6.2, "severity": "MEDIUM", "published": "2026-05-11T21:19:01.920Z", "lastModified": "2026-05-13T14:06:39.710", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43666", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 34.8}, {"id": "CVE-2026-34961", "description": "barebox prior to version 2026.04.0 contains out-of-bounds read vulnerabilities in ext4 extent parsing due to missing validation of the eh_entries field against buffer capacity in fs/ext4/ext4_common.c. Attackers can supply a malicious ext4 filesystem image via USB, SD card, or network boot to trigge...", "score": 6.2, "severity": "MEDIUM", "published": "2026-05-11T22:22:11.000Z", "lastModified": "2026-05-13T19:57:51.270", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34961", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 34.8}, {"id": "CVE-2026-34962", "description": "barebox version prior to 2026.04.0 contains a denial-of-service vulnerability in ext4 directory parsing in fs/ext4/ext4_common.c where the ext4fs_iterate_dir() function fails to validate that directory entry length values are non-zero. Attackers can supply a malicious ext4 filesystem image with a cr...", "score": 6.2, "severity": "MEDIUM", "published": "2026-05-11T23:19:47.813Z", "lastModified": "2026-05-13T19:58:33.810", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34962", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 34.8}, {"id": "CVE-2026-40380", "description": "Heap-based buffer overflow in Volume Manager Extension Driver allows an authorized attacker to execute code with a physical attack.", "score": 6.2, "severity": "MEDIUM", "published": "2026-05-12T18:17:16.790Z", "lastModified": "2026-05-14T17:49:59.683", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40380", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 34.8}, {"id": "CVE-2026-41614", "description": "Improper access control in M365 Copilot for Desktop allows an unauthorized attacker to perform spoofing locally.", "score": 6.2, "severity": "MEDIUM", "published": "2026-05-12T18:17:23.363Z", "lastModified": "2026-05-14T14:25:16.757", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41614", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 34.8}, {"id": "CVE-2026-42045", "description": "LobeHub is a work-and-lifestyle space to find, build, and collaborate with agent teammates that grow with you. Prior to 2.1.48, when LobeChat processes custom tags in the Render process of src/features/Portal/Artifacts/Body/Renderer/index.tsx, if no type match is found, it will choose to call the de...", "score": 6.2, "severity": "MEDIUM", "published": "2026-05-12T18:17:23.637Z", "lastModified": "2026-05-13T18:23:27.920", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42045", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 34.8}, {"id": "CVE-2026-34666", "description": "CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation o...", "score": 6.2, "severity": "MEDIUM", "published": "2026-05-12T20:16:37.133Z", "lastModified": "2026-05-13T14:49:11.830", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34666", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 34.8}, {"id": "CVE-2026-34667", "description": "CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. E...", "score": 6.2, "severity": "MEDIUM", "published": "2026-05-12T20:16:37.250Z", "lastModified": "2026-05-13T14:49:11.830", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34667", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 34.8}, {"id": "CVE-2026-34668", "description": "CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation o...", "score": 6.2, "severity": "MEDIUM", "published": "2026-05-12T20:16:37.360Z", "lastModified": "2026-05-13T14:49:11.830", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34668", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 34.8}, {"id": "CVE-2026-34669", "description": "CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation o...", "score": 6.2, "severity": "MEDIUM", "published": "2026-05-12T20:16:37.473Z", "lastModified": "2026-05-13T14:49:11.830", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34669", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 34.8}, {"id": "CVE-2026-34670", "description": "CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation o...", "score": 6.2, "severity": "MEDIUM", "published": "2026-05-12T20:16:37.583Z", "lastModified": "2026-05-13T14:49:11.830", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34670", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 34.8}, {"id": "CVE-2026-34671", "description": "CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitat...", "score": 6.2, "severity": "MEDIUM", "published": "2026-05-12T20:16:37.693Z", "lastModified": "2026-05-13T14:49:11.830", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34671", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 34.8}, {"id": "CVE-2026-34672", "description": "CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. E...", "score": 6.2, "severity": "MEDIUM", "published": "2026-05-12T20:16:37.807Z", "lastModified": "2026-05-13T14:49:11.830", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34672", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 34.8}, {"id": "CVE-2026-34673", "description": "CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service cond...", "score": 6.2, "severity": "MEDIUM", "published": "2026-05-12T20:16:37.920Z", "lastModified": "2026-05-13T14:49:11.830", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34673", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 34.8}, {"id": "CVE-2026-34677", "description": "CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service cond...", "score": 6.2, "severity": "MEDIUM", "published": "2026-05-12T20:16:38.033Z", "lastModified": "2026-05-13T14:49:11.830", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34677", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 34.8}, {"id": "CVE-2026-34678", "description": "CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service cond...", "score": 6.2, "severity": "MEDIUM", "published": "2026-05-12T20:16:38.150Z", "lastModified": "2026-05-13T14:49:11.830", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34678", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 34.8}, {"id": "CVE-2026-34679", "description": "CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation o...", "score": 6.2, "severity": "MEDIUM", "published": "2026-05-12T20:16:38.257Z", "lastModified": "2026-05-13T14:49:11.830", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34679", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 34.8}, {"id": "CVE-2026-34680", "description": "CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitat...", "score": 6.2, "severity": "MEDIUM", "published": "2026-05-12T20:16:38.370Z", "lastModified": "2026-05-13T14:49:11.830", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34680", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 34.8}, {"id": "CVE-2026-34688", "description": "CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation o...", "score": 6.2, "severity": "MEDIUM", "published": "2026-05-12T20:16:38.707Z", "lastModified": "2026-05-13T14:49:11.830", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34688", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 34.8}, {"id": "CVE-2026-37552", "description": "Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The sync-invoke TCP server (Server.php:87) receives data from a TCP socket, passes it directly to Opis\\Closure\\unserialize(), then executes the result via call_user_func(). No authentication or signature verification exists on...", "score": 8.4, "severity": "HIGH", "published": "2026-05-01T16:16:30.917Z", "lastModified": "2026-05-07T15:53:49.717", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-37552", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 34.6}, {"id": "CVE-2026-37540", "description": "OpenAMP v2025.10.0 ELF loader contains an integer overflow vulnerability in firmware image parsing. In elf_loader.c, it performs multiplication of two attacker-controlled 16-bit values from the ELF header without overflow checking. On 32-bit embedded systems (STM32MP1, Zynq, i.MX), large values can ...", "score": 8.4, "severity": "HIGH", "published": "2026-05-01T17:16:23.933Z", "lastModified": "2026-05-07T15:53:49.717", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-37540", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 34.6}, {"id": "CVE-2026-30363", "description": "flipperzero-firmware commit ad2a80 was discovered to contain a stack overflow in the \"Main\" function.", "score": 8.4, "severity": "HIGH", "published": "2026-05-01T19:16:29.807Z", "lastModified": "2026-05-05T20:24:04.853", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-30363", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 34.6}, {"id": "CVE-2026-43274", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmailbox: mchp-ipc-sbi: fix out-of-bounds access in mchp_ipc_get_cluster_aggr_irq()\n\nThe cluster_cfg array is dynamically allocated to hold per-CPU\nconfiguration structures, with its size based on the number of online\nCPUs. Previous...", "score": 8.4, "severity": "HIGH", "published": "2026-05-06T12:16:48.680Z", "lastModified": "2026-05-08T19:31:52.370", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43274", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 34.6}, {"id": "CVE-2026-41954", "description": "Sensitive information disclosure vulnerability exists in the undisclosed iControl REST endpoint and TMOS Shell (tmsh) command which may allow an authenticated attacker with resource administrator role privileges to view sensitive information.\u00a0\u00a0Note: Software versions which have reached End of Techni...", "score": 4.9, "severity": "MEDIUM", "published": "2026-05-13T16:16:45.600Z", "lastModified": "2026-05-13T16:27:11.127", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41954", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 34.6}, {"id": "CVE-2026-42063", "description": "A vulnerability exists in iControl SOAP where an authenticated attacker with the Resource Administrator or Administrator role can download sensitive files.\u00a0\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.", "score": 4.9, "severity": "MEDIUM", "published": "2026-05-13T16:16:46.440Z", "lastModified": "2026-05-13T16:27:11.127", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42063", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 34.6}, {"id": "CVE-2026-42780", "description": "A directory traversal vulnerability exists in BIG-IP SSL Orchestrator that allows an authenticated attacker with high privilege to overwrite, delete or corrupt arbitrary local files.\n\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.", "score": 4.9, "severity": "MEDIUM", "published": "2026-05-13T16:16:48.303Z", "lastModified": "2026-05-13T16:27:11.127", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42780", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 34.6}, {"id": "CVE-2026-45054", "description": "CubeCart is an ecommerce software solution. Prior to 6.7.0, the admin orders-transactions listing page (admin.php?_g=orders&node=transactions) builds a raw ORDER BY SQL fragment from the attacker-controlled $_GET['sort'] array without column or direction validation. Both the column key and the direc...", "score": 4.9, "severity": "MEDIUM", "published": "2026-05-13T21:16:49.270Z", "lastModified": "2026-05-14T16:49:18.583", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45054", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 34.6}, {"id": "CVE-2025-61305", "description": "A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_firmware.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable value.", "score": 6.1, "severity": "MEDIUM", "published": "2026-05-11T16:17:27.703Z", "lastModified": "2026-05-12T15:05:31.120", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61305", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 34.4}, {"id": "CVE-2025-61306", "description": "A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_coveragealerts.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable va...", "score": 6.1, "severity": "MEDIUM", "published": "2026-05-11T16:17:27.857Z", "lastModified": "2026-05-12T15:05:31.120", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61306", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 34.4}, {"id": "CVE-2025-61307", "description": "A reflected cross-site scripted (XSS) vulnerability in the acc-menu_papers.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable value.", "score": 6.1, "severity": "MEDIUM", "published": "2026-05-11T16:17:27.983Z", "lastModified": "2026-05-12T15:05:31.120", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61307", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 34.4}, {"id": "CVE-2025-61308", "description": "A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_maintenance.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable value...", "score": 6.1, "severity": "MEDIUM", "published": "2026-05-11T16:17:28.090Z", "lastModified": "2026-05-12T15:05:31.120", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61308", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 34.4}, {"id": "CVE-2025-61309", "description": "A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_departments.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable value...", "score": 6.1, "severity": "MEDIUM", "published": "2026-05-11T16:17:28.207Z", "lastModified": "2026-05-12T15:05:31.120", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61309", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 34.4}, {"id": "CVE-2025-61310", "description": "A reflected cross-site scripted (XSS) vulnerability in the acc-menu_billings.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable value.", "score": 6.1, "severity": "MEDIUM", "published": "2026-05-11T16:17:28.317Z", "lastModified": "2026-05-12T15:05:31.120", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61310", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 34.4}, {"id": "CVE-2025-65417", "description": "docuFORM Managed Print Service Client 11.11c is vulnerable to a reflected cross site scripting attack via the login page of the application.", "score": 6.1, "severity": "MEDIUM", "published": "2026-05-11T16:17:29.160Z", "lastModified": "2026-05-12T15:05:31.120", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65417", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 34.4}, {"id": "CVE-2026-36906", "description": "Cross Site Scripting vulnerability in iotgateway v.3.0.1 allows a remote attacker to execute arbitrary code via the Log Record Function", "score": 6.1, "severity": "MEDIUM", "published": "2026-05-11T17:16:32.313Z", "lastModified": "2026-05-12T15:05:31.120", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-36906", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 34.4}, {"id": "CVE-2026-34095", "description": "Vulnerability in Wikimedia Foundation MediaWiki.\n\n This vulnerability is associated with program files includes/Actions/ActionEntryPoint.Php, includes/Request/FauxResponse.Php.\n\n\n\nThis issue affects MediaWiki: from * before 1.43.7, 1.44.4, 1.45.2.", "score": 6.1, "severity": "MEDIUM", "published": "2026-05-11T18:16:32.223Z", "lastModified": "2026-05-13T22:30:47.490", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34095", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 34.4}, {"id": "CVE-2026-45222", "description": "Summarize versions through 0.14.1, fixed in commit 0cfb0fb, creates the daemon configuration directory and file with default filesystem permissions that may be world-readable on Unix-like systems, allowing local attackers to read bearer tokens and API credentials stored in ~/.summarize/daemon.json. ...", "score": 6.1, "severity": "MEDIUM", "published": "2026-05-11T19:16:27.313Z", "lastModified": "2026-05-13T15:30:24.603", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45222", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 34.4}, {"id": "CVE-2026-42872", "description": "WeGIA is a web manager for charitable institutions. In versions prior to 3.7.0, a reflected Cross-Site Scripting (XSS) vulnerability exists in lista_arquivos_etapa.php due to improper handling of user-supplied input. The id_processo parameter is directly embedded into the HTML without sanitization, ...", "score": 6.1, "severity": "MEDIUM", "published": "2026-05-11T20:25:43.690Z", "lastModified": "2026-05-13T17:03:32.490", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42872", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 34.4}, {"id": "CVE-2026-43878", "description": "WWBN AVideo is an open source video platform. In versions up to and including 29.0, plugin/Meet/iframe.php echoes the attacker-controlled user and pass query parameters unescaped into a JavaScript double-quoted string literal inside a <script> block. An attacker who sends a victim to a crafted URL c...", "score": 6.1, "severity": "MEDIUM", "published": "2026-05-11T22:22:12.257Z", "lastModified": "2026-05-12T14:50:18.527", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43878", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 34.4}, {"id": "CVE-2026-40137", "description": "SAP TAF_APPLAUNCHER within Business Server Pages allows an unauthenticated attacker to craft malicious links that, when clicked by a victim, redirects them to attacker?controlled sites, potentially exposing or altering sensitive information in the victim\ufffds browser. This results in a low impact on co...", "score": 6.1, "severity": "MEDIUM", "published": "2026-05-12T03:16:12.693Z", "lastModified": "2026-05-12T14:19:41.400", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40137", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 34.4}, {"id": "CVE-2026-1681", "description": "Issuing an ICMP ping via the `net ping` shell command to a device's own IPv4 address causes the network stack to recursively re-enter the input path on the same system work-queue stack. Because the destination is recognized as a local address, both the echo request and the resulting echo reply are p...", "score": 6.1, "severity": "MEDIUM", "published": "2026-05-12T07:16:09.843Z", "lastModified": "2026-05-13T15:25:04.383", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1681", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 34.4}, {"id": "CVE-2026-6808", "description": "The Pricing Tables for WP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.1.0. This is due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbi...", "score": 6.1, "severity": "MEDIUM", "published": "2026-05-12T09:16:56.497Z", "lastModified": "2026-05-12T14:03:52.757", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6808", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 34.4}, {"id": "CVE-2026-7437", "description": "The AzonPost plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `editpos_hidden` parameter in all versions up to, and including, 1.3. This is due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...", "score": 6.1, "severity": "MEDIUM", "published": "2026-05-12T09:16:57.047Z", "lastModified": "2026-05-12T14:03:52.757", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7437", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 34.4}, {"id": "CVE-2026-7464", "description": "The WP Google Maps Integration plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `page` parameter in all versions up to, and including, 1.2. This is due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject a...", "score": 6.1, "severity": "MEDIUM", "published": "2026-05-12T09:16:57.180Z", "lastModified": "2026-05-12T14:03:52.757", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7464", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 34.4}, {"id": "CVE-2026-7561", "description": "The Tm \u2013 WordPress Redirection plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious ...", "score": 6.1, "severity": "MEDIUM", "published": "2026-05-12T09:16:57.310Z", "lastModified": "2026-05-12T14:03:52.757", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7561", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 34.4}, {"id": "CVE-2026-44245", "description": "Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to 2.5.2, Vue 3's v-html directive is the framework-documented mechanism for injecting raw HTML, and it intentionally disables the auto-escaping that {{ }} interpolation provides. The PropertyCard.vue component us...", "score": 6.1, "severity": "MEDIUM", "published": "2026-05-12T23:16:18.060Z", "lastModified": "2026-05-13T18:14:48.583", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44245", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 34.4}, {"id": "CVE-2026-31712", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: require minimum ACE size in smb_check_perm_dacl()\n\nBoth ACE-walk loops in smb_check_perm_dacl() only guard against an\nunder-sized remaining buffer, not against an ACE whose declared\n`ace->size` is smaller than the struct it ...", "score": 8.3, "severity": "HIGH", "published": "2026-05-01T14:16:21.270Z", "lastModified": "2026-05-06T20:16:24.973", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31712", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 34.2}, {"id": "CVE-2026-6266", "description": "A flaw was found in the AAP gateway. The user auto-link strategy, introduced in AAP 2.6, automatically links an external Identity Provider (IDP) identity to an existing AAP user account based on email matching without verifying email ownership. This allows a remote attacker to potentially hijack a v...", "score": 8.3, "severity": "HIGH", "published": "2026-05-04T14:16:35.970Z", "lastModified": "2026-05-04T22:16:19.410", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6266", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 34.2}, {"id": "CVE-2024-30151", "description": "HCL BigFix Service Management (SX)  is affected by a Broken Access Control vulnerability leading to privilege escalation. This could allow unauthorized users to gain elevated privileges, bypassing intended access restrictions. This may result in exposure of sensitive data or unauthorized system modi...", "score": 8.3, "severity": "HIGH", "published": "2026-05-06T19:16:35.040Z", "lastModified": "2026-05-07T17:06:09.753", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30151", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 34.2}, {"id": "CVE-2026-7900", "description": "Heap buffer overflow in ANGLE in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)", "score": 8.3, "severity": "HIGH", "published": "2026-05-06T19:16:38.300Z", "lastModified": "2026-05-06T23:42:50.240", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7900", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 34.2}, {"id": "CVE-2026-7905", "description": "Insufficient validation of untrusted input in Media in Google Chrome on Android prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)", "score": 8.3, "severity": "HIGH", "published": "2026-05-06T19:16:38.800Z", "lastModified": "2026-05-06T23:42:08.677", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7905", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 34.2}, {"id": "CVE-2026-7911", "description": "Use after free in Aura in Google Chrome on Windows prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)", "score": 8.3, "severity": "HIGH", "published": "2026-05-06T19:16:39.387Z", "lastModified": "2026-05-06T23:40:57.100", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7911", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 34.2}, {"id": "CVE-2026-7914", "description": "Type Confusion in Accessibility in Google Chrome on Windows prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)", "score": 8.3, "severity": "HIGH", "published": "2026-05-06T19:16:39.680Z", "lastModified": "2026-05-06T23:40:21.350", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7914", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 34.2}, {"id": "CVE-2026-7916", "description": "Insufficient data validation in InterestGroups in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)", "score": 8.3, "severity": "HIGH", "published": "2026-05-06T19:16:39.880Z", "lastModified": "2026-05-08T20:16:32.520", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7916", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 34.2}, {"id": "CVE-2026-7917", "description": "Use after free in Fullscreen in Google Chrome on Windows prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)", "score": 8.3, "severity": "HIGH", "published": "2026-05-06T19:16:39.970Z", "lastModified": "2026-05-06T23:39:31.057", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7917", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 34.2}, {"id": "CVE-2026-7918", "description": "Use after free in GPU in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)", "score": 8.3, "severity": "HIGH", "published": "2026-05-06T19:16:40.073Z", "lastModified": "2026-05-06T23:39:24.603", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7918", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 34.2}, {"id": "CVE-2026-7919", "description": "Use after free in Aura in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)", "score": 8.3, "severity": "HIGH", "published": "2026-05-06T19:16:40.173Z", "lastModified": "2026-05-06T23:38:42.463", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7919", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 34.2}, {"id": "CVE-2026-7920", "description": "Use after free in Skia in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)", "score": 8.3, "severity": "HIGH", "published": "2026-05-06T19:16:40.277Z", "lastModified": "2026-05-06T23:38:35.003", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7920", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 34.2}, {"id": "CVE-2026-7922", "description": "Use after free in ServiceWorker in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)", "score": 8.3, "severity": "HIGH", "published": "2026-05-06T19:16:40.480Z", "lastModified": "2026-05-06T23:38:16.280", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7922", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 34.2}, {"id": "CVE-2026-7923", "description": "Out of bounds write in Skia in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)", "score": 8.3, "severity": "HIGH", "published": "2026-05-06T19:16:40.597Z", "lastModified": "2026-05-06T23:38:06.913", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7923", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 34.2}, {"id": "CVE-2026-7956", "description": "Use after free in Navigation in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)", "score": 8.3, "severity": "HIGH", "published": "2026-05-06T19:16:44.010Z", "lastModified": "2026-05-07T02:06:06.320", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7956", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 34.2}, {"id": "CVE-2026-7963", "description": "Inappropriate implementation in ServiceWorker in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)", "score": 8.3, "severity": "HIGH", "published": "2026-05-06T19:16:46.450Z", "lastModified": "2026-05-07T02:02:48.450", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7963", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 34.2}, {"id": "CVE-2026-7967", "description": "Insufficient validation of untrusted input in Navigation in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)", "score": 8.3, "severity": "HIGH", "published": "2026-05-06T19:16:47.427Z", "lastModified": "2026-05-07T02:02:04.820", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7967", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 34.2}, {"id": "CVE-2026-7970", "description": "Use after free in TopChrome in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)", "score": 8.3, "severity": "HIGH", "published": "2026-05-06T19:16:47.857Z", "lastModified": "2026-05-07T02:01:34.800", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7970", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 34.2}, {"id": "CVE-2026-7975", "description": "Use after free in DevTools in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)", "score": 8.3, "severity": "HIGH", "published": "2026-05-06T19:16:48.377Z", "lastModified": "2026-05-06T23:27:41.400", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7975", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 34.2}, {"id": "CVE-2026-7985", "description": "Use after free in GPU in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)", "score": 8.3, "severity": "HIGH", "published": "2026-05-06T19:16:49.383Z", "lastModified": "2026-05-06T23:21:23.023", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7985", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 34.2}, {"id": "CVE-2026-8001", "description": "Use After Free in Printing in Google Chrome on Linux, Mac, ChromeOS prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low)", "score": 8.3, "severity": "HIGH", "published": "2026-05-06T19:16:51.073Z", "lastModified": "2026-05-07T14:05:08.020", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8001", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 34.2}, {"id": "CVE-2026-41671", "description": "Admidio is an open-source user management solution. Prior to version 5.0.9, the OIDC token introspection endpoint (/modules/sso/index.php/oidc/introspect) always returns {\"active\": true} for every request, regardless of whether a valid token is provided, whether the token is expired, revoked, or com...", "score": 6.8, "severity": "MEDIUM", "published": "2026-05-07T04:16:32.863Z", "lastModified": "2026-05-07T14:54:40.603", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41671", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 34.2}, {"id": "CVE-2026-42194", "description": "Admidio is an open-source user management solution. Prior to version 5.0.9, the incomplete SSRF fix in Admidio's fetch_metadata.php validates the resolved IP address but passes the original hostname-based URL to curl_init(), leaving a DNS rebinding TOCTOU window that allows redirecting requests to i...", "score": 6.8, "severity": "MEDIUM", "published": "2026-05-07T04:16:34.053Z", "lastModified": "2026-05-07T16:16:20.777", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42194", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 34.2}, {"id": "CVE-2025-4386", "description": "Medtronic MyCareLink Patient Monitor has an internal serial interface, which allows an attacker with physical access to access a login prompt via a UART terminal.\u200b", "score": 6.8, "severity": "MEDIUM", "published": "2026-05-07T16:16:17.287Z", "lastModified": "2026-05-07T18:46:47.697", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4386", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 34.2}, {"id": "CVE-2025-4397", "description": "Medtronic MyCareLink Patient Monitor uses per-product credentials that are stored in a recoverable format. An attacker can use these credentials to modify encrypted drive data.", "score": 6.8, "severity": "MEDIUM", "published": "2026-05-07T16:16:17.410Z", "lastModified": "2026-05-07T18:46:47.697", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4397", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 34.2}, {"id": "CVE-2026-42291", "description": "SysReptor is a fully customizable pentest reporting platform. From version 2026.4 to before version 2026.27, the endpoints for reading and creating sharing links for personal notes is not properly authorized. This allows authenticated attackers who obtain the note ID of victim users to list and crea...", "score": 6.8, "severity": "MEDIUM", "published": "2026-05-08T23:16:36.360Z", "lastModified": "2026-05-13T16:49:32.233", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42291", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 34.2}, {"id": "CVE-2026-1749", "description": "There is an Access Control Vulnerability in some HikCentral Professional versions. This could allow an unauthenticated user to obtain the admin permission.", "score": 6.8, "severity": "MEDIUM", "published": "2026-05-09T09:16:08.823Z", "lastModified": "2026-05-12T16:42:18.330", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1749", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 34.2}, {"id": "CVE-2026-42948", "description": "Stored cross-site scripting vulnerability exists in ELECOM wireless LAN access point devices. If one of the administrators input malicious data, an arbitrary script may be executed in another administrative user's web browser.", "score": 4.8, "severity": "MEDIUM", "published": "2026-05-13T13:16:44.063Z", "lastModified": "2026-05-13T15:47:10.327", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42948", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 34.2}, {"id": "CVE-2026-40701", "description": "NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_ssl_module\u00a0module when the ssl_verify_client\u00a0directive is set to \"on\" or \"optional,\" and the ssl_ocsp\u00a0directive is set to \"on\" or the leaf\u00a0parameters are configured with a resolver. With this configuration, an unauthenticated atta...", "score": 4.8, "severity": "MEDIUM", "published": "2026-05-13T16:16:43.863Z", "lastModified": "2026-05-13T16:27:11.127", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40701", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 34.2}, {"id": "CVE-2026-42934", "description": "NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_charset_module module. When charset, source_charset, and charset_map\u00a0and proxy_pass\u00a0with disabled buffering (\"off\") directives are configured, unauthenticated attackers can send requests that with conditions beyond the attackers' ...", "score": 4.8, "severity": "MEDIUM", "published": "2026-05-13T16:16:49.910Z", "lastModified": "2026-05-13T16:27:11.127", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42934", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 34.2}, {"id": "CVE-2026-8367", "description": "aria2c accepts a server certificate with incorrect Extended Key Usage (EKU). If the attackers compromise a certificate (with the associated private key) issued for a different purpose, they may be able to reuse it for TLS server authentication.", "score": 4.8, "severity": "MEDIUM", "published": "2026-05-13T16:17:04.780Z", "lastModified": "2026-05-13T16:27:11.127", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8367", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 34.2}, {"id": "CVE-2026-39428", "description": "CubeCart is an ecommerce software solution. Prior to 6.6.0, a Stored Cross-Site Scripting (XSS) vulnerability exists in CubeCart v6.x. An attacker with administrative privileges can inject malicious JavaScript payloads into multiple fields during the creation or modification of a product. These payl...", "score": 4.8, "severity": "MEDIUM", "published": "2026-05-13T21:16:46.800Z", "lastModified": "2026-05-14T16:49:18.583", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39428", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 34.2}, {"id": "CVE-2026-41281", "description": "Android App \"\u3042\u3093\u3057\u3093\u30d5\u30a3\u30eb\u30bf\u30fc for au\" provided by KDDI CORPORATION contains Cleartext Transmission of Sensitive Information (CWE-319) vulnerability. A man-in-the-middle attacker may access and modify communications transmitted in plaintext, potentially resulting in information disclosure or data tampering.", "score": 4.8, "severity": "MEDIUM", "published": "2026-05-14T00:16:35.237Z", "lastModified": "2026-05-14T16:49:18.583", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41281", "is_exploited": false, "epss": 0, "vendor": "ANDROID", "mts_score": 34.2}, {"id": "CVE-2026-45005", "description": "OpenClaw before 2026.4.23 caches resolved webhook route secrets backed by SecretRef values, allowing stale secrets to remain valid after rotation and reload. Attackers with previously valid webhook route secrets can continue authenticating requests and invoking configured webhook task flows until ga...", "score": 6.0, "severity": "MEDIUM", "published": "2026-05-11T18:16:40.813Z", "lastModified": "2026-05-13T14:14:00.890", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45005", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 34.0}, {"id": "CVE-2026-0802", "description": "An ACAP configuration file lacked sufficient input validation, which could allow command injection and potentially lead to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convi...", "score": 6.0, "severity": "MEDIUM", "published": "2026-05-12T07:16:09.460Z", "lastModified": "2026-05-12T14:13:03.510", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0802", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 34.0}, {"id": "CVE-2026-41125", "description": "A vulnerability has been identified in blueplanet 100 NX3 M8 (All versions), blueplanet 100 TL3 GEN2 (All versions), blueplanet 105 TL3 (All versions), blueplanet 105 TL3 GEN2 (All versions), blueplanet 110 TL3 (All versions), blueplanet 125 NX3 M11 (All versions), blueplanet 125 TL3 (All versions),...", "score": 6.0, "severity": "MEDIUM", "published": "2026-05-12T10:16:46.057Z", "lastModified": "2026-05-12T14:19:41.400", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41125", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 34.0}, {"id": "CVE-2026-6959", "description": "HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are vulnerable to arbitrary file read and write on the client host as the Nomad process user through a symlink attack. This vulnerability (CVE-2026-6959) is fixed in Nomad 2.0.1, 1.11.5 and 1.10.11.", "score": 6.0, "severity": "MEDIUM", "published": "2026-05-12T20:16:46.267Z", "lastModified": "2026-05-13T15:53:17.173", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6959", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 34.0}, {"id": "CVE-2026-8052", "description": "HashiCorp Nomad\u2019s exec2 task driver prior to 0.1.2 is vulnerable to arbitrary file read and write on the client host as the Nomad process user through a symlink attack. This vulnerability (CVE-2026-8052) is fixed in version 0.1.2 of the exec2 task driver.", "score": 6.0, "severity": "MEDIUM", "published": "2026-05-12T20:16:46.720Z", "lastModified": "2026-05-13T15:53:17.173", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8052", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 34.0}, {"id": "CVE-2026-40912", "description": "Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a high severity authentication bypass vulnerability in Traefik's StripPrefixRegex middleware when used in combination with ForwardAuth, BasicAuth, or DigestAuth. The middleware matches the...", "score": 8.2, "severity": "HIGH", "published": "2026-04-30T21:16:32.740Z", "lastModified": "2026-05-01T17:42:32.060", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40912", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 33.8}, {"id": "CVE-2026-43526", "description": "OpenClaw before 2026.4.12 contains a server-side request forgery vulnerability in QQBot reply media URL handling that allows attackers to fetch arbitrary content. Attackers can exploit this by providing malicious media URLs that trigger SSRF requests, with fetched bytes subsequently re-uploaded thro...", "score": 8.2, "severity": "HIGH", "published": "2026-05-05T12:16:18.640Z", "lastModified": "2026-05-07T01:57:11.313", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43526", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 33.8}, {"id": "CVE-2026-39852", "description": "Quarkus is a Java framework for building cloud-native applications. In versions prior to 3.20.6.1, 3.27.3.1, 3.33.1.1, 3.35.1.1, 3.34.7, and 3.35.2, a path normalization inconsistency between the security layer and the routing layer allows unauthenticated or lower-privileged users to bypass HTTP pat...", "score": 8.2, "severity": "HIGH", "published": "2026-05-05T21:16:22.823Z", "lastModified": "2026-05-08T17:18:38.830", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39852", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 33.8}, {"id": "CVE-2026-43190", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: xt_tcpmss: check remaining length before reading optlen\n\nQuoting reporter:\n  In net/netfilter/xt_tcpmss.c (lines 53-68), the TCP option parser reads\n op[i+1] directly without validating the remaining option length.\n\n  If...", "score": 8.2, "severity": "HIGH", "published": "2026-05-06T12:16:37.843Z", "lastModified": "2026-05-11T20:50:14.027", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43190", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 33.8}, {"id": "CVE-2026-43233", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_conntrack_h323: fix OOB read in decode_choice()\n\nIn decode_choice(), the boundary check before get_len() uses the\nvariable `len`, which is still 0 from its initialization at the top of\nthe function:\n\n    unsigned int ...", "score": 8.2, "severity": "HIGH", "published": "2026-05-06T12:16:43.417Z", "lastModified": "2026-05-12T19:03:56.650", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43233", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 33.8}, {"id": "CVE-2026-42176", "description": "Scoold is a Q&A and a knowledge sharing platform for teams. Prior to version 1.67.0, Scoold allows the admins configuration value to be modified through /api/config/set/admins with a forged Bearer token that is accepted as an admin API token. Once that setting is changed, the target email address is...", "score": 6.7, "severity": "MEDIUM", "published": "2026-05-08T20:16:30.873Z", "lastModified": "2026-05-12T15:33:23.003", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42176", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 33.8}, {"id": "CVE-2026-44455", "description": "Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.16, Improper handling of JSX element tag names in hono/jsx allowed unvalidated tag names to be directly inserted into the generated HTML output. When untrusted input is used as a tag name via the prog...", "score": 4.7, "severity": "MEDIUM", "published": "2026-05-13T16:16:57.433Z", "lastModified": "2026-05-13T18:35:24.373", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44455", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 33.8}, {"id": "CVE-2026-44581", "description": "Next.js is a React framework for building full-stack web applications. From 13.4.0 to before 15.5.16 and 16.2.5, App Router applications that rely on CSP nonces can be vulnerable to stored cross-site scripting when deployed behind shared caches. In affected versions, malformed nonce values derived f...", "score": 4.7, "severity": "MEDIUM", "published": "2026-05-13T18:16:18.400Z", "lastModified": "2026-05-14T18:30:24.340", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44581", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 33.8}, {"id": "CVE-2026-8565", "description": "Inappropriate implementation in Downloads in Google Chrome on Mac prior to 148.0.7778.168 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Medium)", "score": 4.7, "severity": "MEDIUM", "published": "2026-05-14T20:17:18.663Z", "lastModified": "2026-05-14T22:16:49.997", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8565", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 33.8}, {"id": "CVE-2026-44661", "description": "python-utcp is the python implementation of UTCP. Prior to 1.1.3, the utcp-http plugin is vulnerable to a blind Server-Side Request Forgery (SSRF) caused by a trust-boundary inconsistency between manual discovery and tool invocation. register_manual() validates the discovery URL against an HTTPS / l...", "score": 4.7, "severity": "MEDIUM", "published": "2026-05-14T21:16:47.100Z", "lastModified": "2026-05-14T21:16:47.100", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44661", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 33.8}, {"id": "CVE-2026-6815", "description": "An arbitrary file write vulnerability exists in Casdoor's Local File System storage provider. Due to insufficient path sanitization, an authenticated attacker with administrative privileges can perform a Path Traversal attack to create or overwrite arbitrary files anywhere on the host filesystem, by...", "score": 5.9, "severity": "MEDIUM", "published": "2026-05-11T16:17:37.257Z", "lastModified": "2026-05-13T14:18:14.063", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6815", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 33.6}, {"id": "CVE-2026-42348", "description": "OpenTelemetry.OpAmp.Client is the OpAMP client for OpenTelemetry .NET. Prior to 0.2.0-alpha.1, when receiving responses from the OpAMP server over HTTP, the OpAMP client allocates an unbounded buffer to read all bytes from the server, with no upper-bound on the number of bytes consumed. This could c...", "score": 5.9, "severity": "MEDIUM", "published": "2026-05-12T18:17:24.700Z", "lastModified": "2026-05-13T18:16:44.010", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42348", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 33.6}, {"id": "CVE-2026-42545", "description": "Granian is a Rust HTTP server for Python applications. From 0.2.0 to 2.7.4, Granian aborts a worker process if a WSGI application returns an invalid HTTP response header name or value. The WSGI response conversion path uses .unwrap() on both the header name and header value constructors, so malforme...", "score": 5.9, "severity": "MEDIUM", "published": "2026-05-12T22:16:34.600Z", "lastModified": "2026-05-14T13:16:18.370", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42545", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 33.6}, {"id": "CVE-2026-42511", "description": "The BOOTP file field is written to the lease file without escaping embedded double-quotes, allowing injection of arbitrary dhclient.conf directives.  When the lease file is subsequently re-parsed by dhclient, e.g., after a system restart, an attacker-controlled field from the lease is passed to dhcl...", "score": 8.1, "severity": "HIGH", "published": "2026-04-30T07:16:37.290Z", "lastModified": "2026-05-01T16:16:32.283", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42511", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 33.4}, {"id": "CVE-2026-35547", "description": "When processing the header of an incoming message, libnv failed to properly validate the message size.\n\nThe lack of validation allows a malicious program to write outside the bounds of a heap allocation.  This can trigger a crash or system panic, and it may be possible for an unprivileged user to ex...", "score": 8.1, "severity": "HIGH", "published": "2026-04-30T09:16:03.167Z", "lastModified": "2026-05-01T16:16:30.273", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35547", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 33.4}, {"id": "CVE-2026-42512", "description": "As dhclient is building an environment to pass to dhclient-script, it may need to resize the array of string pointers.  The code which expands the array incorrectly calculates its new size when requesting memory, resulting in a heap buffer overrun.\n\nA specially crafted packet can cause dhclient to o...", "score": 8.1, "severity": "HIGH", "published": "2026-04-30T09:16:03.373Z", "lastModified": "2026-05-01T16:16:32.447", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42512", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 33.4}, {"id": "CVE-2026-7399", "description": "Authorization bypass through User-Controlled key vulnerability in MeWare Software Development Inc. PDKS allows Privilege Abuse.\n\nThis issue affects PDKS: from V16.20200313 before VMYR_3.5.2025117.", "score": 8.1, "severity": "HIGH", "published": "2026-04-30T13:16:06.480Z", "lastModified": "2026-04-30T15:09:03.710", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7399", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 33.4}, {"id": "CVE-2026-7402", "description": "Improper Control of Interaction Frequency vulnerability in MeWare Software Development Inc. PDKS allows Flooding.\n\nThis issue affects PDKS: from V16.20200313 before VMYR_3.5.2025117.", "score": 8.1, "severity": "HIGH", "published": "2026-04-30T13:16:06.597Z", "lastModified": "2026-04-30T15:09:03.710", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7402", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 33.4}, {"id": "CVE-2026-36340", "description": "An issue in Krayin CRM v.2.1.5 and fixed in v.2.1.6 allows a remote attacker to execute arbitrary code via the compose email function", "score": 8.1, "severity": "HIGH", "published": "2026-04-30T16:16:42.160Z", "lastModified": "2026-04-30T18:16:28.147", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-36340", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 33.4}, {"id": "CVE-2026-40600", "description": "Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew allows authenticated users with access to one project to update or delete a SharePolicy record that belongs to a different project. The affected ...", "score": 8.1, "severity": "HIGH", "published": "2026-04-30T19:16:09.957Z", "lastModified": "2026-05-01T15:31:02.467", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40600", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 33.4}, {"id": "CVE-2026-40904", "description": "Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes multiple dataset and dataRequest endpoints that authorize low-privileged project members at the team level instead of binding the request...", "score": 8.1, "severity": "HIGH", "published": "2026-04-30T19:16:10.433Z", "lastModified": "2026-05-01T15:31:02.467", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40904", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 33.4}, {"id": "CVE-2026-31708", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix OOB read in smb2_ioctl_query_info QUERY_INFO path\n\nsmb2_ioctl_query_info() has two response-copy branches: PASSTHRU_FSCTL\nand the default QUERY_INFO path.  The QUERY_INFO branch clamps\nqi.input_buffer_length to the...", "score": 8.1, "severity": "HIGH", "published": "2026-05-01T14:16:20.837Z", "lastModified": "2026-05-06T20:25:14.280", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31708", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 33.4}, {"id": "CVE-2026-31771", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_event: move wake reason storage into validated event handlers\n\nhci_store_wake_reason() is called from hci_event_packet() immediately\nafter stripping the HCI event header but before hci_event_func()\nenforces the per-e...", "score": 8.1, "severity": "HIGH", "published": "2026-05-01T15:16:40.337Z", "lastModified": "2026-05-11T18:00:00.977", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31771", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 33.4}, {"id": "CVE-2026-31779", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: fix potential out-of-bounds read in iwl_mvm_nd_match_info_handler()\n\nThe memcpy function assumes the dynamic array notif->matches is at least\nas large as the number of bytes to copy. Otherwise, results->matches ...", "score": 8.1, "severity": "HIGH", "published": "2026-05-01T15:16:41.330Z", "lastModified": "2026-05-11T18:02:49.520", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31779", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 33.4}, {"id": "CVE-2026-43051", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: wacom: fix out-of-bounds read in wacom_intuos_bt_irq\n\nThe wacom_intuos_bt_irq() function processes Bluetooth HID reports\nwithout sufficient bounds checking. A maliciously crafted short report\ncan trigger an out-of-bounds read ...", "score": 8.1, "severity": "HIGH", "published": "2026-05-01T15:16:51.543Z", "lastModified": "2026-05-07T18:00:03.043", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43051", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 33.4}, {"id": "CVE-2026-22165", "description": "A web page that contains unusual WebGPU content loaded into the GPU GLES render process and can trigger a write UAF crash in the GPU GLES user-space shared library. On certain platforms, when the process executing graphics workload has system privileges this could enable further exploits on the devi...", "score": 8.1, "severity": "HIGH", "published": "2026-05-01T16:16:29.437Z", "lastModified": "2026-05-06T19:05:56.337", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22165", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 33.4}, {"id": "CVE-2026-22166", "description": "A web page that contains unusual WebGPU content loaded into the GPU GLES render process and can trigger write UAF crash in the GPU GLES user-space shared library. On certain platforms, when the process executing graphics workload has system privileges this could enable subsequent exploit on the syst...", "score": 8.1, "severity": "HIGH", "published": "2026-05-01T16:16:29.563Z", "lastModified": "2026-05-06T19:05:56.337", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22166", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 33.4}, {"id": "CVE-2026-42471", "description": "Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The sync-invoke client (Connection.php:76) calls unserialize() on data received from the server response, enabling client-side RCE if connecting to a malicious server.", "score": 8.1, "severity": "HIGH", "published": "2026-05-01T16:16:31.470Z", "lastModified": "2026-05-05T19:39:58.510", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42471", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 33.4}, {"id": "CVE-2026-37537", "description": "collin80/Open-SAE-J1939 thru commit 744024d4306bc387857dfce439558336806acb06 (2023-03-08) contains an integer underflow leading to out-of-bounds write in Transport Protocol Data Transfer handling. At line 23: uint8_t index = data[0] - 1. When data[0] (sequence number from CAN frame) is 0, index unde...", "score": 8.1, "severity": "HIGH", "published": "2026-05-01T17:16:23.550Z", "lastModified": "2026-05-07T15:53:49.717", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-37537", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 33.4}, {"id": "CVE-2026-7647", "description": "The Profile Builder Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to and including 3.14.5. This is due to the use of PHP's maybe_unserialize() function on the attacker-controlled 'args' POST parameter within the wppb_request_users_pins_action_callback() AJAX handl...", "score": 8.1, "severity": "HIGH", "published": "2026-05-02T06:16:04.803Z", "lastModified": "2026-05-05T19:15:59.927", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7647", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 33.4}, {"id": "CVE-2026-7491", "description": "School App developed by Zyosoft has an Insecure Direct Object Reference vulnerability, allowing authenticated remote attackers to modify a specific parameter to read and modify other users' data.", "score": 8.1, "severity": "HIGH", "published": "2026-05-02T10:16:19.107Z", "lastModified": "2026-05-05T20:16:19.800", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7491", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 33.4}, {"id": "CVE-2026-2554", "description": "The WCFM \u2013 Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.7.25 via the 'wcfm_delete_wcfm_customer' due to missing validation on the 'customerid' user ...", "score": 8.1, "severity": "HIGH", "published": "2026-05-02T14:16:17.707Z", "lastModified": "2026-05-05T19:15:06.200", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2554", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 33.4}, {"id": "CVE-2026-29199", "description": "phpBB before 3.3.16 is vulnerable to Host Header Injection that can lead to password rest link poisoning. When force_server_vars is disabled, the servers hostname may be extracted from the HTTP Host header which is used to generate the password reset link URL. An attacker who can manipulate the Host...", "score": 8.1, "severity": "HIGH", "published": "2026-05-04T07:15:59.960Z", "lastModified": "2026-05-07T15:53:49.717", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29199", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 33.4}, {"id": "CVE-2026-40563", "description": "Description:\nImproper Control of Generation of Code ('Code Injection') vulnerability in Apache Atlas\nApache Atlas exposes a DSL search endpoint that accepts user-supplied query strings. Attacker can alter Gremlin traversal logic within grammar-allowed characters to access unintended data\n\n\n\n\nAffect ...", "score": 8.1, "severity": "HIGH", "published": "2026-05-04T16:16:02.283Z", "lastModified": "2026-05-06T14:16:20.277", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40563", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 33.4}, {"id": "CVE-2026-42075", "description": "Evolver is a GEP-powered self-evolving engine for AI agents. Prior to version 1.69.3, a path traversal vulnerability in the skill download (fetch) command allows attackers to write files to arbitrary locations on the filesystem. The --out= flag accepts user-provided paths without validation, enablin...", "score": 8.1, "severity": "HIGH", "published": "2026-05-04T17:16:24.283Z", "lastModified": "2026-05-07T15:43:39.827", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42075", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 33.4}, {"id": "CVE-2026-29004", "description": "BusyBox before commit 42202bf contains a heap buffer overflow vulnerability in the DHCPv6 client (udhcpc6) DNS_SERVERS option handler in networking/udhcp/d6_dhcpc.c that allows network-adjacent attackers to trigger memory corruption by sending a crafted DHCPv6 response with a malformed D6_OPT_DNS_SE...", "score": 8.1, "severity": "HIGH", "published": "2026-05-04T18:16:26.523Z", "lastModified": "2026-05-06T14:16:07.860", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29004", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 33.4}, {"id": "CVE-2026-42084", "description": "OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to versions 6.10.5 and 7.0.0-rc3, the OpenC3 password change functionality allows a user to change their password without providing the old password, by accepting a valid ses...", "score": 8.1, "severity": "HIGH", "published": "2026-05-04T18:16:30.357Z", "lastModified": "2026-05-08T19:54:14.983", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42084", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 33.4}, {"id": "CVE-2025-67796", "description": "IKUS Rdiffweb before 2.10.5 has an improper authorization flaw that allows an attacker with any valid or stolen access token to act as other users. The API does not enforce binding between the authenticated subject and the targeted user/tenant, so crafted requests can read or modify other users data...", "score": 8.1, "severity": "HIGH", "published": "2026-05-04T20:16:16.260Z", "lastModified": "2026-05-07T15:53:49.717", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67796", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 33.4}, {"id": "CVE-2026-42221", "description": "Nginx UI is a web user interface for the Nginx web server. From version 2.0.0 to before version 2.3.8, an unauthenticated network attacker can claim the initial administrator account on a fresh nginx-ui instance during the first-run setup window. The public /api/install endpoint is reachable without...", "score": 8.1, "severity": "HIGH", "published": "2026-05-04T21:16:32.023Z", "lastModified": "2026-05-06T17:17:57.437", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42221", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 33.4}, {"id": "CVE-2026-42222", "description": "Nginx UI is a web user interface for the Nginx web server. In version 2.3.5, an unauthenticated bootstrap takeover exists in nginx-ui during the initial installation window exposed by POST /api/install. At time of publication no public patches are available.", "score": 8.1, "severity": "HIGH", "published": "2026-05-04T21:16:32.173Z", "lastModified": "2026-05-06T17:47:59.360", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42222", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 33.4}, {"id": "CVE-2026-6180", "description": "A race condition exists in PaperCut MF when processing badge-swipe data from certain HP multifunction devices. Under specific network conditions involving dropped packets and out-of-order sequence counters, the server may incorrectly process fragmented data chunks. If a sequence reset notification f...", "score": 8.1, "severity": "HIGH", "published": "2026-05-05T07:16:00.793Z", "lastModified": "2026-05-12T19:04:43.290", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6180", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 33.4}, {"id": "CVE-2026-23631", "description": "Redis is an in-memory data structure store. In all versions of redis-server with Lua scripting, an authenticated attacker can exploit the master-replica synchronization mechanism to trigger a use-after-free on replicas where replica-read-only is disabled or can be disabled, which may lead to remote ...", "score": 8.1, "severity": "HIGH", "published": "2026-05-05T17:17:03.503Z", "lastModified": "2026-05-06T16:14:21.243", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23631", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 33.4}, {"id": "CVE-2026-44331", "description": "In ProFTPD through 1.3.9a before 7666224, a SQL injection vulnerability in sqltab_fetch_clients_cb() in contrib/mod_wrap2_sql.c allows a remote attacker to inject arbitrary SQL commands via a crafted domain name that is accessed in a reverse DNS lookup. When \"UseReverseDNS on\" is enabled, the attack...", "score": 8.1, "severity": "HIGH", "published": "2026-05-05T20:16:39.680Z", "lastModified": "2026-05-07T15:53:49.717", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44331", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 33.4}, {"id": "CVE-2026-43134", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Fix missing key size check for L2CAP_LE_CONN_REQ\n\nThis adds a check for encryption key size upon receiving\nL2CAP_LE_CONN_REQ which is required by L2CAP/LE/CFC/BV-15-C which\nexpects L2CAP_CR_LE_BAD_KEY_SIZE.", "score": 8.1, "severity": "HIGH", "published": "2026-05-06T12:16:30.617Z", "lastModified": "2026-05-12T21:11:06.747", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43134", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 33.4}, {"id": "CVE-2026-41936", "description": "Vvveb before version 1.0.8.2 contains an XML external entity (XXE) injection vulnerability in the admin Tools/Import feature that allows authenticated site_admin users to read arbitrary files and modify database records. Attackers can exploit the XML parser configuration in system/import/xml.php to ...", "score": 8.1, "severity": "HIGH", "published": "2026-05-06T19:16:37.550Z", "lastModified": "2026-05-06T20:16:32.880", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41936", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 33.4}, {"id": "CVE-2026-7978", "description": "Inappropriate implementation in Companion in Google Chrome on Mac prior to 148.0.7778.96 allowed a remote attacker to perform OS-level privilege escalation via malicious network traffic. (Chromium security severity: Medium)", "score": 8.1, "severity": "HIGH", "published": "2026-05-06T19:16:48.670Z", "lastModified": "2026-05-06T23:23:59.177", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7978", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 33.4}, {"id": "CVE-2026-7981", "description": "Out of bounds read in Codecs in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to obtain potentially sensitive information from process memory via a malicious file. (Chromium security severity: Medium)", "score": 8.1, "severity": "HIGH", "published": "2026-05-06T19:16:48.963Z", "lastModified": "2026-05-07T14:38:45.550", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7981", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 33.4}, {"id": "CVE-2026-8018", "description": "Insufficient policy enforcement in DevTools in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to potentially perform a sandbox escape via malicious network traffic. (Chromium security severity: Low)", "score": 8.1, "severity": "HIGH", "published": "2026-05-06T19:16:52.770Z", "lastModified": "2026-05-08T20:16:33.307", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8018", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 33.4}, {"id": "CVE-2026-43585", "description": "OpenClaw before 2026.4.15 captures resolved bearer-auth configuration at startup, allowing revoked tokens to remain valid after SecretRef rotation. Gateway HTTP and WebSocket handlers fail to re-resolve authentication per-request, enabling attackers to use rotated-out bearer tokens for unauthorized ...", "score": 8.1, "severity": "HIGH", "published": "2026-05-06T20:16:34.473Z", "lastModified": "2026-05-07T19:36:59.427", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43585", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 33.4}, {"id": "CVE-2026-45130", "description": "Vim is an open source, command line text editor. Prior to version 9.2.0450, a heap buffer overflow exists in read_compound() in src/spellfile.c when loading a crafted spell file (.spl) with UTF-8 encoding active. An attacker-controlled length field in the spell file's compound section overflows a 32...", "score": 6.6, "severity": "MEDIUM", "published": "2026-05-08T23:16:40.053Z", "lastModified": "2026-05-14T06:16:23.480", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45130", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 33.4}, {"id": "CVE-2026-35157", "description": "Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an improper neutralization of formula elements in a CSV File vulnerability in the UI. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to remote exec...", "score": 5.8, "severity": "MEDIUM", "published": "2026-05-11T10:16:13.490Z", "lastModified": "2026-05-12T17:19:22.237", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35157", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 33.2}, {"id": "CVE-2026-44695", "description": "Outline is a service that allows for collaborative documentation. Prior to 1.7.1, the Slack integration callback for GET /auth/slack.post accepts an unsigned, session-independent OAuth state value. A third party who can obtain a Slack OAuth code for the same Outline Slack client can make a logged-in...", "score": 5.8, "severity": "MEDIUM", "published": "2026-05-11T22:22:14.347Z", "lastModified": "2026-05-13T18:26:47.613", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44695", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 33.2}, {"id": "CVE-2026-44347", "description": "Warpgate is an open source SSH, HTTPS and MySQL bastion host for Linux. Prior to 0.23.3, the SSO flow does not validate the state parameter, which makes it possible for an attacker to trick a user into logging into the attacker's account, possibly convincing them to perform sensitive actions on the ...", "score": 5.8, "severity": "MEDIUM", "published": "2026-05-12T23:16:18.340Z", "lastModified": "2026-05-14T14:27:40.027", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44347", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 33.2}, {"id": "CVE-2026-43003", "description": "An issue was discovered in OpenStack ironic-python-agent 1.0.0 through 11.5.0. Ironic Python Agent (IPA) sometimes executes grub-install from within a chroot of the deployed partition image, leading to code execution in the case of a malicious image.", "score": 8.0, "severity": "HIGH", "published": "2026-05-01T09:16:17.440Z", "lastModified": "2026-05-04T18:28:28.253", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43003", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 33.0}, {"id": "CVE-2026-4807", "description": "The Appointment Booking Calendar plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.6.10.6. This is due to a flawed authorization logic in the nonce_permissions_check() method combined with the public exposure of a site-wide reusable nonce. The plugin expos...", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-07T03:16:08.673Z", "lastModified": "2026-05-07T14:00:05.650", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4807", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 33.0}, {"id": "CVE-2026-41655", "description": "Admidio is an open-source user management solution. Prior to version 5.0.9, the ecard_preview.php endpoint does not validate that the ecard_template POST parameter is a safe filename before passing it to ECard::getEcardTemplate(). An authenticated user can supply a path traversal payload (e.g., ../c...", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-07T04:16:28.470Z", "lastModified": "2026-05-07T16:16:20.177", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41655", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 33.0}, {"id": "CVE-2026-41658", "description": "Admidio is an open-source user management solution. Prior to version 5.0.9, the Admidio inventory module enforces authorization for destructive operations (delete, retire, reinstate) only in the UI layer by conditionally rendering buttons. The backend POST handlers at modules/inventory.php for item_...", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-07T04:16:29.407Z", "lastModified": "2026-05-07T15:16:08.150", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41658", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 33.0}, {"id": "CVE-2026-6214", "description": "The Forminator Forms plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.53.0. This is due to the listen_for_saving_export_schedule() function in library/class-export.php failing to perform a capability check before saving the scheduled export configuration,...", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-07T04:16:35.567Z", "lastModified": "2026-05-07T14:00:05.650", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6214", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 33.0}, {"id": "CVE-2026-8063", "description": "An authenticated user can crash mongod when running $rankFusion or $scoreFusion with an empty pipeline on a view.\n\nWhen resolving a view, the server inspects the aggregation pipeline to determine whether it begins with an Atlas Search stage. For $rankFusion and $scoreFusion, this inspection reads th...", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-07T06:16:05.723Z", "lastModified": "2026-05-11T15:26:42.197", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8063", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 33.0}, {"id": "CVE-2026-27421", "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WProyal Royal Elementor Addons allows Stored XSS.\n\nThis issue affects Royal Elementor Addons: from n/a before 1.7.1053.", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-07T09:16:27.480Z", "lastModified": "2026-05-07T14:00:48.567", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27421", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 33.0}, {"id": "CVE-2026-33589", "description": "Lack of user input validation in the file upload functionality of Open Notebook v1.8.3 allows the application user to access local files content from the docker container via path traversal.", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-07T11:16:01.150Z", "lastModified": "2026-05-07T19:49:40.983", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33589", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 33.0}, {"id": "CVE-2026-5791", "description": "Cross-Site request forgery (CSRF) vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Cross Site Request Forgery.\n\nThis issue affects DivvyDrive: from 4.8.2.9 before 4.8.3.2.", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-07T13:16:13.647Z", "lastModified": "2026-05-10T16:16:07.333", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5791", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 33.0}, {"id": "CVE-2026-41647", "description": "Incus is a system container and virtual machine manager. Prior to version 7.0.0, a missing error handling could lead an authenticated Incus user to cause a daemon crash through the import of a truncated storage bucket backup file. This issue has been patched in version 7.0.0.", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-07T14:16:03.020Z", "lastModified": "2026-05-07T19:52:13.737", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41647", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 33.0}, {"id": "CVE-2026-41684", "description": "Incus is a system container and virtual machine manager. Prior to version 7.0.0, backup.GetInfo() trusts the inline backup/index.yaml config when present and only falls back to parsing the legacy backup/container/backup.yaml file if result.Config == nil. As a result, an archive can carry a valid inl...", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-07T14:16:03.350Z", "lastModified": "2026-05-07T19:51:01.190", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41684", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 33.0}, {"id": "CVE-2026-36387", "description": "A Remote Code Execution vulnerability was found in CODEASTRO Membership Management System v1.0 in /add_members.php. This vulnerability affects the file upload functionality, where improper file sanitization allows attackers to inject malicious files which leads RCE.", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-07T16:16:19.013Z", "lastModified": "2026-05-07T18:45:48.327", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-36387", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 33.0}, {"id": "CVE-2026-8142", "description": "VINCE versions 3.0.38 and earlier do not properly verify the From address authenticity due to encoding confusion and use the from address for automated actions such as Ticket creation or Ticket updates.", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-07T20:16:45.670Z", "lastModified": "2026-05-08T14:16:48.823", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8142", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 33.0}, {"id": "CVE-2026-41691", "description": "Copilot said: i18nextify is a JavaScript library that adds\ni18nextify is a JavaScript library that adds website internationalization via a script tag, without source code changes. Versions prior to 3.0.5 interpolate the lng and ns values directly into the configured loadPath / addPath URL template w...", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-07T21:16:29.560Z", "lastModified": "2026-05-08T16:05:43.103", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41691", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 33.0}, {"id": "CVE-2026-6736", "description": "An authentication bypass vulnerability was identified in GitHub Enterprise Server that allowed an unauthenticated attacker to create a local user account, bypassing the configured external identity provider. When external authentication was enabled, the signup endpoint did not properly enforce the a...", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-07T22:16:36.753Z", "lastModified": "2026-05-11T17:20:51.507", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6736", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 33.0}, {"id": "CVE-2022-45899", "description": "Nokia Broadcast Message Center (BMC) before 13.1 allows an unauthenticated remote attacker to do OS command injection as root via shell metacharacters in the Log Scanner Search Pattern field.", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-08T05:16:09.183Z", "lastModified": "2026-05-08T16:02:14.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45899", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 33.0}, {"id": "CVE-2026-42277", "description": "Onyx is an open-source AI platform. Prior to versions 3.0.9, 3.1.6, and 3.2.6, the GET /chat/file/{file_id} endpoint allows any authenticated user to download any other user's uploaded files by providing the file UUID. The endpoint verifies the caller is authenticated but never checks that the file ...", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-08T05:16:10.740Z", "lastModified": "2026-05-12T13:58:54.853", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42277", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 33.0}, {"id": "CVE-2025-66170", "description": "The CloudStack Backup plugin has an improper authorization logic in versions 4.21.0.0 and 4.22.0.0. Anyone with authenticated user-account access in CloudStack 4.21.0.0+ environments, where this plugin is enabled and has access to specific APIs can list backups from any account in the environment. T...", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-08T13:16:35.360Z", "lastModified": "2026-05-11T15:24:18.350", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66170", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 33.0}, {"id": "CVE-2025-66171", "description": "The CloudStack Backup plugin has an improper access logic in versions 4.21.0.0 and 4.22.0.0. Anyone with authenticated user-account access in CloudStack 4.21.0.0+ environments, where this plugin is enabled and have access to specific APIs can create new VMs using backups of any other user of the env...", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-08T13:16:35.483Z", "lastModified": "2026-05-12T13:31:00.710", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66171", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 33.0}, {"id": "CVE-2025-69233", "description": "Due to multiple time-of-check time-of-use race conditions in the resource count check and increment logic, as well as missing validations, users of the platform are able to exceed the allocation limits configured for their accounts/domains. This can be used by an attacker to degrade the infrastructu...", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-08T13:16:35.993Z", "lastModified": "2026-05-09T07:16:08.847", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69233", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 33.0}, {"id": "CVE-2026-41308", "description": "Password Pusher is an open source application to communicate sensitive information over the web. Prior to versions 1.69.3 and 2.4.2, a security issue in OSS PasswordPusher allowed unauthenticated creation of file-type pushes through a generic JSON API create path under certain configurations. This c...", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-08T15:16:39.480Z", "lastModified": "2026-05-14T18:03:17.560", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41308", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 33.0}, {"id": "CVE-2026-41585", "description": "ZEBRA is a Zcash node written entirely in Rust. From zebrad versions 2.2.0 to before 4.3.1 and from zebra-rpc versions 1.0.0-beta.45 to before 6.0.2, a vulnerability in Zebra's JSON-RPC HTTP middleware allows an authenticated RPC client to cause a Zebra node to crash by disconnecting before the requ...", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-08T15:16:41.400Z", "lastModified": "2026-05-08T18:19:56.697", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41585", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 33.0}, {"id": "CVE-2026-41885", "description": "i18next-locize-backend is a simple i18next backend for locize.com which can be used in Node.js, in the browser and for Deno. Prior to version 9.0.2, i18next-locize-backend interpolates lng, ns, projectId, and version directly into the configured loadPath / privatePath / addPath / updatePath / getLan...", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-08T16:16:11.913Z", "lastModified": "2026-05-12T15:29:40.830", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41885", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 33.0}, {"id": "CVE-2026-42181", "description": "Lemmy is a link aggregator and forum for the fediverse. Prior to version 0.19.18, Lemmy fetches metadata for user-supplied post URLs and, under the default StoreLinkPreviews image mode, downloads the preview image through local pict-rs. While the top-level page URL is checked against internal IP ran...", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-08T20:16:31.160Z", "lastModified": "2026-05-12T15:31:36.920", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42181", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 33.0}, {"id": "CVE-2026-42202", "description": "nova-toggle-5 enables fliping booleans in the index. Prior to version 1.3.0, the toggle endpoint (POST/nova-vendor/nova-toggle/toggle/{resource}/{resourceId}) was protected only by web + auth:<guard> middleware. Any user authenticated on the configured guard could call the endpoint and flip boolean ...", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-08T22:16:31.683Z", "lastModified": "2026-05-13T16:34:42.677", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42202", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 33.0}, {"id": "CVE-2026-42209", "description": "FlashMQ is a MQTT broker/server, designed for multi-CPU environments. Prior to version 1.26.1, a remote client with retained publish permission can crash the FlashMQ broker when both set_retained_message_defer_timeout and set_retained_message_defer_timeout_spread are configured to non-default values...", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-08T22:16:32.103Z", "lastModified": "2026-05-13T16:52:48.773", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42209", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 33.0}, {"id": "CVE-2026-42346", "description": "Postiz is an AI social media scheduling tool. From version 2.16.6 to before version 2.21.7, all SSRF protections added in v2.21.4\u2013v2.21.6 share a fundamental TOCTOU (Time-of-Check-Time-of-Use) vulnerability: isSafePublicHttpsUrl() resolves DNS to validate the target IP, but subsequent fetch() calls ...", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-08T23:16:37.903Z", "lastModified": "2026-05-13T15:58:40.900", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42346", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 33.0}, {"id": "CVE-2026-42183", "description": "Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From version 4.0.0 to before version 4.0.5, a nil pointer dereference in server/auth/gatekeeper.go rbacAuthorization() causes a panic (denial of service) for SSO users whose claims match ...", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-09T04:16:23.810Z", "lastModified": "2026-05-14T18:40:00.637", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42183", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 33.0}, {"id": "CVE-2025-15633", "description": "An improper authorization vulnerability in HCL BigFix WebUI allows an authenticated user without Master Operator\u00a0privileges to access internal data (site names, versions, and configuration variables) and bypass privilege requirements via unprotected endpoints lacking adequate security headers.", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-09T06:16:07.413Z", "lastModified": "2026-05-14T20:28:21.457", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15633", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 33.0}, {"id": "CVE-2026-42576", "description": "apko allows users to build and publish OCI container images built from apk packages. Prior to version 1.2.7, DiscoverKeys in pkg/apk/apk/implementation.go unconditionally type-asserts JWKS keys as *rsa.PublicKey without checking the key type. If a repository JWKS endpoint returns a non-RSA key (e.g....", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-09T20:16:29.717Z", "lastModified": "2026-05-13T15:23:57.230", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42576", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 33.0}, {"id": "CVE-2026-45181", "description": "Hex-Rays IDA Pro 9.2 and 9.3 before 9.3sp2 does not block Clang dependency-file generation (via argument injection), which allows attackers to place their code into a plugins directory if the victim uses an attacker-supplied .i64 file.", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-09T22:16:08.157Z", "lastModified": "2026-05-13T15:46:19.993", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45181", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 33.0}, {"id": "CVE-2026-45184", "description": "Kdenlive before 26.04.1 allows dangerous proxy parameters when an attacker-controlled project file is used.", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-09T23:16:32.787Z", "lastModified": "2026-05-13T15:46:19.993", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45184", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 33.0}, {"id": "CVE-2026-7259", "description": "In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, a mismatch between encoding lists in Oniguruma and mbfl leads to\u00a0\u00a0a NULL pointer dereference, resulting in a segmentation fault and denial of service. The vulnerability is exploitable when user-con...", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-10T05:16:11.507Z", "lastModified": "2026-05-12T17:40:38.567", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7259", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 33.0}, {"id": "CVE-2026-45190", "description": "Net::CIDR::Lite versions before 0.24 for Perl does not properly validate IP address and CIDR mask inputs, which may allow IP ACL bypass.\n\nInputs containing a trailing newline or non-ASCII digit characters pass the validators but are then re-encoded by the parser to a different address than the input...", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-10T21:16:29.273Z", "lastModified": "2026-05-12T16:48:58.260", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45190", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 33.0}, {"id": "CVE-2026-45191", "description": "Net::CIDR::Lite versions before 0.24 for Perl does not properly consider extraneous zero characters in CIDR mask values, which may allow IP ACL bypass.\n\nMask forms like \"/00\" and \"/01\" pass validation and parse to the same prefix as their unpadded value.\n\nSee also CVE-2026-45190.", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-10T21:16:29.380Z", "lastModified": "2026-05-12T16:48:58.260", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45191", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 33.0}, {"id": "CVE-2026-31252", "description": "CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e (2025-30-21) contains an insecure deserialization vulnerability (CWE-502) in its model loading component. The framework uses torch.load() to load model weight files (e.g., llm.pt, flow.pt, hift.pt) without enabling the security-restricti...", "score": 5.7, "severity": "MEDIUM", "published": "2026-05-11T17:16:20.187Z", "lastModified": "2026-05-12T20:16:33.910", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31252", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.8}, {"id": "CVE-2026-41250", "description": "Taiga is a project management platform for startups and agile developers. Prior 6.9.1, Taiga front is vulnerable to stored XSS. This vulnerability is fixed in 6.9.1.", "score": 5.7, "severity": "MEDIUM", "published": "2026-05-11T18:16:33.837Z", "lastModified": "2026-05-13T18:31:17.630", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41250", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.8}, {"id": "CVE-2026-33570", "description": "PowerSYSTEM Center REST API endpoint for devices allows a low privilege authenticated user to access information normally limited by operational permissions.", "score": 5.7, "severity": "MEDIUM", "published": "2026-05-12T22:16:33.410Z", "lastModified": "2026-05-13T15:52:56.850", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33570", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.8}, {"id": "CVE-2026-43001", "description": "An issue was discovered in OpenStack Keystone 13 through 29. POST /v3/credentials did not validate that the caller-supplied project_id for an EC2-type credential matched the project of the authenticating application credential. This allowed an attacker holding an unrestricted application credential ...", "score": 7.9, "severity": "HIGH", "published": "2026-05-01T09:16:17.273Z", "lastModified": "2026-05-04T18:25:50.420", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43001", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.6}, {"id": "CVE-2026-43133", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: nSVM: Always use vmcb01 in VMLOAD/VMSAVE emulation\n\nCommit cc3ed80ae69f (\"KVM: nSVM: always use vmcb01 to for vmsave/vmload\nof guest state\") made KVM always use vmcb01 for the fields controlled by\nVMSAVE/VMLOAD, but it missed ...", "score": 7.9, "severity": "HIGH", "published": "2026-05-06T12:16:30.480Z", "lastModified": "2026-05-08T17:25:23.310", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43133", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 32.6}, {"id": "CVE-2026-5341", "description": "The NMR Strava activities plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `strava_nmr_connect` shortcode in all versions up to, and including, 1.0.14 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for ...", "score": 6.4, "severity": "MEDIUM", "published": "2026-05-08T10:16:28.917Z", "lastModified": "2026-05-08T15:46:11.563", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5341", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.6}, {"id": "CVE-2026-7475", "description": "The Sky Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `sky-custom-scripts` custom post type in all versions up to, and including, 3.3.2. This is due to the custom post type being registered with `capability_type => 'post'` and `show_in_rest => true`, combined with ...", "score": 6.4, "severity": "MEDIUM", "published": "2026-05-08T10:16:29.440Z", "lastModified": "2026-05-08T15:46:11.563", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7475", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.6}, {"id": "CVE-2026-7650", "description": "The E2Pdf \u2013 Export Pdf Tool for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' attribute of the `e2pdf-download` shortcode in all versions up to, and including, 1.32.17. This is due to insufficient input sanitization and output escaping on the shortcode attr...", "score": 6.4, "severity": "MEDIUM", "published": "2026-05-08T10:16:29.577Z", "lastModified": "2026-05-08T15:46:11.563", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7650", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.6}, {"id": "CVE-2026-41591", "description": "Marko is a declarative, HTML-based language for building web apps. Prior to marko version 5.38.36 and prior to @marko/runtime-tags 6.0.164, when dynamic text is interpolated into a <script> or <style> tag the Marko runtime failed to prevent tag breakout when the closing tag used non-lowercase casing...", "score": 6.4, "severity": "MEDIUM", "published": "2026-05-08T16:16:11.167Z", "lastModified": "2026-05-13T16:34:56.063", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41591", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.6}, {"id": "CVE-2021-47907", "description": "Rocket LMS 1.1 contains a persistent cross-site scripting vulnerability in the support ticket module that allows authenticated users to inject malicious script code through the title parameter. Attackers can submit support tickets with embedded HTML/JavaScript payloads that execute in the browsers o...", "score": 6.4, "severity": "MEDIUM", "published": "2026-05-10T13:16:27.247Z", "lastModified": "2026-05-12T14:24:15.210", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47907", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.6}, {"id": "CVE-2021-47910", "description": "AccessPress Social Icons 1.8.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by entering JavaScript payloads into the 'icon title' field. Attackers can store XSS payloads like image tags with onerror event handlers that execute w...", "score": 6.4, "severity": "MEDIUM", "published": "2026-05-10T13:16:27.890Z", "lastModified": "2026-05-12T14:24:15.210", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47910", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.6}, {"id": "CVE-2021-47922", "description": "Slider by Soliloquy 2.6.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the title parameter. Attackers can add JavaScript payloads in the title field when creating or editing sliders, which executes in the browsers of use...", "score": 6.4, "severity": "MEDIUM", "published": "2026-05-10T13:16:28.033Z", "lastModified": "2026-05-12T14:24:15.210", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47922", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.6}, {"id": "CVE-2021-47924", "description": "Ultimate Product Catalog 5.8.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the price parameter. Attackers can submit POST requests to post.php with HTML/JavaScript payloads in the price field to execute arbitrary code w...", "score": 6.4, "severity": "MEDIUM", "published": "2026-05-10T13:16:28.307Z", "lastModified": "2026-05-12T14:24:15.210", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47924", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.6}, {"id": "CVE-2021-47925", "description": "CMDBuild 3.3.2 contains multiple stored cross-site scripting vulnerabilities that allow authenticated attackers to inject arbitrary web script or HTML via crafted input in card creation and file upload endpoints. Attackers can inject XSS payloads through Employee card parameters or SVG file attachme...", "score": 6.4, "severity": "MEDIUM", "published": "2026-05-10T13:16:28.437Z", "lastModified": "2026-05-12T14:24:15.210", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47925", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.6}, {"id": "CVE-2021-47926", "description": "Contact Form to Email 1.3.24 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by creating forms with script tags in the form name field. Attackers can craft form names containing JavaScript code that executes when other logged-in us...", "score": 6.4, "severity": "MEDIUM", "published": "2026-05-10T13:16:28.573Z", "lastModified": "2026-05-12T14:24:15.210", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47926", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.6}, {"id": "CVE-2021-47927", "description": "WordPress Plugin WP Symposium Pro 2021.10 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by exploiting insufficient sanitization of the forum name parameter. Attackers can submit POST requests to the admin setup page with JavaScri...", "score": 6.4, "severity": "MEDIUM", "published": "2026-05-10T13:16:28.707Z", "lastModified": "2026-05-12T14:24:15.210", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47927", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.6}, {"id": "CVE-2021-47929", "description": "Filterable Portfolio Gallery 1.0 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by entering payloads in the title field. Attackers can store JavaScript code like image tags with onerror handlers that execute when the gallery is...", "score": 6.4, "severity": "MEDIUM", "published": "2026-05-10T13:16:29.017Z", "lastModified": "2026-05-13T15:30:24.603", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47929", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.6}, {"id": "CVE-2021-47931", "description": "Exponent CMS 2.6 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the Title and Text Block parameters in the text editing endpoint. Attackers can inject iframe payloads with embedded SVG onload events to execute arbitrary Ja...", "score": 6.4, "severity": "MEDIUM", "published": "2026-05-10T13:16:29.293Z", "lastModified": "2026-05-13T15:30:24.603", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47931", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.6}, {"id": "CVE-2021-47947", "description": "Projectsend r1295 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input in the 'name' parameter of files-edit.php. Attackers can inject JavaScript payloads through the file name field that execute in the brows...", "score": 6.4, "severity": "MEDIUM", "published": "2026-05-10T13:16:31.180Z", "lastModified": "2026-05-12T14:47:03.570", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47947", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.6}, {"id": "CVE-2021-47950", "description": "Advanced Guestbook 2.4.4 contains a persistent cross-site scripting vulnerability in the smilies administration interface that allows authenticated attackers to inject malicious scripts by manipulating the s_emotion parameter. Attackers can submit POST requests to admin.php with JavaScript code in t...", "score": 6.4, "severity": "MEDIUM", "published": "2026-05-10T13:16:31.587Z", "lastModified": "2026-05-12T14:24:15.210", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47950", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.6}, {"id": "CVE-2021-47951", "description": "WordPress Picture Gallery 1.4.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the Edit Content URL field in the Access Control settings. Attackers can enter JavaScript payloads in the plugin options that are stored in the...", "score": 6.4, "severity": "MEDIUM", "published": "2026-05-10T13:16:31.720Z", "lastModified": "2026-05-12T14:24:15.210", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47951", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.6}, {"id": "CVE-2022-50945", "description": "WordPress 3dady real-time web stats plugin 1.0 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by exploiting unsanitized input fields. Attackers can insert JavaScript payloads in the dady_input_text or dady2_input_text fields vi...", "score": 6.4, "severity": "MEDIUM", "published": "2026-05-10T13:16:32.267Z", "lastModified": "2026-05-12T14:24:15.210", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50945", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.6}, {"id": "CVE-2022-50946", "description": "WordPress Plugin Netroics Blog Posts Grid 1.0 contains a stored cross-site scripting vulnerability that allows authenticated editors to inject malicious scripts by failing to sanitize the post_title parameter. Attackers with editor privileges can inject script payloads through the testimonial title ...", "score": 6.4, "severity": "MEDIUM", "published": "2026-05-10T13:16:32.400Z", "lastModified": "2026-05-12T14:24:15.210", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50946", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.6}, {"id": "CVE-2022-50947", "description": "WordPress Plugin Testimonial Slider and Showcase 2.2.6 contains a stored cross-site scripting vulnerability that allows authenticated editors to inject malicious scripts by failing to sanitize the post_title parameter. Attackers with editor privileges can inject JavaScript payloads through the testi...", "score": 6.4, "severity": "MEDIUM", "published": "2026-05-10T13:16:32.523Z", "lastModified": "2026-05-12T14:24:15.210", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50947", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.6}, {"id": "CVE-2022-50948", "description": "Motopress Hotel Booking Lite 4.2.4 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting payloads in accommodation type fields. Attackers can inject script tags through the title and excerpt parameters when creating accommo...", "score": 6.4, "severity": "MEDIUM", "published": "2026-05-10T13:16:32.657Z", "lastModified": "2026-05-12T14:24:15.210", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50948", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.6}, {"id": "CVE-2022-50949", "description": "WordPress Plugin Videos sync PDF 1.7.4 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by exploiting unsanitized mov, pdf, mp4, webm, and ogg parameters. Attackers can inject payloads like autofocus onfocus event handlers through t...", "score": 6.4, "severity": "MEDIUM", "published": "2026-05-10T13:16:32.790Z", "lastModified": "2026-05-12T14:24:15.210", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50949", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.6}, {"id": "CVE-2022-50961", "description": "WordPress Plugin IP2Location Country Blocker 2.26.7 contains a stored cross-site scripting vulnerability that allows authenticated users to inject arbitrary JavaScript code through the Frontend Settings interface. Attackers can inject malicious scripts in the URL field of the Display page settings t...", "score": 6.4, "severity": "MEDIUM", "published": "2026-05-10T13:16:33.827Z", "lastModified": "2026-05-12T14:24:15.210", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50961", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.6}, {"id": "CVE-2025-9989", "description": "The Broadstreet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.53.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and a...", "score": 4.4, "severity": "MEDIUM", "published": "2026-05-13T05:16:13.740Z", "lastModified": "2026-05-13T14:43:46.717", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9989", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.6}, {"id": "CVE-2026-28758", "description": "When BIG-IP DNS is provisioned, a vulnerability exists in the gtm_add\u00a0and bigip_add\u00a0iControl REST commands that return the ssh-password\u00a0parameter in cleartext in the iControl REST response and is also logged in the audit log. This may allow a highly privileged, authenticated attacker with access to ...", "score": 4.4, "severity": "MEDIUM", "published": "2026-05-13T16:16:37.137Z", "lastModified": "2026-05-13T16:27:11.127", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28758", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.6}, {"id": "CVE-2026-42408", "description": "When BIG-IP DNS is provisioned, a vulnerability exists in an undisclosed TMOS Shell (tmsh) command that may allow a highly privileged authenticated attacker to view sensitive information.\u00a0\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.", "score": 4.4, "severity": "MEDIUM", "published": "2026-05-13T16:16:47.647Z", "lastModified": "2026-05-13T16:27:11.127", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42408", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.6}, {"id": "CVE-2026-42549", "description": "Flight is an extensible micro-framework for PHP. Prior to 3.18.1, the make:controller CLI command calls mkdir(..., recursive: true) on a path built from the user-supplied controller name, before Nette's class-name validation runs. The class-file write is correctly rejected by Nette when the name con...", "score": 4.4, "severity": "MEDIUM", "published": "2026-05-13T20:16:21.927Z", "lastModified": "2026-05-14T20:17:04.867", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42549", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.6}, {"id": "CVE-2025-43992", "description": "Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an authentication bypass by assumed-immutable data vulnerability in Geo replication. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to unauthorized...", "score": 5.6, "severity": "MEDIUM", "published": "2026-05-11T10:16:12.727Z", "lastModified": "2026-05-12T14:17:10.613", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-43992", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.4}, {"id": "CVE-2026-7270", "description": "An operator precedence bug in the kernel results in a scenario where a buffer overflow causes attacker-controlled data to overwrite adjacent execve(2) argument buffers.\n\nThe bug may be exploitable by an unprivileged user to obtain superuser privileges.", "score": 7.8, "severity": "HIGH", "published": "2026-04-30T07:16:41.710Z", "lastModified": "2026-05-10T08:16:08.693", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7270", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.2}, {"id": "CVE-2026-39457", "description": "When exchanging data over a socket, libnv uses select(2) to wait for data to arrive.  However, it does not verify whether the provided socket descriptor fits in select(2)'s file descriptor set size limit of FD_SETSIZE (1024).\n\nAn attacker who is able to force a libnv application to allocate large fi...", "score": 7.8, "severity": "HIGH", "published": "2026-04-30T09:16:03.270Z", "lastModified": "2026-05-01T12:41:46.590", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39457", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.2}, {"id": "CVE-2026-31786", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nBuffer overflow in drivers/xen/sys-hypervisor.c\n\nThe build id returned by HYPERVISOR_xen_version(XENVER_build_id) is\nneither NUL terminated nor a string.\n\nThe first causes a buffer overflow as sprintf in buildid_show will\nread and ...", "score": 7.8, "severity": "HIGH", "published": "2026-04-30T11:16:20.967Z", "lastModified": "2026-05-06T19:44:30.693", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31786", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 32.2}, {"id": "CVE-2026-31787", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nxen/privcmd: fix double free via VMA splitting\n\nprivcmd_vm_ops defines .close (privcmd_close), but neither .may_split\nnor .open. When userspace does a partial munmap() on a privcmd mapping,\nthe kernel splits the VMA via __split_vma...", "score": 7.8, "severity": "HIGH", "published": "2026-04-30T11:16:21.087Z", "lastModified": "2026-05-06T19:38:53.743", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31787", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 32.2}, {"id": "CVE-2026-31693", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: some missing initializations on replay\n\nIn several places in the code, we have a label to signify\nthe start of the code where a request can be replayed if\nnecessary. However, some of these places were missing the\nnecessary re...", "score": 7.8, "severity": "HIGH", "published": "2026-04-30T12:16:24.103Z", "lastModified": "2026-05-07T12:49:05.780", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31693", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 32.2}, {"id": "CVE-2025-14576", "description": "Insufficient validation of node IDs in Qt SVG module allows arbitrary QML/JavaScript code injection when loading malicious SVG files through the VectorImage component in Qt Quick. While QML execution is typically more restricted than native code execution, this could still lead to denial of service,...", "score": 7.8, "severity": "HIGH", "published": "2026-04-30T13:16:02.850Z", "lastModified": "2026-05-05T02:57:05.760", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14576", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.2}, {"id": "CVE-2026-33451", "description": "CVE-2026-33451 is an arbitrary read/write vulnerability in the Secure \nAccess Windows client prior to 14.50. Attackers with local control of \nthe Windows client can send malformed data to an API and elevate their \nlevel of privilege to system.", "score": 7.8, "severity": "HIGH", "published": "2026-04-30T21:16:31.800Z", "lastModified": "2026-05-05T02:31:24.617", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33451", "is_exploited": false, "epss": 0, "vendor": "WINDOWS", "mts_score": 32.2}, {"id": "CVE-2026-5403", "description": "SBC codec crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service and possible code execution", "score": 7.8, "severity": "HIGH", "published": "2026-05-01T00:16:24.670Z", "lastModified": "2026-05-01T19:18:04.737", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5403", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.2}, {"id": "CVE-2026-5405", "description": "RDP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service and possible code execution", "score": 7.8, "severity": "HIGH", "published": "2026-05-01T00:16:24.963Z", "lastModified": "2026-05-04T20:16:20.830", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5405", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.2}, {"id": "CVE-2026-7584", "description": "The LabOne Q serialization framework uses a class-loading mechanism (import_cls) to dynamically import and instantiate Python classes during deserialization. Prior to the fix, this mechanism accepted arbitrary fully-qualified class names from the serialized data without any validation of the target ...", "score": 7.8, "severity": "HIGH", "published": "2026-05-01T08:16:01.913Z", "lastModified": "2026-05-04T18:23:58.433", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7584", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.2}, {"id": "CVE-2026-31694", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nfuse: reject oversized dirents in page cache\n\nfuse_add_dirent_to_cache() computes a serialized dirent size from the\nserver-controlled namelen field and copies the dirent into a single\npage-cache page. The existing logic only checks...", "score": 7.8, "severity": "HIGH", "published": "2026-05-01T14:16:19.133Z", "lastModified": "2026-05-06T19:23:22.460", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31694", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 32.2}, {"id": "CVE-2026-31695", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: virt_wifi: remove SET_NETDEV_DEV to avoid use-after-free\n\nCurrently we execute `SET_NETDEV_DEV(dev, &priv->lowerdev->dev)` for\nthe virt_wifi net devices. However, unregistering a virt_wifi device in\nnetdev_run_todo() can happ...", "score": 7.8, "severity": "HIGH", "published": "2026-05-01T14:16:19.250Z", "lastModified": "2026-05-06T19:19:51.540", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31695", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 32.2}, {"id": "CVE-2026-31696", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nrxrpc: Fix missing validation of ticket length in non-XDR key preparsing\n\nIn rxrpc_preparse(), there are two paths for parsing key payloads: the\nXDR path (for large payloads) and the non-XDR path (for payloads <= 28\nbytes). While t...", "score": 7.8, "severity": "HIGH", "published": "2026-05-01T14:16:19.403Z", "lastModified": "2026-05-06T19:17:41.723", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31696", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 32.2}, {"id": "CVE-2026-31700", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/packet: fix TOCTOU race on mmap'd vnet_hdr in tpacket_snd()\n\nIn tpacket_snd(), when PACKET_VNET_HDR is enabled, vnet_hdr points\ndirectly into the mmap'd TX ring buffer shared with userspace. The\nkernel validates the header via ...", "score": 7.8, "severity": "HIGH", "published": "2026-05-01T14:16:19.907Z", "lastModified": "2026-05-06T19:01:07.423", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31700", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 32.2}, {"id": "CVE-2026-31702", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix use-after-free of sbi in f2fs_compress_write_end_io()\n\nIn f2fs_compress_write_end_io(), dec_page_count(sbi, type) can bring\nthe F2FS_WB_CP_DATA counter to zero, unblocking\nf2fs_wait_on_all_pages() in f2fs_put_super() on a...", "score": 7.8, "severity": "HIGH", "published": "2026-05-01T14:16:20.140Z", "lastModified": "2026-05-06T18:44:52.290", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31702", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 32.2}, {"id": "CVE-2026-31703", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwriteback: Fix use after free in inode_switch_wbs_work_fn()\n\ninode_switch_wbs_work_fn() has a loop like:\n\n  wb_get(new_wb);\n  while (1) {\n    list = llist_del_all(&new_wb->switch_wbs_ctxs);\n    /* Nothing to do? */\n    if (!list)\n ...", "score": 7.8, "severity": "HIGH", "published": "2026-05-01T14:16:20.263Z", "lastModified": "2026-05-06T18:42:19.980", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31703", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 32.2}, {"id": "CVE-2026-31715", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix UAF caused by decrementing sbi->nr_pages[] in f2fs_write_end_io()\n\nThe xfstests case \"generic/107\" and syzbot have both reported a NULL\npointer dereference.\n\nThe concurrent scenario that triggers the panic is as follows:\n...", "score": 7.8, "severity": "HIGH", "published": "2026-05-01T14:16:21.637Z", "lastModified": "2026-05-07T06:16:04.013", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31715", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 32.2}, {"id": "CVE-2026-31716", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: validate rec->used in journal-replay file record check\n\ncheck_file_record() validates rec->total against the record size but\nnever validates rec->used.  The do_action() journal-replay handlers read\nrec->used from disk and...", "score": 7.8, "severity": "HIGH", "published": "2026-05-01T14:16:21.743Z", "lastModified": "2026-05-06T21:10:23.290", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31716", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 32.2}, {"id": "CVE-2026-31720", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: f_uac1_legacy: validate control request size\n\nf_audio_complete() copies req->length bytes into a 4-byte stack\nvariable:\n\n  u32 data = 0;\n  memcpy(&data, req->buf, req->length);\n\nreq->length is derived from the host-con...", "score": 7.8, "severity": "HIGH", "published": "2026-05-01T15:16:34.360Z", "lastModified": "2026-05-06T20:58:09.417", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31720", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 32.2}, {"id": "CVE-2026-31729", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: ucsi: validate connector number in ucsi_notify_common()\n\nThe connector number extracted from CCI via UCSI_CCI_CONNECTOR() is a\n7-bit field (0-127) that is used to index into the connector array in\nucsi_connector_change(...", "score": 7.8, "severity": "HIGH", "published": "2026-05-01T15:16:35.467Z", "lastModified": "2026-05-07T16:02:57.897", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31729", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 32.2}, {"id": "CVE-2026-31730", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: fastrpc: possible double-free of cctx->remote_heap\n\nfastrpc_init_create_static_process() may free cctx->remote_heap on the\nerr_map path but does not clear the pointer. Later, fastrpc_rpmsg_remove()\nfrees cctx->remote_heap aga...", "score": 7.8, "severity": "HIGH", "published": "2026-05-01T15:16:35.577Z", "lastModified": "2026-05-08T13:16:36.740", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31730", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 32.2}, {"id": "CVE-2026-31731", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nthermal: core: Address thermal zone removal races with resume\n\nSince thermal_zone_pm_complete() and thermal_zone_device_resume()\nre-initialize the poll_queue delayed work for the given thermal zone,\nthe cancel_delayed_work_sync() i...", "score": 7.8, "severity": "HIGH", "published": "2026-05-01T15:16:35.683Z", "lastModified": "2026-05-08T13:16:36.907", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31731", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 32.2}, {"id": "CVE-2026-31742", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nvt: discard stale unicode buffer on alt screen exit after resize\n\nWhen enter_alt_screen() saves vc_uni_lines into vc_saved_uni_lines and\nsets vc_uni_lines to NULL, a subsequent console resize via vc_do_resize()\nskips reallocating t...", "score": 7.8, "severity": "HIGH", "published": "2026-05-01T15:16:36.937Z", "lastModified": "2026-05-07T17:42:57.100", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31742", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 32.2}, {"id": "CVE-2026-31743", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvmem: zynqmp_nvmem: Fix buffer size in DMA and memcpy\n\nBuffer size used in dma allocation and memcpy is wrong.\nIt can lead to undersized DMA buffer access and possible\nmemory corruption. use correct buffer size in dma_alloc_cohere...", "score": 7.8, "severity": "HIGH", "published": "2026-05-01T15:16:37.047Z", "lastModified": "2026-05-07T19:36:42.837", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31743", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 32.2}, {"id": "CVE-2026-31745", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nreset: gpio: fix double free in reset_add_gpio_aux_device() error path\n\nWhen __auxiliary_device_add() fails, reset_add_gpio_aux_device()\ncalls auxiliary_device_uninit(adev).\n\nThe device release callback reset_gpio_aux_device_releas...", "score": 7.8, "severity": "HIGH", "published": "2026-05-01T15:16:37.260Z", "lastModified": "2026-05-07T19:31:28.120", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31745", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 32.2}, {"id": "CVE-2026-31747", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncomedi: me4000: Fix potential overrun of firmware buffer\n\n`me4000_xilinx_download()` loads the firmware that was requested by\n`request_firmware()`.  It is possible for it to overrun the source\nbuffer because it blindly trusts the f...", "score": 7.8, "severity": "HIGH", "published": "2026-05-01T15:16:37.463Z", "lastModified": "2026-05-07T19:26:41.937", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31747", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 32.2}, {"id": "CVE-2026-31748", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncomedi: me_daq: Fix potential overrun of firmware buffer\n\n`me2600_xilinx_download()` loads the firmware that was requested by\n`request_firmware()`.  It is possible for it to overrun the source\nbuffer because it blindly trusts the f...", "score": 7.8, "severity": "HIGH", "published": "2026-05-01T15:16:37.593Z", "lastModified": "2026-05-07T19:24:39.637", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31748", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 32.2}, {"id": "CVE-2026-31758", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: usbtmc: Flush anchored URBs in usbtmc_release\n\nWhen calling usbtmc_release, pending anchored URBs must be flushed or\nkilled to prevent use-after-free errors (e.g. in the HCD giveback\npath). Call usbtmc_draw_down() to allow anc...", "score": 7.8, "severity": "HIGH", "published": "2026-05-01T15:16:38.807Z", "lastModified": "2026-05-08T18:23:22.020", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31758", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 32.2}, {"id": "CVE-2026-31759", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: ulpi: fix double free in ulpi_register_interface() error path\n\nWhen device_register() fails, ulpi_register() calls put_device() on\nulpi->dev.\n\nThe device release callback ulpi_dev_release() drops the OF node\nreference and free...", "score": 7.8, "severity": "HIGH", "published": "2026-05-01T15:16:38.923Z", "lastModified": "2026-05-08T18:20:18.230", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31759", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 32.2}, {"id": "CVE-2026-31761", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: gyro: mpu3050: Move iio_device_register() to correct location\n\niio_device_register() should be at the end of the probe function to\nprevent race conditions.\n\nPlace iio_device_register() at the end of the probe function and plac...", "score": 7.8, "severity": "HIGH", "published": "2026-05-01T15:16:39.153Z", "lastModified": "2026-05-08T18:11:08.930", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31761", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 32.2}, {"id": "CVE-2026-31764", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: imu: st_lsm6dsx: Set buffer sampling frequency for accelerometer only\n\nThe st_lsm6dsx_hwfifo_odr_store() function, which is called when userspace\nwrites the buffer sampling frequency sysfs attribute, calls\nst_lsm6dsx_check_odr...", "score": 7.8, "severity": "HIGH", "published": "2026-05-01T15:16:39.523Z", "lastModified": "2026-05-08T18:04:24.963", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31764", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 32.2}, {"id": "CVE-2026-31768", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: adc: ti-adc161s626: use DMA-safe memory for spi_read()\n\nAdd a DMA-safe buffer and use it for spi_read() instead of a stack\nmemory. All SPI buffers must be DMA-safe.\n\nSince we only need up to 3 bytes, we just use a u8[] instead...", "score": 7.8, "severity": "HIGH", "published": "2026-05-01T15:16:39.977Z", "lastModified": "2026-05-11T17:54:28.360", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31768", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 32.2}, {"id": "CVE-2026-31769", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpib: fix use-after-free in IO ioctl handlers\n\nThe IBRD, IBWRT, IBCMD, and IBWAIT ioctl handlers use a gpib_descriptor\npointer after board->big_gpib_mutex has been released.  A concurrent\nIBCLOSEDEV ioctl can free the descriptor vi...", "score": 7.8, "severity": "HIGH", "published": "2026-05-01T15:16:40.090Z", "lastModified": "2026-05-11T17:56:52.220", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31769", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 32.2}, {"id": "CVE-2026-31772", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_sync: fix stack buffer overflow in hci_le_big_create_sync\n\nhci_le_big_create_sync() uses DEFINE_FLEX to allocate a\nstruct hci_cp_le_big_create_sync on the stack with room for 0x11 (17)\nBIS entries.  However, conn->nu...", "score": 7.8, "severity": "HIGH", "published": "2026-05-01T15:16:40.470Z", "lastModified": "2026-05-11T20:42:32.927", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31772", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 32.2}, {"id": "CVE-2026-31776", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: ctxfi: Fix missing SPDIFI1 index handling\n\nSPDIF1 DAIO type isn't properly handled in daio_device_index() for\nhw20k2, and it returned -EINVAL, which ended up with the out-of-bounds\narray access.  Follow the hw20k1 pattern and...", "score": 7.8, "severity": "HIGH", "published": "2026-05-01T15:16:40.967Z", "lastModified": "2026-05-07T02:27:43.700", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31776", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 32.2}, {"id": "CVE-2026-31780", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: wilc1000: fix u8 overflow in SSID scan buffer size calculation\n\nThe variable valuesize is declared as u8 but accumulates the total\nlength of all SSIDs to scan. Each SSID contributes up to 33 bytes\n(IEEE80211_MAX_SSID_LEN + 1)...", "score": 7.8, "severity": "HIGH", "published": "2026-05-01T15:16:41.453Z", "lastModified": "2026-05-11T20:54:09.280", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31780", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 32.2}, {"id": "CVE-2026-31782", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf/x86: Fix potential bad container_of in intel_pmu_hw_config\n\nAuto counter reload may have a group of events with software events\npresent within it. The software event PMU isn't the x86_hybrid_pmu and\na container_of operation in...", "score": 7.8, "severity": "HIGH", "published": "2026-05-01T15:16:41.707Z", "lastModified": "2026-05-11T20:48:04.913", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31782", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 32.2}, {"id": "CVE-2026-43007", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\naccel/qaic: Handle DBC deactivation if the owner went away\n\nWhen a DBC is released, the device sends a QAIC_TRANS_DEACTIVATE_FROM_DEV\ntransaction to the host over the QAIC_CONTROL MHI channel. QAIC handles\nthis by calling decode_de...", "score": 7.8, "severity": "HIGH", "published": "2026-05-01T15:16:44.553Z", "lastModified": "2026-05-07T20:24:32.047", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43007", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 32.2}, {"id": "CVE-2026-43009", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix incorrect pruning due to atomic fetch precision tracking\n\nWhen backtrack_insn encounters a BPF_STX instruction with BPF_ATOMIC\nand BPF_FETCH, the src register (or r0 for BPF_CMPXCHG) also acts as\na destination, thus receiv...", "score": 7.8, "severity": "HIGH", "published": "2026-05-01T15:16:44.770Z", "lastModified": "2026-05-07T20:25:52.587", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43009", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 32.2}, {"id": "CVE-2026-43015", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: macb: fix clk handling on PCI glue driver removal\n\nplatform_device_unregister() may still want to use the registered clks\nduring runtime resume callback.\n\nNote that there is a commit d82d5303c4c5 (\"net: macb: fix use after fre...", "score": 7.8, "severity": "HIGH", "published": "2026-05-01T15:16:45.500Z", "lastModified": "2026-05-07T20:31:01.960", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43015", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 32.2}, {"id": "CVE-2026-43016", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: sockmap: Fix use-after-free of sk->sk_socket in sk_psock_verdict_data_ready().\n\nsyzbot reported use-after-free of AF_UNIX socket's sk->sk_socket\nin sk_psock_verdict_data_ready(). [0]\n\nIn unix_stream_sendmsg(), the peer socket'...", "score": 7.8, "severity": "HIGH", "published": "2026-05-01T15:16:45.677Z", "lastModified": "2026-05-07T20:31:20.753", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43016", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 32.2}, {"id": "CVE-2026-43019", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_conn: fix potential UAF in set_cig_params_sync\n\nhci_conn lookup and field access must be covered by hdev lock in\nset_cig_params_sync, otherwise it's possible it is freed concurrently.\n\nTake hdev lock to prevent hci_c...", "score": 7.8, "severity": "HIGH", "published": "2026-05-01T15:16:46.103Z", "lastModified": "2026-05-08T14:35:10.090", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43019", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 32.2}, {"id": "CVE-2026-43020", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: MGMT: validate LTK enc_size on load\n\nLoad Long Term Keys stores the user-provided enc_size and later uses\nit to size fixed-size stack operations when replying to LE LTK\nrequests. An enc_size larger than the 16-byte key b...", "score": 7.8, "severity": "HIGH", "published": "2026-05-01T15:16:46.233Z", "lastModified": "2026-05-08T14:41:09.707", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43020", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 32.2}, {"id": "CVE-2026-43023", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: SCO: fix race conditions in sco_sock_connect()\n\nsco_sock_connect() checks sk_state and sk_type without holding\nthe socket lock. Two concurrent connect() syscalls on the same\nsocket can both pass the check and enter sco_c...", "score": 7.8, "severity": "HIGH", "published": "2026-05-01T15:16:46.610Z", "lastModified": "2026-05-08T14:56:44.180", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43023", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 32.2}, {"id": "CVE-2026-43027", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_conntrack_helper: pass helper to expect cleanup\n\nnf_conntrack_helper_unregister() calls nf_ct_expect_iterate_destroy()\nto remove expectations belonging to the helper being unregistered.\nHowever, it passes NULL instead...", "score": 7.8, "severity": "HIGH", "published": "2026-05-01T15:16:47.167Z", "lastModified": "2026-05-08T18:29:08.890", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43027", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 32.2}, {"id": "CVE-2026-43030", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix regsafe() for pointers to packet\n\nIn case rold->reg->range == BEYOND_PKT_END && rcur->reg->range == N\nregsafe() may return true which may lead to current state with\nvalid packet range not being explored. Fix the bug.", "score": 7.8, "severity": "HIGH", "published": "2026-05-01T15:16:47.557Z", "lastModified": "2026-05-08T18:36:14.140", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43030", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 32.2}, {"id": "CVE-2026-43033", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: authencesn - Do not place hiseq at end of dst for out-of-place decryption\n\nWhen decrypting data that is not in-place (src != dst), there is\nno need to save the high-order sequence bits in dst as it could\nsimply be re-copied...", "score": 7.8, "severity": "HIGH", "published": "2026-05-01T15:16:47.910Z", "lastModified": "2026-05-08T18:40:49.150", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43033", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 32.2}, {"id": "CVE-2026-43044", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: caam - fix DMA corruption on long hmac keys\n\nWhen a key longer than block size is supplied, it is copied and then\nhashed into the real key.  The memory allocated for the copy needs to\nbe rounded to DMA cache alignment, as o...", "score": 7.8, "severity": "HIGH", "published": "2026-05-01T15:16:50.703Z", "lastModified": "2026-05-08T18:58:08.020", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43044", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 32.2}, {"id": "CVE-2026-43047", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: multitouch: Check to ensure report responses match the request\n\nIt is possible for a malicious (or clumsy) device to respond to a\nspecific report's feature request using a completely different report\nID.  This can cause confus...", "score": 7.8, "severity": "HIGH", "published": "2026-05-01T15:16:51.073Z", "lastModified": "2026-05-08T13:50:16.930", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43047", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 32.2}, {"id": "CVE-2026-43049", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: logitech-hidpp: Prevent use-after-free on force feedback initialisation failure\n\nPresently, if the force feedback initialisation fails when probing the\nLogitech G920 Driving Force Racing Wheel for Xbox One, an error number\nwil...", "score": 7.8, "severity": "HIGH", "published": "2026-05-01T15:16:51.297Z", "lastModified": "2026-05-07T19:05:22.307", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43049", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 32.2}, {"id": "CVE-2026-43056", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mana: fix use-after-free in add_adev() error path\n\nIf auxiliary_device_add() fails, add_adev() jumps to add_fail and calls\nauxiliary_device_uninit(adev).\n\nThe auxiliary device has its release callback set to adev_release(),\nwh...", "score": 7.8, "severity": "HIGH", "published": "2026-05-01T15:16:52.147Z", "lastModified": "2026-05-07T19:02:46.660", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43056", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 32.2}, {"id": "CVE-2026-22167", "description": "Software installed and run as a non-privileged user may conduct improper GPU system calls to force GPU to write to arbitrary physical memory pages.\n\n\n\nUnder certain circumstances this exploit could be used to corrupt data pages not allocated by the GPU driver but memory pages in use by the kernel an...", "score": 7.8, "severity": "HIGH", "published": "2026-05-01T16:16:29.693Z", "lastModified": "2026-05-06T19:05:56.337", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22167", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.2}, {"id": "CVE-2026-37525", "description": "AGL app-framework-binder (afb-daemon) through v19.90.0 contains a privilege escalation vulnerability in the supervision Do command. The on_supervision_call function in src/afb-supervision.c explicitly nullifies the request credentials by calling afb_context_change_cred(&xreq->context, NULL) before d...", "score": 7.8, "severity": "HIGH", "published": "2026-05-01T17:16:22.270Z", "lastModified": "2026-05-07T15:15:55.993", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-37525", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.2}, {"id": "CVE-2026-37526", "description": "AGL app-framework-binder (afb-daemon) through v19.90.0 allows any local process to execute privileged supervision commands (Exit, Do, Sclose, Config, Trace, Debug, Token, slist) without authentication via the abstract Unix socket @urn:AGL:afs:supervision:socket. The on_supervision_call function in s...", "score": 7.8, "severity": "HIGH", "published": "2026-05-01T17:16:22.440Z", "lastModified": "2026-05-07T15:15:55.993", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-37526", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.2}, {"id": "CVE-2025-52347", "description": "An issue in the component DirectIo64.sys of PassMark BurnInTest v11.0 Build 1011, OSForensics v11.1 Build 1007, and PerformanceTest v11.1 Build 1004 allows attackers to access kernel memory and escalate privileges via a crafted IOCTL 0x8011E044 call.", "score": 7.8, "severity": "HIGH", "published": "2026-05-01T19:16:28.113Z", "lastModified": "2026-05-07T15:53:49.717", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52347", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.2}, {"id": "CVE-2026-36365", "description": "An issue in Lymphatus caesium-image-compressor All versions up to and including commit 02da2c6 allows a local attacker to execute arbitrary code via the shutdownMachine and putMachineToSleep functions in PostCompressionActions.cpp", "score": 7.8, "severity": "HIGH", "published": "2026-05-04T16:16:02.053Z", "lastModified": "2026-05-07T15:53:49.717", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-36365", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.2}, {"id": "CVE-2025-47405", "description": "Memory corruption when processing camera sensor input/output control codes with invalid output buffers.", "score": 7.8, "severity": "HIGH", "published": "2026-05-04T17:16:20.827Z", "lastModified": "2026-05-06T18:03:08.820", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47405", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.2}, {"id": "CVE-2025-47407", "description": "Memory corruption while creating a process on the digital signal processor due to allocation failure at the kernel level.", "score": 7.8, "severity": "HIGH", "published": "2026-05-04T17:16:21.097Z", "lastModified": "2026-05-06T18:02:38.770", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47407", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.2}, {"id": "CVE-2025-47408", "description": "Memory corruption when another driver calls an IOCTL with invalid input/output buffer.", "score": 7.8, "severity": "HIGH", "published": "2026-05-04T17:16:21.257Z", "lastModified": "2026-05-06T18:03:00.557", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47408", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.2}, {"id": "CVE-2026-24082", "description": "Memory Corruption when copying data from a freed source while executing performance counter deselect operation.", "score": 7.8, "severity": "HIGH", "published": "2026-05-04T17:16:21.453Z", "lastModified": "2026-05-12T19:09:24.270", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24082", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.2}, {"id": "CVE-2026-7791", "description": "Improper privilege management in the log rotation mechanism of the Skylight Workspace Config Service in Amazon WorkSpaces for Windows before 2.6.2034.0 allows a local non-admin authenticated user to place arbitrary files into arbitrary locations bypassing file system permission protections, leading ...", "score": 7.8, "severity": "HIGH", "published": "2026-05-04T22:16:20.697Z", "lastModified": "2026-05-05T19:32:23.613", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7791", "is_exploited": false, "epss": 0, "vendor": "WINDOWS", "mts_score": 32.2}, {"id": "CVE-2026-43060", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_ct: drop pending enqueued packets on removal\n\nPackets sitting in nfqueue might hold a reference to:\n\n- templates that specify the conntrack zone, because a percpu area is\n  used and module removal is possible.\n- conn...", "score": 7.8, "severity": "HIGH", "published": "2026-05-05T16:16:15.050Z", "lastModified": "2026-05-08T13:16:37.143", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43060", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 32.2}, {"id": "CVE-2026-43063", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfs: don't irele after failing to iget in xfs_attri_recover_work\n\nxlog_recovery_iget* never set @ip to a valid pointer if they return\nan error, so this irele will walk off a dangling pointer.  Fix that.", "score": 7.8, "severity": "HIGH", "published": "2026-05-05T16:16:15.467Z", "lastModified": "2026-05-08T13:16:37.457", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43063", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 32.2}, {"id": "CVE-2026-43070", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Reset register ID for BPF_END value tracking\n\nWhen a register undergoes a BPF_END (byte swap) operation, its scalar\nvalue is mutated in-place. If this register previously shared a scalar ID\nwith another register (e.g., after a...", "score": 7.8, "severity": "HIGH", "published": "2026-05-05T16:16:16.320Z", "lastModified": "2026-05-08T13:16:37.750", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43070", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 32.2}, {"id": "CVE-2026-34461", "description": "Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, the SbieIniServer RunSbieCtrl handler contains a stack buffer overflow. The MSGID_SBIE_INI_RUN_SBIE_CTRL message is handled before normal sandbox and impersonation checks, and for non-sandb...", "score": 7.8, "severity": "HIGH", "published": "2026-05-05T20:16:37.460Z", "lastModified": "2026-05-07T19:47:45.650", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34461", "is_exploited": false, "epss": 0, "vendor": "WINDOWS", "mts_score": 32.2}, {"id": "CVE-2026-34462", "description": "Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, several ProcessServer handlers (KillAllHandler, SuspendAllHandler, and RunSandboxedHandler) copy a WCHAR boxname[34] field from request structures into WCHAR[40] stack buffers using wcscpy ...", "score": 7.8, "severity": "HIGH", "published": "2026-05-05T20:16:37.610Z", "lastModified": "2026-05-07T19:47:30.260", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34462", "is_exploited": false, "epss": 0, "vendor": "WINDOWS", "mts_score": 32.2}, {"id": "CVE-2026-43074", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\neventpoll: defer struct eventpoll free to RCU grace period\n\nIn certain situations, ep_free() in eventpoll.c will kfree the epi->ep\neventpoll struct while it still being used by another concurrent thread.\nDefer the kfree() to an RCU...", "score": 7.8, "severity": "HIGH", "published": "2026-05-06T10:16:20.343Z", "lastModified": "2026-05-08T13:16:38.030", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43074", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 32.2}, {"id": "CVE-2026-43075", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: fix out-of-bounds write in ocfs2_write_end_inline\n\nKASAN reports a use-after-free write of 4086 bytes in\nocfs2_write_end_inline, called from ocfs2_write_end_nolock during a\ncopy_file_range splice fallback on a corrupted ocfs...", "score": 7.8, "severity": "HIGH", "published": "2026-05-06T10:16:20.463Z", "lastModified": "2026-05-08T13:16:38.160", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43075", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 32.2}, {"id": "CVE-2026-43076", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: validate inline data i_size during inode read\n\nWhen reading an inode from disk, ocfs2_validate_inode_block() performs\nvarious sanity checks but does not validate the size of inline data.  If\nthe filesystem is corrupted, an i...", "score": 7.8, "severity": "HIGH", "published": "2026-05-06T10:16:20.590Z", "lastModified": "2026-05-08T13:16:38.297", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43076", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 32.2}, {"id": "CVE-2026-43078", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: af_alg - Fix page reassignment overflow in af_alg_pull_tsgl\n\nWhen page reassignment was added to af_alg_pull_tsgl the original\nloop wasn't updated so it may try to reassign one more page than\nnecessary.\n\nAdd the check to th...", "score": 7.8, "severity": "HIGH", "published": "2026-05-06T10:16:20.853Z", "lastModified": "2026-05-08T13:16:38.417", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43078", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 32.2}, {"id": "CVE-2026-43084", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nfnetlink_queue: make hash table per queue\n\nSharing a global hash table among all queues is tempting, but\nit can cause crash:\n\nBUG: KASAN: slab-use-after-free in nfqnl_recv_verdict+0x11ac/0x15e0 [nfnetlink_queue]\n[..]\n n...", "score": 7.8, "severity": "HIGH", "published": "2026-05-06T10:16:21.610Z", "lastModified": "2026-05-08T13:16:38.660", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43084", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 32.2}, {"id": "CVE-2026-43091", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: Wait for RCU readers during policy netns exit\n\nxfrm_policy_fini() frees the policy_bydst hash tables after flushing the\npolicy work items and deleting all policies, but it does not wait for\nconcurrent RCU readers to leave the...", "score": 7.8, "severity": "HIGH", "published": "2026-05-06T10:16:22.433Z", "lastModified": "2026-05-08T13:16:38.787", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43091", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 32.2}, {"id": "CVE-2026-43093", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nxsk: tighten UMEM headroom validation to account for tailroom and min frame\n\nThe current headroom validation in xdp_umem_reg() could leave us with\ninsufficient space dedicated to even receive minimum-sized ethernet\nframe. Furthermo...", "score": 7.8, "severity": "HIGH", "published": "2026-05-06T10:16:22.667Z", "lastModified": "2026-05-08T13:16:38.907", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43093", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 32.2}, {"id": "CVE-2026-43097", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: hv: Fix double ida_free in hv_pci_probe error path\n\nIf hv_pci_probe() fails after storing the domain number in\nhbus->bridge->domain_nr, there is a call to free this domain_nr via\npci_bus_release_emul_domain_nr(), however, duri...", "score": 7.8, "severity": "HIGH", "published": "2026-05-06T10:16:23.137Z", "lastModified": "2026-05-14T19:24:49.477", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43097", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 32.2}, {"id": "CVE-2026-43106", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncachefiles: fix incorrect dentry refcount in cachefiles_cull()\n\nThe patch mentioned below changed cachefiles_bury_object() to expect 2\nreferences to the 'rep' dentry.  Three of the callers were changed to\nuse start_removing_dentry(...", "score": 7.8, "severity": "HIGH", "published": "2026-05-06T10:16:24.213Z", "lastModified": "2026-05-11T17:31:12.830", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43106", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 32.2}, {"id": "CVE-2026-43111", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: roccat: fix use-after-free in roccat_report_event\n\nroccat_report_event() iterates over the device->readers list without\nholding the readers_lock. This allows a concurrent roccat_release() to\nremove and free a reader while it's...", "score": 7.8, "severity": "HIGH", "published": "2026-05-06T10:16:24.807Z", "lastModified": "2026-05-08T19:45:15.600", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43111", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 32.2}, {"id": "CVE-2026-43116", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: ctnetlink: ensure safe access to master conntrack\n\nHolding reference on the expectation is not sufficient, the master\nconntrack object can just go away, making exp->master invalid.\n\nTo access exp->master safely:\n\n- Grab ...", "score": 7.8, "severity": "HIGH", "published": "2026-05-06T10:16:25.400Z", "lastModified": "2026-05-08T17:49:36.793", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43116", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 32.2}, {"id": "CVE-2026-43120", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/irdma: Fix double free related to rereg_user_mr\n\nIf IB_MR_REREG_TRANS is set during rereg_user_mr, the\numem will be released and a new one will be allocated\nin irdma_rereg_mr_trans. If any step of irdma_rereg_mr_trans\nfails af...", "score": 7.8, "severity": "HIGH", "published": "2026-05-06T10:16:25.913Z", "lastModified": "2026-05-12T21:37:37.813", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43120", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 32.2}, {"id": "CVE-2026-43126", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: mixer: oss: Add card disconnect checkpoints\n\nALSA OSS mixer layer calls the kcontrol ops rather individually, and\npending calls might be not always caught at disconnecting the device.\n\nFor avoiding the potential UAF scenarios...", "score": 7.8, "severity": "HIGH", "published": "2026-05-06T12:16:29.597Z", "lastModified": "2026-05-08T17:56:07.707", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43126", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 32.2}, {"id": "CVE-2026-43128", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/umem: Fix double dma_buf_unpin in failure path\n\nIn ib_umem_dmabuf_get_pinned_with_dma_device(), the call to\nib_umem_dmabuf_map_pages() can fail. If this occurs, the dmabuf\nis immediately unpinned but the umem_dmabuf->pinned fl...", "score": 7.8, "severity": "HIGH", "published": "2026-05-06T12:16:29.837Z", "lastModified": "2026-05-08T17:52:13.233", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43128", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 32.2}, {"id": "CVE-2026-43138", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nreset: gpio: suppress bind attributes in sysfs\n\nThis is a special device that's created dynamically and is supposed to\nstay in memory forever. We also currently don't have a devlink between\nit and the actual reset consumer. Suppres...", "score": 7.8, "severity": "HIGH", "published": "2026-05-06T12:16:31.117Z", "lastModified": "2026-05-12T21:11:43.943", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43138", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 32.2}, {"id": "CVE-2026-43150", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf/arm-cmn: Reject unsupported hardware configurations\n\nSo far we've been fairly lax about accepting both unknown CMN models\n(at least with a warning), and unknown revisions of those which we\ndo know, as although things do freque...", "score": 7.8, "severity": "HIGH", "published": "2026-05-06T12:16:32.690Z", "lastModified": "2026-05-13T20:14:44.200", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43150", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 32.2}, {"id": "CVE-2026-43153", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfs: remove xfs_attr_leaf_hasname\n\nThe calling convention of xfs_attr_leaf_hasname() is problematic, because\nit returns a NULL buffer when xfs_attr3_leaf_read fails, a valid buffer\nwhen xfs_attr3_leaf_lookup_int returns -ENOATTR or...", "score": 7.8, "severity": "HIGH", "published": "2026-05-06T12:16:33.073Z", "lastModified": "2026-05-13T20:11:32.270", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43153", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 32.2}, {"id": "CVE-2026-43178", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nprocfs: fix possible double mmput() in do_procmap_query()\n\nWhen user provides incorrectly sized buffer for build ID for PROCMAP_QUERY\nwe return with -ENAMETOOLONG error.  After recent changes this condition\nhappens later, after we ...", "score": 7.8, "severity": "HIGH", "published": "2026-05-06T12:16:36.303Z", "lastModified": "2026-05-12T19:52:25.087", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43178", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 32.2}, {"id": "CVE-2026-43180", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: kaweth: remove TX queue manipulation in kaweth_set_rx_mode\n\nkaweth_set_rx_mode(), the ndo_set_rx_mode callback, calls\nnetif_stop_queue() and netif_wake_queue(). These are TX queue flow\ncontrol functions unrelated to RX mu...", "score": 7.8, "severity": "HIGH", "published": "2026-05-06T12:16:36.533Z", "lastModified": "2026-05-12T19:36:09.967", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43180", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 32.2}, {"id": "CVE-2026-43196", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: ti: pruss: Fix double free in pruss_clk_mux_setup()\n\nIn the pruss_clk_mux_setup(), the devm_add_action_or_reset() indirectly\ncalls pruss_of_free_clk_provider(), which calls of_node_put(clk_mux_np)\non the error path. However, a...", "score": 7.8, "severity": "HIGH", "published": "2026-05-06T12:16:38.607Z", "lastModified": "2026-05-11T20:11:30.810", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43196", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 32.2}, {"id": "CVE-2026-43205", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndpaa2-switch: validate num_ifs to prevent out-of-bounds write\n\nThe driver obtains sw_attr.num_ifs from firmware via dpsw_get_attributes()\nbut never validates it against DPSW_MAX_IF (64). This value controls\niteration in dpaa2_switc...", "score": 7.8, "severity": "HIGH", "published": "2026-05-06T12:16:39.747Z", "lastModified": "2026-05-11T19:59:54.157", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43205", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 32.2}, {"id": "CVE-2026-43206", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: Fix out-of-bounds write in kfd_event_page_set()\n\nThe kfd_event_page_set() function writes KFD_SIGNAL_EVENT_LIMIT * 8\nbytes via memset without checking the buffer size parameter. This allows\nunprivileged userspace to tri...", "score": 7.8, "severity": "HIGH", "published": "2026-05-06T12:16:39.903Z", "lastModified": "2026-05-11T20:05:16.157", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43206", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 32.2}, {"id": "CVE-2026-43207", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: mtk-mdp: Fix error handling in probe function\n\nAdd mtk_mdp_unregister_m2m_device() on the error handling path to prevent\nresource leak.\n\nAdd check for the return value of vpu_get_plat_device() to prevent null\npointer derefer...", "score": 7.8, "severity": "HIGH", "published": "2026-05-06T12:16:40.037Z", "lastModified": "2026-05-11T19:59:34.427", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43207", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 32.2}, {"id": "CVE-2026-43211", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: Fix pci_slot_trylock() error handling\n\nCommit a4e772898f8b (\"PCI: Add missing bridge lock to pci_bus_lock()\")\ndelegates the bridge device's pci_dev_trylock() to pci_bus_trylock() in\npci_slot_trylock(), but it forgets to remove...", "score": 7.8, "severity": "HIGH", "published": "2026-05-06T12:16:40.527Z", "lastModified": "2026-05-11T19:58:10.490", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43211", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 32.2}, {"id": "CVE-2026-43212", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nLoongArch: Make cpumask_of_node() robust against NUMA_NO_NODE\n\nThe arch definition of cpumask_of_node() cannot handle NUMA_NO_NODE -\nwhich is a valid index - so add a check for this.", "score": 7.8, "severity": "HIGH", "published": "2026-05-06T12:16:40.687Z", "lastModified": "2026-05-11T19:57:52.520", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43212", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 32.2}, {"id": "CVE-2026-43214", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86: Add SRCU protection for reading PDPTRs in __get_sregs2()\n\nAdd SRCU read-side protection when reading PDPTR registers in\n__get_sregs2().\n\nReading PDPTRs may trigger access to guest memory:\nkvm_pdptr_read() -> svm_cache_reg...", "score": 7.8, "severity": "HIGH", "published": "2026-05-06T12:16:40.920Z", "lastModified": "2026-05-11T19:44:24.010", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43214", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 32.2}, {"id": "CVE-2026-43222", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: verisilicon: AV1: Fix tile info buffer size\n\nEach tile info is composed of: row_sb, col_sb, start_pos\nand end_pos (4 bytes each). So the total required memory\nis AV1_MAX_TILES * 16 bytes.\nUse the correct #define to allocate ...", "score": 7.8, "severity": "HIGH", "published": "2026-05-06T12:16:41.900Z", "lastModified": "2026-05-08T21:12:57.527", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43222", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 32.2}, {"id": "CVE-2026-43236", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/atmel-hlcdc: fix use-after-free of drm_crtc_commit after release\n\nThe atmel_hlcdc_plane_atomic_duplicate_state() callback was copying\nthe atmel_hlcdc_plane state structure without properly duplicating the\ndrm_plane_state. In pa...", "score": 7.8, "severity": "HIGH", "published": "2026-05-06T12:16:43.817Z", "lastModified": "2026-05-12T18:59:33.953", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43236", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 32.2}, {"id": "CVE-2026-43237", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Refactor amdgpu_gem_va_ioctl for Handling Last Fence Update and Timeline Management v4\n\nThis commit simplifies the amdgpu_gem_va_ioctl function, key updates\ninclude:\n - Moved the logic for managing the last update fence...", "score": 7.8, "severity": "HIGH", "published": "2026-05-06T12:16:43.960Z", "lastModified": "2026-05-12T18:55:52.373", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43237", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 32.2}, {"id": "CVE-2026-43248", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nvhost: move vdpa group bound check to vhost_vdpa\n\nRemove duplication by consolidating these here.  This reduces the\nposibility of a parent driver missing them.\n\nWhile we're at it, fix a bug in vdpa_sim where a valid ASID can be\nass...", "score": 7.8, "severity": "HIGH", "published": "2026-05-06T12:16:45.380Z", "lastModified": "2026-05-11T13:14:40.387", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43248", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 32.2}, {"id": "CVE-2026-43250", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: chipidea: udc: fix DMA and SG cleanup in _ep_nuke()\n\nThe ChipIdea UDC driver can encounter \"not page aligned sg buffer\"\nerrors when a USB device is reconnected after being disconnected\nduring an active transfer. This occurs be...", "score": 7.8, "severity": "HIGH", "published": "2026-05-06T12:16:45.620Z", "lastModified": "2026-05-12T18:51:16.140", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43250", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 32.2}, {"id": "CVE-2026-43256", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: qcom: camss: vfe: Fix out-of-bounds access in vfe_isr_reg_update()\n\nvfe_isr() iterates using MSM_VFE_IMAGE_MASTERS_NUM(7) as the loop\nbound and passes the index to vfe_isr_reg_update(). However,\nvfe->line[] array is defined ...", "score": 7.8, "severity": "HIGH", "published": "2026-05-06T12:16:46.397Z", "lastModified": "2026-05-11T18:16:48.460", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43256", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 32.2}, {"id": "CVE-2026-43258", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nalpha: fix user-space corruption during memory compaction\n\nAlpha systems can suffer sporadic user-space crashes and heap\ncorruption when memory compaction is enabled.\n\nSymptoms include SIGSEGV, glibc allocator failures (e.g. \"unali...", "score": 7.8, "severity": "HIGH", "published": "2026-05-06T12:16:46.650Z", "lastModified": "2026-05-11T18:10:27.473", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43258", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 32.2}, {"id": "CVE-2026-43260", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbnxt_en: Fix RSS context delete logic\n\nWe need to free the corresponding RSS context VNIC\nin FW everytime an RSS context is deleted in driver.\nCommit 667ac333dbb7 added a check to delete the VNIC\nin FW only when netif_running() is ...", "score": 7.8, "severity": "HIGH", "published": "2026-05-06T12:16:46.883Z", "lastModified": "2026-05-08T20:31:55.037", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43260", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 32.2}, {"id": "CVE-2026-43263", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: chips-media: wave5: Fix Null reference while testing fluster\n\nWhen multi instances are created/destroyed, many interrupts happens\nand structures for decoder are removed.\n\"struct vpu_instance\" this structure is shared for all...", "score": 7.8, "severity": "HIGH", "published": "2026-05-06T12:16:47.257Z", "lastModified": "2026-05-08T20:33:12.230", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43263", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 32.2}, {"id": "CVE-2026-43276", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mana: Fix double destroy_workqueue on service rescan PCI path\n\nWhile testing corner cases in the driver, a use-after-free crash\nwas found on the service rescan PCI path.\n\nWhen mana_serv_reset() calls mana_gd_suspend(), mana_gd...", "score": 7.8, "severity": "HIGH", "published": "2026-05-06T12:16:48.930Z", "lastModified": "2026-05-08T19:32:12.303", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43276", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 32.2}, {"id": "CVE-2026-43278", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm: clear cloned request bio pointer when last clone bio completes\n\nStale rq->bio values have been observed to cause double-initialization of\ncloned bios in request-based device-mapper targets, leading to\nuse-after-free and double-...", "score": 7.8, "severity": "HIGH", "published": "2026-05-06T12:16:49.213Z", "lastModified": "2026-05-08T19:38:24.763", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43278", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 32.2}, {"id": "CVE-2026-43279", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: Add sanity check for OOB writes at silencing\n\nAt silencing the playback URB packets in the implicit fb mode before\nthe actual playback, we blindly assume that the received packets fit\nwith the buffer size.  But whe...", "score": 7.8, "severity": "HIGH", "published": "2026-05-06T12:16:49.350Z", "lastModified": "2026-05-08T19:02:38.547", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43279", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 32.2}, {"id": "CVE-2026-41288", "description": "Incorrect permission assignment for a resource in the patch management component of the WatchGuard Agent on Windows allows an authenticated local user to elevate their privileges to NT AUTHORITY\\\\SYSTEM.", "score": 7.8, "severity": "HIGH", "published": "2026-05-06T16:16:10.147Z", "lastModified": "2026-05-11T18:35:41.823", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41288", "is_exploited": false, "epss": 0, "vendor": "WINDOWS", "mts_score": 32.2}, {"id": "CVE-2026-6691", "description": "The MongoDB C Driver's Cyrus SASL integration performs unsafe string copying during username canonicalization, enabling a heap buffer overflow before any authentication or network traffic. This may be triggered by passing untrusted input in the username of a MongoDB URI with authMechanism=GSSAPI.", "score": 7.8, "severity": "HIGH", "published": "2026-05-06T16:16:11.483Z", "lastModified": "2026-05-07T15:11:09.037", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6691", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.2}, {"id": "CVE-2026-6787", "description": "Use of Hard-coded Cryptographic Key vulnerability in WatchGuard Agent on Windows allows Inclusion of Code in Existing Process.This issue affects\u00a0WatchGuard Agent: before 1.25.03.0000.", "score": 7.8, "severity": "HIGH", "published": "2026-05-06T16:16:11.643Z", "lastModified": "2026-05-11T18:33:49.730", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6787", "is_exploited": false, "epss": 0, "vendor": "WINDOWS", "mts_score": 32.2}, {"id": "CVE-2026-6788", "description": "Uncontrolled Search Path Element vulnerability\u00a0in WatchGuard Agent on Windows allows Using Malicious Files.This issue affects WatchGuard Agent\u00a0before 1.25.03.0000.", "score": 7.8, "severity": "HIGH", "published": "2026-05-06T16:16:11.780Z", "lastModified": "2026-05-11T18:33:24.223", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6788", "is_exploited": false, "epss": 0, "vendor": "WINDOWS", "mts_score": 32.2}, {"id": "CVE-2026-7913", "description": "Insufficient policy enforcement in DevTools in Google Chrome on Android prior to 148.0.7778.96 allowed a local attacker to perform privilege escalation via a malicious file. (Chromium security severity: High)", "score": 7.8, "severity": "HIGH", "published": "2026-05-06T19:16:39.590Z", "lastModified": "2026-05-06T23:40:30.187", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7913", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 32.2}, {"id": "CVE-2026-7925", "description": "Use after free in Chromoting in Google Chrome on Windows prior to 148.0.7778.96 allowed a local attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: High)", "score": 7.8, "severity": "HIGH", "published": "2026-05-06T19:16:40.833Z", "lastModified": "2026-05-06T23:37:49.513", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7925", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 32.2}, {"id": "CVE-2026-7990", "description": "Insufficient validation of untrusted input in Updater in Google Chrome on Windows prior to 148.0.7778.96 allowed a local attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: Medium)", "score": 7.8, "severity": "HIGH", "published": "2026-05-06T19:16:49.877Z", "lastModified": "2026-05-06T23:20:16.747", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7990", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 32.2}, {"id": "CVE-2026-7994", "description": "Inappropriate implementation in Chromoting in Google Chrome on Windows prior to 148.0.7778.96 allowed a local attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: Medium)", "score": 7.8, "severity": "HIGH", "published": "2026-05-06T19:16:50.277Z", "lastModified": "2026-05-06T23:19:18.893", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7994", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 32.2}, {"id": "CVE-2026-7997", "description": "Insufficient validation of untrusted input in Updater in Google Chrome on Mac prior to 148.0.7778.96 allowed a local attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: Low)", "score": 7.8, "severity": "HIGH", "published": "2026-05-06T19:16:50.607Z", "lastModified": "2026-05-06T23:18:39.007", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7997", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 32.2}, {"id": "CVE-2026-44114", "description": "OpenClaw before 2026.4.20 fails to properly reserve the OPENCLAW_ runtime-control environment namespace in workspace dotenv files, allowing attackers to override critical runtime variables. Malicious workspaces can set variables like OPENCLAW_GIT_DIR to manipulate trusted OpenClaw runtime behavior d...", "score": 7.8, "severity": "HIGH", "published": "2026-05-06T20:16:35.340Z", "lastModified": "2026-05-07T17:07:54.960", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44114", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.2}, {"id": "CVE-2026-44118", "description": "OpenClaw before 2026.4.22 derives loopback MCP owner context from spoofable server-issued bearer tokens in request headers. Non-owner loopback clients can present themselves as owner to bypass owner-gated operations by manipulating the sender-owner header metadata.", "score": 7.8, "severity": "HIGH", "published": "2026-05-06T20:16:35.900Z", "lastModified": "2026-05-07T17:07:19.353", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44118", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.2}, {"id": "CVE-2026-8081", "description": "A vulnerability has been found in router-for-me CLIProxyAPI 6.9.29. Affected by this issue is some unknown functionality of the file internal/api/handlers/management/api_tools.go of the component API Interface. The manipulation of the argument url leads to server-side request forgery. Remote exploit...", "score": 6.3, "severity": "MEDIUM", "published": "2026-05-07T18:16:27.747Z", "lastModified": "2026-05-12T20:27:43.557", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8081", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.2}, {"id": "CVE-2026-8097", "description": "A security flaw has been discovered in CodeAstro Online Classroom 1.0. This vulnerability affects unknown code of the file /askquery.php. The manipulation of the argument squeryx results in sql injection. The attack may be performed from remote. The exploit has been released to the public and may be...", "score": 6.3, "severity": "MEDIUM", "published": "2026-05-07T21:16:30.727Z", "lastModified": "2026-05-11T15:11:48.807", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8097", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.2}, {"id": "CVE-2026-40214", "description": "In OpenStack Cyborg before 16.0.1, the Accelerator Request (ARQ) API does not enforce project ownership at any layer. The project_id column in the database is never populated (NULL for every ARQ), database queries have no project filtering, and policy checks are self-referential (the authorize_wsgi ...", "score": 6.3, "severity": "MEDIUM", "published": "2026-05-07T22:16:35.047Z", "lastModified": "2026-05-08T16:16:10.900", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40214", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.2}, {"id": "CVE-2026-8112", "description": "A vulnerability was found in 8421bit MiniClaw up to 223c16a1088e138838dcbd18cd65a37c35ac5a84. Affected is the function executeCognitivePulse of the file src/kernel.ts. Performing a manipulation results in os command injection. It is possible to initiate the attack remotely. The exploit has been made...", "score": 6.3, "severity": "MEDIUM", "published": "2026-05-07T22:16:37.507Z", "lastModified": "2026-05-08T15:39:09.053", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8112", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.2}, {"id": "CVE-2026-8114", "description": "A vulnerability was identified in JeecgBoot up to 3.9.1. Affected by this issue is some unknown functionality of the file /sys/dict/loadTreeData of the component JSON Object Handler. The manipulation of the argument condition leads to sql injection. The attack can be initiated remotely. The exploit ...", "score": 6.3, "severity": "MEDIUM", "published": "2026-05-07T22:16:37.843Z", "lastModified": "2026-05-08T15:47:03.413", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8114", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.2}, {"id": "CVE-2026-8116", "description": "A weakness has been identified in huangjunsen0406 xiaozhi-mcphub up to 1.0.3. This vulnerability affects unknown code of the file src/controllers/dxtController.ts. This manipulation of the argument manifest.name causes path traversal. The attack may be initiated remotely. The exploit has been made a...", "score": 6.3, "severity": "MEDIUM", "published": "2026-05-08T00:16:09.833Z", "lastModified": "2026-05-08T15:47:03.413", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8116", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.2}, {"id": "CVE-2026-8125", "description": "A vulnerability was detected in code-projects Simple Chat System 1.0. This vulnerability affects unknown code of the file sendMessage.php. The manipulation of the argument type/length/business parameter validity results in sql injection. The attack may be launched remotely. The exploit is now public...", "score": 6.3, "severity": "MEDIUM", "published": "2026-05-08T02:16:08.200Z", "lastModified": "2026-05-08T15:45:49.503", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8125", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.2}, {"id": "CVE-2026-8127", "description": "A vulnerability has been found in eladmin up to 2.7. Impacted is the function checkLevel of the file /rest/UserController.java of the component Users API Endpoint. Such manipulation leads to improper access controls. The attack can be executed remotely. The exploit has been disclosed to the public a...", "score": 6.3, "severity": "MEDIUM", "published": "2026-05-08T03:16:25.350Z", "lastModified": "2026-05-08T15:47:03.413", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8127", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.2}, {"id": "CVE-2024-30167", "description": "/cgi-bin/time.cgi in Atlona AT-OME-MS42 Matrix Switcher 1.1.2 allow remote authenticated users to execute arbitrary commands as root via a POST request that carries a serverName parameter.", "score": 6.3, "severity": "MEDIUM", "published": "2026-05-08T06:16:09.160Z", "lastModified": "2026-05-08T16:02:14.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30167", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.2}, {"id": "CVE-2024-33722", "description": "SOPlanning 1.52.00 is vulnerable to SQL Injection by an authenticated user via projets.php with statut[].", "score": 6.3, "severity": "MEDIUM", "published": "2026-05-08T06:16:09.417Z", "lastModified": "2026-05-08T18:16:32.147", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-33722", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.2}, {"id": "CVE-2025-67886", "description": "Bitrix24 through 25.100.300 allows Remote Code Execution because an actor with SOURCE/WRITE permissions for the Translate Module can upload and execute code by sending a PHP file and a .htaccess file. NOTE: this is disputed by the Supplier because this is intended behavior for the high-privileged us...", "score": 6.3, "severity": "MEDIUM", "published": "2026-05-08T07:16:28.180Z", "lastModified": "2026-05-08T18:16:32.947", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67886", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.2}, {"id": "CVE-2026-44337", "description": "PraisonAI is a multi-agent teams system. From version 2.4.1 to before version 4.6.34, PraisonAI exposes optional SQL/CQL-backed knowledge-store implementations that build table and index identifiers from unvalidated name and collection arguments. Applications that pass untrusted collection names int...", "score": 6.3, "severity": "MEDIUM", "published": "2026-05-08T14:16:46.587Z", "lastModified": "2026-05-08T19:07:00.780", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44337", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.2}, {"id": "CVE-2026-42180", "description": "Lemmy is a link aggregator and forum for the fediverse. Prior to version 0.19.18, Lemmy allows an authenticated low-privileged user to create a link post through POST /api/v3/post. When a post is created in a public community, the backend asynchronously sends a Webmention to the attacker-controlled ...", "score": 6.3, "severity": "MEDIUM", "published": "2026-05-08T20:16:31.023Z", "lastModified": "2026-05-13T18:16:15.470", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42180", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.2}, {"id": "CVE-2026-42344", "description": "FastGPT is an AI Agent building platform. In versions 4.14.11 and prior, FastGPT's isInternalAddress() function in packages/service/common/system/utils.ts is vulnerable to DNS rebinding (TOCTOU \u2014 Time-of-Check to Time-of-Use). The function resolves the hostname via dns.resolve4()/dns.resolve6() and ...", "score": 6.3, "severity": "MEDIUM", "published": "2026-05-08T23:16:37.177Z", "lastModified": "2026-05-12T16:40:21.437", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42344", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.2}, {"id": "CVE-2026-42451", "description": "Grimmory is a self-hosted digital library. Prior to version 2.3.1, a stored cross-site scripting (XSS) vulnerability in Grimmory's browser-based EPUB reader allows an attacker to embed arbitrary JavaScript in a crafted EPUB file. When a victim opens the book, the script executes in their browser wit...", "score": 6.3, "severity": "MEDIUM", "published": "2026-05-08T23:16:38.680Z", "lastModified": "2026-05-13T16:49:32.233", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42451", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.2}, {"id": "CVE-2026-44284", "description": "FastGPT is an AI Agent building platform. Prior to version 4.14.17, FastGPT had an inconsistent SSRF protection gap in MCP tool URL handling. The direct MCP preview/run endpoints already rejected internal/private network URLs, but the MCP tool create/update endpoints could still save an internal MCP...", "score": 6.3, "severity": "MEDIUM", "published": "2026-05-08T23:16:39.507Z", "lastModified": "2026-05-12T16:40:21.437", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44284", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.2}, {"id": "CVE-2026-8185", "description": "A security vulnerability has been detected in UGREEN CM933 1.1.59.4319. The impacted element is an unknown function of the component Administrative Interface. Such manipulation leads to missing authentication. The attack requires being on the local network. You should upgrade the affected component....", "score": 6.3, "severity": "MEDIUM", "published": "2026-05-09T11:16:28.203Z", "lastModified": "2026-05-11T15:11:48.807", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8185", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.2}, {"id": "CVE-2026-8188", "description": "A vulnerability has been found in Wavlink NU516U1 M16U1_V240425. Affected is the function change_wifi_password of the file /cgi-bin/adm.cgi. The manipulation of the argument wl_channel/wl_Pass/EncrypType leads to os command injection. It is possible to initiate the attack remotely. The exploit has b...", "score": 6.3, "severity": "MEDIUM", "published": "2026-05-09T16:16:08.870Z", "lastModified": "2026-05-13T16:09:33.683", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8188", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.2}, {"id": "CVE-2026-8189", "description": "A vulnerability was found in Wavlink NU516U1 M16U1_V240425. Affected by this vulnerability is the function wzdrepeater of the file /cgi-bin/adm.cgi. The manipulation of the argument wlan_bssid/sel_Automode/sel_EncrypTyp results in os command injection. It is possible to launch the attack remotely. T...", "score": 6.3, "severity": "MEDIUM", "published": "2026-05-09T17:16:08.333Z", "lastModified": "2026-05-13T16:09:41.807", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8189", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.2}, {"id": "CVE-2026-8190", "description": "A vulnerability was determined in Wavlink NU516U1 M16U1_V240425. Affected by this issue is the function wan of the file /cgi-bin/adm.cgi. This manipulation of the argument ppp_username/ppp_passwd/rwan_ip/rwan_mask/rwan_gateway is directly passed by the attacker/so we can control the ppp_username/ppp...", "score": 6.3, "severity": "MEDIUM", "published": "2026-05-09T18:16:22.293Z", "lastModified": "2026-05-13T16:10:02.977", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8190", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.2}, {"id": "CVE-2026-8191", "description": "A vulnerability was identified in Wavlink NU516U1 M16U1_V240425. This affects the function wifi_region of the file /cgi-bin/adm.cgi. Such manipulation of the argument skiplist1/skiplist2 leads to os command injection. The attack can be launched remotely. The exploit is publicly available and might b...", "score": 6.3, "severity": "MEDIUM", "published": "2026-05-09T19:16:09.093Z", "lastModified": "2026-05-13T16:10:09.957", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8191", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.2}, {"id": "CVE-2026-8192", "description": "A security flaw has been discovered in Wavlink NU516U1 M16U1_V240425. This vulnerability affects the function wzdap of the file /cgi-bin/adm.cgi. Performing a manipulation of the argument EncrypType/wl_Pass is directly passed by the attacker/so we can control the EncrypType/wl_Pass results in os com...", "score": 6.3, "severity": "MEDIUM", "published": "2026-05-09T19:16:10.127Z", "lastModified": "2026-05-13T16:10:17.210", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8192", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.2}, {"id": "CVE-2026-8193", "description": "A weakness has been identified in Akaunting 3.1.21. This issue affects some unknown processing of the file config/dompdf.php of the component Invoice PDF Rendering. Executing a manipulation can lead to server-side request forgery. The attack may be launched remotely. The exploit has been made availa...", "score": 6.3, "severity": "MEDIUM", "published": "2026-05-09T19:16:10.290Z", "lastModified": "2026-05-11T15:11:48.807", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8193", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.2}, {"id": "CVE-2026-8217", "description": "A security flaw has been discovered in Industrial Application Software IAS Canias ERP 8.03. Impacted is the function Runtime.getRuntime.exec of the component RMI Interface. Performing a manipulation of the argument troiaCode results in os command injection. The attack may be initiated remotely. The ...", "score": 6.3, "severity": "MEDIUM", "published": "2026-05-10T02:16:08.833Z", "lastModified": "2026-05-11T16:17:40.917", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8217", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.2}, {"id": "CVE-2026-8227", "description": "A weakness has been identified in Wavlink NU516U1 240425. This issue affects the function wzdapMesh of the file /cgi-bin/adm.cgi. This manipulation causes os command injection. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks. The ...", "score": 6.3, "severity": "MEDIUM", "published": "2026-05-10T05:16:12.407Z", "lastModified": "2026-05-13T16:10:33.243", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8227", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.2}, {"id": "CVE-2026-8228", "description": "A security vulnerability has been detected in Wavlink NU516U1 240425. Impacted is the function advance of the file /cgi-bin/wireless.cgi. Such manipulation of the argument wlan_conf/Channel/skiplist/ieee_80211h leads to os command injection. The attack may be launched remotely. The exploit has been ...", "score": 6.3, "severity": "MEDIUM", "published": "2026-05-10T05:16:12.573Z", "lastModified": "2026-05-13T16:10:39.620", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8228", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.2}, {"id": "CVE-2026-8229", "description": "A vulnerability was detected in Wavlink NU516U1 240425. The affected element is the function WifiBasic of the file /cgi-bin/wireless.cgi. Performing a manipulation of the argument AuthMethod/EncrypType results in os command injection. Remote exploitation of the attack is possible. The exploit is now...", "score": 6.3, "severity": "MEDIUM", "published": "2026-05-10T05:16:12.737Z", "lastModified": "2026-05-12T17:37:58.460", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8229", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.2}, {"id": "CVE-2026-8230", "description": "A flaw has been found in Wavlink NU516U1 240425. The impacted element is the function sys_login1 of the file /cgi-bin/login.cgi. Executing a manipulation of the argument ipaddr can lead to os command injection. The attack can be executed remotely. The exploit has been published and may be used. The ...", "score": 6.3, "severity": "MEDIUM", "published": "2026-05-10T05:16:12.900Z", "lastModified": "2026-05-12T17:37:46.460", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8230", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.2}, {"id": "CVE-2026-8231", "description": "A vulnerability has been found in CodeAstro Online Catering Ordering System 1.0. This affects an unknown function of the file /deleteorder.php. The manipulation of the argument ID leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public ...", "score": 6.3, "severity": "MEDIUM", "published": "2026-05-10T06:16:08.597Z", "lastModified": "2026-05-13T14:48:30.143", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8231", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.2}, {"id": "CVE-2026-8202", "description": "Using a densely populated chars mask and a large input string in the MongoDB aggregation operators $trim, $ltrim, and $rtrim, an authenticated user with aggregation permissions can pin CPU utilization at 100% for an extended period of time.\n\nThis issue impacts MongoDB Server v7.0 versions prior to 7...", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-13T04:17:42.037Z", "lastModified": "2026-05-13T15:34:29.847", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8202", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.2}, {"id": "CVE-2025-9988", "description": "The Broadstreet plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the create_advertiser AJAX action in all versions up to, and including, 1.53.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create adverti...", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-13T05:16:13.607Z", "lastModified": "2026-05-13T14:43:46.717", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9988", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.2}, {"id": "CVE-2026-3426", "description": "The RTMKit Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the save_widget() and reset_all_widgets() functions in all versions up to, and including, 2.0.2. This makes it possible for authenticated attackers, with Author...", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-13T13:16:41.220Z", "lastModified": "2026-05-13T14:43:46.717", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3426", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.2}, {"id": "CVE-2026-42950", "description": "ELECOM wireless LAN access point devices do not check if language parameter has an appropriate value. If a user views a malicious page while logged in, the admin page on the user's web browser may become broken.", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-13T13:16:44.200Z", "lastModified": "2026-05-13T15:47:10.327", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42950", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.2}, {"id": "CVE-2026-42961", "description": "ELECOM wireless LAN access point devices implement CSRF protection mechanism, but with inadequate handling of CSRF tokens. If a user views a malicious page while logged in, the user may be tricked to do unintended operations.", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-13T13:16:44.337Z", "lastModified": "2026-05-13T15:47:10.327", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42961", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.2}, {"id": "CVE-2026-4607", "description": "The ProfileGrid \u2013 User Profiles, Groups and Communities plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.9.8.4. This is due to the plugin not properly verifying that a user is authorized to perform an action via the pm_set_group_order, pm_set_group_i...", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-13T14:17:58.057Z", "lastModified": "2026-05-13T14:43:46.717", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4607", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.2}, {"id": "CVE-2020-37217", "description": "Easy2Pilot 7 contains a cross-site request forgery vulnerability that allows attackers to add unauthorized user accounts by tricking authenticated administrators into visiting malicious pages. Attackers can craft HTML forms targeting the admin.php?action=add_user endpoint with POST requests containi...", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-13T16:16:33.013Z", "lastModified": "2026-05-13T17:07:21.030", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-37217", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.2}, {"id": "CVE-2026-42058", "description": "An authenticated attacker's undisclosed requests to BIG-IP iControl REST can lead to an information leak of BIG-IP local user account names.\u00a0 Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-13T16:16:46.243Z", "lastModified": "2026-05-13T16:27:11.127", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42058", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.2}, {"id": "CVE-2026-44458", "description": "Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.18, the JSX renderer escapes style attribute object values for HTML but not for CSS. Untrusted input in a style object value or property name can therefore inject additional CSS declarations into the ...", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-13T16:16:57.837Z", "lastModified": "2026-05-13T18:32:16.733", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44458", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.2}, {"id": "CVE-2026-28374", "description": "Editors could delete any annotation, even those they do not have read access to. The editor user cannot create or read the annotations.", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-13T20:16:19.583Z", "lastModified": "2026-05-14T16:21:02.930", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28374", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.2}, {"id": "CVE-2026-44919", "description": "In OpenStack Ironic through 35.x before a3f6d73, during image handling, an infinite loop in checksum calculations can occur via the file:///dev/zero URL.", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-14T02:17:21.773Z", "lastModified": "2026-05-14T18:30:57.103", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44919", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.2}, {"id": "CVE-2026-7525", "description": "The My Calendar \u2013 Accessible Event Manager plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.7.9. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-14T05:16:45.947Z", "lastModified": "2026-05-14T14:29:01.600", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7525", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.2}, {"id": "CVE-2026-7648", "description": "The LearnPress \u2013 WordPress LMS Plugin for Create and Sell Online Courses plugin for WordPress is vulnerable to payment bypass through user-controlled key in all versions up to, and including, 4.3.5. This is due to improper handling of user-supplied request parameters in the REST API endpoint, which ...", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-14T05:16:46.080Z", "lastModified": "2026-05-14T14:29:01.600", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7648", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.2}, {"id": "CVE-2025-13874", "description": "GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.1 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with Guest permissions to view issues in projects they were not authorized to access.", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-14T06:16:20.617Z", "lastModified": "2026-05-14T16:20:43.240", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13874", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.2}, {"id": "CVE-2026-1338", "description": "GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with developer-role permissions to delete protected container registry tags due to improper authorization check...", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-14T06:16:21.520Z", "lastModified": "2026-05-14T16:20:43.240", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1338", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.2}, {"id": "CVE-2026-3073", "description": "GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.6 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with developer-role permissions to bypass PyPI package protection rules and upload restricted packages due to im...", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-14T06:16:22.240Z", "lastModified": "2026-05-14T16:20:43.240", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3073", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.2}, {"id": "CVE-2026-3074", "description": "GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to download private debugging symbols from inaccessible projects due to improper access control.", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-14T06:16:22.400Z", "lastModified": "2026-05-14T16:20:43.240", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3074", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.2}, {"id": "CVE-2026-3607", "description": "GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.3 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with developer-role permissions to bypass package protection rules due to improper access control.", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-14T06:16:22.790Z", "lastModified": "2026-05-14T16:20:43.240", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3607", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.2}, {"id": "CVE-2026-6063", "description": "GitLab has remediated an issue in GitLab EE affecting all versions from 11.10 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that under certain conditions could have allowed an authenticated user with developer-role permissions to remove code owner approval rules from merge requests d...", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-14T06:16:24.307Z", "lastModified": "2026-05-14T16:20:43.240", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6063", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.2}, {"id": "CVE-2026-8144", "description": "GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.1 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with project membership to enumerate private group members due to missing authorization checks.", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-14T06:16:25.840Z", "lastModified": "2026-05-14T18:50:26.220", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8144", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.2}, {"id": "CVE-2026-5365", "description": "The LatePoint plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 5.3.2. This is due to missing nonce verification on the request_cancellation() function. This makes it possible for unauthenticated attackers to cancel a logged-in customer's bookings v...", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-14T07:16:20.110Z", "lastModified": "2026-05-14T14:28:41.283", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5365", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.2}, {"id": "CVE-2026-6474", "description": "Externally-controlled format string in PostgreSQL timeofday() function allows an attacker to retrieve portions of server memory, via crafted timezone zones.  Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-14T14:16:24.997Z", "lastModified": "2026-05-14T16:21:23.190", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6474", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.2}, {"id": "CVE-2026-6575", "description": "Buffer over-read in PostgreSQL function pg_restore_attribute_stats() accepts array values of unmatched length, which causes query planning to read past end of one array.  This allows a table maintainer to infer memory values past that array end.  Within major version 18, minor versions before Postgr...", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-14T14:16:25.693Z", "lastModified": "2026-05-14T16:21:23.190", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6575", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.2}, {"id": "CVE-2026-44374", "description": "Backstage is an open framework for building developer portals. Prior to 0.6.11, the unprocessed entities read endpoints in @backstage/plugin-catalog-backend-module-unprocessed do not enforce permission authorization checks. Any authenticated user can access unprocessed entity records regardless of o...", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-14T15:16:48.250Z", "lastModified": "2026-05-14T18:17:11.253", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44374", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.2}, {"id": "CVE-2026-44501", "description": "DataHub is an open-source metadata platform. Prior to 1.5.0.3, The DataHub frontend (datahub-frontend-react) deserializes attacker-controlled Java objects from the REDIRECT_URL HTTP cookie during the OIDC callback flow, with no integrity protection (no HMAC, no encryption). This is a Deserialization...", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-14T16:16:24.073Z", "lastModified": "2026-05-14T18:12:13.527", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44501", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.2}, {"id": "CVE-2025-62311", "description": "HCL AION is affected by a vulnerability where backend service details may be transmitted over insecure HTTP channels. This may expose sensitive information to potential interception or unauthorized access during transmission under certain conditions", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-14T17:16:18.337Z", "lastModified": "2026-05-14T17:22:46.577", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62311", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.2}, {"id": "CVE-2026-45448", "description": "CWE-601 URL redirection to untrusted site ('open redirect')", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-14T17:16:23.640Z", "lastModified": "2026-05-14T18:24:08.747", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45448", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.2}, {"id": "CVE-2026-45147", "description": "SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, POST /api/tag/getTag is registered with model.CheckAuth only, omitting both model.CheckAdminRole and model.CheckReadonly, despite the handler performing a configuration write that is normally guarded by both. Any authenti...", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-14T19:16:38.630Z", "lastModified": "2026-05-14T21:22:56.313", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45147", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.2}, {"id": "CVE-2026-45148", "description": "SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, broken access control in the searchAsset, searchTag, searchWidget, and searchTemplate publish-mode Readers can enumerate metadata from documents that are invisible to the publish service. This vulnerability is fixed in 3....", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-14T19:16:38.760Z", "lastModified": "2026-05-14T21:22:56.313", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45148", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.2}, {"id": "CVE-2026-8552", "description": "Heap buffer overflow in GPU in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-14T20:17:16.300Z", "lastModified": "2026-05-14T22:16:48.987", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8552", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 32.2}, {"id": "CVE-2026-8559", "description": "Integer overflow in Internationalization in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-14T20:17:17.977Z", "lastModified": "2026-05-14T22:16:49.410", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8559", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 32.2}, {"id": "CVE-2026-8560", "description": "Heap buffer overflow in SwiftShader in Google Chrome on Mac and iOS prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-14T20:17:18.083Z", "lastModified": "2026-05-14T22:16:49.553", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8560", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 32.2}, {"id": "CVE-2026-8567", "description": "Integer overflow in ANGLE in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Medium)", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-14T20:17:18.900Z", "lastModified": "2026-05-14T22:16:50.147", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8567", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 32.2}, {"id": "CVE-2026-40612", "description": "jq is a command-line JSON processor. In 1.8.1 and earlier, jv_contains recurses into nested arrays/objects with no depth limit. With a sufficiently nested input structure (built programmatically with reduce, since the JSON parser caps at depth 10000), the C stack is exhausted.", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-11T18:16:33.670Z", "lastModified": "2026-05-13T17:00:14.590", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40612", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.0}, {"id": "CVE-2026-41256", "description": "jq is a command-line JSON processor. In 1.8.1 and earlier, Top-level jq programs loaded from a file with -f are truncated at the first embedded NUL byte on current upstream HEAD. A crafted filter file such as . followed by \\x00 and arbitrary suffix compiles and executes as only the prefix before the...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-11T18:16:33.983Z", "lastModified": "2026-05-13T17:00:49.953", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41256", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.0}, {"id": "CVE-2026-41257", "description": "jq is a command-line JSON processor. In 1.8.1 and earlier, the jq bytecode VM's data stack tracks its allocation size in a signed int. When the stack grows beyond \u22481 GiB (via deeply nested generator forks), the doubling arithmetic overflows. The wrapped value is passed to realloc and then used for a...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-11T18:16:34.127Z", "lastModified": "2026-05-13T17:01:01.423", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41257", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.0}, {"id": "CVE-2026-44777", "description": "jq is a command-line JSON processor. In 1.8.2rc1 and earlier, the ordinary module loader recurses without cycle detection when two\notherwise valid modules include each other.", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-11T18:16:38.517Z", "lastModified": "2026-05-13T17:05:31.310", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44777", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.0}, {"id": "CVE-2026-42050", "description": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-21 and 6.9.13-46, a malicious MIFF file could trigger an overflow when a user opens it in the display tool and right-clicks a tile to invoke the Load / Update menu item. This vulnerability i...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-11T20:25:42.280Z", "lastModified": "2026-05-13T19:38:45.640", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42050", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.0}, {"id": "CVE-2026-20696", "description": "An authorization issue was addressed with improved state management. This issue is fixed in macOS Tahoe 26.4. An app may be able to access sensitive user data.", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-11T21:18:50.830Z", "lastModified": "2026-05-12T19:48:01.077", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20696", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.0}, {"id": "CVE-2026-28914", "description": "A logic issue was addressed with improved file handling. This issue is fixed in macOS Tahoe 26.5. A maliciously crafted ZIP archive may bypass Gatekeeper checks.", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-11T21:18:53.903Z", "lastModified": "2026-05-14T14:02:16.887", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28914", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.0}, {"id": "CVE-2026-28958", "description": "This issue was addressed with improved data protection. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, visionOS 26.5. An app may be able to access sensitive user data.", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-11T21:18:56.887Z", "lastModified": "2026-05-13T21:16:44.293", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28958", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.0}, {"id": "CVE-2026-28988", "description": "A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, visionOS 26.5, watchOS 26.5. An app may be able to bypass certain Privacy preferences.", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-11T21:18:58.820Z", "lastModified": "2026-05-13T14:43:00.073", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28988", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.0}, {"id": "CVE-2026-28993", "description": "This issue was addressed by adding an additional prompt for user consent. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, visionOS 26.5. An app may be able to access user-sensitive data.", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-11T21:18:59.220Z", "lastModified": "2026-05-13T14:07:29.720", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28993", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.0}, {"id": "CVE-2026-28996", "description": "A race condition was addressed with additional validation. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. An app may be able to access sensitive user data.", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-11T21:18:59.520Z", "lastModified": "2026-05-14T14:01:59.417", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28996", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.0}, {"id": "CVE-2026-32185", "description": "Files or directories accessible to external parties in Microsoft Teams allows an unauthorized attacker to perform spoofing locally.", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-12T18:16:59.430Z", "lastModified": "2026-05-13T15:34:52.573", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32185", "is_exploited": false, "epss": 0, "vendor": "MICROSOFT", "mts_score": 32.0}, {"id": "CVE-2026-34339", "description": "Null pointer dereference in Windows LDAP - Lightweight Directory Access Protocol allows an authorized attacker to deny service locally.", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-12T18:17:08.130Z", "lastModified": "2026-05-14T15:14:01.550", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34339", "is_exploited": false, "epss": 0, "vendor": "WINDOWS", "mts_score": 32.0}, {"id": "CVE-2026-34662", "description": "Illustrator versions 29.8.6, 30.3 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue re...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-12T18:17:11.123Z", "lastModified": "2026-05-12T19:15:50.950", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34662", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.0}, {"id": "CVE-2026-34663", "description": "Illustrator versions 29.8.6, 30.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim ...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-12T18:17:11.253Z", "lastModified": "2026-05-12T19:13:59.580", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34663", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.0}, {"id": "CVE-2026-35419", "description": "Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally.", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-12T18:17:12.437Z", "lastModified": "2026-05-14T15:52:39.053", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35419", "is_exploited": false, "epss": 0, "vendor": "WINDOWS", "mts_score": 32.0}, {"id": "CVE-2026-35440", "description": "Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally.", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-12T18:17:14.287Z", "lastModified": "2026-05-13T15:34:52.573", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35440", "is_exploited": false, "epss": 0, "vendor": "MICROSOFT", "mts_score": 32.0}, {"id": "CVE-2026-41612", "description": "Relative path traversal in Visual Studio Code allows an unauthorized attacker to disclose information locally.", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-12T18:17:23.113Z", "lastModified": "2026-05-13T15:34:52.573", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41612", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.0}, {"id": "CVE-2026-44279", "description": "A improper export of android application components vulnerability in Fortinet FortiTokenAndroid 6.2 all versions, FortiTokenAndroid 6.1 all versions, FortiTokenAndroid 5.2 all versions may allow attacker to improper access control via <insert attack vector here>", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-12T18:17:30.330Z", "lastModified": "2026-05-12T18:57:02.307", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44279", "is_exploited": false, "epss": 0, "vendor": "ANDROID", "mts_score": 32.0}, {"id": "CVE-2026-35504", "description": "PowerSYSTEM Center email notification service is affected by a CRLF injection vulnerability when using SMTPS communication.", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-12T21:16:15.417Z", "lastModified": "2026-05-13T15:52:56.850", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35504", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 32.0}, {"id": "CVE-2026-5174", "description": "Improper input validation vulnerability in Progress Software MOVEit Automation allows Privilege Escalation.\n\nThis issue affects MOVEit Automation: from 2025.1.0 before 2025.1.5, from 2025.0.0 before 2025.0.9, from 2024.0.0 before 2024.1.8, versions prior to 2024.0.0.", "score": 7.7, "severity": "HIGH", "published": "2026-04-30T16:16:44.330Z", "lastModified": "2026-05-04T16:47:30.733", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5174", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.8}, {"id": "CVE-2026-43824", "description": "In Argo CD 3.2.0 before 3.2.11 and 3.3.0 before 3.3.9, ServerSideDiff allows reading cleartext Kubernetes Secret data.", "score": 7.7, "severity": "HIGH", "published": "2026-05-02T02:16:00.747Z", "lastModified": "2026-05-05T19:47:31.297", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43824", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.8}, {"id": "CVE-2026-42436", "description": "OpenClaw before 2026.4.14 contains an improper access control vulnerability in browser snapshot, screenshot, and tab routes that fail to consistently validate the final browser target after navigation. Authenticated callers can bypass SSRF restrictions to expose internal or disallowed page content b...", "score": 7.7, "severity": "HIGH", "published": "2026-05-05T12:16:18.050Z", "lastModified": "2026-05-05T19:47:31.297", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42436", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.8}, {"id": "CVE-2026-42438", "description": "OpenClaw versions 2026.4.9 before 2026.4.10 contain a sender policy bypass vulnerability in the outbound host-media attachment read helper that allows unauthorized local file disclosure. Attackers with denied read access via toolsBySender or group policy can trigger host-media attachment loading to ...", "score": 7.7, "severity": "HIGH", "published": "2026-05-05T12:16:18.327Z", "lastModified": "2026-05-07T01:59:57.980", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42438", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.8}, {"id": "CVE-2026-43527", "description": "OpenClaw before 2026.4.14 contains a server-side request forgery vulnerability in browser SSRF policy that allows private-network navigation by default. Attackers can exploit this misconfiguration to access internal services or metadata endpoints through browser-driven requests.", "score": 7.7, "severity": "HIGH", "published": "2026-05-05T12:16:18.777Z", "lastModified": "2026-05-07T13:29:50.837", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43527", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.8}, {"id": "CVE-2026-43532", "description": "OpenClaw versions 2026.4.7 before 2026.4.10 fail to normalize Discord event cover image parameters in sandbox media processing. Attackers can bypass media normalization to inject host-local media references into channel action paths expecting normalized media.", "score": 7.7, "severity": "HIGH", "published": "2026-05-05T12:16:19.473Z", "lastModified": "2026-05-07T01:54:05.087", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43532", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.8}, {"id": "CVE-2026-43573", "description": "OpenClaw before 2026.4.10 contains a server-side request forgery policy bypass vulnerability in existing-session browser interaction routes. Attackers can bypass SSRF navigation guards to interact with or navigate to unauthorized targets without policy enforcement.", "score": 7.7, "severity": "HIGH", "published": "2026-05-05T12:16:21.163Z", "lastModified": "2026-05-07T17:03:34.957", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43573", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.8}, {"id": "CVE-2026-36355", "description": "The rtl8192cd Wi-Fi kernel driver in the Realtek rtl819x Jungle SDK (all known versions through v3.4.14B) does not perform any access control checks on the write_mem (ioctl 0x89F5) and read_mem (ioctl 0x89F6) debug handlers, which are compiled into production builds via the unconditionally defined _...", "score": 7.7, "severity": "HIGH", "published": "2026-05-05T14:16:08.737Z", "lastModified": "2026-05-07T15:53:49.717", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-36355", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.8}, {"id": "CVE-2026-42997", "description": "An issue was discovered in idrac in OpenStack Ironic before 35.0.1. During import, a user invoking molds can request authorization to be sent to a remote endpoint. The credential forwarded is a time-limited Keystone token (which provides access to all OpenStack services Ironic is authorized for); or...", "score": 7.7, "severity": "HIGH", "published": "2026-05-05T19:16:22.817Z", "lastModified": "2026-05-07T15:53:49.717", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42997", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.8}, {"id": "CVE-2026-20167", "description": "A vulnerability in the web-based management interface of Cisco IoT Field Network Director could allow an authenticated, remote attacker with low privileges to cause a DoS condition on a remotely managed router.\r\n\r\nThis vulnerability is due to improper error handling. An attacker could exploit this v...", "score": 7.7, "severity": "HIGH", "published": "2026-05-06T17:16:20.433Z", "lastModified": "2026-05-06T18:59:53.230", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20167", "is_exploited": false, "epss": 0, "vendor": "CISCO", "mts_score": 31.8}, {"id": "CVE-2026-20185", "description": "A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of&nbsp;Cisco 350 Series Managed Switches (SG350) and Cisco 350X Series Stackable Managed Switches (SG350X)&nbsp;firmware could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affect...", "score": 7.7, "severity": "HIGH", "published": "2026-05-06T17:16:21.050Z", "lastModified": "2026-05-06T18:59:53.230", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20185", "is_exploited": false, "epss": 0, "vendor": "CISCO", "mts_score": 31.8}, {"id": "CVE-2026-43576", "description": "OpenClaw before 2026.4.5 contains a server-side request forgery vulnerability in the CDP /json/version WebSocket endpoint that allows attackers to pivot to untrusted second-hop targets. The webSocketDebuggerUrl response field is not properly validated, enabling attackers to redirect connections to a...", "score": 7.7, "severity": "HIGH", "published": "2026-05-06T20:16:33.240Z", "lastModified": "2026-05-07T17:04:04.453", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43576", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.8}, {"id": "CVE-2026-43580", "description": "OpenClaw before 2026.4.10 contains an incomplete navigation guard vulnerability that allows attackers to trigger navigation without complete SSRF policy enforcement. Browser press/type style interactions, including pressKey and type submit flows, can bypass post-action security checks to execute una...", "score": 7.7, "severity": "HIGH", "published": "2026-05-06T20:16:33.783Z", "lastModified": "2026-05-07T14:41:27.133", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43580", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.8}, {"id": "CVE-2026-44113", "description": "OpenClaw before 2026.4.22 contains a time-of-check/time-of-use race condition in the OpenShell filesystem bridge that allows attackers to read files outside the intended mount root. Attackers can exploit symlink swaps during filesystem operations to bypass sandbox restrictions and access unauthorize...", "score": 7.7, "severity": "HIGH", "published": "2026-05-06T20:16:35.207Z", "lastModified": "2026-05-13T16:16:54.167", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44113", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.8}, {"id": "CVE-2026-41511", "description": "OpenMcdf is a fully .NET / C# library to manipulate Compound File Binary File Format files, also known as Structured Storage. Prior to version 3.1.3, OpenMcdf does not detect cycles in the directory entry red-black tree of a Compound File Binary (CFB) document. A crafted CFB file with a cycle in the...", "score": 6.2, "severity": "MEDIUM", "published": "2026-05-08T19:16:31.363Z", "lastModified": "2026-05-13T17:26:28.013", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41511", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.8}, {"id": "CVE-2026-42199", "description": "Grid is a data structure grid for rust. From version 0.17.0 to before version 1.0.1, an integer overflow in Grid::expand_rows() can corrupt the relationship between the grid\u2019s logical dimensions and its backing storage. After the internal invariant is broken, the safe API get() may invoke get_unchec...", "score": 6.2, "severity": "MEDIUM", "published": "2026-05-08T22:16:31.547Z", "lastModified": "2026-05-13T16:52:48.773", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42199", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.8}, {"id": "CVE-2022-50954", "description": "WordPress Plugin cab-fare-calculator 1.0.3 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the controller parameter in tblight.php. Attackers can supply path traversal sequences through the controller GET parameter to includ...", "score": 6.2, "severity": "MEDIUM", "published": "2026-05-10T13:16:32.917Z", "lastModified": "2026-05-12T14:24:15.210", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50954", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.8}, {"id": "CVE-2022-50956", "description": "WordPress Plugin amministrazione-aperta 3.7.3 contains a local file read vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting insufficient input validation in the open parameter. Attackers can supply file paths through the open GET parameter in dispatcher.php to ...", "score": 6.2, "severity": "MEDIUM", "published": "2026-05-10T13:16:33.180Z", "lastModified": "2026-05-12T14:24:15.210", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50956", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.8}, {"id": "CVE-2026-8564", "description": "Incorrect security UI in Downloads in Google Chrome on Android and Mac prior to 148.0.7778.168 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)", "score": 4.2, "severity": "MEDIUM", "published": "2026-05-14T20:17:18.550Z", "lastModified": "2026-05-14T22:16:49.850", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8564", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 31.8}, {"id": "CVE-2026-8584", "description": "Inappropriate implementation in Views in Google Chrome on iOS prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)", "score": 4.2, "severity": "MEDIUM", "published": "2026-05-14T20:17:20.797Z", "lastModified": "2026-05-14T22:16:51.530", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8584", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 31.8}, {"id": "CVE-2025-65415", "description": "docuFORM Managed Print Service Client 11.11c is vulnerable to a session fixation attack via the login page of the application.", "score": 5.4, "severity": "MEDIUM", "published": "2026-05-11T16:17:28.943Z", "lastModified": "2026-05-12T15:05:31.120", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65415", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.6}, {"id": "CVE-2026-42842", "description": "The form plugin for Grav adds the ability to create and use forms. Prior to 9.1.0, a Stored Cross-Site Scripting (XSS) vulnerability exists in the Grav CMS Form plugin's select field template. Taxonomy tag and category values are rendered with the Twig |raw filter in the admin panel, bypassing the g...", "score": 5.4, "severity": "MEDIUM", "published": "2026-05-11T17:16:33.873Z", "lastModified": "2026-05-13T16:04:38.397", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42842", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.6}, {"id": "CVE-2026-38569", "description": "HireFlow v1.2 is vulnerable to Cross Site Scripting (XSS) in candidate_detail.html via the Resume or Feedback Comment fields via POST /candidates/add or POST /feedback/add.", "score": 5.4, "severity": "MEDIUM", "published": "2026-05-11T18:16:33.087Z", "lastModified": "2026-05-12T15:05:31.120", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-38569", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.6}, {"id": "CVE-2026-43638", "description": "Bitwarden Server prior to v2026.4.1 contains a missing authorization vulnerability that allows any authenticated user to write ciphers into an arbitrary organization via `POST /ciphers/import-organization` by submitting an empty `collections` array, which causes the server-side permission check to b...", "score": 5.4, "severity": "MEDIUM", "published": "2026-05-11T18:16:36.823Z", "lastModified": "2026-05-13T15:29:03.597", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43638", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.6}, {"id": "CVE-2026-44993", "description": "OpenClaw before 2026.4.20 contains a message classification vulnerability in Feishu card-action callbacks that misclassifies direct messages as group conversations. Attackers can bypass dmPolicy enforcement by triggering card-action flows in direct message conversations that should have been blocked...", "score": 5.4, "severity": "MEDIUM", "published": "2026-05-11T18:16:39.103Z", "lastModified": "2026-05-13T14:11:07.170", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44993", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.6}, {"id": "CVE-2026-44998", "description": "OpenClaw before 2026.4.20 contains a tool policy bypass vulnerability allowing bundled MCP and LSP tools to circumvent configured tool restrictions. Attackers with local agent access can append restricted tools to the effective tool set after policy filtering, bypassing profile policies, allow/deny ...", "score": 5.4, "severity": "MEDIUM", "published": "2026-05-11T18:16:39.817Z", "lastModified": "2026-05-13T14:12:32.077", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44998", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.6}, {"id": "CVE-2026-28819", "description": "An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to execute arbitrary code with kernel privileges.", "score": 5.4, "severity": "MEDIUM", "published": "2026-05-11T21:18:50.937Z", "lastModified": "2026-05-13T14:00:07.130", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28819", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.6}, {"id": "CVE-2026-43877", "description": "WWBN AVideo is an open source video platform. In versions up to and including 29.0, objects/userSavePhoto.php is a legacy profile-photo endpoint that accepts a base64 POST parameter and writes the decoded bytes to videos/userPhoto/photo<users_id>.png. Its only access control is User::isLogged(). It ...", "score": 5.4, "severity": "MEDIUM", "published": "2026-05-11T22:22:12.113Z", "lastModified": "2026-05-12T18:17:28.270", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43877", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.6}, {"id": "CVE-2026-43879", "description": "WWBN AVideo is an open source video platform. In versions up to and including 29.0, an authenticated user can configure their own donation-notification webhook URL to point at internal/loopback/metadata hosts (e.g. http://127.0.0.1:8080/..., http://169.254.169.254/latest/..., RFC1918 addresses). Whe...", "score": 5.4, "severity": "MEDIUM", "published": "2026-05-11T22:22:12.390Z", "lastModified": "2026-05-12T15:13:21.560", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43879", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.6}, {"id": "CVE-2026-0502", "description": "Due to insufficient CSRF protection in SAP BusinessObjects Business Intelligence Platform ,an authenticated user could be tricked by an attacker to send unintended requests to the web server. This has low impact on integrity and availability of the application. There is no impact on confidentiality ...", "score": 5.4, "severity": "MEDIUM", "published": "2026-05-12T03:16:10.480Z", "lastModified": "2026-05-12T14:19:41.400", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0502", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.6}, {"id": "CVE-2026-40132", "description": "Due to missing authorization check in SAP Strategic Enterprise Management (Scorecard Wizard in Business Server Pages), an authenticated attacker could access information that they are otherwise unauthorized to view. This vulnerability also enables the attacker to change the default settings and modi...", "score": 5.4, "severity": "MEDIUM", "published": "2026-05-12T03:16:12.043Z", "lastModified": "2026-05-12T14:19:41.400", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40132", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.6}, {"id": "CVE-2026-1185", "description": "A configuration file on the local file system had improper input validation which could allow code execution and potentially lead to privilege escalation. This vulnerability can only be exploited if an attacker can\u00a0log in to the Axis device using SSH.", "score": 5.4, "severity": "MEDIUM", "published": "2026-05-12T07:16:09.720Z", "lastModified": "2026-05-12T14:13:03.510", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1185", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.6}, {"id": "CVE-2026-45210", "description": "Missing Authorization vulnerability in Broadstreet Broadstreet Ads broadstreet allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Broadstreet Ads: from n/a through <= 1.52.2.", "score": 5.4, "severity": "MEDIUM", "published": "2026-05-12T11:16:20.357Z", "lastModified": "2026-05-12T14:03:52.757", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45210", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.6}, {"id": "CVE-2025-70842", "description": "A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the File Management module of FluentCMS 1.2.3. The flaw allows an authenticated administrator to upload crafted SVG files containing malicious JavaScript code. Once uploaded, the script executes in the browser of any user who access...", "score": 5.4, "severity": "MEDIUM", "published": "2026-05-12T15:16:12.163Z", "lastModified": "2026-05-13T15:43:05.440", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-70842", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.6}, {"id": "CVE-2023-30059", "description": "An insecure direct object reference in MK-Auth 23.01K4.9 allows attackers to access and send support calls for other users via manipulation of the chamado parameter through a crafted GET request.", "score": 5.4, "severity": "MEDIUM", "published": "2026-05-12T16:16:12.137Z", "lastModified": "2026-05-13T15:48:11.537", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30059", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.6}, {"id": "CVE-2026-25088", "description": "An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiNDR 7.6.0 through 7.6.2, FortiNDR 7.4.0 through 7.4.9, FortiNDR 7.2 all versions, FortiNDR 7.1 all versions, FortiNDR 7.0 all versions may allow an authenticated attacker to execute...", "score": 5.4, "severity": "MEDIUM", "published": "2026-05-12T18:16:39.327Z", "lastModified": "2026-05-12T18:57:02.307", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25088", "is_exploited": false, "epss": 0, "vendor": "FORTINET", "mts_score": 31.6}, {"id": "CVE-2026-35423", "description": "Out-of-bounds read in Telnet Client allows an unauthorized attacker to disclose information over a network.", "score": 5.4, "severity": "MEDIUM", "published": "2026-05-12T18:17:13.077Z", "lastModified": "2026-05-14T18:03:52.820", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35423", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.6}, {"id": "CVE-2026-42838", "description": "Improper neutralization of special elements in output used by a downstream component ('injection') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to elevate privileges over a network.", "score": 5.4, "severity": "MEDIUM", "published": "2026-05-12T18:17:26.077Z", "lastModified": "2026-05-14T14:26:37.290", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42838", "is_exploited": false, "epss": 0, "vendor": "MICROSOFT", "mts_score": 31.6}, {"id": "CVE-2026-44873", "description": "A session management vulnerability in AOS-8 allows previously authenticated users to retain network access after their accounts are administratively disabled. Existing sessions are not invalidated when credentials are revoked, enabling continued access until session expiration. An attacker with comp...", "score": 5.4, "severity": "MEDIUM", "published": "2026-05-12T20:16:45.907Z", "lastModified": "2026-05-13T16:16:59.943", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44873", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.6}, {"id": "CVE-2026-41661", "description": "Admidio is an open-source user management solution. Prior to version 5.0.9, an unauthenticated attacker can execute arbitrary JavaScript in any Admidio user's browser through a reflected XSS in system/msg_window.php. The endpoint passes user input through htmlspecialchars(), which does not encode sq...", "score": 6.1, "severity": "MEDIUM", "published": "2026-05-07T04:16:29.920Z", "lastModified": "2026-05-07T16:16:20.270", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41661", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.4}, {"id": "CVE-2025-67202", "description": "Sidekiq-cron thru 2.3.1, an open-source scheduling add-on for Sidekiq, is vulnerable to a cross-site scripting (xss) vulnerability via crafted URL being rended from cron.erb.", "score": 6.1, "severity": "MEDIUM", "published": "2026-05-07T15:16:04.947Z", "lastModified": "2026-05-08T23:16:34.590", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67202", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.4}, {"id": "CVE-2026-41650", "description": "fast-xml-parser allows users to process XML from JS object without C/C++ based libraries or callbacks. Prior to version 5.7.0, XMLBuilder does not escape the \"-->\" sequence in comment content or the \"]]>\" sequence in CDATA sections when building XML from JavaScript objects. This allows XML injection...", "score": 6.1, "severity": "MEDIUM", "published": "2026-05-07T15:16:07.767Z", "lastModified": "2026-05-12T20:30:29.623", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41650", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.4}, {"id": "CVE-2026-39823", "description": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a <meta> tag's <content> attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the <content> attribute, the escaper would fail to similarly escape it, leading to XSS.", "score": 6.1, "severity": "MEDIUM", "published": "2026-05-07T20:16:43.290Z", "lastModified": "2026-05-13T16:58:45.697", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39823", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.4}, {"id": "CVE-2026-39826", "description": "If a trusted template author were to write a <script> tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the <script> block.", "score": 6.1, "severity": "MEDIUM", "published": "2026-05-07T20:16:43.490Z", "lastModified": "2026-05-13T16:59:07.480", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39826", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.4}, {"id": "CVE-2026-41929", "description": "Vvveb before 1.0.8.2 contains an unauthenticated reflected cross-site scripting vulnerability in the visual editor preview renderer that allows attackers to execute arbitrary JavaScript by manipulating the r query parameter and _component_ajax POST parameter. Attackers can craft a malicious link or ...", "score": 6.1, "severity": "MEDIUM", "published": "2026-05-07T22:16:35.450Z", "lastModified": "2026-05-08T15:47:53.060", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41929", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.4}, {"id": "CVE-2026-8106", "description": "A reflected HTML injection vulnerability was identified in the GitHub Enterprise Server Management Console login page that could allow credential theft. The redirect_to query parameter on the /setup/unlock endpoint was reflected into an HTML attribute without proper sanitization, enabling an attacke...", "score": 6.1, "severity": "MEDIUM", "published": "2026-05-07T22:16:37.377Z", "lastModified": "2026-05-11T17:12:47.430", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8106", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.4}, {"id": "CVE-2022-23961", "description": "In Thruk Monitoring through 2.46.3, the login field of the login form is vulnerable to reflected XSS. This vulnerability can be exploited by unauthenticated remote attackers to target users of the monitoring interface.", "score": 6.1, "severity": "MEDIUM", "published": "2026-05-08T05:16:08.700Z", "lastModified": "2026-05-08T16:08:15.570", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23961", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.4}, {"id": "CVE-2023-42343", "description": "A Cross Site Scripting vulnerability in Alkacon OpenCms before 10.5.1 exists via cmis-online/type.", "score": 6.1, "severity": "MEDIUM", "published": "2026-05-08T05:16:09.420Z", "lastModified": "2026-05-08T15:58:49.383", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42343", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.4}, {"id": "CVE-2023-42345", "description": "A Cross Site Scripting vulnerability in Alkacon OpenCms before 16 exists via updateModelGroups.jsp.", "score": 6.1, "severity": "MEDIUM", "published": "2026-05-08T05:16:09.703Z", "lastModified": "2026-05-08T15:58:49.383", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42345", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.4}, {"id": "CVE-2026-41575", "description": "In th30d4y/IP from version 1.0.1 to before version 2.0.1, a DOM-Based Cross-Site Scripting (XSS) vulnerability was identified in an IP Reputation Checker application. Unsanitized user input was directly rendered in the browser, allowing attackers to execute arbitrary JavaScript. This issue has been ...", "score": 6.1, "severity": "MEDIUM", "published": "2026-05-08T15:16:40.740Z", "lastModified": "2026-05-12T21:11:42.060", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41575", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.4}, {"id": "CVE-2026-42030", "description": "MapServer is a system for developing web-based GIS applications. From version 6.0 to before version 8.6.2, a reflected XSS vulnerability in MapServer's WMS server allows an unauthenticated attacker to inject arbitrary HTML/JavaScript into the browser of any user who opens a crafted WMS URL. The vuln...", "score": 6.1, "severity": "MEDIUM", "published": "2026-05-08T17:16:31.307Z", "lastModified": "2026-05-14T18:04:33.627", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42030", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.4}, {"id": "CVE-2026-6735", "description": "In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, 8.5.* before 8.5.6, due to improper sanitation of user data, it\u00a0allows an attacker to compose an URL, which will cause the target to execute arbitrary JavaScript code (XSS) on the target's machine when the target is viewi...", "score": 6.1, "severity": "MEDIUM", "published": "2026-05-10T05:16:11.213Z", "lastModified": "2026-05-12T17:43:15.637", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6735", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.4}, {"id": "CVE-2022-50943", "description": "Moodle LMS 4.0 contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting payloads through the search parameter. Attackers can inject JavaScript code via the search field in course/search.php to execute arbitrary scripts in users' br...", "score": 6.1, "severity": "MEDIUM", "published": "2026-05-10T13:16:31.997Z", "lastModified": "2026-05-13T15:27:30.370", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50943", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.4}, {"id": "CVE-2022-50957", "description": "Drupal avatar_uploader 7.x-1.0-beta8 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the file parameter. Attackers can craft URLs with script payloads in the file parameter of avatar_uploader.pages.inc to execu...", "score": 6.1, "severity": "MEDIUM", "published": "2026-05-10T13:16:33.310Z", "lastModified": "2026-05-13T15:29:03.597", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50957", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.4}, {"id": "CVE-2022-50958", "description": "WordPress Plugin Jetpack 9.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the post_id parameter. Attackers can craft URLs to the grunion-form-view.php endpoint with script payloads in the post_id parameter t...", "score": 6.1, "severity": "MEDIUM", "published": "2026-05-10T13:16:33.440Z", "lastModified": "2026-05-12T14:24:15.210", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50958", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.4}, {"id": "CVE-2022-50959", "description": "WordPress Contact Form Builder 1.6.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting the form_id parameter. Attackers can craft malicious URLs to code_generator.php with script payloads in the form_id parameter t...", "score": 6.1, "severity": "MEDIUM", "published": "2026-05-10T13:16:33.570Z", "lastModified": "2026-05-12T14:24:15.210", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50959", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.4}, {"id": "CVE-2022-50960", "description": "WordPress International Sms For Contact Form 7 Integration version 1.2 contains a reflected cross-site scripting vulnerability in the page parameter of the admin settings interface. Attackers can inject malicious scripts through the page parameter in class-sms-log-display.php to execute arbitrary Ja...", "score": 6.1, "severity": "MEDIUM", "published": "2026-05-10T13:16:33.697Z", "lastModified": "2026-05-12T14:24:15.210", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50960", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.4}, {"id": "CVE-2022-50962", "description": "uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the orders/myOrders module. The date_created, date_from, date_to, and created_at parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via crafted GET reque...", "score": 6.1, "severity": "MEDIUM", "published": "2026-05-10T13:16:33.953Z", "lastModified": "2026-05-12T14:24:15.210", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50962", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.4}, {"id": "CVE-2022-50963", "description": "uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the auctions/myAuctions/status/active module. The date_created, date_from, date_to, and created_at parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via...", "score": 6.1, "severity": "MEDIUM", "published": "2026-05-10T13:16:34.090Z", "lastModified": "2026-05-12T14:24:15.210", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50963", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.4}, {"id": "CVE-2022-50964", "description": "uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the auctions/myAuctions/status/loose module. The date_created, date_from, date_to, and created_at parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via ...", "score": 6.1, "severity": "MEDIUM", "published": "2026-05-10T13:16:34.223Z", "lastModified": "2026-05-12T14:24:15.210", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50964", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.4}, {"id": "CVE-2022-50965", "description": "uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the posts/manage module. The date_created, date_from, date_to, and created_at parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via crafted GET requests...", "score": 6.1, "severity": "MEDIUM", "published": "2026-05-10T13:16:34.357Z", "lastModified": "2026-05-12T14:24:15.210", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50965", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.4}, {"id": "CVE-2022-50966", "description": "uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the news/manage module. The date_created, date_from, date_to, and created_at parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via crafted GET requests ...", "score": 6.1, "severity": "MEDIUM", "published": "2026-05-10T13:16:34.487Z", "lastModified": "2026-05-12T14:24:15.210", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50966", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.4}, {"id": "CVE-2022-50967", "description": "uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the tickets/manage module. The date_created, date_from, date_to, and created_at parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via crafted GET reques...", "score": 6.1, "severity": "MEDIUM", "published": "2026-05-10T13:16:34.610Z", "lastModified": "2026-05-12T14:24:15.210", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50967", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.4}, {"id": "CVE-2022-50968", "description": "uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the auctions/manage module. The date_created, date_from, date_to, and created_at parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via crafted GET reque...", "score": 6.1, "severity": "MEDIUM", "published": "2026-05-10T13:16:34.737Z", "lastModified": "2026-05-12T14:24:15.210", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50968", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.4}, {"id": "CVE-2022-50969", "description": "uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the backend/mailingLog/manage module. The date_created, date_from, date_to, and created_at parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via crafted...", "score": 6.1, "severity": "MEDIUM", "published": "2026-05-10T13:16:34.867Z", "lastModified": "2026-05-12T14:24:15.210", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50969", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.4}, {"id": "CVE-2026-8274", "description": "A security vulnerability has been detected in npitre cramfs-tools up to 2.1. Affected is the function do_directory of the file cramfsck.c of the component Directory Handler. Such manipulation leads to path traversal. The attack can only be performed from a local environment. The exploit has been dis...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-11T05:16:16.580Z", "lastModified": "2026-05-13T15:32:56.063", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8274", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.2}, {"id": "CVE-2026-1677", "description": "Zephyr sockets created with `IPPROTO_TLS_1_3` can still negotiate a TLS 1.2 connection when both TLS versions are enabled in Kconfig, because the socket-level protocol selection is not propagated to mbedTLS (e.g. via `mbedtls_ssl_conf_min_tls_version`). The ClientHello advertises both versions and t...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-11T06:16:08.683Z", "lastModified": "2026-05-13T15:25:04.383", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1677", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.2}, {"id": "CVE-2024-0391", "description": "The check user account lock states feature within the email OTP flow fails to validate user input, allowing an attacker to infer the existence of registered user accounts.\n\nThe discovery of valid usernames can increase the risk of brute-force and social engineering attacks. Attackers can leverage th...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-11T10:16:11.593Z", "lastModified": "2026-05-13T15:25:04.383", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0391", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.2}, {"id": "CVE-2025-8154", "description": "In Webhook API invocations, the component accepts user-supplied input for HTTP request headers without sufficient validation or sanitization, allowing these headers to be injected into HTTP responses.\n\nBy exploiting this vulnerability, a malicious actor can inject or overwrite arbitrary HTTP respons...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-11T10:16:12.863Z", "lastModified": "2026-05-13T15:25:04.383", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8154", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.2}, {"id": "CVE-2026-44201", "description": "Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, the Documents and Images API incorrectly listed items in private collections. A user with access to the API could see the filename and name of documents and images in private collections. This vulner...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-11T16:17:35.850Z", "lastModified": "2026-05-12T15:59:06.407", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44201", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.2}, {"id": "CVE-2026-44226", "description": "pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, pyload-ng WebUI returns full Python traceback details to clients on unhandled exceptions. Because /web/<path:filename> is reachable without authentication and renders attacker-controlled template names, an ...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-11T18:16:37.807Z", "lastModified": "2026-05-13T17:26:28.013", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44226", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.2}, {"id": "CVE-2026-44994", "description": "OpenClaw before 2026.4.22 contains an authentication bypass vulnerability in the Control UI bootstrap config endpoint that allows unauthenticated attackers to read sensitive configuration fields. Attackers can access the bootstrap config route without a valid Gateway token to expose sensitive bootst...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-11T18:16:39.250Z", "lastModified": "2026-05-13T14:11:21.770", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44994", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.2}, {"id": "CVE-2026-44999", "description": "OpenClaw before 2026.4.20 fails to properly preserve untrusted labels for isolated cron awareness events, allowing webhook-triggered cron agent output to be recorded as trusted system events. Attackers can exploit this trust-labeling issue to strengthen prompt-injection attacks by rendering untruste...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-11T18:16:39.950Z", "lastModified": "2026-05-13T14:12:44.400", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44999", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.2}, {"id": "CVE-2026-45002", "description": "OpenClaw before 2026.4.20 contains a hook session-key bypass vulnerability that allows attackers to circumvent the hooks.allowRequestSessionKey opt-in restriction. Attackers can render externally influenced session keys through templated hook mappings to bypass webhook routing isolation controls.", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-11T18:16:40.383Z", "lastModified": "2026-05-13T14:13:21.470", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45002", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.2}, {"id": "CVE-2026-4891", "description": "A heap-based out-of-bounds read vulnerability in the DNSSEC validation of dnsmasq allows remote attackers to cause a denial of service via a crafted DNS packet.", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-11T18:16:41.380Z", "lastModified": "2026-05-12T14:15:46.747", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4891", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.2}, {"id": "CVE-2026-4893", "description": "An information disclosure vulnerability in dnsmasq allows remote attackers to bypass source checks via a crafted DNS packet with RFC 7871 client subnet information.", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-11T18:16:41.593Z", "lastModified": "2026-05-12T14:15:46.747", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4893", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.2}, {"id": "CVE-2026-8318", "description": "A security flaw has been discovered in VectifyAI PageIndex up to f50e52975313c6716c02b20a119577a1929decba. Affected by this vulnerability is the function toc_transformer of the file pageindex/page_index.py of the component PDF Table of Contents Handler. The manipulation results in infinite loop. The...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-11T19:16:29.963Z", "lastModified": "2026-05-13T15:32:56.063", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8318", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.2}, {"id": "CVE-2026-6146", "description": "Amazon::Credentials versions through 1.2.0 for Perl uses rand to generate encryption keys.\n\nAmazon::Credentials stores credentials in an obfuscated form to prevent access to the secrets from a data dump of the object.\n\nBefore version 1.3.0, the secrets were encrypted using a 64-bit key that was gene...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-11T20:25:47.597Z", "lastModified": "2026-05-13T14:18:13.397", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6146", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.2}, {"id": "CVE-2026-8319", "description": "A weakness has been identified in aiwaves-cn agents up to e8c4e3c2d19739d3dff59e577d1c97090cc15f59. Affected by this issue is the function recall_relevant_memories_to_working_memory of the file core/cat/looking_glass/stray_cat.py of the component cheshire_cat_core. This manipulation causes resource ...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-11T20:25:48.180Z", "lastModified": "2026-05-12T16:38:54.943", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8319", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.2}, {"id": "CVE-2026-28994", "description": "A use after free issue was addressed with improved memory management. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, watchOS 26.5. An attacker in a privileged network position may be able to perfo...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-11T21:18:59.320Z", "lastModified": "2026-05-13T14:07:12.100", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28994", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.2}, {"id": "CVE-2026-43880", "description": "WWBN AVideo is an open source video platform. In versions up to and including 29.0, objects/sendEmail.json.php exposes two branches depending on whether contactForm=1 is submitted. When the parameter is omitted, the endpoint sets $sendTo to an attacker-supplied email and, for unauthenticated callers...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-11T22:22:12.530Z", "lastModified": "2026-05-12T14:50:18.527", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43880", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.2}, {"id": "CVE-2026-43881", "description": "WWBN AVideo is an open source video platform. In versions up to and including 29.0, objects/users.json.php exposes two unauthenticated paths that disclose the full set of registered user accounts. The isCompany request parameter causes the handler to set $ignoreAdmin = true for any non-admin caller ...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-11T22:22:12.667Z", "lastModified": "2026-05-12T14:50:18.527", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43881", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.2}, {"id": "CVE-2026-4663", "description": "The iPOSpays Gateways WC plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.3.7. This is due to the plugin exposing a REST API endpoint /wp-json/ipospays/v1/save_settings with 'permission_callback' set to '__return_true', which allows unauthenticated access...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-12T09:16:41.900Z", "lastModified": "2026-05-12T14:03:52.757", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4663", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.2}, {"id": "CVE-2026-5693", "description": "The Smart Appointment & Booking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check and a nonce validation logic flaw in the saab_cancel_booking() function in all versions up to, and including, 1.0.8. The nonce check uses && (AND) instead of || (...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-12T09:16:54.953Z", "lastModified": "2026-05-12T14:03:52.757", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5693", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.2}, {"id": "CVE-2026-6402", "description": "webpack-dev-server versions up to and including 5.2.3 are vulnerable to cross-origin source code exposure when serving over a non-potentially trustworthy origin such as plain HTTP. The previous fix relied on the Sec-Fetch-Mode and Sec-Fetch-Site request headers, which browsers omit for non-trustwort...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-12T09:16:55.640Z", "lastModified": "2026-05-12T15:08:22.857", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6402", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.2}, {"id": "CVE-2026-6708", "description": "The HEL Online Classroom: AI-powered Online Classrooms plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0.3. This is due to a missing capability check on a REST API endpoint registered with a permission_callback of '__return_true', which bypasses al...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-12T09:16:56.077Z", "lastModified": "2026-05-12T14:03:52.757", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6708", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.2}, {"id": "CVE-2026-7626", "description": "The Slek Gateway for WooCommerce plugin for WordPress is vulnerable to Information Exposure in version 1.0. This is due to the wsb_handle_slek_payment_redirect() function placing the merchant's slek_key and slek_secret API credentials directly into a client-side HTML form, and additionally embedding...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-12T09:16:57.727Z", "lastModified": "2026-05-12T14:03:52.757", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7626", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.2}, {"id": "CVE-2024-54017", "description": "A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V11.0), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 6MD86 (CP200) (All versions), SIPROTEC 5 6MD86 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 6MD...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-12T10:16:40.120Z", "lastModified": "2026-05-12T14:19:41.400", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-54017", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.2}, {"id": "CVE-2026-45212", "description": "Missing Authorization vulnerability in Gabe Livan Asset CleanUp: Page Speed Booster wp-asset-clean-up allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Asset CleanUp: Page Speed Booster: from n/a through <= 1.4.0.3.", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-12T11:16:20.610Z", "lastModified": "2026-05-12T14:03:52.757", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45212", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.2}, {"id": "CVE-2026-45215", "description": "Insertion of Sensitive Information Into Sent Data vulnerability in Saad Iqbal WP EasyPay wp-easy-pay allows Retrieve Embedded Sensitive Data.This issue affects WP EasyPay: from n/a through <= 4.3.0.", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-12T11:16:20.977Z", "lastModified": "2026-05-12T14:03:52.757", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45215", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.2}, {"id": "CVE-2026-40016", "description": "Attacker can upload a malicious Sieve script over ManageSieve service (or locally) to bypass configured CPU time limits for Sieve up to 130 times of the configured limit. Attacker can use this to degrade server performance and bypass configured CPU time limits for Sieve scripts. Install fixed versio...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-12T14:17:03.570Z", "lastModified": "2026-05-12T15:08:22.857", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40016", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.2}, {"id": "CVE-2026-8391", "description": "Other issue in the JavaScript Engine component. This vulnerability was fixed in Firefox 150.0.3.", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-12T14:17:12.173Z", "lastModified": "2026-05-13T17:22:51.043", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8391", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.2}, {"id": "CVE-2026-25431", "description": "Missing Authorization vulnerability in WPMU DEV Hustle allows Exploiting Incorrectly Configured Access Control Security Levels.\n\nThis issue affects Hustle: through 7.8.10.1.", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-12T17:16:20.007Z", "lastModified": "2026-05-13T15:46:19.993", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25431", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.2}, {"id": "CVE-2025-67604", "description": "A use of potentially dangerous function vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.8, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4.0 through 7.4.8, ...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-12T18:16:36.470Z", "lastModified": "2026-05-12T18:57:02.307", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67604", "is_exploited": false, "epss": 0, "vendor": "FORTINET", "mts_score": 31.2}, {"id": "CVE-2026-31245", "description": "The mem0 1.0.0 server lacks authentication and authorization controls for its memory creation API endpoint (POST /memories). The endpoint allows unauthenticated users to submit arbitrary memory records without verifying their identity or permissions. A remote attacker can exploit this by sending una...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-12T18:16:53.010Z", "lastModified": "2026-05-14T18:39:12.690", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31245", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.2}, {"id": "CVE-2026-42177", "description": "linux-entra-sso is a browser plugin for Linux to SSO on Microsoft Entra ID. Prior to 1.8.1, platform/chrome/js/platform-chrome.js:69-88 registers a single declarativeNetRequest rule whose urlFilter is Platform.SSO_URL + \"/*\", i.e. \"https://login.microsoftonline.com/*\". Chrome's urlFilter without a |...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-12T18:17:24.240Z", "lastModified": "2026-05-13T16:31:18.790", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42177", "is_exploited": false, "epss": 0, "vendor": "MICROSOFT", "mts_score": 31.2}, {"id": "CVE-2026-23822", "description": "A vulnerability in the XML handling component of AOS-8 DHCP services could allow an unauthenticated remote attacker to trigger a denial-of-service condition. Successful exploitation could allow an attacker to cause excessive resource consumption upon user interaction, leading to service disruption o...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-12T19:16:28.947Z", "lastModified": "2026-05-13T15:35:17.550", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23822", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.2}, {"id": "CVE-2026-34654", "description": "Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a Dependency on Vulnerable Third-Party Component vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the applica...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-12T20:16:36.500Z", "lastModified": "2026-05-13T14:49:11.830", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34654", "is_exploited": false, "epss": 0, "vendor": "ADOBE", "mts_score": 31.2}, {"id": "CVE-2026-44306", "description": "Statamic is a Laravel and Git powered content management system (CMS). Prior to 5.73.21 and 6.15.0, responses from the forgot password forms hinted at whether an account existed for a given email address. An unauthenticated attacker could use this to enumerate valid users, which can aid in follow-up...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-12T22:16:37.413Z", "lastModified": "2026-05-13T15:43:05.440", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44306", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.2}, {"id": "CVE-2026-44341", "description": "GoJobs is a REST API for a Job Board platform. The application exposes a job retrieval endpoint that allows unauthenticated users to access job details by directly manipulating object identifiers. The endpoint lacks proper authentication and authorization checks, resulting in unauthorized access to ...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-12T23:16:18.197Z", "lastModified": "2026-05-13T18:15:26.870", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44341", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.2}, {"id": "CVE-2024-39847", "description": "Unauthenticated attackers can exploit a weakness in the XML parser functionality of the SOAP endpoints in 4D server. This allows them to obtain read access to files on the application server and adjacent network shares, and perform HTTP GET requests to arbitrary services.", "score": 7.5, "severity": "HIGH", "published": "2026-04-30T07:16:36.143Z", "lastModified": "2026-05-05T02:51:27.190", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39847", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.0}, {"id": "CVE-2026-7164", "description": "Incorrect packet validation allowed unbounded recursion parsing SCTP chunk parameters.  This can eventually result in a stack overflow and panic.\n\nRemote attackers can craft packets which cause affected systems to panic.  This affects any system where pf is configured to process traffic, independent...", "score": 7.5, "severity": "HIGH", "published": "2026-04-30T08:16:07.653Z", "lastModified": "2026-05-01T12:46:59.050", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7164", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.0}, {"id": "CVE-2024-13971", "description": "Unauthenticated attackers can exploit a weakness in the XML parser functionality of Lobster_pro prior to version 4.12.6-GA. This allows them to obtain read access to files on the application server and adjacent network shares, and perform HTTP GET requests to arbitrary services.", "score": 7.5, "severity": "HIGH", "published": "2026-04-30T13:16:02.680Z", "lastModified": "2026-05-06T20:19:22.773", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-13971", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.0}, {"id": "CVE-2026-2892", "description": "The Otter Blocks plugin for WordPress is vulnerable to Purchase Verification Bypass in all versions up to, and including, 3.1.4. This is due to the 'get_customer_data' method relying on an unsigned 'o_stripe_data' cookie to determine Stripe product ownership for unauthenticated users. The 'check_pur...", "score": 7.5, "severity": "HIGH", "published": "2026-04-30T14:16:29.760Z", "lastModified": "2026-04-30T14:52:54.847", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2892", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.0}, {"id": "CVE-2026-36957", "description": "Dbit N300 T1 Pro Easy Setup Wireless Wi-Fi Router V1.0.0 is vulnerable to Denial of Service via the boa web server URI handler. By initiating a high-volume flood of HTTP GET requests to non-existent URIs, an attacker can exhaust critical system resources, including file descriptors and memory buffer...", "score": 7.5, "severity": "HIGH", "published": "2026-04-30T15:16:22.857Z", "lastModified": "2026-05-05T02:59:13.053", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-36957", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.0}, {"id": "CVE-2026-36958", "description": "A denial-of-service vulnerability exists in the U-SPEED N300 V1.0.0 wireless router. By sending a large number of concurrent HTTP requests to random or non-existent endpoints on the web management interface, an attacker can exhaust system resources in the embedded Boa HTTP server. This causes the ro...", "score": 7.5, "severity": "HIGH", "published": "2026-04-30T15:16:22.963Z", "lastModified": "2026-05-05T03:00:49.310", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-36958", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.0}, {"id": "CVE-2026-36959", "description": "U-SPEED N300 router V1.0.0 does not implement rate limiting or account lockout protections on the /api/login endpoint. This allows an attacker on the local network to perform unlimited authentication attempts, enabling brute-force attacks against the administrator account and potential unauthorized ...", "score": 7.5, "severity": "HIGH", "published": "2026-04-30T15:16:23.077Z", "lastModified": "2026-05-05T03:00:23.803", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-36959", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.0}, {"id": "CVE-2022-50992", "description": "Weaver (Fanwei) E-cology 9.5 versions prior to 10.52 contain an arbitrary file read vulnerability in the XmlRpcServlet interface at the XML-RPC endpoint that allows unauthenticated remote attackers to read arbitrary files by supplying file paths to the WorkflowService.getAttachment and WorkflowServi...", "score": 7.5, "severity": "HIGH", "published": "2026-04-30T17:16:24.633Z", "lastModified": "2026-04-30T17:19:57.853", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50992", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.0}, {"id": "CVE-2025-51846", "description": "CryptPad 2025.3.1 allows unbounded WebSocket frame flood. A remote, unauthenticated attacker can significantly degrade or deny service for all users of a CryptPad instance. Fixed in 2026.2.2.", "score": 7.5, "severity": "HIGH", "published": "2026-04-30T17:16:25.467Z", "lastModified": "2026-05-04T16:52:11.783", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-51846", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.0}, {"id": "CVE-2026-33845", "description": "A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow during reassembly and resulting in an out-of-bounds read. This issue is remotely exploitable and may cause information disclosure or denial of service.", "score": 7.5, "severity": "HIGH", "published": "2026-04-30T18:16:28.003Z", "lastModified": "2026-05-05T03:03:19.247", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33845", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.0}, {"id": "CVE-2026-40595", "description": "Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes public chart retrieval and export routes that only verify project-level public access and, for exports, a team-level export toggle. The r...", "score": 7.5, "severity": "HIGH", "published": "2026-04-30T19:16:09.783Z", "lastModified": "2026-05-01T15:31:02.467", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40595", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.0}, {"id": "CVE-2026-40601", "description": "Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes POST /api/chart/:chart_id/query without authentication. The endpoint only checks team.allowReportRefresh and does not verify that the tar...", "score": 7.5, "severity": "HIGH", "published": "2026-04-30T19:16:10.110Z", "lastModified": "2026-05-01T15:31:02.467", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40601", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.0}, {"id": "CVE-2025-46115", "description": "An issue in open5gs v.2.7.3 allows a remote attacker to cause a denial of service via a crafted PDU Session Modification Request", "score": 7.5, "severity": "HIGH", "published": "2026-04-30T20:16:23.083Z", "lastModified": "2026-05-04T18:16:24.450", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46115", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.0}, {"id": "CVE-2025-56568", "description": "Assertion failure vulnerability in the PCO (Protocol Configuration Options) parser in the SMF (Session Management Function) component of Open5GS before v2.7.5 allows remote attackers to cause denial of service via specially crafted NGAP messages containing malformed length fields in protocol configu...", "score": 7.5, "severity": "HIGH", "published": "2026-04-30T20:16:23.220Z", "lastModified": "2026-05-04T18:16:25.527", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-56568", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.0}, {"id": "CVE-2026-33449", "description": "CVE-2026-33449 is a buffer overflow in a message handling function of \nthe Secure Access client prior to 14.50. Attackers with control of \na modified server can send a cryptographically valid message to the \nclient, overwriting a small portion of memory conceivably leading to a \ndenial of service.", "score": 7.5, "severity": "HIGH", "published": "2026-04-30T21:16:31.570Z", "lastModified": "2026-05-05T02:27:54.530", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33449", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.0}, {"id": "CVE-2026-4503", "description": "IBM Langflow Desktop 1.0.0 through 1.8.4 Langflow could allow an unauthenticated user to view other users' images due to an indirect object reference through a user-controlled key.", "score": 7.5, "severity": "HIGH", "published": "2026-04-30T21:16:33.667Z", "lastModified": "2026-05-11T17:06:27.750", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4503", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.0}, {"id": "CVE-2026-42402", "description": "Apache Neethi is vulnerable to a Denial of Service attack through algorithmic complexity in policy normalization. Specially crafted WS-Policy documents can trigger an exponential Cartesian cross-product expansion during the normalization process, causing unbounded memory allocation that exhausts the...", "score": 7.5, "severity": "HIGH", "published": "2026-05-01T09:16:16.980Z", "lastModified": "2026-05-01T18:08:59.950", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42402", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.0}, {"id": "CVE-2026-42403", "description": "Apache Neethi does not properly detect circular references in policy definitions. When a WS-Policy document contains circular policy references (where Policy A references Policy B which references Policy A), the policy normalization process can enter an infinite loop or cause excessive recursion, le...", "score": 7.5, "severity": "HIGH", "published": "2026-05-01T09:16:17.137Z", "lastModified": "2026-05-01T18:08:21.653", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42403", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.0}, {"id": "CVE-2026-31711", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: server: fix active_num_conn leak on transport allocation failure\n\nCommit 77ffbcac4e56 (\"smb: server: fix leak of active_num_conn in\nksmbd_tcp_new_connection()\") addressed the kthread_run() failure\npath.  The earlier alloc_tran...", "score": 7.5, "severity": "HIGH", "published": "2026-05-01T14:16:21.150Z", "lastModified": "2026-05-06T20:18:32.077", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31711", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 31.0}, {"id": "CVE-2026-31719", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: krb5enc - fix async decrypt skipping hash verification\n\nkrb5enc_dispatch_decrypt() sets req->base.complete as the skcipher\ncallback, which is the caller's own completion handler. When the\nskcipher completes asynchronously, ...", "score": 7.5, "severity": "HIGH", "published": "2026-05-01T14:16:22.077Z", "lastModified": "2026-05-06T20:59:16.007", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31719", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 31.0}, {"id": "CVE-2026-42478", "description": "An issue was discovered in VrmlData_IndexedFaceSet::TShape in the VRML V2.0 parser in Open CASCADE Technology (OCCT) V8_0_0_rc5 allows attackers to cause a denial of service via a crafted VRML file. The issue occurs because malformed VRML input can trigger dereference of a corrupt or unvalidated poi...", "score": 7.5, "severity": "HIGH", "published": "2026-05-01T15:16:43.857Z", "lastModified": "2026-05-01T19:16:32.093", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42478", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.0}, {"id": "CVE-2026-43029", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: fix soft lockup in mptcp_recvmsg()\n\nsyzbot reported a soft lockup in mptcp_recvmsg() [0].\n\nWhen receiving data with MSG_PEEK | MSG_WAITALL flags, the skb is not\nremoved from the sk_receive_queue. This causes sk_wait_data() t...", "score": 7.5, "severity": "HIGH", "published": "2026-05-01T15:16:47.427Z", "lastModified": "2026-05-08T18:33:39.740", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43029", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 31.0}, {"id": "CVE-2026-43031", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: xilinx: axienet: Fix BQL accounting for multi-BD TX packets\n\nWhen a TX packet spans multiple buffer descriptors (scatter-gather),\naxienet_free_tx_chain sums the per-BD actual length from descriptor\nstatus into a caller-provide...", "score": 7.5, "severity": "HIGH", "published": "2026-05-01T15:16:47.680Z", "lastModified": "2026-05-08T18:38:07.040", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43031", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 31.0}, {"id": "CVE-2026-43055", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: target: file: Use kzalloc_flex for aio_cmd\n\nThe target_core_file doesn't initialize the aio_cmd->iocb for the\nki_write_stream. When a write command fd_execute_rw_aio() is executed,\nwe may get a bogus ki_write_stream value, ca...", "score": 7.5, "severity": "HIGH", "published": "2026-05-01T15:16:52.040Z", "lastModified": "2026-05-07T18:58:41.247", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43055", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 31.0}, {"id": "CVE-2026-43057", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: correctly handle tunneled traffic on IPV6_CSUM GSO fallback\n\nNETIF_F_IPV6_CSUM only advertises support for checksum offload of\npackets without IPv6 extension headers. Packets with extension\nheaders must fall back onto software...", "score": 7.5, "severity": "HIGH", "published": "2026-05-01T15:16:52.260Z", "lastModified": "2026-05-06T18:48:59.573", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43057", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 31.0}, {"id": "CVE-2026-37554", "description": "An issue was discovered in Vanetza V2X v26.02 allowing remote unauthorized attackers to cause a denial of service. The vulnerability exists in the GeoNetworking packet processing pipeline where OpenSSL exceptions from ECC point validation (invalid compressed point, point not on curve) are not proper...", "score": 7.5, "severity": "HIGH", "published": "2026-05-01T16:16:31.060Z", "lastModified": "2026-05-07T19:16:00.547", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-37554", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.0}, {"id": "CVE-2026-37530", "description": "AGL agl-service-can-low-level thru 17.1.12 contains a stack buffer overflow in the uds-c library. The send_diagnostic_request function in uds.c allocates a 6-byte stack buffer (MAX_DIAGNOSTIC_PAYLOAD_SIZE=6) but copies up to 7 bytes (MAX_UDS_REQUEST_PAYLOAD_LENGTH=7) via memcpy at an offset of 1+pid...", "score": 7.5, "severity": "HIGH", "published": "2026-05-01T17:16:22.603Z", "lastModified": "2026-05-07T15:15:06.770", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-37530", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.0}, {"id": "CVE-2026-37538", "description": "Buffer overflow vulnerability in socketcand 0.4.2 in file socketcand.c in function main allows attackers to cause a denial of service or other unspecified impacts via crafted bus_name.", "score": 7.5, "severity": "HIGH", "published": "2026-05-01T17:16:23.687Z", "lastModified": "2026-05-07T15:53:49.717", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-37538", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.0}, {"id": "CVE-2026-42467", "description": "An issue was discovered in Open-SAE-J1939 thru commit b6caf884df46435e539b1ecbf92b6c29b345bdfe (2025-11-30) in SAE_J1939_Read_Binary_Data_Transfer_DM16 causing a denial of service via crafted CAN frame on the J1939 bus.", "score": 7.5, "severity": "HIGH", "published": "2026-05-01T17:16:25.027Z", "lastModified": "2026-05-05T20:24:04.853", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42467", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.0}, {"id": "CVE-2026-42485", "description": "AGL agl-service-can-low-level contains a stack buffer overflow in the uds-c library. The send_diagnostic_request function in uds.c allocates a 6-byte stack buffer (MAX_DIAGNOSTIC_PAYLOAD_SIZE=6) but copies up to 7 bytes (MAX_UDS_REQUEST_PAYLOAD_LENGTH=7) via memcpy at an offset of 1+pid_length (2-3 ...", "score": 7.5, "severity": "HIGH", "published": "2026-05-01T17:16:25.377Z", "lastModified": "2026-05-05T20:24:04.853", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42485", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.0}, {"id": "CVE-2025-63547", "description": "An issue in Eprosima Micro-XREC-DDS Agent v.3.0.1 allows a remote attacker to cause a denial of service via a crafted packet to the MTU length field", "score": 7.5, "severity": "HIGH", "published": "2026-05-01T18:16:13.310Z", "lastModified": "2026-05-05T19:39:58.510", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-63547", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.0}, {"id": "CVE-2025-63548", "description": "An issue in Eprosima Micro-XREC-DDS Agent v.3.0.1 allows a remote attacker to cause a denial of service via a packet specially crafted to bear a non-valid value in any Boolean field.", "score": 7.5, "severity": "HIGH", "published": "2026-05-01T18:16:13.477Z", "lastModified": "2026-05-05T19:39:58.510", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-63548", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.0}, {"id": "CVE-2026-37457", "description": "An off-by-one out-of-bounds write vulnerability in the bgp_flowspec_op_decode() function (bgpd/bgp_flowspec_util.c) of FRRouting (FRR) stable/10.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted FlowSpec component.", "score": 7.5, "severity": "HIGH", "published": "2026-05-01T18:16:14.770Z", "lastModified": "2026-05-07T15:15:06.770", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-37457", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.0}, {"id": "CVE-2026-7649", "description": "The ARMember \u2013 Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'orderby' parameter in all versions up to, and including, 4.0.60 due to insufficient escaping on the user supplied parameter a...", "score": 7.5, "severity": "HIGH", "published": "2026-05-02T08:16:28.403Z", "lastModified": "2026-05-05T19:19:23.900", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7649", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.0}, {"id": "CVE-2026-4060", "description": "The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'sort' parameter in all versions up to, and including, 1.13.18. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. The `esc_sql()` func...", "score": 7.5, "severity": "HIGH", "published": "2026-05-02T12:16:15.430Z", "lastModified": "2026-05-05T19:15:34.330", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4060", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.0}, {"id": "CVE-2026-4061", "description": "The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'map_post_type' parameter in all versions up to, and including, 1.13.18. This is due to the `SearchResults` hook explicitly calling `stripslashes_deep($_POST)` which removes WordPress magic quotes protection, follo...", "score": 7.5, "severity": "HIGH", "published": "2026-05-02T12:16:16.200Z", "lastModified": "2026-05-05T19:15:34.330", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4061", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.0}, {"id": "CVE-2026-4062", "description": "The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'object_ids' and 'exclude_object_ids' parameters in all versions up to, and including, 1.13.18. This is due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existin...", "score": 7.5, "severity": "HIGH", "published": "2026-05-02T12:16:16.337Z", "lastModified": "2026-05-05T19:15:34.330", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4062", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.0}, {"id": "CVE-2026-6320", "description": "The Salon Booking System \u2013 Free Version plugin for WordPress is vulnerable to Arbitrary File Read in versions up to, and including, 10.30.25. This is due to the public booking flow accepting attacker-controlled file-field values and later using those stored values as trusted paths for email attachme...", "score": 7.5, "severity": "HIGH", "published": "2026-05-02T12:16:16.750Z", "lastModified": "2026-05-05T19:15:34.330", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6320", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.0}, {"id": "CVE-2026-33846", "description": "A heap buffer overflow vulnerability exists in the DTLS handshake fragment reassembly logic of GnuTLS. The issue arises in merge_handshake_packet() where incoming handshake fragments are matched and merged based solely on handshake type, without validating that the message_length field remains consi...", "score": 7.5, "severity": "HIGH", "published": "2026-05-04T10:15:59.690Z", "lastModified": "2026-05-04T15:22:52.850", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33846", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.0}, {"id": "CVE-2026-34059", "description": "Buffer Over-read vulnerability in Apache HTTP Server.\n\nThis issue affects Apache HTTP Server: through 2.4.66.\n\nUsers are recommended to upgrade to version 2.4.67, which fixes the issue.", "score": 7.5, "severity": "HIGH", "published": "2026-05-04T13:16:00.940Z", "lastModified": "2026-05-04T20:27:04.503", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34059", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.0}, {"id": "CVE-2025-70069", "description": "An issue in Assimp v.6.0.2 allows a remote attacker to cause a denial of service via the FBXConverter.cpp and ConvertMeshMultiMaterial() method", "score": 7.5, "severity": "HIGH", "published": "2026-05-04T14:16:29.473Z", "lastModified": "2026-05-05T19:47:31.297", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-70069", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.0}, {"id": "CVE-2026-29169", "description": "A NULL pointer dereference in mod_dav_lock in Apache HTTP Server 2.4.66 and earlier may allow an attacker to crash the server with a malicious request.mod_dav_lock is not used internally by mod_dav or mod_dav_fs.\n\nThe only known use-case for mod_dav_lock was mod_dav_svn from Apache Subversion earlie...", "score": 7.5, "severity": "HIGH", "published": "2026-05-04T15:16:03.720Z", "lastModified": "2026-05-05T21:16:21.930", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29169", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.0}, {"id": "CVE-2026-37461", "description": "An out-of-bounds read in the ParseIP6Extended function (/bgp/bgp.go) of gobgp v4.3.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted BGP UPDATE message.", "score": 7.5, "severity": "HIGH", "published": "2026-05-04T17:16:23.230Z", "lastModified": "2026-05-11T19:58:37.527", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-37461", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.0}, {"id": "CVE-2026-42440", "description": "OOM Denial of Service via Unbounded Array Allocation in Apache OpenNLP AbstractModelReader\u00a0\n\nVersions Affected:\u00a0\n\nbefore 2.5.9\n\nbefore 3.0.0-M3\u00a0\n\nDescription:\n\n\nThe AbstractModelReader methods getOutcomes(), getOutcomePatterns(), and getPredicates() each read a 32-bit signed integer count field from...", "score": 7.5, "severity": "HIGH", "published": "2026-05-04T17:16:26.147Z", "lastModified": "2026-05-06T18:09:43.483", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42440", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.0}, {"id": "CVE-2026-32834", "description": "Easy PayPal Events & Tickets plugin for WordPress before version 1.4 contains a hardcoded authentication bypass vulnerability in the QR code scanning functionality that allows unauthenticated remote attackers to bypass hash verification by supplying 'test' as the hash parameter. Attackers can access...", "score": 7.5, "severity": "HIGH", "published": "2026-05-04T18:16:27.223Z", "lastModified": "2026-05-13T16:16:39.550", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32834", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.0}, {"id": "CVE-2026-37459", "description": "An integer underflow in FRRouting (FRR) stable/10.0 to stable/10.6 allows attackers to cause a Denial of Service (DoS) via supplying a crafted BGP UPDATE message.", "score": 7.5, "severity": "HIGH", "published": "2026-05-04T18:16:28.807Z", "lastModified": "2026-05-05T19:47:31.297", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-37459", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.0}, {"id": "CVE-2026-41471", "description": "Easy PayPal Events & Tickets plugin for WordPress before version 1.4 contain an information disclosure vulnerability in the QR code scanning endpoint that allows unauthenticated attackers to enumerate and retrieve all customer order records. Attackers can iterate over sequential WordPress post IDs t...", "score": 7.5, "severity": "HIGH", "published": "2026-05-04T18:16:29.447Z", "lastModified": "2026-05-13T16:16:45.200", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41471", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.0}, {"id": "CVE-2026-25863", "description": "Conditional Fields for Contact Form 7 WordPress plugin through version 2.6.7 contains an uncontrolled resource consumption vulnerability in the Wpcf7cfMailParser class where the hide_hidden_mail_fields_regex_callback() method reads an iteration count directly from user-supplied POST parameters witho...", "score": 7.5, "severity": "HIGH", "published": "2026-05-04T19:16:02.953Z", "lastModified": "2026-05-05T19:47:57.367", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25863", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.0}, {"id": "CVE-2026-42151", "description": "Prometheus is an open-source monitoring system and time series database. Prior to versions 3.5.3 and 3.11.3, the client_secret field in the Azure AD remote write OAuth configuration (storage/remote/azuread) was typed as string instead of Secret. Prometheus redacts fields of type Secret when serving ...", "score": 7.5, "severity": "HIGH", "published": "2026-05-04T19:16:04.220Z", "lastModified": "2026-05-11T17:22:07.227", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42151", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.0}, {"id": "CVE-2026-42154", "description": "Prometheus is an open-source monitoring system and time series database. Prior to versions 3.5.3 and 3.11.3, the remote read endpoint (/api/v1/read) does not validate the declared decoded length in a snappy-compressed request body before allocating memory. An unauthenticated attacker can send a smal...", "score": 7.5, "severity": "HIGH", "published": "2026-05-04T19:16:04.397Z", "lastModified": "2026-05-11T17:22:42.860", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42154", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.0}, {"id": "CVE-2026-42226", "description": "n8n is an open source workflow automation platform. Prior to versions 1.123.33 and 2.17.5, the dynamic-node-parameters endpoints did not verify whether the authenticated caller was authorized to use a supplied credential reference. An authenticated user with access to a shared workflow could supply ...", "score": 7.5, "severity": "HIGH", "published": "2026-05-04T19:16:04.563Z", "lastModified": "2026-05-06T18:09:25.757", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42226", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.0}, {"id": "CVE-2026-42236", "description": "n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the MCP OAuth client registration endpoint accepted unauthenticated requests and stored client data without adequate resource controls. An unauthenticated remote attacker could exhaust server memory r...", "score": 7.5, "severity": "HIGH", "published": "2026-05-04T19:16:06.337Z", "lastModified": "2026-05-06T17:16:02.340", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42236", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.0}, {"id": "CVE-2026-6321", "description": "fast-uri decoded percent-encoded path separators and dot segments before applying dot-segment removal in its normalize() and equal() functions. Encoded path data was treated like real slashes and parent-directory references, so distinct URIs could collapse onto the same normalized path. Applications...", "score": 7.5, "severity": "HIGH", "published": "2026-05-04T20:16:20.950Z", "lastModified": "2026-05-12T18:54:46.870", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6321", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.0}, {"id": "CVE-2026-7768", "description": "@fastify/accepts-serializer cached serializer-selection results keyed by the request Accept header without a size limit or eviction policy. A remote unauthenticated client could send many distinct but matching Accept header variants to make the cache grow unbounded, eventually exhausting the Node.js...", "score": 7.5, "severity": "HIGH", "published": "2026-05-04T20:16:21.107Z", "lastModified": "2026-05-07T15:11:09.037", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7768", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.0}, {"id": "CVE-2026-7776", "description": "Boundary Community Edition and Boundary Enterprise (\u201cBoundary\u201d) workers are vulnerable to a denial-of-service condition during node enrollment TLS handshakes. An attacker with network access to the worker authentication listener may open a connection and delay or withhold the client certificate duri...", "score": 7.5, "severity": "HIGH", "published": "2026-05-04T22:16:20.330Z", "lastModified": "2026-05-05T20:24:04.853", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7776", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.0}, {"id": "CVE-2026-44028", "description": "An issue was discovered in Nix before 2.34.7 and Lix before 2.95.2. Unbounded recursion in the NAR (Nix Archive) parser could lead to a stack-to-heap overflow when the parser is run on a coroutine stack. The stack is allocated without a guard page, which means that a stack overflow could overwrite m...", "score": 7.5, "severity": "HIGH", "published": "2026-05-05T01:16:06.983Z", "lastModified": "2026-05-09T04:16:26.513", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44028", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.0}, {"id": "CVE-2026-5100", "description": "The AWP Classifieds plugin for WordPress is vulnerable to SQL Injection via the 'regions' parameter array keys in versions up to, and including, 4.4.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for ...", "score": 7.5, "severity": "HIGH", "published": "2026-05-05T03:15:59.730Z", "lastModified": "2026-05-05T19:09:32.000", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5100", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.0}, {"id": "CVE-2026-3456", "description": "The GeekyBot \u2014 Generate AI Content Without Prompt, Chatbot and Lead Generation plugin for WordPress is vulnerable to SQL Injection via the 'attributekey' parameter in versions up to, and including, 1.2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation o...", "score": 7.5, "severity": "HIGH", "published": "2026-05-05T04:16:16.790Z", "lastModified": "2026-05-05T19:08:20.090", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3456", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.0}, {"id": "CVE-2026-5192", "description": "The Forminator Forms \u2013 Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Path Traversal in versions up to, and including, 1.52.1 via the 'upload-1[file][file_path]' parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary ...", "score": 7.5, "severity": "HIGH", "published": "2026-05-05T07:16:00.643Z", "lastModified": "2026-05-05T19:08:20.090", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5192", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.0}, {"id": "CVE-2026-3359", "description": "The Form Maker by 10Web \u2013 Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to SQL Injection via the 'inputs' parameter in versions up to, and including, 1.15.42 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the ex...", "score": 7.5, "severity": "HIGH", "published": "2026-05-05T09:16:03.827Z", "lastModified": "2026-05-05T19:08:20.090", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3359", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.0}, {"id": "CVE-2026-6322", "description": "fast-uri normalize() decoded percent-encoded authority delimiters inside the host component and then re-emitted them as raw delimiters during serialization. A host that combined an allowed domain, an encoded at-sign, and a different domain was re-emitted with the at-sign as a raw userinfo separator,...", "score": 7.5, "severity": "HIGH", "published": "2026-05-05T11:16:33.360Z", "lastModified": "2026-05-12T19:11:31.980", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6322", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.0}, {"id": "CVE-2023-54346", "description": "WordPress Plugin Backup Migration 1.2.8 contains an information disclosure vulnerability that allows unauthenticated attackers to download complete database backups by accessing predictable file paths. Attackers can enumerate backup directories through configuration files and complete logs, then con...", "score": 7.5, "severity": "HIGH", "published": "2026-05-05T12:16:17.020Z", "lastModified": "2026-05-05T19:47:57.367", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-54346", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.0}, {"id": "CVE-2023-54347", "description": "OpenEMR 7.0.1 contains an authentication brute force vulnerability that allows attackers to bypass rate limiting protections by sending repeated login attempts to the main login endpoint. Attackers can submit POST requests with authUser and clearPass parameters to systematically test username and pa...", "score": 7.5, "severity": "HIGH", "published": "2026-05-05T12:16:17.160Z", "lastModified": "2026-05-05T20:00:28.010", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-54347", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.0}, {"id": "CVE-2026-42437", "description": "OpenClaw versions 2026.4.9 before 2026.4.10 contain a denial of service vulnerability in the voice-call realtime WebSocket path that accepts oversized frames without proper validation. Remote attackers can send oversized WebSocket frames to cause service unavailability for deployments exposing the w...", "score": 7.5, "severity": "HIGH", "published": "2026-05-05T12:16:18.190Z", "lastModified": "2026-05-05T19:47:31.297", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42437", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.0}, {"id": "CVE-2026-6918", "description": "In Eclipse Open9J versions 0.21 to 0.58, a pre-authentication remote attacker can crash JITServer by sending a 32-byte crafted TCP message.", "score": 7.5, "severity": "HIGH", "published": "2026-05-05T13:16:30.710Z", "lastModified": "2026-05-05T20:08:58.747", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6918", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.0}, {"id": "CVE-2026-4304", "description": "The WeePie Cookie Allow plugin for WordPress is vulnerable to SQL Injection via the 'consent' parameter in all versions up to, and including, 3.4.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for un...", "score": 7.5, "severity": "HIGH", "published": "2026-05-05T14:16:09.170Z", "lastModified": "2026-05-05T19:08:20.090", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4304", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.0}, {"id": "CVE-2025-66369", "description": "An issue was discovered in MM in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, W920, W930, W1000, Modem 5123, and Modem 5300. Incorrect handling of 5G NR NAS registration accept messages leads to a Denial of Service.", "score": 7.5, "severity": "HIGH", "published": "2026-05-05T16:16:10.307Z", "lastModified": "2026-05-06T20:16:29.870", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66369", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.0}, {"id": "CVE-2026-30923", "description": "ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. Libmodsecurity is one component of the ModSecurity v3 project. A segmentation fault occurs when a rule using the t:hexDecode transformation inspects a query string parameter containing a si...", "score": 7.5, "severity": "HIGH", "published": "2026-05-05T19:16:21.567Z", "lastModified": "2026-05-07T13:41:10.337", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-30923", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.0}, {"id": "CVE-2024-52911", "description": "Bitcoin Core through 28.x has a security issue, the details of which are not disclosed. The earliest affected version is 0.14.", "score": 7.5, "severity": "HIGH", "published": "2026-05-05T20:16:34.923Z", "lastModified": "2026-05-07T15:53:49.717", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52911", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.0}, {"id": "CVE-2026-32934", "description": "CoreDNS is a DNS server that chains plugins. In versions prior to 1.14.3, the DNS-over-QUIC (DoQ) server can be driven into unbounded goroutine and memory growth by a remote client that opens many QUIC streams and sends only 1 byte per stream. When the worker pool is full, CoreDNS still spawns a gor...", "score": 7.5, "severity": "HIGH", "published": "2026-05-05T20:16:35.853Z", "lastModified": "2026-05-08T16:03:02.920", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32934", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.0}, {"id": "CVE-2026-32936", "description": "CoreDNS is a DNS server that chains plugins. In versions prior to 1.14.3, the DNS-over-HTTPS (DoH) GET path accepts oversized dns= query parameter values and performs URL query parsing, base64 decoding, and DNS message unpacking before rejecting the request. Unlike the POST path, which applies a bou...", "score": 7.5, "severity": "HIGH", "published": "2026-05-05T20:16:36.010Z", "lastModified": "2026-05-08T16:02:28.993", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32936", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.0}, {"id": "CVE-2026-33190", "description": "CoreDNS is a DNS server that chains plugins. In versions prior to 1.14.3, the tsig plugin can be bypassed on non-plain-DNS transports (DoT, DoH, DoH3, DoQ, and gRPC) because it trusts the transport writer's TsigStatus() instead of performing verification itself. The DoH and DoH3 writer's TsigStatus(...", "score": 7.5, "severity": "HIGH", "published": "2026-05-05T20:16:36.167Z", "lastModified": "2026-05-08T16:01:27.307", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33190", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.0}, {"id": "CVE-2026-33489", "description": "CoreDNS is a DNS server that chains plugins. In versions prior to 1.14.3, the transfer plugin can select the wrong ACL stanza when both a parent zone and a more-specific subzone are configured. The longestMatch() function in plugin/transfer/transfer.go uses a lexicographic string comparison instead ...", "score": 7.5, "severity": "HIGH", "published": "2026-05-05T20:16:36.627Z", "lastModified": "2026-05-08T16:00:05.707", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33489", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.0}, {"id": "CVE-2026-40280", "description": "Gotenberg is an API-based document conversion tool. In versions 8.30.1 and earlier, the default private-IP deny-lists for the --webhook-deny-list and --api-download-from-deny-list flags use a case-sensitive regular expression (^https?://) to match URL schemes. Because Go's net/url.Parse() normalizes...", "score": 7.5, "severity": "HIGH", "published": "2026-05-05T20:16:38.633Z", "lastModified": "2026-05-08T19:06:45.047", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40280", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.0}, {"id": "CVE-2026-40075", "description": "OpenMRS Core is an open source electronic medical record system platform. In versions 2.7.8 and earlier and versions 2.8.0 through 2.8.5, the `/openmrs/moduleResources/{moduleid}` endpoint is vulnerable to a path traversal attack. The ModuleResourcesServlet constructs a filesystem path from user-con...", "score": 7.5, "severity": "HIGH", "published": "2026-05-05T22:16:00.520Z", "lastModified": "2026-05-12T16:18:14.063", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40075", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.0}, {"id": "CVE-2025-71251", "description": "In IMS, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed.", "score": 7.5, "severity": "HIGH", "published": "2026-05-06T02:16:03.400Z", "lastModified": "2026-05-11T15:13:47.117", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71251", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.0}, {"id": "CVE-2025-71252", "description": "In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed.", "score": 7.5, "severity": "HIGH", "published": "2026-05-06T02:16:04.733Z", "lastModified": "2026-05-11T15:13:05.140", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71252", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.0}, {"id": "CVE-2025-71253", "description": "In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed.", "score": 7.5, "severity": "HIGH", "published": "2026-05-06T02:16:04.857Z", "lastModified": "2026-05-11T15:11:54.697", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71253", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.0}, {"id": "CVE-2025-71254", "description": "In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed.", "score": 7.5, "severity": "HIGH", "published": "2026-05-06T02:16:04.983Z", "lastModified": "2026-05-11T15:10:36.980", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71254", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.0}, {"id": "CVE-2025-71255", "description": "In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed.", "score": 7.5, "severity": "HIGH", "published": "2026-05-06T02:16:05.093Z", "lastModified": "2026-05-11T15:09:47.437", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71255", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.0}, {"id": "CVE-2025-71256", "description": "In nr modem, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed.", "score": 7.5, "severity": "HIGH", "published": "2026-05-06T02:16:05.213Z", "lastModified": "2026-05-11T15:06:21.673", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71256", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.0}, {"id": "CVE-2026-1719", "description": "The Gravity Bookings Premium plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 2.5.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers ...", "score": 7.5, "severity": "HIGH", "published": "2026-05-06T10:16:18.903Z", "lastModified": "2026-05-06T13:06:42.220", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1719", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.0}, {"id": "CVE-2026-43099", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv4: icmp: fix null-ptr-deref in icmp_build_probe()\n\nipv6_stub->ipv6_dev_find() may return ERR_PTR(-EAFNOSUPPORT) when the\nIPv6 stack is not active (CONFIG_IPV6=m and not loaded), and passing\nthis error pointer to dev_hold() will ...", "score": 7.5, "severity": "HIGH", "published": "2026-05-06T10:16:23.400Z", "lastModified": "2026-05-11T17:36:29.717", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43099", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 31.0}, {"id": "CVE-2026-43101", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: ioam: fix potential NULL dereferences in __ioam6_fill_trace_data()\n\nWe need to check __in6_dev_get() for possible NULL value, as\nsuggested by Yiming Qian.\n\nAlso add skb_dst_dev_rcu() instead of skb_dst_dev(),\nand two missing ...", "score": 7.5, "severity": "HIGH", "published": "2026-05-06T10:16:23.637Z", "lastModified": "2026-05-11T17:35:21.183", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43101", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 31.0}, {"id": "CVE-2026-43646", "description": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Wicket.\n\nThis issue affects Apache Wicket: from 8.0.0 through 8.17.0, from 9.0.0 through 9.22.0, from 10.0.0 through 10.8.0.\n\nUsers are recommended to upgrade to version 10.9.0, which fixes the issue.", "score": 7.5, "severity": "HIGH", "published": "2026-05-06T10:16:26.037Z", "lastModified": "2026-05-06T20:29:51.313", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43646", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.0}, {"id": "CVE-2026-43164", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nudplite: Fix null-ptr-deref in __udp_enqueue_schedule_skb().\n\nsyzbot reported null-ptr-deref of udp_sk(sk)->udp_prod_queue. [0]\n\nSince the cited commit, udp_lib_init_sock() can fail, as can\nudp_init_sock() and udpv6_init_sock().\n\nL...", "score": 7.5, "severity": "HIGH", "published": "2026-05-06T12:16:34.540Z", "lastModified": "2026-05-13T21:19:27.667", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43164", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 31.0}, {"id": "CVE-2026-43184", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nrnbd-srv: Zero the rsp buffer before using it\n\nBefore using the data buffer to send back the response message, zero it\ncompletely. This prevents any stray bytes to be picked up by the client\nside when there the message is exchanged...", "score": 7.5, "severity": "HIGH", "published": "2026-05-06T12:16:37.053Z", "lastModified": "2026-05-11T20:56:19.280", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43184", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 31.0}, {"id": "CVE-2026-43194", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: consume xmit errors of GSO frames\n\nudpgro_frglist.sh and udpgro_bench.sh are the flakiest tests\ncurrently in NIPA. They fail in the same exact way, TCP GRO\ntest stalls occasionally and the test gets killed after 10min.\n\nThese ...", "score": 7.5, "severity": "HIGH", "published": "2026-05-06T12:16:38.310Z", "lastModified": "2026-05-11T20:11:10.707", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43194", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 31.0}, {"id": "CVE-2026-43199", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Fix \"scheduling while atomic\" in IPsec MAC address query\n\nFix a \"scheduling while atomic\" bug in mlx5e_ipsec_init_macs() by\nreplacing mlx5_query_mac_address() with ether_addr_copy() to get the\nlocal MAC address directly ...", "score": 7.5, "severity": "HIGH", "published": "2026-05-06T12:16:38.970Z", "lastModified": "2026-05-11T20:12:24.760", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43199", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 31.0}, {"id": "CVE-2026-43203", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\natm: fore200e: fix use-after-free in tasklets during device removal\n\nWhen the PCA-200E or SBA-200E adapter is being detached, the fore200e\nis deallocated. However, the tx_tasklet or rx_tasklet may still be running\nor pending, leadi...", "score": 7.5, "severity": "HIGH", "published": "2026-05-06T12:16:39.477Z", "lastModified": "2026-05-11T20:10:27.037", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43203", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 31.0}, {"id": "CVE-2026-43213", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw89: pci: validate sequence number of TX release report\n\nHardware rarely reports abnormal sequence number in TX release report,\nwhich will access out-of-bounds of wd_ring->pages array, causing NULL\npointer dereference.\n\n  B...", "score": 7.5, "severity": "HIGH", "published": "2026-05-06T12:16:40.803Z", "lastModified": "2026-05-11T19:55:22.140", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43213", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 31.0}, {"id": "CVE-2026-43226", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/rds: No shortcut out of RDS_CONN_ERROR\n\nRDS connections carry a state \"rds_conn_path::cp_state\"\nand transitions from one state to another and are conditional\nupon an expected state: \"rds_conn_path_transition.\"\n\nThere is one exc...", "score": 7.5, "severity": "HIGH", "published": "2026-05-06T12:16:42.393Z", "lastModified": "2026-05-08T21:17:34.370", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43226", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 31.0}, {"id": "CVE-2026-43230", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/rds: Clear reconnect pending bit\n\nWhen canceling the reconnect worker, care must be taken to reset the\nreconnect-pending bit. If the reconnect worker has not yet been\nscheduled before it is canceled, the reconnect-pending bit w...", "score": 7.5, "severity": "HIGH", "published": "2026-05-06T12:16:42.957Z", "lastModified": "2026-05-08T21:19:05.897", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43230", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 31.0}, {"id": "CVE-2026-43245", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nntfs: ->d_compare() must not block\n\n... so don't use __getname() there.  Switch it (and ntfs_d_hash(), while\nwe are at it) to kmalloc(PATH_MAX, GFP_NOWAIT).  Yes, ntfs_d_hash()\nalmost certainly can do with smaller allocations, but ...", "score": 7.5, "severity": "HIGH", "published": "2026-05-06T12:16:44.997Z", "lastModified": "2026-05-11T13:34:25.543", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43245", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 31.0}, {"id": "CVE-2026-43253", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/amd: move wait_on_sem() out of spinlock\n\nWith iommu.strict=1, the existing completion wait path can cause soft\nlockups under stressed environment, as wait_on_sem() busy-waits under the\nspinlock with interrupts disabled.\n\nMove...", "score": 7.5, "severity": "HIGH", "published": "2026-05-06T12:16:46.033Z", "lastModified": "2026-05-11T18:40:35.057", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43253", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 31.0}, {"id": "CVE-2026-43254", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\novpn: tcp - fix packet extraction from stream\n\nWhen processing TCP stream data in ovpn_tcp_recv, we receive large\ncloned skbs from __strp_rcv that may contain multiple coalesced packets.\nThe current implementation has two bugs:\n\n1....", "score": 7.5, "severity": "HIGH", "published": "2026-05-06T12:16:46.143Z", "lastModified": "2026-05-11T18:21:13.677", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43254", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 31.0}, {"id": "CVE-2026-40562", "description": "Gazelle versions through 0.49 for Perl allows HTTP Request Smuggling via Improper Header Precedence.\n\nGazelle incorrectly prioritizes \"Content-Length\" over \"Transfer-Encoding: chunked\" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence.\n\nAn a...", "score": 7.5, "severity": "HIGH", "published": "2026-05-06T13:16:09.110Z", "lastModified": "2026-05-11T15:04:24.637", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40562", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.0}, {"id": "CVE-2026-23870", "description": "A denial of service vulnerability could be triggered by sending specially crafted HTTP requests to server function endpoints, this could lead to server crashes, out-of-memory exceptions or excessive CPU usage; affecting the following packages: react-server-dom-webpack, react-server-dom-parcel, react...", "score": 7.5, "severity": "HIGH", "published": "2026-05-06T17:16:22.043Z", "lastModified": "2026-05-07T14:52:27.380", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23870", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.0}, {"id": "CVE-2026-34473", "description": "Unauthenticated DoS in ZTE H8102E, H168N, H167A, H199A, H288A, H198A, H267A, H267N, H268A, H388X, H196A, H369A, H268N, H208N, H367N, H181A, and H196Q. A denial-of-service condition can be triggered against the router's web interface by sending an oversized application/x-www-form-urlencoded POST body...", "score": 7.5, "severity": "HIGH", "published": "2026-05-06T19:16:36.413Z", "lastModified": "2026-05-07T15:15:06.770", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34473", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.0}, {"id": "CVE-2026-34474", "description": "Sensitive data exposure leading to admin/WLAN credential leak in ZTE ZXHN H298A 1.1 and H108N 2.6. A crafted request to the router web interface can expose sensitive device and account information. In affected builds, the response may include the administrator password and WLAN PSK, enabling authent...", "score": 7.5, "severity": "HIGH", "published": "2026-05-06T19:16:36.523Z", "lastModified": "2026-05-07T15:15:06.770", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34474", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.0}, {"id": "CVE-2026-7897", "description": "Use after free in Mobile in Google Chrome on iOS prior to 148.0.7778.96 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)", "score": 7.5, "severity": "HIGH", "published": "2026-05-06T19:16:37.990Z", "lastModified": "2026-05-06T23:43:15.077", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7897", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 31.0}, {"id": "CVE-2026-7929", "description": "Use after free in MediaRecording in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)", "score": 7.5, "severity": "HIGH", "published": "2026-05-06T19:16:41.240Z", "lastModified": "2026-05-06T23:37:01.770", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7929", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 31.0}, {"id": "CVE-2026-7948", "description": "Race in Chromoting in Google Chrome on Windows prior to 148.0.7778.96 allowed a local attacker to perform privilege escalation via a malicious file. (Chromium security severity: Medium)", "score": 7.5, "severity": "HIGH", "published": "2026-05-06T19:16:43.113Z", "lastModified": "2026-05-07T02:08:49.620", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7948", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 31.0}, {"id": "CVE-2026-7976", "description": "Use after free in Views in Google Chrome prior to 148.0.7778.96 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium security severity: Medium)", "score": 7.5, "severity": "HIGH", "published": "2026-05-06T19:16:48.477Z", "lastModified": "2026-05-06T23:26:18.053", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7976", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 31.0}, {"id": "CVE-2026-8007", "description": "Insufficient validation of untrusted input in Cast in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. (Chromium security severity: Low)", "score": 7.5, "severity": "HIGH", "published": "2026-05-06T19:16:51.673Z", "lastModified": "2026-05-07T15:17:36.547", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8007", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 31.0}, {"id": "CVE-2026-41689", "description": "Wallos is an open-source, self-hostable personal subscription tracker. In versions 4.8.4 and prior, the webhook notification feature reuses an administrator-configured local-target allowlist for every logged-in user. Any normal user can fully control a webhook URL, headers, and body, then use Wallos...", "score": 6.0, "severity": "MEDIUM", "published": "2026-05-07T15:16:09.387Z", "lastModified": "2026-05-07T16:16:20.623", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41689", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.0}, {"id": "CVE-2026-46469", "description": "An issue was discovered in GStreamer gst-plugins-good before 1.28.2. When parsing MP4 audio tracks, the isomp4 plugin's qtdemux_parse_trak function does not sufficiently validate atom data before performing division operations, leading to denial of service due to integer division by zero.", "score": 4.0, "severity": "MEDIUM", "published": "2026-05-14T18:16:50.653Z", "lastModified": "2026-05-14T18:24:08.747", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46469", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.0}, {"id": "CVE-2026-46470", "description": "An issue was discovered in GStreamer gst-plugins-good before 1.28.2. When parsing MP4 audio tracks, the isomp4 plugin's qtdemux_audio_caps function does not sufficiently validate atom data before performing division operations, leading to denial of service due to integer division by zero.", "score": 4.0, "severity": "MEDIUM", "published": "2026-05-14T18:16:50.790Z", "lastModified": "2026-05-14T18:24:08.747", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46470", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 31.0}, {"id": "CVE-2026-42799", "description": "Out-of-bounds read vulnerability in ASR Kestrel (nr_fw modules) allows Overflow Buffers.\n\n This vulnerability is associated with program files Code/Nr/nr_fw/RA/src/NrPwrCtrl.C.\n\n\n\nThis issue affects Kestrel: before 2026/02/10.", "score": 7.4, "severity": "HIGH", "published": "2026-04-30T09:16:03.473Z", "lastModified": "2026-05-05T02:53:31.087", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42799", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 30.6}, {"id": "CVE-2026-42800", "description": "NULL pointer dereference vulnerability in ASR1903 in ASR Lapwing_Linux on Linux (ims_client modules) allows Pointer Manipulation.\n\n This vulnerability is associated with program files sip/utils/src/sipuri.c.", "score": 7.4, "severity": "HIGH", "published": "2026-04-30T10:16:02.203Z", "lastModified": "2026-05-05T02:54:21.057", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42800", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 30.6}, {"id": "CVE-2026-41882", "description": "In JetBrains IntelliJ IDEA before 2024.3.7.1, \n2025.1.7.1,\n2025.2.6.2,  \n2025.3.4.1, \n2026.1.1 reading arbitrary local files was possible via built-in web server", "score": 7.4, "severity": "HIGH", "published": "2026-04-30T12:16:24.207Z", "lastModified": "2026-05-05T00:24:51.107", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41882", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 30.6}, {"id": "CVE-2026-42366", "description": "Multiple reflected cross-site scripting (xss) vulnerabilities exist in the Web Interface / ssi.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted malicious url can lead to an arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerabilit...", "score": 7.4, "severity": "HIGH", "published": "2026-05-04T01:16:03.753Z", "lastModified": "2026-05-05T02:43:57.137", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42366", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 30.6}, {"id": "CVE-2026-7371", "description": "Multiple reflected cross-site scripting (xss) vulnerabilities exist in the Web Interface / ssi.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted malicious url can lead to an arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerabilit...", "score": 7.4, "severity": "HIGH", "published": "2026-05-04T01:16:04.590Z", "lastModified": "2026-05-05T02:39:20.760", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7371", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 30.6}, {"id": "CVE-2025-62127", "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WEN Themes WEN Logo Slider allows DOM-Based XSS.\n\nThis issue affects WEN Logo Slider: from n/a through 3.4.0.", "score": 5.9, "severity": "MEDIUM", "published": "2026-05-07T09:16:26.347Z", "lastModified": "2026-05-07T14:00:48.567", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62127", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 30.6}, {"id": "CVE-2026-39817", "description": "The \"go tool pack\" subcommand (usually used only by the compiler as an internal tool with known-good inputs) does not sanitize output filenames. Extracting a malicious archive file with the \"pack\" subcommand can write files to arbitrary locations on the filesystem.", "score": 5.9, "severity": "MEDIUM", "published": "2026-05-07T20:16:42.983Z", "lastModified": "2026-05-13T14:59:28.477", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39817", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 30.6}, {"id": "CVE-2026-42225", "description": "PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, on GnuTLS builds, the SIP TLS transport (sip_transport_tls) can accept connections with invalid or untrusted certificates even when the application explicitly enables certificate verification via ve...", "score": 5.9, "severity": "MEDIUM", "published": "2026-05-07T20:16:43.960Z", "lastModified": "2026-05-12T15:53:39.970", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42225", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 30.6}, {"id": "CVE-2026-6666", "description": "A possible null pointer reference in PgBouncer before 1.25.2 could lead to a crash, if a server sends an error response without SQLSTATE field.", "score": 5.9, "severity": "MEDIUM", "published": "2026-05-09T01:16:09.153Z", "lastModified": "2026-05-14T18:49:25.253", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6666", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 30.6}, {"id": "CVE-2026-8261", "description": "A vulnerability was determined in Squirrel up to 3.2. This affects the function SQFunctionProto::Load of the file squirrel/sqobject.cpp. This manipulation causes heap-based buffer overflow. The attack is restricted to local execution. The exploit has been publicly disclosed and may be utilized. The ...", "score": 5.9, "severity": "MEDIUM", "published": "2026-05-11T02:16:27.750Z", "lastModified": "2026-05-13T14:47:15.150", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8261", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 30.6}, {"id": "CVE-2026-7505", "description": "A flaw has been found in nextlevelbuilder GoClaw and GoClaw Lite up to 3.8.5. This affects an unknown function of the component RPC Handler. This manipulation causes improper authorization. The attack may be initiated remotely. The exploit has been published and may be used. Upgrading to version 3.9...", "score": 7.3, "severity": "HIGH", "published": "2026-04-30T23:16:20.740Z", "lastModified": "2026-05-01T15:26:24.553", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7505", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 30.2}, {"id": "CVE-2026-7506", "description": "A vulnerability has been found in SourceCodester Hotel Management System 1.0. This impacts an unknown function of the file /index.php/reservation/check. Such manipulation of the argument room_type leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the publ...", "score": 7.3, "severity": "HIGH", "published": "2026-04-30T23:16:20.917Z", "lastModified": "2026-05-01T15:26:24.553", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7506", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 30.2}, {"id": "CVE-2026-7519", "description": "A vulnerability has been found in Fujian Apex LiveBOS up to 2.0. Impacted is an unknown function of the file /feed/UploadImage.do of the component Endpoint. Such manipulation of the argument filename leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the ...", "score": 7.3, "severity": "HIGH", "published": "2026-05-01T01:16:17.910Z", "lastModified": "2026-05-01T15:26:24.553", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7519", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 30.2}, {"id": "CVE-2026-7545", "description": "A weakness has been identified in SourceCodester Advanced School Management System 1.0. The affected element is an unknown function of the file commonController.php of the component checkEmail Endpoint. This manipulation causes sql injection. Remote exploitation of the attack is possible. The exploi...", "score": 7.3, "severity": "HIGH", "published": "2026-05-01T02:16:04.723Z", "lastModified": "2026-05-01T15:26:24.553", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7545", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 30.2}, {"id": "CVE-2026-7549", "description": "A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. This impacts an unknown function of the file /ajax.php?action=delete_customer. Executing a manipulation of the argument ID can lead to sql injection. The attack may be performed from remote. The exploit has been publish...", "score": 7.3, "severity": "HIGH", "published": "2026-05-01T05:16:03.657Z", "lastModified": "2026-05-01T15:26:24.553", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7549", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 30.2}, {"id": "CVE-2026-7550", "description": "A vulnerability has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. Affected is an unknown function of the file /ajax.php?action=save_customer. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been discl...", "score": 7.3, "severity": "HIGH", "published": "2026-05-01T05:16:03.847Z", "lastModified": "2026-05-01T15:26:24.553", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7550", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 30.2}, {"id": "CVE-2026-7555", "description": "A vulnerability was identified in itsourcecode Electronic Judging System 1.0. This affects an unknown part of the file /intrams/login.php. Such manipulation of the argument Username leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used.", "score": 7.3, "severity": "HIGH", "published": "2026-05-01T06:16:32.670Z", "lastModified": "2026-05-01T15:26:24.553", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7555", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 30.2}, {"id": "CVE-2026-7579", "description": "A security vulnerability has been detected in AstrBotDevs AstrBot up to 4.16.0. This issue affects some unknown processing of the file astrbot/dashboard/routes/auth.py of the component Dashboard. The manipulation leads to hard-coded credentials. It is possible to initiate the attack remotely. The ex...", "score": 7.3, "severity": "HIGH", "published": "2026-05-01T12:16:17.027Z", "lastModified": "2026-05-04T14:16:37.333", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7579", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 30.2}, {"id": "CVE-2026-43025", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: ctnetlink: ignore explicit helper on new expectations\n\nUse the existing master conntrack helper, anything else is not really\nsupported and it just makes validation more complicated, so just ignore\nwhat helper userspace s...", "score": 7.3, "severity": "HIGH", "published": "2026-05-01T15:16:46.903Z", "lastModified": "2026-05-08T18:17:47.127", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43025", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 30.2}, {"id": "CVE-2026-7590", "description": "A vulnerability was identified in eyal-gor p_69_branch_monkey_mcp up to 69bc71874ce40050ef45fde5a435855f18af3373. The affected element is an unknown function of the file branch_monkey_mcp/bridge_and_local_actions/routes/advanced.py of the component Preview Endpoint. Such manipulation of the argument...", "score": 7.3, "severity": "HIGH", "published": "2026-05-01T19:16:33.603Z", "lastModified": "2026-05-01T20:21:53.960", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7590", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 30.2}, {"id": "CVE-2026-7592", "description": "A weakness has been identified in itsourcecode Courier Management System 1.0. This affects an unknown function of the file /edit_staff.php. Executing a manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been made available to the public an...", "score": 7.3, "severity": "HIGH", "published": "2026-05-01T20:16:24.970Z", "lastModified": "2026-05-01T20:21:53.960", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7592", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 30.2}, {"id": "CVE-2026-7593", "description": "A security vulnerability has been detected in Sunwood-ai-labs command-executor-mcp-server up to 0.1.0. This impacts the function execute_command of the file src/index.ts of the component MCP Interface. The manipulation leads to os command injection. Remote exploitation of the attack is possible. The...", "score": 7.3, "severity": "HIGH", "published": "2026-05-01T21:16:17.787Z", "lastModified": "2026-05-05T19:17:22.860", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7593", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 30.2}, {"id": "CVE-2026-7594", "description": "A vulnerability was detected in Flux159 mcp-game-asset-gen 0.1.0. Affected is the function image_to_3d_async of the file src/index.ts of the component MCP Interface. The manipulation of the argument statusFile results in path traversal. The attack can be executed remotely. The exploit is now public ...", "score": 7.3, "severity": "HIGH", "published": "2026-05-01T21:16:17.960Z", "lastModified": "2026-05-05T19:17:22.860", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7594", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 30.2}, {"id": "CVE-2026-7598", "description": "A security vulnerability has been detected in libssh2 up to 1.11.1. The impacted element is the function userauth_password of the file src/userauth.c. Such manipulation of the argument username_len/password_len leads to integer overflow. The attack may be launched remotely. The name of the patch is ...", "score": 7.3, "severity": "HIGH", "published": "2026-05-01T22:16:16.947Z", "lastModified": "2026-05-07T01:47:08.857", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7598", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 30.2}, {"id": "CVE-2026-7630", "description": "A vulnerability has been found in innocommerce InnoShop up to 0.7.8. The affected element is the function InstallServiceProvider::boot of the file innopacks/install/src/InstallServiceProvider.php of the component Installation Endpoint. The manipulation leads to improper authentication. Remote exploi...", "score": 7.3, "severity": "HIGH", "published": "2026-05-02T14:16:18.160Z", "lastModified": "2026-05-05T19:15:06.200", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7630", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 30.2}, {"id": "CVE-2026-7632", "description": "A vulnerability was determined in code-projects Online Hospital Management System 1.0. This affects an unknown function of the file /viewappointment.php. This manipulation of the argument delid causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly dis...", "score": 7.3, "severity": "HIGH", "published": "2026-05-02T14:16:18.510Z", "lastModified": "2026-05-05T19:15:06.200", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7632", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 30.2}, {"id": "CVE-2026-7644", "description": "A vulnerability has been found in ChatGPTNextWeb NextChat up to 2.16.1. Affected is the function addMcpServer of the file app/mcp/actions.ts. The manipulation leads to improper authorization. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used....", "score": 7.3, "severity": "HIGH", "published": "2026-05-02T15:16:14.373Z", "lastModified": "2026-05-05T19:15:06.200", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7644", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 30.2}, {"id": "CVE-2026-7668", "description": "A vulnerability was identified in MikroTik RouterOS 6.49.8. This vulnerability affects the function ASN1_STRING_data in the library nova/lib/www/scep.p of the component SCEP Endpoint. The manipulation of the argument transactionID/messageType leads to out-of-bounds read. The attack may be initiated ...", "score": 7.3, "severity": "HIGH", "published": "2026-05-02T21:16:07.677Z", "lastModified": "2026-05-05T19:15:34.330", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7668", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 30.2}, {"id": "CVE-2026-7670", "description": "A flaw has been found in Jinher OA 1.0. The affected element is an unknown function of the file /C6/JHSoft.Web.PlanSummarize/UserSel.aspx. This manipulation of the argument DeptIDList causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be u...", "score": 7.3, "severity": "HIGH", "published": "2026-05-02T23:16:16.860Z", "lastModified": "2026-05-04T15:19:34.637", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7670", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 30.2}, {"id": "CVE-2026-7679", "description": "A security flaw has been discovered in YunaiV yudao-cloud up to 2026.01. This impacts the function getAccessToken of the file yudao-module-system-biz/src/main/java/io/github/ruoyi/common/oauth2/service/impl/OAuth2TokenServiceImpl.java. Performing a manipulation results in improper authentication. Th...", "score": 7.3, "severity": "HIGH", "published": "2026-05-03T05:15:59.207Z", "lastModified": "2026-05-05T19:13:44.530", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7679", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 30.2}, {"id": "CVE-2026-7694", "description": "A flaw has been found in Acrel Electrical ECEMS Enterprise Microgrid Energy Efficiency Management System 1.3.0. The impacted element is an unknown function of the file /SubstationWEBV2/main/elecMaxMinAvgValue. Executing a manipulation of the argument fCircuitids can lead to sql injection. The attack...", "score": 7.3, "severity": "HIGH", "published": "2026-05-03T12:15:59.700Z", "lastModified": "2026-05-05T19:13:44.530", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7694", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 30.2}, {"id": "CVE-2026-7695", "description": "A vulnerability has been found in Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform 1.3.0. This affects an unknown function of the file /SubstationWEBV2/main/elecMaxMinAvgValue. The manipulation of the argument fCircuitids leads to sql injection. The attack may be initi...", "score": 7.3, "severity": "HIGH", "published": "2026-05-03T13:16:08.797Z", "lastModified": "2026-05-05T19:11:29.130", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7695", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 30.2}, {"id": "CVE-2026-7698", "description": "A vulnerability was identified in Tiandy Easy7 Integrated Management Platform 7.17.0. Affected by this vulnerability is an unknown functionality of the file /Easy7/rest/systemInfo/updateDbBackupInfo. Such manipulation of the argument week leads to os command injection. The attack can be executed rem...", "score": 7.3, "severity": "HIGH", "published": "2026-05-03T14:16:27.107Z", "lastModified": "2026-05-05T19:11:29.130", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7698", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 30.2}, {"id": "CVE-2026-7703", "description": "A flaw has been found in AV Stumpfl Pixera Two Media Server up to 25.2 R2. Impacted is an unknown function of the component Websocket API. This manipulation causes code injection. The attack can be initiated remotely. The exploit has been published and may be used. Upgrading to version 25.2 R3 is re...", "score": 7.3, "severity": "HIGH", "published": "2026-05-03T17:16:13.393Z", "lastModified": "2026-05-05T19:13:44.530", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7703", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 30.2}, {"id": "CVE-2026-7710", "description": "A security flaw has been discovered in YunaiV yudao-cloud up to 3.8.0. This affects the function doFilterInternal of the file JwtAuthenticationTokenFilter.java of the component Ruoyi-Vue-Pro. Performing a manipulation of the argument mock-token results in improper authentication. Remote exploitation...", "score": 7.3, "severity": "HIGH", "published": "2026-05-04T00:16:39.633Z", "lastModified": "2026-05-05T19:11:29.130", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7710", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 30.2}, {"id": "CVE-2026-7711", "description": "A weakness has been identified in MindsDB up to 26.01. This impacts the function exec of the file mindsdb/integrations/handlers/byom_handler/proc_wrapper.py of the component Engine Handler. Executing a manipulation can lead to unrestricted upload. The attack can be executed remotely. The exploit has...", "score": 7.3, "severity": "HIGH", "published": "2026-05-04T00:16:39.817Z", "lastModified": "2026-05-05T19:13:44.530", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7711", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 30.2}, {"id": "CVE-2026-7723", "description": "A flaw has been found in PrefectHQ prefect up to 3.6.13. Affected is an unknown function of the file /api/events/in of the component WebSocket Endpoint. Executing a manipulation can lead to missing authentication. The attack may be performed from remote. The exploit has been published and may be use...", "score": 7.3, "severity": "HIGH", "published": "2026-05-04T03:16:13.143Z", "lastModified": "2026-05-04T22:16:19.943", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7723", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 30.2}, {"id": "CVE-2026-7727", "description": "A vulnerability was determined in Shandong Hoteam Software PDM Product Data Management System up to 8.3.9. This affects the function GetQueryMachineGridOnePageData of the file /Base/BaseService.asmx/DataService. This manipulation of the argument SortOrder causes sql injection. The attack can be init...", "score": 7.3, "severity": "HIGH", "published": "2026-05-04T05:16:00.800Z", "lastModified": "2026-05-04T15:18:40.077", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7727", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 30.2}, {"id": "CVE-2026-7733", "description": "A flaw has been found in funadmin up to 7.1.0-rc6. This affects the function UploadService::chunkUpload of the file app/common/service/UploadService.php of the component Frontend Chunked Upload Endpoint. This manipulation of the argument File causes unrestricted upload. The attack is possible to be ...", "score": 7.3, "severity": "HIGH", "published": "2026-05-04T06:16:02.027Z", "lastModified": "2026-05-05T19:11:29.130", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7733", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 30.2}, {"id": "CVE-2026-7735", "description": "A vulnerability was found in osrg GoBGP up to 4.3.0. Affected is the function PathAttributeAigp.DecodeFromBytes of the file pkg/packet/bgp/bgp.go of the component AIGP Attribute Parser. Performing a manipulation results in buffer overflow. It is possible to initiate the attack remotely. Upgrading to...", "score": 7.3, "severity": "HIGH", "published": "2026-05-04T06:16:02.367Z", "lastModified": "2026-05-06T20:27:05.880", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7735", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 30.2}, {"id": "CVE-2026-7736", "description": "A vulnerability was determined in osrg GoBGP up to 4.3.0. Affected by this vulnerability is the function parseRibEntry of the file pkg/packet/mrt/mrt.go. Executing a manipulation can lead to integer underflow. It is possible to launch the attack remotely. Upgrading to version 4.4.0 addresses this is...", "score": 7.3, "severity": "HIGH", "published": "2026-05-04T07:16:01.517Z", "lastModified": "2026-05-06T20:27:43.610", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7736", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 30.2}, {"id": "CVE-2026-7784", "description": "A vulnerability has been found in RTGS2017 NagaAgent up to 5.1.0. This issue affects some unknown processing of the file apiserver/routes/extensions.py of the component Skills Endpoint. Such manipulation of the argument Name leads to path traversal. It is possible to launch the attack remotely. The ...", "score": 7.3, "severity": "HIGH", "published": "2026-05-05T00:16:17.647Z", "lastModified": "2026-05-05T19:10:02.317", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7784", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 30.2}, {"id": "CVE-2026-7785", "description": "A security flaw has been discovered in A-G-U-P-T-A wireshark-mcp edaf604416fbc94a201b4043092d4a1b09a12275/400c3da70074f22f3cce7ccb65304cafc7089c89. This affects the function quick_capture of the file pyshark_mcp.py. The manipulation results in os command injection. The attack may be launched remotel...", "score": 7.3, "severity": "HIGH", "published": "2026-05-05T00:16:17.827Z", "lastModified": "2026-05-05T19:10:02.317", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7785", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 30.2}, {"id": "CVE-2026-7788", "description": "A security flaw has been discovered in Axle-Bucamp MCP-Docusaurus up to 404bc028e15ec304c9a045528560f4b5f27a17e0. The affected element is the function update_document/continue_document/delete_document/get_content of the file app/routes/document.py. Performing a manipulation of the argument DOCS_DIR/...", "score": 7.3, "severity": "HIGH", "published": "2026-05-05T00:16:18.003Z", "lastModified": "2026-05-05T19:10:02.317", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7788", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 30.2}, {"id": "CVE-2026-7810", "description": "A flaw has been found in UsamaK98 python-notebook-mcp up to a05a232815809a7e425b5fa7be26e0d4369894c2. Impacted is the function create_notebook/read_notebook/edit_cell/add_cell of the file server.py. This manipulation causes path traversal. It is possible to initiate the attack remotely. The exploit ...", "score": 7.3, "severity": "HIGH", "published": "2026-05-05T04:16:19.960Z", "lastModified": "2026-05-05T19:08:20.090", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7810", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 30.2}, {"id": "CVE-2026-7811", "description": "A vulnerability has been found in 54yyyu code-mcp up to 4cfc4643541a110c906d93635b391bf7e357f4a8. The affected element is the function is_safe_path of the file src/code_mcp/server.py of the component MCP File Handler. Such manipulation leads to path traversal. It is possible to launch the attack rem...", "score": 7.3, "severity": "HIGH", "published": "2026-05-05T05:16:00.537Z", "lastModified": "2026-05-05T19:08:20.090", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7811", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 30.2}, {"id": "CVE-2026-7812", "description": "A vulnerability was found in 54yyyu code-mcp up to 4cfc4643541a110c906d93635b391bf7e357f4a8. The impacted element is the function git_operation of the file src/code_mcp/server.py of the component MCP Tool. Performing a manipulation of the argument operation results in command injection. The attack c...", "score": 7.3, "severity": "HIGH", "published": "2026-05-05T05:16:00.720Z", "lastModified": "2026-05-05T19:08:20.090", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7812", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 30.2}, {"id": "CVE-2026-43869", "description": "Improper Validation of Certificate with Host Mismatch vulnerability in Apache Thrift.\n\nThis issue affects Apache Thrift: before 0.23.0.\n\nUsers are recommended to upgrade to version 0.23.0, which fixes the issue.", "score": 7.3, "severity": "HIGH", "published": "2026-05-05T08:16:01.063Z", "lastModified": "2026-05-06T18:05:26.533", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43869", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 30.2}, {"id": "CVE-2026-43870", "description": "Origin Validation Error, Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting'), Uncontrolled Resource Consumption vulnerability in Apache Thrift.\n\nThis issue affects Apache Thrift:...", "score": 7.3, "severity": "HIGH", "published": "2026-05-05T09:16:04.340Z", "lastModified": "2026-05-06T18:05:04.997", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43870", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 30.2}, {"id": "CVE-2026-43531", "description": "OpenClaw before 2026.4.9 contains an environment variable injection vulnerability allowing malicious workspace .env files to set runtime-control variables. Attackers can inject variables affecting update sources, gateway URLs, ClawHub resolution, and browser executable paths to compromise applicatio...", "score": 7.3, "severity": "HIGH", "published": "2026-05-05T12:16:19.337Z", "lastModified": "2026-05-07T15:59:05.310", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43531", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 30.2}, {"id": "CVE-2026-29168", "description": "Allocation of Resources Without Limits or Throttling vulnerability in Apache HTTP Server's\u00a0 mod_md via OCSP response data.\n\nThis issue affects Apache HTTP Server: from 2.4.30 through 2.4.66.\n\nUsers are recommended to upgrade to version 2.4.67, which fixes the issue.", "score": 7.3, "severity": "HIGH", "published": "2026-05-05T14:16:08.507Z", "lastModified": "2026-05-06T18:39:20.980", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29168", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 30.2}, {"id": "CVE-2026-40110", "description": "Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, the Origin header validation uses Python's re.match() to check incoming origins against the allow_origin_pat configuration value. Because re.match() only anchors at the start of the string and does not requir...", "score": 7.3, "severity": "HIGH", "published": "2026-05-05T22:16:00.663Z", "lastModified": "2026-05-11T12:59:21.687", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40110", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 30.2}, {"id": "CVE-2026-8032", "description": "A flaw has been found in PicoTronica e-Clinic Healthcare System ECHS 5.7. The impacted element is an unknown function of the file /cdemos/echs/priv/echs.js. This manipulation of the argument ADMIN_KEY causes hard-coded credentials. The attack is possible to be carried out remotely. The exploit has b...", "score": 7.3, "severity": "HIGH", "published": "2026-05-06T20:16:36.197Z", "lastModified": "2026-05-07T14:08:07.340", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8032", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 30.2}, {"id": "CVE-2026-42279", "description": "solidtime is an open-source time-tracking app. In version 0.12.0, the PUT /api/v1/organizations/{organization}/time-entries/{timeEntry} API accepts a route-bound timeEntry from another organization when the caller has time-entries:update:all in the URL organization, allowing a known foreign time-ent...", "score": 5.8, "severity": "MEDIUM", "published": "2026-05-08T05:16:11.063Z", "lastModified": "2026-05-08T19:44:22.563", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42279", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 30.2}, {"id": "CVE-2026-44459", "description": "Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.18, improper validation of the JWT NumericDate claims exp, nbf, and iat in hono/utils/jwt allows tokens with non-spec-compliant claim values to silently bypass time-based checks. This issue is not exp...", "score": 3.8, "severity": "LOW", "published": "2026-05-13T16:16:57.970Z", "lastModified": "2026-05-13T18:21:48.107", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44459", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 30.2}, {"id": "CVE-2026-33585", "description": "Improper management of the idle timeout parameter\u00a0in the Keycloak interface of\u00a0the Arqit SKA-Platform enables an attacker to impersonate an authenticated tenant user via an unexpired browser session.\n\n\n\nThis issue affects Symmetric Key Agreement Platform: before 26.03.", "score": 3.8, "severity": "LOW", "published": "2026-05-13T19:17:07.330Z", "lastModified": "2026-05-14T17:19:49.973", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33585", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 30.2}, {"id": "CVE-2026-6923", "description": "A side-channel attack, which requires a physical presence to the TPM, can lead to extraction of an Elliptic Curve Diffie-Hellman (ECDH) key.", "score": 3.8, "severity": "LOW", "published": "2026-05-14T17:16:24.213Z", "lastModified": "2026-05-14T18:24:08.747", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6923", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 30.2}, {"id": "CVE-2026-44992", "description": "OpenClaw versions 2026.4.5 before 2026.4.20 contain an environment variable injection vulnerability allowing workspace dotenv to override MINIMAX_API_HOST. Attackers can redirect credentialed MiniMax API requests to attacker-controlled origins, exposing the MiniMax API key in Authorization headers.", "score": 5.0, "severity": "MEDIUM", "published": "2026-05-11T18:16:38.943Z", "lastModified": "2026-05-13T14:10:59.383", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44992", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 30.0}, {"id": "CVE-2026-45000", "description": "OpenClaw before 2026.4.20 contains a server-side request forgery vulnerability in browser CDP profile creation that skips strict-mode SSRF policy checks. Attackers can create stored profiles pointing to private-network or metadata endpoints that bypass security policies and are later probed during n...", "score": 5.0, "severity": "MEDIUM", "published": "2026-05-11T18:16:40.087Z", "lastModified": "2026-05-13T14:12:59.637", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45000", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 30.0}, {"id": "CVE-2026-45003", "description": "OpenClaw before 2026.4.22 allows workspace dotenv files to override connector endpoint hosts for Matrix, Mattermost, IRC, and Synology connectors. Attackers with workspace access can redirect runtime traffic to malicious endpoints by setting endpoint variables in dotenv files.", "score": 5.0, "severity": "MEDIUM", "published": "2026-05-11T18:16:40.523Z", "lastModified": "2026-05-13T14:13:30.933", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45003", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 30.0}, {"id": "CVE-2026-41195", "description": "mosparo is the modern solution to protect your online forms from spam. Prior to 1.4.13, the automatic rule package source URL feature allows a project member with the editor role to store an attacker-controlled URL that the server later fetches. Because the server follows http/https redirects and do...", "score": 5.0, "severity": "MEDIUM", "published": "2026-05-12T22:16:34.050Z", "lastModified": "2026-05-13T18:15:26.870", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41195", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 30.0}, {"id": "CVE-2026-7246", "description": "Pallets Click, versions 8.3.2 and below, contain a command injection vulnerability in the click.edit() function, allowing attackers to pass arbitrary OS commands from an unprivileged account.", "score": 7.2, "severity": "HIGH", "published": "2026-04-30T14:16:36.433Z", "lastModified": "2026-04-30T16:39:47.257", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7246", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 29.8}, {"id": "CVE-2026-7461", "description": "Improper neutralization of inputs used in an OS command in the FSx Windows File Server volume mounting component in Amazon ECS Agent on Windows before version 1.103.0 might allow a remote authenticated threat actor to execute shell commands with SYSTEM privileges on the underlying host via a special...", "score": 7.2, "severity": "HIGH", "published": "2026-04-30T19:16:10.737Z", "lastModified": "2026-05-05T02:18:07.730", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7461", "is_exploited": false, "epss": 0, "vendor": "WINDOWS", "mts_score": 29.8}, {"id": "CVE-2026-7435", "description": "SSCMS v7.4.0 contains a SQL injection vulnerability in the stl:sqlContent tag where the queryString attribute is passed directly to database execution without parameterization or sanitization. Attackers can craft encrypted payloads submitted to the /api/stl/actions/dynamic endpoint to execute arbitr...", "score": 7.2, "severity": "HIGH", "published": "2026-04-30T21:16:34.100Z", "lastModified": "2026-05-04T14:16:36.650", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7435", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 29.8}, {"id": "CVE-2026-5109", "description": "The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 2.10.0. This is due to insufficient validation and output escaping of Product Option field values. The vulnerability exists because the state validation function accepts submitted valu...", "score": 7.2, "severity": "HIGH", "published": "2026-05-02T06:16:03.210Z", "lastModified": "2026-05-05T19:16:18.390", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5109", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 29.8}, {"id": "CVE-2026-5110", "description": "The Gravity Forms plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in versions up to and including 2.10.0. This is due to insufficient input validation and output escaping in the SingleProduct field when used inside a Repeater field. When SingleProduct fields are nes...", "score": 7.2, "severity": "HIGH", "published": "2026-05-02T06:16:03.580Z", "lastModified": "2026-05-05T19:16:18.390", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5110", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 29.8}, {"id": "CVE-2026-5111", "description": "The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 2.10.0. This is due to insufficient input validation and output escaping on Hidden Product field values when used inside Repeater fields, where repeater subfields bypass state validati...", "score": 7.2, "severity": "HIGH", "published": "2026-05-02T06:16:03.730Z", "lastModified": "2026-05-05T19:16:18.390", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5111", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 29.8}, {"id": "CVE-2026-5112", "description": "The Gravity Forms plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in versions up to and including 2.10.0. This is due to insufficient input validation and output escaping of Calculation Product field product names when rendered inside Repeater fields. The validate()...", "score": 7.2, "severity": "HIGH", "published": "2026-05-02T06:16:03.877Z", "lastModified": "2026-05-05T19:16:18.390", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5112", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 29.8}, {"id": "CVE-2026-5113", "description": "The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Consent field hidden inputs in versions up to and including 2.10.0. This is due to a flawed state validation mechanism that fails open when input is sanitized by wp_kses(), combined with insufficient output escap...", "score": 7.2, "severity": "HIGH", "published": "2026-05-02T06:16:04.020Z", "lastModified": "2026-05-05T19:16:18.390", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5113", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 29.8}, {"id": "CVE-2026-7049", "description": "The PixelYourSite Pro \u2013 Your smart PIXEL (TAG) Manager plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 12.5.0.1 via the scan_video. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating fro...", "score": 7.2, "severity": "HIGH", "published": "2026-05-02T06:16:04.647Z", "lastModified": "2026-05-05T19:15:59.927", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7049", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 29.8}, {"id": "CVE-2026-6229", "description": "The Royal Elementor Addons plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 1.7.1057. This is due to insufficient validation of user-supplied URLs in the render_csv_data() function, which can be bypassed by including 'docs.google.com/spreadsheets' i...", "score": 7.2, "severity": "HIGH", "published": "2026-05-02T08:16:27.477Z", "lastModified": "2026-05-05T19:15:59.927", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6229", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 29.8}, {"id": "CVE-2026-5324", "description": "The Brizy \u2013 Page Builder plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in all versions up to, and including, 2.8.11 This is due to a combination of missing nonce verification for unauthenticated form submissions, insufficient handling of FileUpload fields when no ...", "score": 7.2, "severity": "HIGH", "published": "2026-05-02T09:16:22.477Z", "lastModified": "2026-05-05T19:19:23.900", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5324", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 29.8}, {"id": "CVE-2026-7490", "description": "CTMS and CPAS developed by Sunnet has an Arbitrary File Upload vulnerability, allowing privileged remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.", "score": 7.2, "severity": "HIGH", "published": "2026-05-02T10:16:18.963Z", "lastModified": "2026-05-12T13:27:45.880", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7490", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 29.8}, {"id": "CVE-2026-5063", "description": "The NEX-Forms \u2013 Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via POST parameter key names in the submit_nex_form() function in versions up to, and including, 9.1.11 due to insufficient input sanitization and output escaping. This makes it poss...", "score": 7.2, "severity": "HIGH", "published": "2026-05-03T06:15:57.650Z", "lastModified": "2026-05-05T19:13:44.530", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5063", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 29.8}, {"id": "CVE-2026-3120", "description": "Improper Control of Generation of Code ('Code Injection') vulnerability in Profelis Information and Consulting Trade and Industry Limited Company SambaBox allows OS Command Injection.\n\nThis issue affects SambaBox: from 5.1 before 5.3.", "score": 7.2, "severity": "HIGH", "published": "2026-05-04T12:16:29.393Z", "lastModified": "2026-05-05T19:34:16.627", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3120", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 29.8}, {"id": "CVE-2026-38751", "description": "OpenSTAManager version 2.10 and earlier contains an arbitrary file upload vulnerability in the module update functionality (modules/aggiornamenti/upload_modules.php)", "score": 7.2, "severity": "HIGH", "published": "2026-05-04T19:16:03.613Z", "lastModified": "2026-05-07T15:53:49.717", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-38751", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 29.8}, {"id": "CVE-2026-4803", "description": "The Royal Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'status' parameter in the wpr_update_form_action_meta AJAX action in all versions up to, and including, 1.7.1056. This is due to insufficient input sanitization and output escaping, combined with a p...", "score": 7.2, "severity": "HIGH", "published": "2026-05-05T04:16:18.230Z", "lastModified": "2026-05-05T19:08:20.090", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4803", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 29.8}, {"id": "CVE-2026-7833", "description": "A weakness has been identified in EFM ipTIME C200 up to 1.092. This vulnerability affects the function sub_408F90 of the file /cgi/iux_set.cgi of the component ApplyRestore Endpoint. This manipulation of the argument RestoreFile causes command injection. The attack can be initiated remotely. The exp...", "score": 7.2, "severity": "HIGH", "published": "2026-05-05T13:16:31.413Z", "lastModified": "2026-05-05T19:09:32.000", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7833", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 29.8}, {"id": "CVE-2026-7851", "description": "A vulnerability was identified in D-Link DI-8100 16.07.26A1. This affects the function sprintf of the file yyxz.asp. The manipulation of the argument ID leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit is publicly available and might be used.", "score": 7.2, "severity": "HIGH", "published": "2026-05-05T18:16:03.947Z", "lastModified": "2026-05-06T17:40:50.837", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7851", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 29.8}, {"id": "CVE-2026-7856", "description": "A flaw has been found in D-Link DI-8100 16.07.26A1. This affects an unknown part of the file /url_member.asp of the component Web Management Interface. Executing a manipulation of the argument Name can lead to buffer overflow. The attack can be launched remotely. The exploit has been published and m...", "score": 7.2, "severity": "HIGH", "published": "2026-05-05T20:16:41.500Z", "lastModified": "2026-05-06T17:36:03.973", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7856", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 29.8}, {"id": "CVE-2026-7857", "description": "A vulnerability has been found in D-Link DI-8100 16.07.26A1. This vulnerability affects the function sprintf of the file /user_group.asp of the component CGI Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may...", "score": 7.2, "severity": "HIGH", "published": "2026-05-05T20:16:41.677Z", "lastModified": "2026-05-06T17:28:10.060", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7857", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 29.8}, {"id": "CVE-2026-39383", "description": "Gotenberg is an API-based document conversion tool. In version 8.29.1, an unauthenticated attacker with network access can force the server to make outbound HTTP POST requests to arbitrary internal or external destinations by supplying a crafted URL in the Gotenberg-Webhook-Url request header. The F...", "score": 7.2, "severity": "HIGH", "published": "2026-05-05T21:16:22.397Z", "lastModified": "2026-05-08T19:02:10.590", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39383", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 29.8}, {"id": "CVE-2026-7332", "description": "The LatePoint \u2013 Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'booking_form_page_url' parameter in all versions up to, and including, 5.5.0 due to insufficient input sanitization and output escaping. This makes it possib...", "score": 7.2, "severity": "HIGH", "published": "2026-05-06T08:16:04.090Z", "lastModified": "2026-05-06T13:06:42.220", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7332", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 29.8}, {"id": "CVE-2026-20035", "description": "A vulnerability in the web UI of Cisco Unity Connection Web Inbox could allow an unauthenticated, remote attacker to conduct SSRF attacks through an affected device.\r\n\r\nThis vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by ...", "score": 7.2, "severity": "HIGH", "published": "2026-05-06T17:16:20.280Z", "lastModified": "2026-05-06T18:59:53.230", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20035", "is_exploited": false, "epss": 0, "vendor": "CISCO", "mts_score": 29.8}, {"id": "CVE-2026-44406", "description": "ZTE Cloud PC client\u00a0uSmartView contains a DLL hijacking vulnerability; since uSmartViewServiceAgent.exe runs with SYSTEM privileges, successful hijacking enables local arbitrary code execution, privilege escalation, and memory corruption.contains a DLL hijacking vulnerability; since uSmartViewServic...", "score": 5.7, "severity": "MEDIUM", "published": "2026-05-07T08:16:00.830Z", "lastModified": "2026-05-08T16:59:09.333", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44406", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 29.8}, {"id": "CVE-2026-42267", "description": "Kimai is an open-source time tracking application. From version 2.27.0 to before version 2.54.0, any ROLE_USER can create a tag with a formula string as its name (e.g. =SUM(54+51)) via POST /api/tags and assign it to a timesheet. When an admin exports timesheets to XLSX, ArrayFormatter.formatValue()...", "score": 5.7, "severity": "MEDIUM", "published": "2026-05-08T04:16:20.533Z", "lastModified": "2026-05-13T17:58:49.080", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42267", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 29.8}, {"id": "CVE-2026-44572", "description": "Next.js is a React framework for building full-stack web applications. From 12.2.0 to before 15.5.16 and 16.2.5, an external client could send a x-nextjs-data header on a normal request to a path handled by middleware that returns a redirect. When that happened, the middleware/proxy could treat the ...", "score": 3.7, "severity": "LOW", "published": "2026-05-13T16:16:58.800Z", "lastModified": "2026-05-13T16:58:40.557", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44572", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 29.8}, {"id": "CVE-2026-44582", "description": "Next.js is a React framework for building full-stack web applications. From 13.4.6 to before 15.5.16 and 16.2.5, React Server Component responses can be vulnerable to cache poisoning in deployments that rely on shared caches with insufficient response partitioning. In affected conditions, collisions...", "score": 3.7, "severity": "LOW", "published": "2026-05-13T18:16:19.037Z", "lastModified": "2026-05-14T18:15:03.260", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44582", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 29.8}, {"id": "CVE-2026-6638", "description": "SQL injection in PostgreSQL logical replication ALTER SUBSCRIPTION ... REFRESH PUBLICATION allows a subscriber table creator to execute arbitrary SQL with the subscription's publication-side credentials.  The attack takes effect at the next REFRESH PUBLICATION.  Within major versions 16, 17, and 18,...", "score": 3.7, "severity": "LOW", "published": "2026-05-14T14:16:25.937Z", "lastModified": "2026-05-14T16:21:23.190", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6638", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 29.8}, {"id": "CVE-2026-44589", "description": "Nuxt OG Image generates OG Images with Vue templates in Nuxt. The isBlockedUrl() denylist introduced in nuxt-og-image@6.2.5 to remediate GHSA-pqhr-mp3f-hrpp (Dmitry Prokhorov / Positive Technologies, March 2026) is incomplete. It has an incomplete IPv6 prefix list and is missing redirect re-validati...", "score": 3.7, "severity": "LOW", "published": "2026-05-14T19:16:38.007Z", "lastModified": "2026-05-14T19:16:38.007", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44589", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 29.8}, {"id": "CVE-2026-42876", "description": "External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. Prior to 2.4.1, a user who only has permission to create ExternalSecret resources can cause the operator to create a Secret that Kubernetes will automatically populate w...", "score": 4.9, "severity": "MEDIUM", "published": "2026-05-11T20:25:44.307Z", "lastModified": "2026-05-13T16:11:39.190", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42876", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 29.6}, {"id": "CVE-2026-42886", "description": "Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the POST /api/backups/upload endpoint decompresses the details entry from an uploaded .audiobookshelf ZIP file entirely into memory using zip.entryData(), with no limit on the decompressed size. The upload middleware also...", "score": 4.9, "severity": "MEDIUM", "published": "2026-05-11T20:25:45.020Z", "lastModified": "2026-05-12T14:50:18.527", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42886", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 29.6}, {"id": "CVE-2026-28967", "description": "A denial-of-service issue was addressed with improved input validation. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4. An attacker in a privileged network position may be able to cause a denial-of-service.", "score": 4.9, "severity": "MEDIUM", "published": "2026-05-11T21:18:57.600Z", "lastModified": "2026-05-13T14:08:14.317", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28967", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 29.6}, {"id": "CVE-2026-3604", "description": "The WP SEO Structured Data Schema plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `_kcseo_ative_tab` parameter in all versions up to, and including, 2.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Co...", "score": 4.9, "severity": "MEDIUM", "published": "2026-05-12T09:16:40.810Z", "lastModified": "2026-05-12T14:03:52.757", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3604", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 29.6}, {"id": "CVE-2026-44874", "description": "A vulnerability exists in the web-based management interface of an AOS-10 Gateway that could allow an authenticated remote attacker to access sensitive files on the underlying operating system. Successful exploitation of this vulnerability could result in the disclosure of confidential system inform...", "score": 4.9, "severity": "MEDIUM", "published": "2026-05-12T20:16:46.020Z", "lastModified": "2026-05-13T16:17:00.057", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44874", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 29.6}, {"id": "CVE-2025-13030", "description": "All versions of the package django-mdeditor are vulnerable to Missing Authentication for Critical Function in the image upload endpoint. An attacker can upload malicious files and achieve arbitrary code execution since this endpoint lacks authentication protection and proper sanitisation of file nam...", "score": 7.1, "severity": "HIGH", "published": "2026-04-30T06:16:14.860Z", "lastModified": "2026-05-05T02:50:07.147", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13030", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 29.4}, {"id": "CVE-2026-22070", "description": "ColorOS Assistant has an unauthenticated start-download channel, leading to file path traversal.", "score": 7.1, "severity": "HIGH", "published": "2026-04-30T09:16:02.917Z", "lastModified": "2026-05-05T02:53:05.280", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22070", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 29.4}, {"id": "CVE-2026-31697", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: ccp: Don't attempt to copy ID to userspace if PSP command failed\n\nWhen retrieving the ID for the CPU, don't attempt to copy the ID blob to\nuserspace if the firmware command failed.  If the failure was due to an\ninvalid leng...", "score": 7.1, "severity": "HIGH", "published": "2026-05-01T14:16:19.517Z", "lastModified": "2026-05-06T19:08:18.007", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31697", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 29.4}, {"id": "CVE-2026-31698", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: ccp: Don't attempt to copy PDH cert to userspace if PSP command failed\n\nWhen retrieving the PDH cert, don't attempt to copy the blobs to userspace\nif the firmware command failed.  If the failure was due to an invalid\nlength...", "score": 7.1, "severity": "HIGH", "published": "2026-05-01T14:16:19.650Z", "lastModified": "2026-05-06T19:06:34.503", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31698", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 29.4}, {"id": "CVE-2026-31699", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: ccp: Don't attempt to copy CSR to userspace if PSP command failed\n\nWhen retrieving the PEK CSR, don't attempt to copy the blob to userspace\nif the firmware command failed.  If the failure was due to an invalid\nlength, i.e. ...", "score": 7.1, "severity": "HIGH", "published": "2026-05-01T14:16:19.777Z", "lastModified": "2026-05-06T19:04:51.727", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31699", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 29.4}, {"id": "CVE-2026-31707", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: validate response sizes in ipc_validate_msg()\n\nipc_validate_msg() computes the expected message size for each\nresponse type by adding (or multiplying) attacker-controlled fields\nfrom the daemon response to a fixed struct siz...", "score": 7.1, "severity": "HIGH", "published": "2026-05-01T14:16:20.720Z", "lastModified": "2026-05-06T20:26:38.560", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31707", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 29.4}, {"id": "CVE-2026-31766", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: validate doorbell_offset in user queue creation\n\namdgpu_userq_get_doorbell_index() passes the user-provided\ndoorbell_offset to amdgpu_doorbell_index_on_bar() without bounds\nchecking. An arbitrarily large doorbell_offset...", "score": 7.1, "severity": "HIGH", "published": "2026-05-01T15:16:39.763Z", "lastModified": "2026-05-11T17:49:58.887", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31766", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 29.4}, {"id": "CVE-2026-31774", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/net: fix slab-out-of-bounds read in io_bundle_nbufs()\n\nsqe->len is __u32 but gets stored into sr->len which is int. When\nuserspace passes sqe->len values exceeding INT_MAX (e.g. 0xFFFFFFFF),\nsr->len overflows to a negative...", "score": 7.1, "severity": "HIGH", "published": "2026-05-01T15:16:40.720Z", "lastModified": "2026-05-07T02:29:19.160", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31774", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 29.4}, {"id": "CVE-2026-31778", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: caiaq: fix stack out-of-bounds read in init_card\n\nThe loop creates a whitespace-stripped copy of the card shortname\nwhere `len < sizeof(card->id)` is used for the bounds check. Since\nsizeof(card->id) is 16 and the local id bu...", "score": 7.1, "severity": "HIGH", "published": "2026-05-01T15:16:41.190Z", "lastModified": "2026-05-11T18:05:22.347", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31778", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 29.4}, {"id": "CVE-2026-42476", "description": "Two heap-based out-of-bounds read vulnerabilities in the STL ASCII file parser in Open CASCADE Technology (OCCT) V8_0_0_rc5 exist in RWStl_Reader::ReadAscii because buffers returned by Standard_ReadLineBuffer::ReadLine() are not properly length-validated before strncasecmp or direct byte access. Use...", "score": 7.1, "severity": "HIGH", "published": "2026-05-01T15:16:43.620Z", "lastModified": "2026-05-01T19:16:31.773", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42476", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 29.4}, {"id": "CVE-2026-42477", "description": "A heap-based out-of-bounds read vulnerability in RWObj_Reader::read in the OBJ file parser in Open CASCADE Technology (OCCT) V8_0_0_rc5 allows user-assisted attackers to cause a denial of service or obtain sensitive information by persuading a victim to open a crafted OBJ file. The issue occurs beca...", "score": 7.1, "severity": "HIGH", "published": "2026-05-01T15:16:43.737Z", "lastModified": "2026-05-10T14:16:50.350", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42477", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 29.4}, {"id": "CVE-2026-43005", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (tps53679) Fix array access with zero-length block read\n\ni2c_smbus_read_block_data() can return 0, indicating a zero-length\nread. When this happens, tps53679_identify_chip() accesses buf[ret - 1]\nwhich is buf[-1], reading on...", "score": 7.1, "severity": "HIGH", "published": "2026-05-01T15:16:44.343Z", "lastModified": "2026-05-12T19:27:29.520", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43005", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 29.4}, {"id": "CVE-2026-43006", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/rsrc: reject zero-length fixed buffer import\n\nvalidate_fixed_range() admits buf_addr at the exact end of the\nregistered region when len is zero, because the check uses strict\ngreater-than (buf_end > imu->ubuf + imu->len). ...", "score": 7.1, "severity": "HIGH", "published": "2026-05-01T15:16:44.450Z", "lastModified": "2026-05-12T19:32:36.973", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43006", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 29.4}, {"id": "CVE-2026-43028", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: x_tables: ensure names are nul-terminated\n\nReject names that lack a \\0 character before feeding them\nto functions that expect c-strings.\n\nFixes tag is the most recent commit that needs this change.", "score": 7.1, "severity": "HIGH", "published": "2026-05-01T15:16:47.297Z", "lastModified": "2026-05-08T18:30:53.747", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43028", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 29.4}, {"id": "CVE-2026-43040", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ipv6: ndisc: fix ndisc_ra_useropt to initialize nduseropt_padX fields to zero to prevent an info-leak\n\nWhen processing Router Advertisements with user options the kernel\nbuilds an RTM_NEWNDUSEROPT netlink message. The nduserop...", "score": 7.1, "severity": "HIGH", "published": "2026-05-01T15:16:50.130Z", "lastModified": "2026-05-08T18:53:20.333", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43040", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 29.4}, {"id": "CVE-2026-43042", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmpls: add seqcount to protect the platform_label{,s} pair\n\nThe RCU-protected codepaths (mpls_forward, mpls_dump_routes) can have\nan inconsistent view of platform_labels vs platform_label in case of a\nconcurrent resize (resize_platf...", "score": 7.1, "severity": "HIGH", "published": "2026-05-01T15:16:50.423Z", "lastModified": "2026-05-08T18:55:44.007", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43042", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 29.4}, {"id": "CVE-2026-43052", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: check tdls flag in ieee80211_tdls_oper\n\nWhen NL80211_TDLS_ENABLE_LINK is called, the code only checks if the\nstation exists but not whether it is actually a TDLS station. This\nallows the operation to proceed for non...", "score": 7.1, "severity": "HIGH", "published": "2026-05-01T15:16:51.670Z", "lastModified": "2026-05-07T18:19:17.370", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43052", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 29.4}, {"id": "CVE-2026-37532", "description": "AGL agl-service-can-low-level thru 17.1.12 contains a heap buffer over-read in the isotp-c library. In isotp_continue_receive (receive.c:87-89), the payload_length for a Single Frame is extracted from a 4-bit nibble in the CAN frame data, yielding values 0-15. However, a standard CAN frame is only 8...", "score": 7.1, "severity": "HIGH", "published": "2026-05-01T17:16:22.897Z", "lastModified": "2026-05-07T15:15:55.993", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-37532", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 29.4}, {"id": "CVE-2026-37535", "description": "openxc/isotp-c thru commit 5a5d19245f65189202719321facd49ce6f5d46ac (2021-08-09) contains an out-of-bounds read in the ISO-TP Single Frame receive handler, where the 4-bit payload length nibble is used directly as the memcpy size without validating it against the actual CAN data length. A malicious ...", "score": 7.1, "severity": "HIGH", "published": "2026-05-01T17:16:23.210Z", "lastModified": "2026-05-07T15:53:49.717", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-37535", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 29.4}, {"id": "CVE-2026-4100", "description": "The Paid Memberships Pro plugin for WordPress is vulnerable to unauthorized modification and disruption of Stripe webhook configuration in all versions up to, and including, 3.6.5. This is due to missing capability checks on the `wp_ajax_pmpro_stripe_create_webhook`, `wp_ajax_pmpro_stripe_delete_web...", "score": 7.1, "severity": "HIGH", "published": "2026-05-02T12:16:16.477Z", "lastModified": "2026-05-05T19:15:34.330", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4100", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 29.4}, {"id": "CVE-2026-43616", "description": "Detect-It-Easy prior to 3.21 contains a path traversal vulnerability that allows attackers to write arbitrary files to the filesystem by crafting malicious archive entries with relative traversal sequences or absolute paths. Attackers can exploit insufficient path normalization during archive extrac...", "score": 7.1, "severity": "HIGH", "published": "2026-05-04T18:16:32.830Z", "lastModified": "2026-05-05T19:50:11.910", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43616", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 29.4}, {"id": "CVE-2026-43062", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Fix type confusion in l2cap_ecred_reconf_rsp()\n\nl2cap_ecred_reconf_rsp() casts the incoming data to struct\nl2cap_ecred_conn_rsp (the ECRED *connection* response, 8 bytes with\nresult at offset 6) instead of struct ...", "score": 7.1, "severity": "HIGH", "published": "2026-05-05T16:16:15.340Z", "lastModified": "2026-05-08T13:16:37.303", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43062", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 29.4}, {"id": "CVE-2026-43141", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nntb: ntb_hw_switchtec: Fix shift-out-of-bounds for 0 mw lut\n\nNumber of MW LUTs depends on NTB configuration and can be set to zero,\nin such scenario rounddown_pow_of_two will cause undefined behaviour and\nshould not be performed.\nT...", "score": 7.1, "severity": "HIGH", "published": "2026-05-06T12:16:31.493Z", "lastModified": "2026-05-13T20:52:24.240", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43141", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 29.4}, {"id": "CVE-2026-43166", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nerofs: fix interlaced plain identification for encoded extents\n\nOnly plain data whose start position and on-disk physical length are\nboth aligned to the block size should be classified as interlaced\nplain extents. Otherwise, it mus...", "score": 7.1, "severity": "HIGH", "published": "2026-05-06T12:16:34.800Z", "lastModified": "2026-05-13T21:18:46.137", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43166", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 29.4}, {"id": "CVE-2026-43241", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nntb: ntb_hw_switchtec: Fix array-index-out-of-bounds access\n\nNumber of MW LUTs depends on NTB configuration and can be set to MAX_MWS,\nThis patch protects against invalid index out of bounds access to mw_sizes\nWhen invalid access p...", "score": 7.1, "severity": "HIGH", "published": "2026-05-06T12:16:44.460Z", "lastModified": "2026-05-11T14:26:10.567", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43241", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 29.4}, {"id": "CVE-2026-43280", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: Add bounds check on pat_index to prevent OOB kernel read in madvise\n\nWhen user provides a bogus pat_index value through the madvise IOCTL, the\nxe_pat_index_get_coh_mode() function performs an array access without\nvalidating...", "score": 7.1, "severity": "HIGH", "published": "2026-05-06T12:16:49.477Z", "lastModified": "2026-05-08T19:04:39.060", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43280", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 29.4}, {"id": "CVE-2026-43281", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmailbox: Prevent out-of-bounds access in fw_mbox_index_xlate()\n\nAlthough it is guided that `#mbox-cells` must be at least 1, there are\nmany instances of `#mbox-cells = <0>;` in the device tree. If that is\nthe case and the correspon...", "score": 7.1, "severity": "HIGH", "published": "2026-05-06T12:16:49.587Z", "lastModified": "2026-05-08T19:13:43.250", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43281", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 29.4}, {"id": "CVE-2026-42841", "description": "Grav is a file-based Web platform. Prior to 2.0.0-beta.2, an authenticated user with page editing permissions can inject an executable JavaScript event-handler attribute into rendered image HTML through Grav's Markdown media action syntax. The issue is caused by Markdown image query parameters being...", "score": 4.8, "severity": "MEDIUM", "published": "2026-05-11T16:17:34.653Z", "lastModified": "2026-05-12T16:16:34.537", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42841", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 29.2}, {"id": "CVE-2026-7814", "description": "Stored cross-site scripting (XSS) vulnerability in pgAdmin 4 Browser Tree and Explain Visualizer modules.\n\nUser-controlled PostgreSQL object names (database, schema, table, column, etc.) were assigned to DOM elements via innerHTML, allowing crafted object names containing HTML markup to execute atta...", "score": 4.8, "severity": "MEDIUM", "published": "2026-05-11T16:17:37.620Z", "lastModified": "2026-05-13T15:34:13.237", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7814", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 29.2}, {"id": "CVE-2026-6663", "description": "The GWD Connect plugin for WordPress is vulnerable to missing authorization to limited code execution in all versions up to, and including, 2.9. This is due to the plugin's standalone agent endpoints (gwd-backup.php and gwd-logs.php) not verifying authentication when the API key has not been configu...", "score": 4.8, "severity": "MEDIUM", "published": "2026-05-12T09:16:55.797Z", "lastModified": "2026-05-12T14:03:52.757", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6663", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 29.2}, {"id": "CVE-2026-34655", "description": "Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may ...", "score": 4.8, "severity": "MEDIUM", "published": "2026-05-12T20:16:36.607Z", "lastModified": "2026-05-13T14:49:11.830", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34655", "is_exploited": false, "epss": 0, "vendor": "ADOBE", "mts_score": 29.2}, {"id": "CVE-2026-34658", "description": "Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may ...", "score": 4.8, "severity": "MEDIUM", "published": "2026-05-12T20:16:36.833Z", "lastModified": "2026-05-13T14:49:11.830", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34658", "is_exploited": false, "epss": 0, "vendor": "ADOBE", "mts_score": 29.2}, {"id": "CVE-2026-5656", "description": "Profile import path traversal in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service and possible code execution", "score": 7.0, "severity": "HIGH", "published": "2026-05-01T00:16:25.097Z", "lastModified": "2026-05-01T19:23:19.983", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5656", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 29.0}, {"id": "CVE-2026-43050", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\natm: lec: fix use-after-free in sock_def_readable()\n\nA race condition exists between lec_atm_close() setting priv->lecd\nto NULL and concurrent access to priv->lecd in send_to_lecd(),\nlec_handle_bridge(), and lec_atm_send(). When th...", "score": 7.0, "severity": "HIGH", "published": "2026-05-01T15:16:51.403Z", "lastModified": "2026-05-07T18:21:19.700", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43050", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 29.0}, {"id": "CVE-2026-7832", "description": "A security flaw has been discovered in IObit Advanced SystemCare 19. This affects an unknown part of the file ASC.exe of the component Service. The manipulation results in symlink following. Attacking locally is a requirement. This attack is characterized by high complexity. It is indicated that the...", "score": 7.0, "severity": "HIGH", "published": "2026-05-05T13:16:31.223Z", "lastModified": "2026-05-05T19:09:32.000", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7832", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 29.0}, {"id": "CVE-2026-34596", "description": "Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, a Time-of-Check-to-Time-of-Use (TOCTOU) race condition exists during addon installation. When a user installs an addon through the SandMan interface, UpdUtil.exe is spawned as SYSTEM by Sbi...", "score": 7.0, "severity": "HIGH", "published": "2026-05-05T20:16:38.080Z", "lastModified": "2026-05-07T19:45:53.803", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34596", "is_exploited": false, "epss": 0, "vendor": "WINDOWS", "mts_score": 29.0}, {"id": "CVE-2026-40004", "description": "There exists an openssl.cnf privilege escalation vulnerability in ZTE Cloud PC client uSmartview. An attacker can execute arbitrary code locally and escalate privileges.", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-07T04:16:23.073Z", "lastModified": "2026-05-13T19:17:35.650", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40004", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 29.0}, {"id": "CVE-2026-41646", "description": "Nuclei is a vulnerability scanner built on a simple YAML-based DSL. From version 3.0.0 to before version 3.8.0, a vulnerability in Nuclei's JavaScript protocol runtime allows JavaScript templates to read local .js and .json files through the require() function, bypassing the default local file acces...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-08T04:16:18.383Z", "lastModified": "2026-05-08T19:42:59.247", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41646", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 29.0}, {"id": "CVE-2026-43942", "description": "electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. In versions 3.8.15 and prior, the getConstants() IPC handler in src/app/lib/ipc-sync.js serialises the entire process.env object and sends it to the renderer. The data is stored as window.pre.env and is accessi...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-08T04:16:23.640Z", "lastModified": "2026-05-08T19:17:15.643", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43942", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 29.0}, {"id": "CVE-2025-71296", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/tests: shmem: Hold reservation lock around purge\n\nAcquire and release the GEM object's reservation lock around calls\nto the object's purge operation. The tests use\ndrm_gem_shmem_purge_locked(), which led to errors such as show ...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-08T14:16:30.887Z", "lastModified": "2026-05-14T19:21:57.783", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71296", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 29.0}, {"id": "CVE-2025-71297", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw88: 8822b: Avoid WARNING in rtw8822b_config_trx_mode()\n\nrtw8822b_set_antenna() can be called from userspace when the chip is\npowered off. In that case a WARNING is triggered in\nrtw8822b_config_trx_mode() because trying to ...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-08T14:16:31.000Z", "lastModified": "2026-05-14T19:20:43.510", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71297", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 29.0}, {"id": "CVE-2025-71298", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/tests: shmem: Hold reservation lock around madvise\n\nAcquire and release the GEM object's reservation lock around calls\nto the object's madvide operation. The tests use\ndrm_gem_shmem_madvise_locked(), which led to errors such as...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-08T14:16:31.153Z", "lastModified": "2026-05-14T19:21:09.073", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71298", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 29.0}, {"id": "CVE-2025-71299", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: cadence-quadspi: Parse DT for flashes with the rest of the DT parsing\n\nThe recent refactoring of where runtime PM is enabled done in commit\nf1eb4e792bb1 (\"spi: spi-cadence-quadspi: Enable pm runtime earlier to\navoid imbalance\"...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-08T14:16:31.267Z", "lastModified": "2026-05-14T19:11:57.097", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71299", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 29.0}, {"id": "CVE-2025-71300", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nRevert \"arm64: zynqmp: Add an OP-TEE node to the device tree\"\n\nThis reverts commit 06d22ed6b6635b17551f386b50bb5aaff9b75fbe.\n\nOP-TEE logic in U-Boot automatically injects a reserved-memory\nnode along with optee firmware node to ker...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-08T14:16:31.387Z", "lastModified": "2026-05-14T19:10:26.850", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71300", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 29.0}, {"id": "CVE-2025-71301", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/tests: shmem: Hold reservation lock around vmap/vunmap\n\nAcquire and release the GEM object's reservation lock around vmap and\nvunmap operations. The tests use vmap_locked, which led to errors such\nas show below.\n\n[  122.292030]...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-08T14:16:31.497Z", "lastModified": "2026-05-14T19:09:41.500", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71301", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 29.0}, {"id": "CVE-2025-71302", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/panthor: fix for dma-fence safe access rules\n\nCommit 506aa8b02a8d6 (\"dma-fence: Add safe access helpers and document\nthe rules\") details the dma-fence safe access rules. The most common\nculprit is that drm_sched_fence_get_timel...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-08T14:16:31.607Z", "lastModified": "2026-05-14T19:07:30.090", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71302", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 29.0}, {"id": "CVE-2026-43285", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/slab: do not access current->mems_allowed_seq if !allow_spin\n\nLockdep complains when get_from_any_partial() is called in an NMI\ncontext, because current->mems_allowed_seq is seqcount_spinlock_t and\nnot NMI-safe:\n\n  =============...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-08T14:16:35.337Z", "lastModified": "2026-05-14T19:05:07.260", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43285", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 29.0}, {"id": "CVE-2026-43292", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/vmalloc: prevent RCU stalls in kasan_release_vmalloc_node\n\nWhen CONFIG_PAGE_OWNER is enabled, freeing KASAN shadow pages during\nvmalloc cleanup triggers expensive stack unwinding that acquires RCU read\nlocks.  Processing a large...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-08T14:16:36.250Z", "lastModified": "2026-05-14T21:04:41.027", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43292", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 29.0}, {"id": "CVE-2026-43293", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: chips-media: wave5: Fix kthread worker destruction in polling mode\n\nFix the cleanup order in polling mode (irq < 0) to prevent kernel warnings\nduring module removal. Cancel the hrtimer before destroying the kthread\nworker to...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-08T14:16:36.377Z", "lastModified": "2026-05-14T19:50:34.370", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43293", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 29.0}, {"id": "CVE-2026-43294", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm: renesas: rz-du: mipi_dsi: fix kernel panic when rebooting for some panels\n\nSince commit 56de5e305d4b (\"clk: renesas: r9a07g044: Add MSTOP for RZ/G2L\")\nwe may get the following kernel panic, for some panels, when rebooting:\n\n  ...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-08T14:16:36.487Z", "lastModified": "2026-05-14T19:45:39.853", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43294", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 29.0}, {"id": "CVE-2026-43295", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nrapidio: replace rio_free_net() with kfree() in rio_scan_alloc_net()\n\nWhen idtab allocation fails, net is not registered with rio_add_net() yet,\nso kfree(net) is sufficient to release the memory.  Set mport->net to NULL\nto avoid da...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-08T14:16:36.593Z", "lastModified": "2026-05-14T19:44:24.170", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43295", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 29.0}, {"id": "CVE-2026-42185", "description": "People is an application to handle users and teams, and distribute permissions across La Suite. Prior to version 1.25.0, a user holding the Administrator role on a mail domain could send a crafted invitation request to promote any existing user (including users with no current domain access) to the ...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-08T20:16:31.290Z", "lastModified": "2026-05-13T16:34:42.677", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42185", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 29.0}, {"id": "CVE-2026-42308", "description": "Pillow is a Python imaging library. Prior to version 12.2.0, if a font advances for each glyph by an exceeding large amount, when Pillow keeps track of the current position, it may lead to an integer overflow. This issue has been patched in version 12.2.0.", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-09T06:16:09.793Z", "lastModified": "2026-05-12T17:57:20.027", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42308", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 29.0}, {"id": "CVE-2026-42309", "description": "Pillow is a Python imaging library. From version 11.2.1 to before version 12.2.0, passing nested lists as coordinates to APIs that accept coordinates such as ImagePath.Path, ImageDraw.ImageDraw.polygon and ImageDraw.ImageDraw.line could cause a heap buffer overflow, as nested lists were recursively ...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-09T06:16:10.073Z", "lastModified": "2026-05-12T17:57:24.467", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42309", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 29.0}, {"id": "CVE-2026-42310", "description": "Pillow is a Python imaging library. From version 4.2.0 to before version 12.2.0, an attacker can supply a malicious PDF that causes the process to hang indefinitely, consuming 100% CPU and making the application unresponsive. This issue has been patched in version 12.2.0.", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-09T06:16:10.273Z", "lastModified": "2026-05-12T17:55:38.317", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42310", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 29.0}, {"id": "CVE-2026-8235", "description": "A vulnerability was detected in 8421bit MiniClaw 0.8.0/0.9.0. This issue affects the function resolveSkillScriptPath of the file src/kernel.ts of the component System Command Handler. The manipulation results in os command injection. The exploit is now public and may be used. The patch is identified...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-10T07:16:08.953Z", "lastModified": "2026-05-13T15:33:38.670", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8235", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 29.0}, {"id": "CVE-2026-7471", "description": "GitLab has remediated an issue in GitLab EE affecting all versions from 18.8 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with control of a virtual registry upstream to make requests to internal hosts due to improper validation.", "score": 3.5, "severity": "LOW", "published": "2026-05-14T06:16:25.477Z", "lastModified": "2026-05-14T18:50:47.943", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7471", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 29.0}, {"id": "CVE-2026-45781", "description": "The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. Prior to 1.7.9, OCI ownership validation skips label-match check when upstream OCI registry returns HTTP 429, letting any authenticated publisher bind their io.github.<user>/* namespace to OCI images...", "score": 3.5, "severity": "LOW", "published": "2026-05-14T21:16:48.480Z", "lastModified": "2026-05-14T21:16:48.480", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45781", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 29.0}, {"id": "CVE-2026-8265", "description": "A security vulnerability has been detected in Tenda AC6 15.03.06.23. Affected by this issue is the function get_log_file of the file /goform/getLogFile of the component httpd. The manipulation of the argument wans.flag leads to os command injection. The attack can be initiated remotely. The exploit ...", "score": 4.7, "severity": "MEDIUM", "published": "2026-05-11T04:16:19.860Z", "lastModified": "2026-05-11T17:03:22.590", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8265", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 28.8}, {"id": "CVE-2026-8271", "description": "A vulnerability was identified in D-Link DNS-320 2.06B01. The impacted element is the function cgi_speed/cgi_dhcpd_lease/cgi_ddns/cgi_set_ip/cgi_upnp_del/cgi_dhcpd/cgi_upnp_add/cgi_upnp_edit of the file /cgi-bin/network_mgr.cgi. The manipulation leads to os command injection. The attack is possible ...", "score": 4.7, "severity": "MEDIUM", "published": "2026-05-11T05:16:16.093Z", "lastModified": "2026-05-11T20:33:29.837", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8271", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 28.8}, {"id": "CVE-2026-8272", "description": "A security flaw has been discovered in D-Link DNS-320 2.06B01. This affects the function delete/rename/copy/move/chmod/chown of the file /cgi-bin/webfile_mgr.cgi. The manipulation results in os command injection. The attack may be performed from remote. The exploit has been released to the public an...", "score": 4.7, "severity": "MEDIUM", "published": "2026-05-11T05:16:16.253Z", "lastModified": "2026-05-11T20:32:28.223", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8272", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 28.8}, {"id": "CVE-2026-8273", "description": "A weakness has been identified in D-Link DNS-320 2.06B01. This impacts the function cgi_set_host/cgi_set_ntp/cgi_fan_control/cgi_merge_user of the file /cgi-bin/system_mgr.cgi. This manipulation causes os command injection. It is possible to initiate the attack remotely.", "score": 4.7, "severity": "MEDIUM", "published": "2026-05-11T05:16:16.417Z", "lastModified": "2026-05-11T20:31:28.817", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8273", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 28.8}, {"id": "CVE-2026-44659", "description": "Zen is a firefox-based browser. Prior to 1.19.12b, the ZEN Browser incorrectly truncates long hostnames in the address bar and shows only the attacker-controlled prefix of the subdomain, hiding the actual registrable domain (eTLD+1). As a result, an attacker can craft extremely long malicious subdom...", "score": 4.7, "severity": "MEDIUM", "published": "2026-05-11T18:16:38.380Z", "lastModified": "2026-05-13T15:37:58.427", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44659", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 28.8}, {"id": "CVE-2026-8320", "description": "A security vulnerability has been detected in jishenghua jshERP up to 3.6. This affects the function getUserByWeixinCode of the file jshERP-boot/src/main/java/com/jsh/erp/service/UserService.java of the component updatePlatformConfigByKey Endpoint. Such manipulation of the argument weixinUrl leads t...", "score": 4.7, "severity": "MEDIUM", "published": "2026-05-11T20:25:48.363Z", "lastModified": "2026-05-12T16:38:54.943", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8320", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 28.8}, {"id": "CVE-2026-28830", "description": "A race condition was addressed with additional validation. This issue is fixed in macOS Tahoe 26.4. An app may be able to access sensitive user data.", "score": 4.7, "severity": "MEDIUM", "published": "2026-05-11T21:18:51.207Z", "lastModified": "2026-05-12T19:47:43.853", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28830", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 28.8}, {"id": "CVE-2026-28992", "description": "A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. An attacker may be able to cause unexpected app t...", "score": 4.7, "severity": "MEDIUM", "published": "2026-05-11T21:18:59.117Z", "lastModified": "2026-05-13T14:07:41.250", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28992", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 28.8}, {"id": "CVE-2026-43659", "description": "A race condition was addressed with additional validation. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, visionOS 26.5. An app may be able to access sensitive user data.", "score": 4.7, "severity": "MEDIUM", "published": "2026-05-11T21:19:01.590Z", "lastModified": "2026-05-12T17:51:37.980", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43659", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 28.8}, {"id": "CVE-2026-27682", "description": "Due to a reflected cross-site scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP (Applications based on Business Server Pages), an unauthenticated attacker could craft a URL that exploits an unprotected URL parameter to embed a malicious script. If a victim clicks the link, the i...", "score": 4.7, "severity": "MEDIUM", "published": "2026-05-12T03:16:11.103Z", "lastModified": "2026-05-12T14:19:41.400", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27682", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 28.8}, {"id": "CVE-2026-34258", "description": "SAPUI5 (Search UI) allows an unauthenticated attacker to manipulate specific URL parameters on the Search UI to include malicious content. Successful exploitation may mislead victim users into clicking and accessing attacker-controlled pages rendered by the application. This vulnerability has a low ...", "score": 4.7, "severity": "MEDIUM", "published": "2026-05-12T03:16:11.247Z", "lastModified": "2026-05-12T14:19:41.400", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34258", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 28.8}, {"id": "CVE-2026-5061", "description": "The consul-template library before version 0.42.0 is vulnerable to a sandbox path bypass in the file template helper that may allow reading an out-of-sandbox file. This vulnerability (CVE-2026-5061) is fixed in consul-template 0.42.0.", "score": 4.7, "severity": "MEDIUM", "published": "2026-05-12T15:16:16.343Z", "lastModified": "2026-05-13T15:53:17.173", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5061", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 28.8}, {"id": "CVE-2026-37503", "description": "Cross-Site Scripting (XSS) in V2Board thru 1.7.4. The custom_html field in theme configuration is rendered using Blade unescaped output in public/theme/v2board/dashboard.blade.php. An admin can inject arbitrary JavaScript via the saveThemeConfig API. All site visitors execute the payload, enabling c...", "score": 6.9, "severity": "MEDIUM", "published": "2026-05-01T16:16:30.490Z", "lastModified": "2026-05-11T19:22:57.067", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-37503", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 28.6}, {"id": "CVE-2025-68604", "description": "Cross-Site Request Forgery (CSRF) vulnerability in WPGraphQL allows Cross Site Request Forgery.\n\nThis issue affects WPGraphQL: from n/a through 2.5.3.", "score": 5.4, "severity": "MEDIUM", "published": "2026-05-07T09:16:26.780Z", "lastModified": "2026-05-07T14:00:48.567", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68604", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 28.6}, {"id": "CVE-2026-8080", "description": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in misp allows Stored XSS.\n\n\n\n\n\n\nThis issue affects MISP before 2.5.37.\n\n\n\n\nA stored cross-site scripting vulnerability exists in the template element attribute handling logic. The application a...", "score": 5.4, "severity": "MEDIUM", "published": "2026-05-07T12:16:18.467Z", "lastModified": "2026-05-11T15:21:05.793", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8080", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 28.6}, {"id": "CVE-2026-36341", "description": "Cross-Site Scripting (XSS) vulnerability exists in Webkul Krayin CRM v2.1.5. The application fails to sanitize user-supplied input in the comment field during Activity creation on the /admin/activities/create endpoint", "score": 5.4, "severity": "MEDIUM", "published": "2026-05-07T16:16:18.900Z", "lastModified": "2026-05-07T18:45:48.327", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-36341", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 28.6}, {"id": "CVE-2026-36388", "description": "A Cross-Site Scripting (XSS) vulnerability was found in PHPGurukal Hospital Management System v4.0 in the /hospital/hms/edit-profile.php page. This flaw allows an authenticated attacker (patient) to inject a malicious script payload into the User Name parameter, which is stored in the application an...", "score": 5.4, "severity": "MEDIUM", "published": "2026-05-07T16:16:19.127Z", "lastModified": "2026-05-07T18:45:48.327", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-36388", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 28.6}, {"id": "CVE-2026-41903", "description": "FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, a user holding the PERM_EDIT_USERS permission (intended for general user-profile editing) can read and modify the notification subscriptions of any other user, including admins, by sending a ...", "score": 5.4, "severity": "MEDIUM", "published": "2026-05-07T19:16:00.950Z", "lastModified": "2026-05-07T19:51:36.220", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41903", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 28.6}, {"id": "CVE-2024-33724", "description": "SOPlanning 1.52.00 is vulnerable to Cross Site Scripting (XSS) via the groupe_id parameter to process/groupe_save.php.", "score": 5.4, "severity": "MEDIUM", "published": "2026-05-08T06:16:09.547Z", "lastModified": "2026-05-08T22:16:28.227", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-33724", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 28.6}, {"id": "CVE-2026-41487", "description": "Langfuse is an open source large language model engineering platform. From version 3.68.0 to before version 3.167.0, there is  a role-based-access control flaw in the LLM connection update flow. An authenticated, low-privileged user of role \u201cmember\u201d in a project could request the update of an existi...", "score": 5.4, "severity": "MEDIUM", "published": "2026-05-08T15:16:39.800Z", "lastModified": "2026-05-13T17:12:55.190", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41487", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 28.6}, {"id": "CVE-2026-42192", "description": "Plunk is an open-source email platform built on top of AWS SES. Prior to version 0.9.0, a stored cross-site scripting (XSS) vulnerability exists in the campaign management feature, where the email body content created by authenticated project members is stored and later rendered in the admin dashboa...", "score": 5.4, "severity": "MEDIUM", "published": "2026-05-08T22:16:31.133Z", "lastModified": "2026-05-12T16:45:18.893", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42192", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 28.6}, {"id": "CVE-2021-47948", "description": "WordPress GetPaid Plugin 2.4.6 contains an HTML injection vulnerability that allows authenticated attackers to inject arbitrary HTML code by exploiting the Help Text field in payment forms. Attackers can inject malicious HTML including image tags and scripts into the Help Text field during payment f...", "score": 5.4, "severity": "MEDIUM", "published": "2026-05-10T13:16:31.323Z", "lastModified": "2026-05-12T14:24:15.210", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47948", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 28.6}, {"id": "CVE-2022-50970", "description": "WordPress Plugin AAWP 3.16 contains a reflected cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by manipulating the tab parameter. Attackers can craft URLs with XSS payloads in the tab parameter of the aawp-settings admin page to execute arbitrary J...", "score": 5.4, "severity": "MEDIUM", "published": "2026-05-10T13:16:34.993Z", "lastModified": "2026-05-12T14:24:15.210", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50970", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 28.6}, {"id": "CVE-2026-42857", "description": "Open edX Platform enables the authoring and delivery of online learning at any scale. The HTML sanitizer clean_thread_html_body() used for discussion notification emails fails to remove <style> tags from user-generated discussion post content. This content is rendered with Django's |safe template fi...", "score": 4.6, "severity": "MEDIUM", "published": "2026-05-11T18:16:36.130Z", "lastModified": "2026-05-13T16:16:48.870", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42857", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 28.4}, {"id": "CVE-2026-28961", "description": "This issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.5. An attacker with physical access to a locked device may be able to view sensitive user information.", "score": 4.6, "severity": "MEDIUM", "published": "2026-05-11T21:18:57.090Z", "lastModified": "2026-05-14T14:01:18.367", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28961", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 28.4}, {"id": "CVE-2026-28963", "description": "A privacy issue was addressed by removing the vulnerable code. This issue is fixed in iOS 26.5 and iPadOS 26.5. An attacker with physical access may be able to use Visual Intelligence to access sensitive user data during iPhone Mirroring.", "score": 4.6, "severity": "MEDIUM", "published": "2026-05-11T21:18:57.283Z", "lastModified": "2026-05-13T14:35:47.297", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28963", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 28.4}, {"id": "CVE-2026-44259", "description": "efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, the previewServlet serves files with their detected MIME type based on file extension, without any content sanitization or security headers. Files with .html, .htm, or .svg extensions are served as text/html or image/svg+xml respectively,...", "score": 4.6, "severity": "MEDIUM", "published": "2026-05-12T22:16:36.277Z", "lastModified": "2026-05-13T16:16:55.337", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44259", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 28.4}, {"id": "CVE-2026-43535", "description": "OpenClaw before 2026.4.14 contains an authorization context reuse vulnerability in collect-mode queue batches that allows messages from different senders to inherit the final sender's authorization context. Attackers can exploit this by sending multiple queued messages to drain batches using a more ...", "score": 6.8, "severity": "MEDIUM", "published": "2026-05-05T12:16:19.893Z", "lastModified": "2026-05-07T16:01:57.433", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43535", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 28.2}, {"id": "CVE-2026-40934", "description": "Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, the secret used to sign authentication cookies is persisted to a static file at ~/.local/share/jupyter/runtime/jupyter_cookie_secret and is never rotated when a user changes their password. After a password r...", "score": 6.8, "severity": "MEDIUM", "published": "2026-05-05T22:16:00.820Z", "lastModified": "2026-05-11T13:00:39.473", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40934", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 28.2}, {"id": "CVE-2026-6863", "description": "Velociraptor versions prior to 0.76.4 contain a cross organization authorization bypass in the HTTP API. A user with only the reader role in the root organization (the lowest authenticated role, holding only READ_RESULTS permission ) can issue a single authenticated HTTP GET that can read any files ...", "score": 6.8, "severity": "MEDIUM", "published": "2026-05-06T16:16:12.030Z", "lastModified": "2026-05-07T14:56:04.523", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6863", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 28.2}, {"id": "CVE-2025-2514", "description": "Improper restriction of excessive authentication attempts vulnerability in Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Bl...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-07T09:16:26.183Z", "lastModified": "2026-05-13T19:14:56.647", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2514", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 28.2}, {"id": "CVE-2025-66105", "description": "Missing Authorization vulnerability in Magepeople inc. Bus Ticket Booking with Seat Reservation allows Exploiting Incorrectly Configured Access Control Security Levels.\n\nThis issue affects Bus Ticket Booking with Seat Reservation: from n/a before 5.6.8.", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-07T09:16:26.497Z", "lastModified": "2026-05-07T14:00:48.567", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66105", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 28.2}, {"id": "CVE-2026-25436", "description": "Missing Authorization vulnerability in WProyal Royal Elementor Addons allows Exploiting Incorrectly Configured Access Control Security Levels.\n\nThis issue affects Royal Elementor Addons: from n/a before 1.7.1053.", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-07T09:16:26.923Z", "lastModified": "2026-05-07T14:00:48.567", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25436", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 28.2}, {"id": "CVE-2026-25468", "description": "Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in weDevs Happy Addons for Elementor allows Retrieve Embedded Sensitive Data.\n\nThis issue affects Happy Addons for Elementor: from n/a through 3.20.8.", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-07T09:16:27.063Z", "lastModified": "2026-05-07T14:00:48.567", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25468", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 28.2}, {"id": "CVE-2026-27329", "description": "Authorization Bypass Through User-Controlled Key vulnerability in YITH YITH WooCommerce Wishlist allows Exploiting Incorrectly Configured Access Control Security Levels.\n\nThis issue affects YITH WooCommerce Wishlist: from n/a through 4.12.0.", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-07T09:16:27.207Z", "lastModified": "2026-05-07T14:00:48.567", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27329", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 28.2}, {"id": "CVE-2026-27416", "description": "Missing Authorization vulnerability in bPlugins PDF Poster allows Exploiting Incorrectly Configured Access Control Security Levels.\n\nThis issue affects PDF Poster: from n/a through 2.4.1.", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-07T09:16:27.347Z", "lastModified": "2026-05-07T14:00:48.567", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27416", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 28.2}, {"id": "CVE-2026-8086", "description": "A vulnerability was identified in OSGeo gdal up to 3.13.0dev-4. This issue affects the function SWnentries of the file frmts/hdf4/hdf-eos/SWapi.c. Such manipulation of the argument DimensionName leads to heap-based buffer overflow. The attack must be carried out locally. The exploit is publicly avai...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-07T19:16:03.110Z", "lastModified": "2026-05-08T19:04:48.007", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8086", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 28.2}, {"id": "CVE-2026-39819", "description": "The \"go bug\" command writes to two files with predictable names in the system temporary directory (for example, \"/tmp\"). An attacker with access to the temporary directory can create a symlink in one of these names, causing \"go bug\" to overwrite the target of the symlink.", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-07T20:16:43.083Z", "lastModified": "2026-05-13T15:05:41.943", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39819", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 28.2}, {"id": "CVE-2026-39825", "description": "ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to remove query parameters which are not parsed by url.ParseQuery. ReversePro...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-07T20:16:43.390Z", "lastModified": "2026-05-13T16:58:56.390", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39825", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 28.2}, {"id": "CVE-2026-42241", "description": "ParquetSharp is a .NET library for reading and writing Apache Parquet files. From version 18.1.0 to before version 23.0.0.1, DecimalConverter.ReadDecimal makes a stackalloc using what might be an attacker-supplied value. If an attacker declares a decimal column with some unreasonable width, this cou...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-07T20:16:44.247Z", "lastModified": "2026-05-07T20:37:54.060", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42241", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 28.2}, {"id": "CVE-2026-8087", "description": "A security flaw has been discovered in OSGeo gdal up to 3.13.0dev-4. Impacted is the function GDnentries of the file frmts/hdf4/hdf-eos/GDapi.c. Performing a manipulation of the argument DataFieldName results in heap-based buffer overflow. The attack must be initiated from a local position. The expl...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-07T20:16:45.343Z", "lastModified": "2026-05-08T19:03:09.687", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8087", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 28.2}, {"id": "CVE-2026-41928", "description": "Vvveb before 1.0.8.2 contains an information disclosure vulnerability in the cron controller that allows unauthenticated attackers to retrieve the application's secret cron key. Attackers can access the cron controller without authentication and retrieve the exposed secret key from the response, ena...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-07T22:16:35.313Z", "lastModified": "2026-05-08T15:47:53.060", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41928", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 28.2}, {"id": "CVE-2026-8115", "description": "A security flaw has been discovered in gyoridavid short-video-maker up to 1.3.4. This affects an unknown part of the file src/server/routers/rest.ts of the component REST API. The manipulation of the argument req.params.tmpFile results in path traversal. The attack can be launched remotely. The expl...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-07T23:16:33.133Z", "lastModified": "2026-05-08T15:47:03.413", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8115", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 28.2}, {"id": "CVE-2026-41645", "description": "Nuclei is a vulnerability scanner built on a simple YAML-based DSL. From version 3.0.0 to before version 3.8.0, a vulnerability in Nuclei's expression evaluation engine makes it possible for a malicious target server to inject and execute supported DSL expressions. This happens when HTTP response da...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-08T04:16:18.177Z", "lastModified": "2026-05-08T19:42:49.960", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41645", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 28.2}, {"id": "CVE-2022-26523", "description": "The socket connection handler in aswArPot.sys in the Avast and AVG Windows Anti Rootkit driver before 22.1 allows local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) due to a double fetch vulnerability at aswArPot+0xbb94.", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-08T05:16:09.033Z", "lastModified": "2026-05-08T16:02:14.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26523", "is_exploited": false, "epss": 0, "vendor": "WINDOWS", "mts_score": 28.2}, {"id": "CVE-2023-47268", "description": "In libslic3r/GCode/PostProcessor.cpp in Prusa PrusaSlicer through 2.6.1, a crafted 3mf project file can execute arbitrary code on a host where the project is sliced and G-code exported.", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-08T06:16:08.667Z", "lastModified": "2026-05-11T12:58:54.733", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-47268", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 28.2}, {"id": "CVE-2026-41161", "description": "Sync-in Server is a secure, open-source platform for file storage, sharing, collaboration, and syncing. Prior to version 2.2.0, the /api/auth/login endpoint contains a logic flaw that allows unauthenticated remote attackers to enumerate valid usernames by measuring the application's response time. T...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-08T14:16:33.093Z", "lastModified": "2026-05-12T15:00:33.713", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41161", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 28.2}, {"id": "CVE-2026-41423", "description": "Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.21, 20.3.19, 21.2.9, and 22.0.0-next.8, a Server-Side Request Forgery (SSRF) vulnerability exists in @angular/platform-server due to improper han...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-08T14:16:33.260Z", "lastModified": "2026-05-12T14:58:06.757", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41423", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 28.2}, {"id": "CVE-2026-44500", "description": "ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.4.0, prior to zebra-chain version 7.0.0, and prior to zebra-network version 6.0.0, several inbound deserialization paths in Zebra allocated buffers sized against generic transport or block-size ceilings before the tighter prot...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-08T15:17:01.777Z", "lastModified": "2026-05-08T18:01:52.567", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44500", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 28.2}, {"id": "CVE-2026-42028", "description": "novaGallery is a php image gallery. Prior to version 2.1.1, a path traversal vulnerability has been identified in novaGallery. This allows unauthenticated users to read image files outside the intended gallery root directory. This issue has been patched in version 2.1.1.", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-08T17:16:31.177Z", "lastModified": "2026-05-12T16:45:18.893", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42028", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 28.2}, {"id": "CVE-2026-41495", "description": "n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. Prior to version 2.47.11, when n8n-mcp runs in HTTP transport mode, incoming requests to the POST /mcp endpoint had their request metadata written to server logs regardless of the authe...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-08T20:16:30.323Z", "lastModified": "2026-05-14T18:06:34.513", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41495", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 28.2}, {"id": "CVE-2026-42190", "description": "RedwoodSDK is a server-first React framework. From version 1.0.0-beta.50 to before version 1.2.3, server actions in rwsdk apply HTTP method enforcement but no origin validation. A request originating from a different origin that the browser treats as same-site can invoke a server action with the vic...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-08T20:16:31.580Z", "lastModified": "2026-05-14T13:54:01.540", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42190", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 28.2}, {"id": "CVE-2026-44656", "description": "Vim is an open source, command line text editor. Prior to version 9.2.0435, an OS command injection vulnerability exists in Vim's :find command-line completion. When the path option contains backtick-enclosed shell commands, those commands are executed during file name completion. Because the path o...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-08T23:16:39.783Z", "lastModified": "2026-05-14T13:59:30.120", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44656", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 28.2}, {"id": "CVE-2026-7652", "description": "The LatePoint plugin for WordPress is vulnerable to Account Takeover via Weak Password Recovery Mechanism in the unauthenticated guest booking flow in versions up to, and including, 5.5.0 This is due to the save_connected_wordpress_user() function propagating a LatePoint customer's email address to ...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-09T03:16:15.117Z", "lastModified": "2026-05-11T15:11:48.807", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7652", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 28.2}, {"id": "CVE-2026-32683", "description": "Some EZVIZ products utilize older versions of cloud feature modules with legacy API interfaces, which pose a data transmission risk. Attackers can exploit this by eavesdropping on network requests to obtain data.Users are advised to upgrade the app to the latest version and enable the video encrypti...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-09T09:16:08.973Z", "lastModified": "2026-05-12T23:16:16.940", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32683", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 28.2}, {"id": "CVE-2026-8187", "description": "A flaw has been found in Open5GS up to 2.7.7. This impacts the function _gtpv1_u_recv_cb of the file src/upf/gtp-path.c of the component UPF. Executing a manipulation can lead to resource consumption. The attack may be performed from remote. The project was informed of the problem early through an i...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-09T11:16:28.530Z", "lastModified": "2026-05-13T16:08:09.417", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8187", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 28.2}, {"id": "CVE-2026-8186", "description": "A vulnerability was detected in Open5GS up to 2.7.7. This affects the function ogs_sbi_client_send_via_scp_or_sepp in the library lib/sbi/client.c of the component NF. Performing a manipulation results in out-of-bounds read. The attack is possible to be carried out remotely. The patch is named d5bc4...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-09T12:16:08.760Z", "lastModified": "2026-05-13T16:09:17.643", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8186", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 28.2}, {"id": "CVE-2026-8198", "description": "The Activity Logs, User Activity Tracking, Multisite Activity Log from Logtivity plugin for WordPress is vulnerable to Authentication Bypass to Information Disclosure in versions up to, and including, 3.3.6. This is due to a logic flaw in the verifyAuthorization method where requests without an Auth...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-09T13:16:43.687Z", "lastModified": "2026-05-11T15:11:48.807", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8198", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 28.2}, {"id": "CVE-2026-8210", "description": "A security vulnerability has been detected in aandrew-me tgpt up to 2.11.1 on Linux/macOS. Affected by this vulnerability is the function helper.Update of the file helper.go of the component Update Handler. The manipulation leads to command injection. Local access is required to approach this attack...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-09T21:16:26.967Z", "lastModified": "2026-05-13T15:32:56.063", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8210", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 28.2}, {"id": "CVE-2026-8212", "description": "A flaw has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this vulnerability is the function SWSDfldsrch of the file frmts/hdf4/hdf-eos/SWapi.c. Executing a manipulation can lead to heap-based buffer overflow. The attack requires local access. The exploit has been published and may be used....", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-09T23:16:33.113Z", "lastModified": "2026-05-13T15:31:52.070", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8212", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 28.2}, {"id": "CVE-2026-8213", "description": "A vulnerability has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this issue is the function GDSDfldsrch of the file frmts/hdf4/hdf-eos/GDapi.c of the component Grid File Handler. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has ...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-09T23:16:33.290Z", "lastModified": "2026-05-13T15:31:52.070", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8213", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 28.2}, {"id": "CVE-2026-8214", "description": "A vulnerability was found in Industrial Application Software IAS Canias ERP 8.03. This affects the function doAction of the component RMI Interface. The manipulation of the argument sessionId results in improper authentication. It is possible to launch the attack remotely. The exploit has been made ...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-10T01:16:07.907Z", "lastModified": "2026-05-11T15:08:09.893", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8214", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 28.2}, {"id": "CVE-2026-8215", "description": "A vulnerability was determined in Industrial Application Software IAS Canias ERP 8.03. This vulnerability affects the function iasRequestFileEvent of the component RMI Interface. This manipulation of the argument m_strSourceFileName causes path traversal. The attack can be initiated remotely. The ex...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-10T01:16:08.090Z", "lastModified": "2026-05-11T15:08:09.893", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8215", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 28.2}, {"id": "CVE-2026-8222", "description": "A vulnerability has been found in Open5GS up to 2.7.7. Affected is the function pcf_nbsf_management_handle_register of the file src/pcf/nbsf-handler.c of the component sm-policies Endpoint. Such manipulation leads to denial of service. The attack may be performed from remote. The exploit has been di...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-10T03:16:08.690Z", "lastModified": "2026-05-12T17:49:04.860", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8222", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 28.2}, {"id": "CVE-2026-8223", "description": "A vulnerability was found in Open5GS up to 2.7.7. Affected by this vulnerability is the function pcf_sess_sbi_discover_and_send of the component sm-policies Endpoint. Performing a manipulation results in denial of service. It is possible to initiate the attack remotely. The exploit has been made pub...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-10T03:16:08.863Z", "lastModified": "2026-05-13T16:10:25.860", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8223", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 28.2}, {"id": "CVE-2026-8224", "description": "A vulnerability was determined in Open5GS up to 2.7.7. Affected by this issue is the function pcf_sess_set_ipv6prefix of the file /src/pcf/context.c of the component PCF. Executing a manipulation of the argument SmPolicyContextData.ipv6AddressPrefix can lead to denial of service. It is possible to l...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-10T03:16:09.033Z", "lastModified": "2026-05-12T17:48:59.500", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8224", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 28.2}, {"id": "CVE-2026-8225", "description": "A vulnerability was identified in Open5GS up to 2.7.7. This affects the function pcf_npcf_smpolicycontrol_handle_delete of the file src/pcf/sm-sm.c of the component delete Endpoint. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit is publicly available a...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-10T05:16:12.060Z", "lastModified": "2026-05-12T17:38:16.160", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8225", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 28.2}, {"id": "CVE-2026-8226", "description": "A security flaw has been discovered in Open5GS up to 2.7.7. This vulnerability affects the function ogs_pcc_rule_install_flow_from_media in the library /lib/proto/types.c. The manipulation results in denial of service. The attack can be launched remotely. The exploit has been released to the public ...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-10T05:16:12.240Z", "lastModified": "2026-05-12T17:38:05.023", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8226", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 28.2}, {"id": "CVE-2026-8241", "description": "A vulnerability has been found in Industrial Application Software IAS Canias ERP 8.03. The affected element is the function iasGetServerInfoEvent of the component RMI Interface. Such manipulation leads to improper authorization. The attack can be executed remotely. The exploit has been disclosed to ...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-10T09:16:31.840Z", "lastModified": "2026-05-11T15:08:09.893", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8241", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 28.2}, {"id": "CVE-2026-8243", "description": "A vulnerability was determined in Industrial Application Software IAS Canias ERP 8.03. This affects an unknown function of the component JNLP Deployment Endpoint. Executing a manipulation can lead to use of hard-coded cryptographic key\r . The attack may be performed from remote. The vendor was conta...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-10T09:16:32.200Z", "lastModified": "2026-05-11T15:08:09.893", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8243", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 28.2}, {"id": "CVE-2026-8244", "description": "A vulnerability was identified in Industrial Application Software IAS Canias ERP 8.03. This impacts an unknown function of the component Login RMI Interface. The manipulation of the argument clientVersion leads to improper authentication. It is possible to initiate the attack remotely. The exploit i...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-10T10:16:13.040Z", "lastModified": "2026-05-11T15:08:09.893", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8244", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 28.2}, {"id": "CVE-2021-47946", "description": "OpenCart 3.0.3.6 contains a cross-site request forgery vulnerability in the /account/edit endpoint that allows unauthenticated attackers to modify victim account details by tricking users into visiting malicious pages. Attackers can craft CSRF payloads that change victim email addresses and account ...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-10T13:16:31.027Z", "lastModified": "2026-05-12T14:24:15.210", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47946", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 28.2}, {"id": "CVE-2026-45179", "description": "Plack::Middleware::Statsd versions before 0.9.0 for Perl may leak user IP addresses.\n\nIf the communication channel to the statsd daemon is not secured (for example, by sending UDP packets to a host on another network), then users' IP addresses may be leaked.\n\nSince version 0.9.0, the IP address is n...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-10T20:16:28.967Z", "lastModified": "2026-05-12T16:48:58.260", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45179", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 28.2}, {"id": "CVE-2026-8258", "description": "A flaw has been found in Squirrel up to 3.2. Impacted is the function validate_format in the library sqstdlib/sqstdstring.cpp. Executing a manipulation can lead to stack-based buffer overflow. The attack can only be executed locally. The exploit has been published and may be used. The project was in...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-11T02:16:27.250Z", "lastModified": "2026-05-13T14:47:15.150", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8258", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 28.2}, {"id": "CVE-2026-42887", "description": "Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.33.0, a stored cross-site scripting (XSS) vulnerability exists in the Login Page due to improper sanitization of the authLoginCustomMessage field of the /api/auth-settings endpoint. An attacker with administrative privileges ca...", "score": 4.5, "severity": "MEDIUM", "published": "2026-05-11T20:25:45.713Z", "lastModified": "2026-05-12T14:50:18.527", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42887", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 28.0}, {"id": "CVE-2026-20447", "description": "In geniezone, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10724073; Issue ID: MSV-6296.", "score": 6.7, "severity": "MEDIUM", "published": "2026-05-04T07:15:58.450Z", "lastModified": "2026-05-07T12:43:25.100", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20447", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 27.8}, {"id": "CVE-2026-20448", "description": "In geniezone, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10708513; Issue ID: MSV-6281.", "score": 6.7, "severity": "MEDIUM", "published": "2026-05-04T07:15:59.500Z", "lastModified": "2026-05-07T12:43:11.833", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20448", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 27.8}, {"id": "CVE-2026-20451", "description": "In slbc, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10828685; Issue ID: MSV-6504.", "score": 6.7, "severity": "MEDIUM", "published": "2026-05-04T07:15:59.840Z", "lastModified": "2026-05-07T12:42:44.807", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20451", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 27.8}, {"id": "CVE-2026-41662", "description": "Admidio is an open-source user management solution. Prior to version 5.0.9, Role::stopMembership() does not verify whether removing a user from the administrator role leaves zero administrators. The deprecated Membership::stopMembership() contains this safety check, but the current code path bypasse...", "score": 5.2, "severity": "MEDIUM", "published": "2026-05-07T04:16:30.080Z", "lastModified": "2026-05-07T15:16:08.350", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41662", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 27.8}, {"id": "CVE-2026-43895", "description": "jq is a command-line JSON processor. In 1.8.1 and earlier, jq accepts embedded NUL bytes in import paths at the jq-language level, but later resolves those paths through C string operations during module and data-file lookup. This creates a mismatch between the logical import string that policy or a...", "score": 4.4, "severity": "MEDIUM", "published": "2026-05-11T18:16:37.387Z", "lastModified": "2026-05-13T17:02:10.473", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43895", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 27.6}, {"id": "CVE-2026-7257", "description": "** UNSUPPORTED WHEN ASSIGNED ** An insecure storage of sensitive information vulnerability in the configuration file of Zyxel WRE6505 v2 firmware version V1.00(ABDV.3)C0 could allow a local attacker with administrator privileges to download and decrypt a backup configuration file.", "score": 4.4, "severity": "MEDIUM", "published": "2026-05-12T04:16:29.497Z", "lastModified": "2026-05-12T15:11:29.503", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7257", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 27.6}, {"id": "CVE-2026-6800", "description": "The FastBots plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and abov...", "score": 4.4, "severity": "MEDIUM", "published": "2026-05-12T10:16:48.207Z", "lastModified": "2026-05-12T14:03:52.757", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6800", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 27.6}, {"id": "CVE-2026-6813", "description": "The Continually plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and ab...", "score": 4.4, "severity": "MEDIUM", "published": "2026-05-12T10:16:48.350Z", "lastModified": "2026-05-12T14:03:52.757", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6813", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 27.6}, {"id": "CVE-2026-7431", "description": "An incorrect permission assignment for critical resource of Ivanti Secure Access Client\u00a0 \u00a0before 22.8R6 allows a local authenticated user to read or modify sensitive log data via write access to a shared memory section.", "score": 4.4, "severity": "MEDIUM", "published": "2026-05-12T15:16:16.883Z", "lastModified": "2026-05-12T19:53:39.127", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7431", "is_exploited": false, "epss": 0, "vendor": "IVANTI", "mts_score": 27.6}, {"id": "CVE-2026-32209", "description": "Improper access control in Windows Filtering Platform (WFP) allows an authorized attacker to bypass a security feature locally.", "score": 4.4, "severity": "MEDIUM", "published": "2026-05-12T18:17:00.850Z", "lastModified": "2026-05-14T14:51:45.540", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32209", "is_exploited": false, "epss": 0, "vendor": "WINDOWS", "mts_score": 27.6}, {"id": "CVE-2026-41100", "description": "Improper access control in M365 Copilot allows an authorized attacker to perform spoofing locally.", "score": 4.4, "severity": "MEDIUM", "published": "2026-05-12T18:17:21.507Z", "lastModified": "2026-05-13T15:34:52.573", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41100", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 27.6}, {"id": "CVE-2026-42446", "description": "NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a stack-based out-of-bounds read exists in the ZealFS filesystem image parser in NanaZip. The vulnerability is triggered when opening a crafted ZealFS v1 filesystem image. An attacker-controlled BitmapSize field in the fil...", "score": 4.4, "severity": "MEDIUM", "published": "2026-05-12T20:16:41.900Z", "lastModified": "2026-05-14T15:49:25.953", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42446", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 27.6}, {"id": "CVE-2026-44215", "description": "NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a one-byte heap out-of-bounds null write exists in the UFS/UFS2 filesystem image parser in NanaZip. The vulnerability is triggered when opening a crafted UFS filesystem image. The attacker controls the byte offset of the w...", "score": 4.4, "severity": "MEDIUM", "published": "2026-05-12T20:16:42.387Z", "lastModified": "2026-05-14T15:48:22.090", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44215", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 27.6}, {"id": "CVE-2026-35255", "description": "Vulnerability in the Oracle\u00a0Cloud Native Environment Command Line Interface\u00a0product of Oracle Open Source Projects. The supported versions that is affected is v2.3.2. Easily exploitable vulnerability allows unauthenticated attacker to compromise Oracle\u00a0Cloud Native Environment Command Line Interface...", "score": 6.6, "severity": "MEDIUM", "published": "2026-05-06T10:16:19.827Z", "lastModified": "2026-05-06T20:30:40.060", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35255", "is_exploited": false, "epss": 0, "vendor": "ORACLE", "mts_score": 27.4}, {"id": "CVE-2026-42150", "description": "wlc is a Weblate command-line client using Weblate's REST API. Prior to version 2.0.0, the HTML output format in wlc embeds API response data into HTML without escaping, allowing cross-site scripting when the output is rendered in a browser. This issue has been patched in version 2.0.0.", "score": 5.1, "severity": "MEDIUM", "published": "2026-05-08T04:16:18.920Z", "lastModified": "2026-05-12T14:00:17.217", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42150", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 27.4}, {"id": "CVE-2026-27680", "description": "Due to improper input handling under certain conditions, SAP NetWeaver Application Server ABAP allows an attacker to inject custom Cascading Style Sheets (CSS) data into a web page served by the application. When a user accesses or clicks the affected page, the injected CSS is executed. As a result,...", "score": 3.1, "severity": "LOW", "published": "2026-05-14T19:16:31.450Z", "lastModified": "2026-05-14T19:16:31.450", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27680", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 27.4}, {"id": "CVE-2026-8553", "description": "Use after free in GPU in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)", "score": 3.1, "severity": "LOW", "published": "2026-05-14T20:17:16.573Z", "lastModified": "2026-05-14T22:16:49.123", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8553", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 27.4}, {"id": "CVE-2026-8266", "description": "A vulnerability was detected in Open5GS up to 2.7.7. This affects the function gsm_build_pdu_session_establishment_accept of the file /src/smf/gsm-build.c of the component SMF. The manipulation results in denial of service. The attack can be launched remotely. The exploit is now public and may be us...", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-11T04:16:20.060Z", "lastModified": "2026-05-12T17:20:53.990", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8266", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 27.2}, {"id": "CVE-2026-8267", "description": "A flaw has been found in Open5GS up to 2.7.7. This vulnerability affects the function smf_nsmf_handle_created_data_in_vsmf of the component SMF. This manipulation causes denial of service. The attack may be initiated remotely. The exploit has been published and may be used. The project was informed ...", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-11T04:16:20.233Z", "lastModified": "2026-05-13T16:10:58.220", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8267", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 27.2}, {"id": "CVE-2026-8268", "description": "A vulnerability has been found in Open5GS up to 2.7.7. This issue affects the function OpenAPI_list_create of the component SMF. Such manipulation leads to denial of service. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The project was informed o...", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-11T04:16:20.403Z", "lastModified": "2026-05-12T17:20:32.067", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8268", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 27.2}, {"id": "CVE-2026-8269", "description": "A vulnerability was found in Open5GS up to 2.7.7. Impacted is the function smf_nsmf_handle_create_sm_context of the component SMF. Performing a manipulation results in denial of service. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The project wa...", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-11T05:16:15.350Z", "lastModified": "2026-05-12T17:20:15.570", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8269", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 27.2}, {"id": "CVE-2026-8270", "description": "A vulnerability was determined in Open5GS up to 2.7.7. The affected element is the function ogs_nas_parse_qos_rules of the component SMF. Executing a manipulation can lead to denial of service. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. The proj...", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-11T05:16:15.937Z", "lastModified": "2026-05-12T17:19:37.500", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8270", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 27.2}, {"id": "CVE-2026-8288", "description": "A vulnerability was determined in Open5GS up to 2.7.7. This affects the function gsm_handle_pdu_session_modification_qos_flow_descriptions of the file src/smf/gsm-handler.c of the component SMF. Executing a manipulation of the argument n1SmMsg can lead to denial of service. The attack may be launche...", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-11T13:16:12.073Z", "lastModified": "2026-05-12T17:18:17.073", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8288", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 27.2}, {"id": "CVE-2026-8289", "description": "A vulnerability was identified in Open5GS up to 2.7.7. This vulnerability affects the function smf_nsmf_handle_update_data_in_vsmf of the file /src/smf/nsmf-handler.c of the component SMF. The manipulation of the argument qosFlowProfile leads to denial of service. Remote exploitation of the attack i...", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-11T14:16:34.207Z", "lastModified": "2026-05-12T17:18:09.067", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8289", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 27.2}, {"id": "CVE-2026-8290", "description": "A security flaw has been discovered in Open5GS up to 2.7.7. This issue affects the function smf_nsmf_handle_update_data_in_vsmf of the file /src/smf/nsmf-handler.c of the component SMF. The manipulation results in denial of service. The attack can be executed remotely. The exploit has been released ...", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-11T14:16:34.483Z", "lastModified": "2026-05-13T16:11:05.933", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8290", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 27.2}, {"id": "CVE-2026-44198", "description": "Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user without the ability to edit a page could still access the history report for the page, potentially resulting in disclosure of sensitive information. This vulnerability is fixed in 7.0.7, 7...", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-11T16:17:35.057Z", "lastModified": "2026-05-12T15:58:41.620", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44198", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 27.2}, {"id": "CVE-2026-8291", "description": "A weakness has been identified in Open5GS up to 2.7.7. Impacted is the function ogs_nnrf_nfm_handle_nf_profile of the file lib/sbi/nnrf-handler.c of the component NRF. This manipulation causes denial of service. The attack is possible to be carried out remotely. The exploit has been made available t...", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-11T16:17:43.403Z", "lastModified": "2026-05-14T18:19:11.317", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8291", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 27.2}, {"id": "CVE-2026-8292", "description": "A security vulnerability has been detected in Open5GS up to 2.7.7. The affected element is the function yuarel_parse in the library /lib/sbi/conv.c of the component NRF. Such manipulation of the argument hnrf-uri leads to denial of service. The attack may be performed from remote. The exploit has be...", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-11T16:17:43.557Z", "lastModified": "2026-05-14T18:19:20.040", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8292", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 27.2}, {"id": "CVE-2026-44997", "description": "OpenClaw before 2026.4.22 contains a security envelope constraint bypass vulnerability allowing restricted subagents to spawn ACP child sessions that fail to inherit depth, child-count limits, control scope, or target-agent restrictions. Attackers can exploit this by spawning child sessions that byp...", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-11T18:16:39.670Z", "lastModified": "2026-05-13T14:12:19.997", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44997", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 27.2}, {"id": "CVE-2026-42565", "description": "@workos/authkit-session is a toolkit for building WorkOS AuthKit framework integrations. Prior to 0.5.1, an open redirect vulnerability exists in AuthService.handleCallback due to insufficient validation of the returnPathname value derived from the OAuth state parameter. The state parameter is round...", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-11T20:25:42.640Z", "lastModified": "2026-05-13T17:31:40.840", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42565", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 27.2}, {"id": "CVE-2026-42884", "description": "Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the GET /api/collections and GET /api/collections/:id endpoints return collections from all libraries without checking whether the requesting user has access to each collection's library. An authenticated user with access...", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-11T20:25:44.740Z", "lastModified": "2026-05-12T14:50:18.527", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42884", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 27.2}, {"id": "CVE-2026-42885", "description": "Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the POST /api/filesystem/pathexists endpoint uses String.startsWith() to validate that a resolved file path is within a library folder. This check fails for sibling directories whose names share a common prefix (e.g., /au...", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-11T20:25:44.877Z", "lastModified": "2026-05-12T15:13:21.560", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42885", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 27.2}, {"id": "CVE-2026-28901", "description": "The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-11T21:18:52.913Z", "lastModified": "2026-05-13T21:16:42.073", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28901", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 27.2}, {"id": "CVE-2026-28917", "description": "The issue was addressed with improved input validation. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-11T21:18:54.110Z", "lastModified": "2026-05-13T21:16:43.220", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28917", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 27.2}, {"id": "CVE-2026-28971", "description": "The issue was addressed with improved UI handling. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, visionOS 26.5. A malicious iframe may use another website\u2019s download settings.", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-11T21:18:57.807Z", "lastModified": "2026-05-13T21:16:44.610", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28971", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 27.2}, {"id": "CVE-2026-39869", "description": "The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing an audio stream in a maliciously crafted media file ma...", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-11T21:18:59.837Z", "lastModified": "2026-05-13T14:42:43.013", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39869", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 27.2}, {"id": "CVE-2026-43882", "description": "WWBN AVideo is an open source video platform. In versions up to and including 29.0, the unauthenticated plugin/Scheduler/downloadICS.php endpoint passes attacker-controlled title, description, and joinURL parameters into Scheduler::downloadICS(), which builds an ICS calendar file via the ICS helper ...", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-11T22:22:12.803Z", "lastModified": "2026-05-13T16:16:52.543", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43882", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 27.2}, {"id": "CVE-2026-8349", "description": "A flaw has been found in omec-project amf up to 2.1.1. This vulnerability affects unknown code of the component NGAP Message Handler. Executing a manipulation can lead to memory corruption. The attack can be launched remotely. The exploit has been published and may be used. This patch is called 8a4c...", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-12T00:17:03.600Z", "lastModified": "2026-05-13T15:32:56.063", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8349", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 27.2}, {"id": "CVE-2026-40129", "description": "Due to a Code Injection vulnerability in SAP Application Server ABAP for SAP NetWeaver and ABAP Platform, an authenticated attacker could send specially crafted inputs to the application. If processed by the application, this input could be delivered to users subscribed to the channel and result in ...", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-12T03:16:11.783Z", "lastModified": "2026-05-12T14:19:41.400", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40129", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 27.2}, {"id": "CVE-2026-40134", "description": "Due to insufficient authorization checks in the SAP Incentive and Commission Management application, authenticated users could invoke a remote-enabled function module to perform table update operations. This vulnerability has a low impact on integrity with no impact on confidentiality and availabili...", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-12T03:16:12.307Z", "lastModified": "2026-05-12T14:19:41.400", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40134", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 27.2}, {"id": "CVE-2026-40136", "description": "SAP Financial Consolidation allows an authenticated attacker to disconnect other users by terminating their sessions temporarily preventing access. However, the application itself cannot be compromised resulting in a low impact on availability. There is no impact on confidentiality and integrity of ...", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-12T03:16:12.560Z", "lastModified": "2026-05-12T14:19:41.400", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40136", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 27.2}, {"id": "CVE-2026-4301", "description": "The Rate Star Review Vote - AJAX Reviews, Votes, Star Ratings plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.6.4. The vwrsr_review() AJAX handler lacks both capability checks and nonce verification. The only access control is an is_user_logged_in() ...", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-12T09:16:41.640Z", "lastModified": "2026-05-12T14:03:52.757", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4301", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 27.2}, {"id": "CVE-2026-6709", "description": "The Coinbase Commerce for Contact Form 7 plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.1.2. This is due to a missing capability check and missing nonce verification in the save_settings() function, which is registered on the admin_post_cccf7_save_setti...", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-12T09:16:56.220Z", "lastModified": "2026-05-12T14:03:52.757", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6709", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 27.2}, {"id": "CVE-2026-6710", "description": "The Skysa Text Ticker App plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the SkysaApps_Admin_AppPage function. This makes it possible for unauthenticated attackers to trick a site adm...", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-12T09:16:56.360Z", "lastModified": "2026-05-12T14:03:52.757", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6710", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 27.2}, {"id": "CVE-2026-6932", "description": "The Woo Commerce Minimum Weight plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 3.0.1. This is due to missing nonce verification on the settings update handler in edit-weight.php. This makes it possible for unauthenticated attackers to modify the ...", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-12T09:16:56.770Z", "lastModified": "2026-05-12T14:03:52.757", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6932", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 27.2}, {"id": "CVE-2026-7050", "description": "The Forms Rb plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.9. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with contributor-level access and ...", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-12T09:16:56.907Z", "lastModified": "2026-05-12T14:03:52.757", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7050", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 27.2}, {"id": "CVE-2026-7562", "description": "The WP-Redirection plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.0.3. This is due to the absence of a nonce field in the admin settings form and the lack of any nonce verification (via check_admin_referer() or wp_verify_nonce()) in the display...", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-12T09:16:57.453Z", "lastModified": "2026-05-12T14:03:52.757", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7562", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 27.2}, {"id": "CVE-2026-7616", "description": "The Zawgyi Embed plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.1. This is due to missing or incorrect nonce validation on the zawgyi_adminpage function. This makes it possible for unauthenticated attackers to update the plugin's zawgyi_for...", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-12T09:16:57.590Z", "lastModified": "2026-05-12T14:03:52.757", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7616", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 27.2}, {"id": "CVE-2026-1934", "description": "The Motors \u2013 Car Dealership & Classified Listings plugin for WordPress is vulnerable to Payment Bypass via insecure user meta update in all versions up to, and including, 1.4.103 This is due to the stm_save_user_extra_fields() function updating sensitive user meta fields from POST data without verif...", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-12T10:16:43.770Z", "lastModified": "2026-05-12T14:03:52.757", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1934", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 27.2}, {"id": "CVE-2026-42006", "description": "An attacker can cause uncontrolled memory usage with excessive bracing over IMAP. The fix in CVE-2026-27857 was incomplete, only blocking one way of doing this, so there was still another way left open. In particular, the fix was for closing braces, but you could still use open braces to bypass the ...", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-12T14:17:04.703Z", "lastModified": "2026-05-12T15:08:22.857", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42006", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 27.2}, {"id": "CVE-2026-8407", "description": "Missing authorization in the PAM module in Devolutions Server allows an authenticated user with a PAM license but no additional permissions to obtain OTP secret keys and recovery codes via crafted requests to PAM API endpoints.\n\n\n\nThis issue affects the following versions :\n\n  *  \n\nDevolutions Serve...", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-12T17:16:22.043Z", "lastModified": "2026-05-13T16:17:05.520", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8407", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 27.2}, {"id": "CVE-2026-25690", "description": "An improper neutralization of argument delimiters in a command ('argument injection') vulnerability in Fortinet FortiDeceptor 6.0.0 through 6.0.2, FortiDeceptor 5.3.0 through 5.3.3, FortiDeceptor 5.2.0 through 5.2.1, FortiDeceptor 5.1 all versions, FortiDeceptor 5.0 all versions may allow an authent...", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-12T18:16:39.540Z", "lastModified": "2026-05-12T18:57:02.307", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25690", "is_exploited": false, "epss": 0, "vendor": "FORTINET", "mts_score": 27.2}, {"id": "CVE-2026-32175", "description": "A tampering vulnerability exists when .NET Core improperly handles specially crafted files. An attacker who successfully exploited this vulnerability could write arbitrary files and directories to certain locations on a vulnerable system. However, an attacker would have limited control over the dest...", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-12T18:16:58.737Z", "lastModified": "2026-05-13T15:34:52.573", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32175", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 27.2}, {"id": "CVE-2026-35429", "description": "User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network.", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-12T18:17:13.510Z", "lastModified": "2026-05-13T15:34:52.573", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35429", "is_exploited": false, "epss": 0, "vendor": "MICROSOFT", "mts_score": 27.2}, {"id": "CVE-2026-40416", "description": "User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-12T18:17:19.687Z", "lastModified": "2026-05-13T15:34:52.573", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40416", "is_exploited": false, "epss": 0, "vendor": "MICROSOFT", "mts_score": 27.2}, {"id": "CVE-2026-40421", "description": "External control of file name or path in Microsoft Office Word allows an unauthorized attacker to disclose information over a network.", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-12T18:17:20.320Z", "lastModified": "2026-05-13T15:34:52.573", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40421", "is_exploited": false, "epss": 0, "vendor": "MICROSOFT", "mts_score": 27.2}, {"id": "CVE-2026-42541", "description": "Kubewarden is a policy engine for Kubernetes. Prior to , An attacker with privileged AdmissionPolicy or AdmissionPolicyGroup create permissions (which isn't the default) can craft a policy that makes use of the can_i host callback. The callback issues a SubjectAccessReview (SAR) requests to enumerat...", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-12T18:17:24.957Z", "lastModified": "2026-05-13T18:24:31.310", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42541", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 27.2}, {"id": "CVE-2026-5146", "description": "Improper access control in the notification management endpoints in Devolutions Server allows an unauthenticated attacker to modify or delete arbitrary user notification records via missing session validation.\n\n\n\nThis issue affects the following versions :\n\n  *  \n\nDevolutions Server 2026.1.6.0 throu...", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-12T18:17:32.177Z", "lastModified": "2026-05-13T16:17:01.633", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5146", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 27.2}, {"id": "CVE-2026-34656", "description": "Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized...", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-12T20:16:36.720Z", "lastModified": "2026-05-13T14:49:11.830", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34656", "is_exploited": false, "epss": 0, "vendor": "ADOBE", "mts_score": 27.2}, {"id": "CVE-2026-7382", "description": "Exposure of Sensitive Information to an Unauthorized Actor, Exposure of private personal information to an unauthorized actor vulnerability in MeWare Software Development Inc. PDKS allows Excavation.\n\nThis issue affects PDKS: from V16.20200313 before VMYR_3.5.2025117.", "score": 6.5, "severity": "MEDIUM", "published": "2026-04-30T13:16:06.267Z", "lastModified": "2026-04-30T15:09:03.710", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7382", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 27.0}, {"id": "CVE-2026-36759", "description": "A Server-Side Request Forgery (SSRF) in the /themes/{name}/upgrade-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request.", "score": 6.5, "severity": "MEDIUM", "published": "2026-04-30T16:16:42.513Z", "lastModified": "2026-04-30T18:16:28.770", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-36759", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 27.0}, {"id": "CVE-2026-3833", "description": "A flaw was found in gnutls. This vulnerability occurs because gnutls performs case-sensitive comparisons of `nameConstraints` labels, specifically for `dNSName` (DNS) or `rfc822Name` (email) constraints within `excludedSubtrees` or `permittedSubtrees`. A remote attacker can exploit this by crafting ...", "score": 6.5, "severity": "MEDIUM", "published": "2026-04-30T18:16:30.577Z", "lastModified": "2026-05-07T02:09:04.470", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3833", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 27.0}, {"id": "CVE-2026-35514", "description": "Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, the endpoint POST /user/invited does not validate any invite token, authentication header, or session. Any unauthenticated attacker can call this endpoint ...", "score": 6.5, "severity": "MEDIUM", "published": "2026-04-30T19:16:09.217Z", "lastModified": "2026-05-01T15:31:02.467", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35514", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 27.0}, {"id": "CVE-2026-40603", "description": "Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes a legacy dashboard route that returns a project's report data to any authenticated member of the same team, even when that user does not ...", "score": 6.5, "severity": "MEDIUM", "published": "2026-04-30T19:16:10.253Z", "lastModified": "2026-05-01T15:31:02.467", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40603", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 27.0}, {"id": "CVE-2026-28532", "description": "FRRouting before 10.5.3 contains an integer overflow vulnerability in seven OSPF Traffic Engineering and Segment Routing TLV parser functions where a uint16_t accumulator variable truncates uint32_t values returned by the TLV_SIZE() macro, causing the loop termination condition to fail while pointer...", "score": 6.5, "severity": "MEDIUM", "published": "2026-04-30T21:16:31.250Z", "lastModified": "2026-05-01T17:48:21.397", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28532", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 27.0}, {"id": "CVE-2026-3340", "description": "IBM Langflow Desktop 1.0.0 through 1.8.4 IBM Langflow is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.", "score": 6.5, "severity": "MEDIUM", "published": "2026-04-30T21:16:32.463Z", "lastModified": "2026-05-11T17:05:34.130", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3340", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 27.0}, {"id": "CVE-2026-40950", "description": "CVE-2026-40950 is a buffer overflow vulnerability in the Secure Access \nserver prior to 14.50. Attackers with control of a modified client can \nsend a specially crafted message to the server and cause a denial of \nservice", "score": 6.5, "severity": "MEDIUM", "published": "2026-04-30T21:16:33.010Z", "lastModified": "2026-05-05T02:32:41.080", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40950", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 27.0}, {"id": "CVE-2026-4502", "description": "IBM Langflow Desktop 1.2.0 through 1.8.4 Langflow could allow an authenticated attacker to traverse directories on the system. An attacker could send\u00a0a specially crafted URL request containing \"dot dot\" sequences (/../) to write arbitrary files on the system.", "score": 6.5, "severity": "MEDIUM", "published": "2026-04-30T21:16:33.533Z", "lastModified": "2026-05-11T17:06:21.467", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4502", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 27.0}, {"id": "CVE-2025-36122", "description": "IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes DB2 Connect Server) could allow an authenticated user to cause a denial of service using a specially crafted SQL query due to improper allocation of system resources.", "score": 6.5, "severity": "MEDIUM", "published": "2026-04-30T22:16:24.597Z", "lastModified": "2026-05-01T17:52:18.300", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-36122", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 27.0}, {"id": "CVE-2026-1577", "description": "IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an\u00a0authenticated user to cause a denial of service due to improper neutralization of special\u00a0elements in data query logic.", "score": 6.5, "severity": "MEDIUM", "published": "2026-04-30T22:16:25.017Z", "lastModified": "2026-05-10T14:16:46.437", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1577", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 27.0}, {"id": "CVE-2026-3345", "description": "IBM Langflow Desktop <=1.8.4 Langflow could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system.", "score": 6.5, "severity": "MEDIUM", "published": "2026-04-30T22:16:25.337Z", "lastModified": "2026-05-11T17:05:14.423", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3345", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 27.0}, {"id": "CVE-2026-40685", "description": "In Exim before 4.99.2, when JSON lookup is enabled, an out-of-bounds heap write can occur when a JSON operator encounters malformed JSON in an untrusted header, because of an incorrect implementation of \\ skipping.", "score": 6.5, "severity": "MEDIUM", "published": "2026-04-30T22:16:25.633Z", "lastModified": "2026-05-01T17:51:06.830", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40685", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 27.0}, {"id": "CVE-2026-6542", "description": "IBM Langflow OSS 1.0.0 through 1.8.4 could allow any user to supply a flow_id to read transaction logs and vertex build data belonging to other users, and to delete persisted vertex build data for another user's flow.", "score": 6.5, "severity": "MEDIUM", "published": "2026-04-30T22:16:26.340Z", "lastModified": "2026-05-04T18:21:23.047", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6542", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 27.0}, {"id": "CVE-2026-28909", "description": "Users who connect to malicious registries with hostnames matching the bypass patterns will have their registry credentials exposed in plaintext. This issue is fixed in container version 0.12.3.", "score": 6.5, "severity": "MEDIUM", "published": "2026-04-30T23:16:20.437Z", "lastModified": "2026-05-04T18:22:48.623", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28909", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 27.0}, {"id": "CVE-2026-42404", "description": "Apache Neethi does not impose any restrictions on URIs when manually fetching remote policy references through the PolicyReference API. When an application explicitly calls the API to retrieve a policy from a remote URI, an outbound request is made for arbitrary protocols and internal IP adddresses....", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-01T11:16:19.230Z", "lastModified": "2026-05-01T18:06:24.337", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42404", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 27.0}, {"id": "CVE-2026-43504", "description": "An issue was discovered in Prosody before 0.12.6 and 1.0.0 through 13.0.0 before 13.0.5, when mod_proxy65 is enabled. Because mod_proxy65 mishandles access control in a paused scenario, relaying of unauthenticated traffic can occur.", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-01T15:16:52.380Z", "lastModified": "2026-05-01T17:15:31.117", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43504", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 27.0}, {"id": "CVE-2026-43505", "description": "An issue was discovered in Prosody before 0.12.6 and 1.0.0 through 13.0.0 before 13.0.5, when mod_proxy65 is enabled. Because mod_proxy65 mishandles access control in the activation scenario, relaying of unauthenticated traffic can occur.", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-01T15:16:52.653Z", "lastModified": "2026-05-01T17:15:38.703", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43505", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 27.0}, {"id": "CVE-2026-23863", "description": "An attachment spoofing issue in WhatsApp for Windows prior to v2.3000.1032164386.258709 could have allowed maliciously formatted documents with embedded NUL bytes in the filename to be shown in the application as one type of file but run as an executable when opened. We have not seen evidence of exp...", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-01T16:16:29.843Z", "lastModified": "2026-05-11T19:59:52.623", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23863", "is_exploited": false, "epss": 0, "vendor": "WINDOWS", "mts_score": 27.0}, {"id": "CVE-2026-42474", "description": "SQL injection vulnerability in MixPHP Framework 2.x thru 2.2.17 via crafted `data` array to the data function in BuildHelper.php.", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-01T16:16:31.813Z", "lastModified": "2026-05-05T19:39:58.510", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42474", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 27.0}, {"id": "CVE-2026-42475", "description": "SQL injection vulnerability in MixPHP Framework 2.x thru 2.2.17 via crafted `on` array to the joinOn function in BuildHelper.php.", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-01T16:16:31.930Z", "lastModified": "2026-05-07T15:53:49.717", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42475", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 27.0}, {"id": "CVE-2026-26461", "description": "A Command Injection vulnerability in the web management interface in Aver PTC320UV2 0.1.0000.65 allows an unauthenticated attacker to execute arbitrary commands via a crafted web request.", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-01T18:16:14.307Z", "lastModified": "2026-05-07T15:15:06.770", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26461", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 27.0}, {"id": "CVE-2025-14726", "description": "The Widgets for Social Photo Feed plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the '/trustindex_feed_hook_instagram/troubleshooting' and '/trustindex_feed_hook_instagram/submit-data' REST API endpoints in all versions...", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-02T05:16:00.093Z", "lastModified": "2026-05-05T19:17:22.860", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14726", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 27.0}, {"id": "CVE-2026-6457", "description": "The Geo Mashup plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'geo_mashup_null_fields' parameter in all versions up to, and including, 1.13.19 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This ...", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-02T08:16:27.803Z", "lastModified": "2026-05-05T19:15:59.927", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6457", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 27.0}, {"id": "CVE-2026-7633", "description": "A vulnerability was identified in Totolink N300RH 6.1c.1353_B20190305. This impacts the function setUploadSetting of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument FileName leads to file inclusion. The attack may be performed from remote. The exploit is publicly available and might...", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-02T15:16:13.890Z", "lastModified": "2026-05-05T19:15:06.200", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7633", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 27.0}, {"id": "CVE-2026-7645", "description": "A vulnerability was found in ruvnet sublinear-time-solver 1.5.0. Affected by this vulnerability is the function export_state of the file src/consciousness-explorer/mcp/server.js of the component MCP Interface. The manipulation results in path traversal. The attack can be executed remotely. The explo...", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-02T16:16:15.867Z", "lastModified": "2026-05-05T19:15:06.200", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7645", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 27.0}, {"id": "CVE-2026-7681", "description": "A security vulnerability has been detected in jsbroks COCO Annotator up to 0.11.1. Affected by this vulnerability is an unknown functionality of the file backend/webserver/api/datasets.py of the component Dataset API. The manipulation of the argument DatasetId leads to authorization bypass. The atta...", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-03T06:15:58.190Z", "lastModified": "2026-05-05T19:13:44.530", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7681", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 27.0}, {"id": "CVE-2026-5337", "description": "During the analysis, it was identified that authenticated attackers with Subscriber-level access or higher are able to perform an Insecure Direct Object Reference (IDOR) attack. This vulnerability exists because the Frontend File Manager Plugin WordPress plugin through 23.6 does not properly validat...", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-03T07:16:24.687Z", "lastModified": "2026-05-04T15:23:19.800", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5337", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 27.0}, {"id": "CVE-2026-42367", "description": "A privilege escalation vulnerability exists in the Web Interface / ssi.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted HTTP request can lead to credentials leak. An attacker can visit a webpage to trigger this vulnerability.", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-04T01:16:03.890Z", "lastModified": "2026-05-05T02:45:01.993", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42367", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 27.0}, {"id": "CVE-2026-7714", "description": "A flaw has been found in crocodilestick Calibre-Web-Automated up to 4.0.6. Affected by this issue is some unknown functionality of the file cps/cwa_functions.py of the component Admin Endpoint. This manipulation causes missing authentication. It is possible to initiate the attack remotely. The explo...", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-04T01:16:04.863Z", "lastModified": "2026-05-05T19:11:29.130", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7714", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 27.0}, {"id": "CVE-2026-20449", "description": "In Modem, there is a possible system crash due to a heap buffer overflow. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ...", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-04T07:15:59.610Z", "lastModified": "2026-05-07T12:43:00.957", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20449", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 27.0}, {"id": "CVE-2026-20450", "description": "In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID...", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-04T07:15:59.723Z", "lastModified": "2026-05-07T12:42:53.157", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20450", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 27.0}, {"id": "CVE-2025-70070", "description": "An issue in Assimp v.6.0.2 allows a remote attacker to cause a denial of service via the FBXMeshGeometry.cpp, MeshGeometry::MeshGeometry()", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-04T15:16:03.360Z", "lastModified": "2026-05-05T19:47:31.297", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-70070", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 27.0}, {"id": "CVE-2025-70072", "description": "An issue in Assimp v.6.0.2 allows a remote attacker to cause a denial of service via the FBXConverter.cpp, FBXConverter::ConvertMeshMultiMaterial() components", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-04T15:16:03.467Z", "lastModified": "2026-05-05T19:47:31.297", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-70072", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 27.0}, {"id": "CVE-2026-33523", "description": "HTTP response splitting vulnerability in multiple Apache HTTP Server modules with untrusted or compromised backend servers.\n\nThis issue affects Apache HTTP Server: from through 2.4.66.\n\nUsers are recommended to upgrade to version 2.4.67, which fixes the issue.", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-04T15:16:04.227Z", "lastModified": "2026-05-04T20:21:15.483", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33523", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 27.0}, {"id": "CVE-2026-37458", "description": "Missing input validation in the MP_REACH_NLRI component of FRRouting (FRR) stable/10.0 to stable/10.6 allows authenticated attackers to cause a Denial of Service (DoS) via supplying a crafted UPDATE message.", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-04T16:16:02.170Z", "lastModified": "2026-05-11T19:52:46.943", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-37458", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 27.0}, {"id": "CVE-2025-47401", "description": "Transient DOS when processing target power rate tables during channel configuration.", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-04T17:16:20.143Z", "lastModified": "2026-05-06T18:03:53.800", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47401", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 27.0}, {"id": "CVE-2025-47403", "description": "Transient DOS when processing a malformed Fast Transition response frame with an invalid header structure during wireless roaming.", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-04T17:16:20.400Z", "lastModified": "2026-05-06T18:03:46.090", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47403", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 27.0}, {"id": "CVE-2025-47404", "description": "Memory corruption when dynamically changing the size of a previously allocated buffer while its contents are being modified.", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-04T17:16:20.623Z", "lastModified": "2026-05-06T18:03:17.743", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47404", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 27.0}, {"id": "CVE-2026-42091", "description": "goshs is a SimpleHTTPServer written in Go. Prior to version 2.0.2, the PUT upload handler (httpserver/updown.go) lacks the CSRF token validation that was added to the POST upload handler during the CVE-2026-40883 fix. Combined with the unconditional Access-Control-Allow-Origin: * on the OPTIONS pref...", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-04T18:16:31.210Z", "lastModified": "2026-05-12T18:34:28.277", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42091", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 27.0}, {"id": "CVE-2026-42092", "description": "titra is an open source time tracking project. In version 0.99.52, the globalsettings Meteor publication returns all global settings without any admin or role check. Any authenticated user can subscribe via DDP and receive sensitive configuration fields such as google_secret, openai_apikey, and goog...", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-04T18:16:31.363Z", "lastModified": "2026-05-07T15:43:39.827", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42092", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 27.0}, {"id": "CVE-2026-42227", "description": "n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an authenticated user with a valid API key scoped to variable:list could read variables from projects they are not a member of by supplying an arbitrary projectId query parameter to the public API var...", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-04T19:16:04.743Z", "lastModified": "2026-05-06T18:08:47.860", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42227", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 27.0}, {"id": "CVE-2026-42228", "description": "n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the /chat WebSocket endpoint used by the Chat Trigger node's Hosted Chat feature did not verify that an incoming connection was authorized to interact with the target execution. An unauthenticated rem...", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-04T19:16:04.900Z", "lastModified": "2026-05-06T18:08:21.630", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42228", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 27.0}, {"id": "CVE-2026-42220", "description": "Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.8, an authenticated user can call GET /api/settings and retrieve sensitive configuration values, including node.secret. The same node.secret is accepted by AuthRequired() through the X-Node-Secret header (or node_secret ...", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-04T21:16:31.870Z", "lastModified": "2026-05-06T17:16:36.317", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42220", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 27.0}, {"id": "CVE-2026-42223", "description": "Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.8, the GetSettings API handler (api/settings/settings.go:24-65) serializes all settings structs to JSON and returns them to authenticated users. Many sensitive fields are tagged with protected:\"true\" - however, this tag ...", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-04T21:16:32.320Z", "lastModified": "2026-05-06T14:46:24.977", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42223", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 27.0}, {"id": "CVE-2026-4409", "description": "The Subscribe To Comments Reloaded plugin for WordPress is vulnerable to unauthorized modification of data due to a leaked secret key and usage of a weak hash generation algorithm in all versions up to, and including, 240119. This makes it possible for unauthenticated attackers to extract the global...", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-05T03:15:59.420Z", "lastModified": "2026-05-05T19:09:32.000", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4409", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 27.0}, {"id": "CVE-2026-5957", "description": "The EmailKit plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to and including 1.6.5. This is due to a flawed path traversal validation in the create_template() method of the CheckForm class, where realpath() is called on the allowed base directory (wp-content/uploads/ema...", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-05T04:16:19.643Z", "lastModified": "2026-05-05T19:08:20.090", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5957", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 27.0}, {"id": "CVE-2026-4362", "description": "The ElementsKit Elementor Addons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `Live_Action::reset()` function in all versions up to, and including, 3.8.2 The function is hooked to the WordPress `init` action and triggers when both `...", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-05T05:16:00.257Z", "lastModified": "2026-05-05T19:08:20.090", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4362", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 27.0}, {"id": "CVE-2026-3454", "description": "The GenerateBlocks plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.0. This is due to missing object-level authorization checks in the /wp-json/generateblocks/v1/dynamic-tag-replacements REST endpoint. The endpoint only verifies that th...", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-05T07:16:00.277Z", "lastModified": "2026-05-05T19:08:20.090", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3454", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 27.0}, {"id": "CVE-2025-42611", "description": "RouterOS provides various services that rely on correct\nverification of client and server certificates to secure confidentiality and\nintegrity of communications. This includes OpenVPN, CAPsMAN, Dot1x (802.1X),\namong others.\n\n\n\nThe vulnerability lies in shared certificate validation\nlogic which uses ...", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-05T11:16:31.827Z", "lastModified": "2026-05-07T14:51:53.657", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-42611", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 27.0}, {"id": "CVE-2026-42433", "description": "OpenClaw before 2026.4.10 contains an authorization bypass vulnerability allowing operator.write message-tool paths to access Matrix profile persistence requiring admin-level authority. Attackers can exploit insufficient access controls to mutate persistent profile configuration through non-owner me...", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-05T12:16:17.627Z", "lastModified": "2026-05-05T19:47:31.297", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42433", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 27.0}, {"id": "CVE-2026-43528", "description": "OpenClaw before 2026.4.14 contains a redaction bypass vulnerability that allows authenticated gateway clients to receive unredacted secrets through sourceConfig and runtimeConfig alias fields. Attackers with config read access can exploit this to obtain provider API keys, gateway authentication mate...", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-05T12:16:18.917Z", "lastModified": "2026-05-07T01:54:40.293", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43528", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 27.0}, {"id": "CVE-2026-43567", "description": "OpenClaw before 2026.4.10 contains a path traversal vulnerability in the screen_record tool's outPath parameter that bypasses workspace-only filesystem guards. Attackers can exploit this by specifying an outPath outside the workspace boundary to write files to unintended locations on the system.", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-05T12:16:20.190Z", "lastModified": "2026-05-07T01:52:51.523", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43567", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 27.0}, {"id": "CVE-2026-43568", "description": "OpenClaw versions 2026.4.5 before 2026.4.10 contain a privilege escalation vulnerability allowing write-scoped operators to modify persistent memory dreaming settings. Attackers with write-scoped gateway access can toggle admin-class configuration mutations through the /dreaming endpoint to escalate...", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-05T12:16:20.343Z", "lastModified": "2026-05-07T01:52:39.910", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43568", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 27.0}, {"id": "CVE-2026-43570", "description": "OpenClaw versions 2026.3.22 before 2026.4.5 contain a symlink traversal vulnerability in remote marketplace repository path handling that allows attackers to escape the expected repository root. Attackers can exploit this by providing crafted symlink paths to access files outside the intended reposi...", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-05T12:16:20.710Z", "lastModified": "2026-05-07T16:03:14.950", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43570", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 27.0}, {"id": "CVE-2026-43574", "description": "OpenClaw before 2026.4.12 contains an improper authorization vulnerability in helper-backed channels where empty resolved approver lists are interpreted as explicit approval authorization. Attackers can resolve pending approvals without proper authorization by exploiting this logic flaw if they know...", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-05T12:16:21.307Z", "lastModified": "2026-05-07T17:03:43.427", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43574", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 27.0}, {"id": "CVE-2026-6262", "description": "The Betheme theme for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and including, 28.4. This is due to the upload_icons() function workflow using a user-controlled upload path (`mfn-icon-upload`) in a filesystem move operation without constraining it to the uploads directory...", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-05T12:16:21.590Z", "lastModified": "2026-05-05T19:08:20.090", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6262", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 27.0}, {"id": "CVE-2026-27644", "description": "Traccar is an open source GPS tracking system. In versions between 6.11.1 and 6.13.0, the CSV export functionality writes position data, including user-controlled device and computed attributes, to CSV output without proper escaping. An attacker can inject spreadsheet formulas through exported field...", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-05T13:16:27.807Z", "lastModified": "2026-05-08T20:04:39.237", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27644", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 27.0}, {"id": "CVE-2026-30246", "description": "Fiber is a web framework for Go. In github.com/gofiber/fiber/v3 versions through 3.1.0, the default key generator in the cache middleware uses only the request path and does not include the query string. As a result, requests for the same path with different query parameters can share a cache key an...", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-05T13:16:28.820Z", "lastModified": "2026-05-12T13:44:42.697", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-30246", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 27.0}, {"id": "CVE-2026-35192", "description": "An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14.\nResponse headers do not vary on cookies if a session is not modified, but `SESSION_SAVE_EVERY_REQUEST` is `True`. A remote attacker can steal a user's session after that user visits a cached public page.\nEarlier, unsupported Django s...", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-05T16:16:12.383Z", "lastModified": "2026-05-07T14:20:37.053", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35192", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 27.0}, {"id": "CVE-2026-32603", "description": "Sandboxie is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, a local denial of service vulnerability exists in the Sandboxie kernel driver. An unprivileged process running inside a Standard Sandbox can send a malformed IOCTL to the \\Device\\SandboxieDriver...", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-05T20:16:35.540Z", "lastModified": "2026-05-07T20:02:30.417", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32603", "is_exploited": false, "epss": 0, "vendor": "WINDOWS", "mts_score": 27.0}, {"id": "CVE-2026-39402", "description": "lxc is a Linux container runtime. In the setuid helper lxc-user-nic, the delete path contains a logic flaw in the find_line() function that allows an unprivileged user to delete OVS-attached network interfaces belonging to other users. When lxc-user-nic delete scans its NIC database to authorize a d...", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-05T21:16:22.537Z", "lastModified": "2026-05-12T16:12:51.187", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39402", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 27.0}, {"id": "CVE-2026-41950", "description": "Dify before version 1.14.0 contains an authorization bypass vulnerability that allows authenticated users to read the full contents of files uploaded by other users within the same tenant by supplying an arbitrary file UUID in the files array of a chat-messages request. Attackers can exploit insuffi...", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-05T21:16:23.233Z", "lastModified": "2026-05-12T16:20:10.747", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41950", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 27.0}, {"id": "CVE-2026-5753", "description": "The All-in-One WP Migration Unlimited Extension plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.83. This is due to the 'Ai1wmve_Schedules_Controller::save' handler for 'admin_post_ai1wm_schedule_event_save' not verifying user capabilities before saving...", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-06T04:16:09.097Z", "lastModified": "2026-05-06T13:06:42.220", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5753", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 27.0}, {"id": "CVE-2026-43975", "description": "FolderUploadsFileManager in Apache Wicket does not validate or sanitize the uploadFieldId parameter or the clientFileName\n before constructing file paths, allowing an unauthenticated attacker to\n write arbitrary files outside the intended upload directory or read \nfiles from arbitrary locations on t...", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-06T10:16:26.163Z", "lastModified": "2026-05-06T20:29:31.430", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43975", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 27.0}, {"id": "CVE-2026-41287", "description": "Stack-based Buffer Overflow vulnerability in the WatchGuard Agent discovery service on Windows allows Overflow Buffers. An unauthenticated attacker on the same local network could exploit this vulnerability to crash the agent service.", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-06T15:16:10.767Z", "lastModified": "2026-05-11T18:36:54.950", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41287", "is_exploited": false, "epss": 0, "vendor": "WINDOWS", "mts_score": 27.0}, {"id": "CVE-2026-41286", "description": "Stack-based Buffer Overflow vulnerability in the WatchGuard Agent discovery service on Windows allows Overflow Buffers. An unauthenticated attacker on the same local network could exploit this vulnerability to crash the agent service.", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-06T16:16:09.950Z", "lastModified": "2026-05-11T18:36:16.443", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41286", "is_exploited": false, "epss": 0, "vendor": "WINDOWS", "mts_score": 27.0}, {"id": "CVE-2026-20168", "description": "A vulnerability in the web-based management interface of Cisco IoT Field Network Director could allow an authenticated, remote attacker with low privileges to retrieve files that they do not have permission to access.\r\n\r\nThis vulnerability is due to insufficient file access checks. An attacker could...", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-06T17:16:20.590Z", "lastModified": "2026-05-06T18:59:53.230", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20168", "is_exploited": false, "epss": 0, "vendor": "CISCO", "mts_score": 27.0}, {"id": "CVE-2026-7924", "description": "Uninitialized Use in Dawn in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-06T19:16:40.713Z", "lastModified": "2026-05-06T23:37:58.637", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7924", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 27.0}, {"id": "CVE-2026-7982", "description": "Uninitialized Use in WebCodecs in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-06T19:16:49.067Z", "lastModified": "2026-05-06T23:22:09.540", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7982", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 27.0}, {"id": "CVE-2026-43577", "description": "OpenClaw before 2026.4.9 contains a file read vulnerability allowing attackers to bypass navigation guards through browser act/evaluate interactions. Attackers can pivot into the local CDP origin and create or read disallowed file:// pages despite direct navigation policy restrictions.", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-06T20:16:33.377Z", "lastModified": "2026-05-07T17:04:12.537", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43577", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 27.0}, {"id": "CVE-2026-43579", "description": "OpenClaw before 2026.4.10 contains an insufficient access control vulnerability in Nostr plugin HTTP profile routes that allows operators with write permissions to persist profile configuration without requiring admin authority. Attackers with operator.write scope can modify Nostr profile settings t...", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-06T20:16:33.643Z", "lastModified": "2026-05-07T17:04:32.137", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43579", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 27.0}, {"id": "CVE-2026-40195", "description": "Incus is a system container and virtual machine manager. In versions before 7.0.0, missing validation logic in the storage bucket import logic allows an authenticated user with access to the storage bucket feature to cause the Incus daemon to crash. The vulnerability is present in the backup metadat...", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-06T21:16:00.793Z", "lastModified": "2026-05-07T17:07:08.320", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40195", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 27.0}, {"id": "CVE-2026-40197", "description": "Incus is a system container and virtual machine manager. In versions before 7.0.0, missing validation logic in the storage volume import logic allows an authenticated user with access to the storage volume feature to cause the Incus daemon to crash. The custom volume backup import subsystem contains...", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-06T21:16:00.930Z", "lastModified": "2026-05-07T17:06:55.910", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40197", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 27.0}, {"id": "CVE-2026-40251", "description": "Incus is a system container and virtual machine manager. In versions before 7.0.0, missing validation logic in the storage volume import logic allows an authenticated user with access to the storage volume feature to cause the Incus daemon to crash. The backup restore subsystem contains an out-of-bo...", "score": 6.5, "severity": "MEDIUM", "published": "2026-05-06T21:16:01.210Z", "lastModified": "2026-05-07T17:06:42.753", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40251", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 27.0}, {"id": "CVE-2026-41413", "description": "Istio is an open platform to connect, manage, and secure microservices. Prior to versions 1.28.6 and 1.29.2, when a RequestAuthentication resource is created with a jwksUri pointing to an internal service, istiod makes an unauthenticated HTTP GET request to that URL without filtering out localhost o...", "score": 5.0, "severity": "MEDIUM", "published": "2026-05-07T06:16:04.730Z", "lastModified": "2026-05-08T17:03:51.907", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41413", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 27.0}, {"id": "CVE-2026-41648", "description": "Incus is a system container and virtual machine manager. Prior to version 7.0.0, user provided image and backup tarballs would be unpacked and YAML files parsed without any size restrictions. This was making it easy for an authenticated user to provide a crafted image or backup tarball that when par...", "score": 5.0, "severity": "MEDIUM", "published": "2026-05-07T14:16:03.200Z", "lastModified": "2026-05-07T19:51:19.283", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41648", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 27.0}, {"id": "CVE-2025-62312", "description": "HCL AION is affected by a vulnerability where basic authorization tokens are used for authentication. Use of basic authorization mechanisms may expose credentials to potential interception or misuse, especially if not combined with secure transmission practices.", "score": 3.0, "severity": "LOW", "published": "2026-05-14T17:16:18.480Z", "lastModified": "2026-05-14T17:22:46.577", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62312", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 27.0}, {"id": "CVE-2026-44991", "description": "OpenClaw before 2026.4.21 contains an authorization bypass vulnerability in command-auth.ts that allows non-owner senders to execute owner-enforced slash commands when wildcard inbound senders are configured without explicit owner allowFrom settings. Attackers can exploit this by sending commands li...", "score": 4.2, "severity": "MEDIUM", "published": "2026-05-11T18:16:38.780Z", "lastModified": "2026-05-13T14:10:51.210", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44991", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 26.8}, {"id": "CVE-2026-43883", "description": "WWBN AVideo is an open source video platform. In versions up to and including 29.0, plugin/PayPalYPT/agreementCancel.json.php cancels a PayPal billing agreement using an attacker-supplied agreement parameter without verifying that the authenticated user owns the agreement. A low-privilege authentica...", "score": 4.2, "severity": "MEDIUM", "published": "2026-05-11T22:22:12.940Z", "lastModified": "2026-05-12T18:17:28.380", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43883", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 26.8}, {"id": "CVE-2026-3346", "description": "IBM Langflow Desktop 1.6.0 through 1.8.4 Lanflow is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted sess...", "score": 6.4, "severity": "MEDIUM", "published": "2026-04-30T21:16:32.610Z", "lastModified": "2026-05-11T17:06:09.163", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3346", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 26.6}, {"id": "CVE-2026-41174", "description": "Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a potential vulnerability in Traefik's Kubernetes CRD provider cross-namespace isolation enforcement. When providers.kubernetesCRD.allowCrossNamespace=false, Traefik correctly rejects dire...", "score": 6.4, "severity": "MEDIUM", "published": "2026-04-30T21:16:33.240Z", "lastModified": "2026-05-01T17:39:35.703", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41174", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 26.6}, {"id": "CVE-2026-2311", "description": "IBM i 7.6, 7.5, 7.4, 7.3, and 7.2 s vulnerable to privilege escalation caused by an invalid IBM i Web Administration GUI authorization check. \u00a0A malicious actor could cause user-controlled code to run with administrator privilege.", "score": 6.4, "severity": "MEDIUM", "published": "2026-04-30T22:16:25.147Z", "lastModified": "2026-05-01T19:33:39.563", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2311", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 26.6}, {"id": "CVE-2026-6127", "description": "The Elementor Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the _elementor_data meta field in versions up to, and including, 4.0.4. This is due to insufficient input sanitization when processing form-encoded REST API requests. The plugin registers the _element...", "score": 6.4, "severity": "MEDIUM", "published": "2026-05-01T06:16:32.233Z", "lastModified": "2026-05-01T15:26:24.553", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6127", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 26.6}, {"id": "CVE-2026-6378", "description": "The Maxi Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `/wp-json/maxi-blocks/v1.0/style-card` REST API endpoint in all versions up to, and including, 2.1.9 due to insufficient input sanitization and output escaping of the `sc_styles` parameter. This makes it possib...", "score": 6.4, "severity": "MEDIUM", "published": "2026-05-02T04:16:11.990Z", "lastModified": "2026-05-05T19:17:22.860", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6378", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 26.6}, {"id": "CVE-2026-7209", "description": "The Simple Link Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `qcopd-directory` shortcode in all versions up to, and including, 8.9.2. This is due to insufficient input sanitization and output escaping on user supplied attributes such as `title_font_siz...", "score": 6.4, "severity": "MEDIUM", "published": "2026-05-02T04:16:23.453Z", "lastModified": "2026-05-05T19:17:22.860", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7209", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 26.6}, {"id": "CVE-2026-4658", "description": "The Essential Blocks \u2013 Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the className, classHook, and blockId attributes in the Add to Cart block (essential-blocks/add-to-cart) in all versions up to, and including, 6.0.4. This ...", "score": 6.4, "severity": "MEDIUM", "published": "2026-05-02T05:16:00.767Z", "lastModified": "2026-05-05T19:17:22.860", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4658", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 26.6}, {"id": "CVE-2026-6916", "description": "The Jeg Kit for Elementor \u2013 Powerful Addons for Elementor, Widgets & Templates for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sg_content_number_prefix' parameter in all versions up to, and including, 3.1.0 due to insufficient input sanitization and output es...", "score": 6.4, "severity": "MEDIUM", "published": "2026-05-02T06:16:04.490Z", "lastModified": "2026-05-05T19:16:18.390", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6916", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 26.6}, {"id": "CVE-2026-0703", "description": "The NextMove Lite \u2013 Thank You Page for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'xlwcty_current_date' shortcode in all versions up to, and including, 2.23.0 due to insufficient input sanitization and output escaping on user supplied attributes. T...", "score": 6.4, "severity": "MEDIUM", "published": "2026-05-02T14:16:17.040Z", "lastModified": "2026-05-05T19:15:06.200", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0703", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 26.6}, {"id": "CVE-2026-2868", "description": "The Gutenverse \u2013 Ultimate WordPress FSE Blocks Addons & Ecosystem plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'separatorIconSVG' parameter in versions up to, and including, 3.5.3 due to insufficient input sanitization and output escaping. This makes it possible for auth...", "score": 6.4, "severity": "MEDIUM", "published": "2026-05-05T03:15:59.263Z", "lastModified": "2026-05-05T19:09:32.000", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2868", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 26.6}, {"id": "CVE-2026-4730", "description": "The Charts Ninja: Create Beautiful Graphs & Charts and Easily Add Them to Your Website plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'chartid' shortcode attribute in all versions up to, and including, 2.1.0 due to insufficient input sanitization and output escaping. This ...", "score": 6.4, "severity": "MEDIUM", "published": "2026-05-05T03:15:59.570Z", "lastModified": "2026-05-05T19:09:32.000", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4730", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 26.6}, {"id": "CVE-2026-5505", "description": "The WP-Clippy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `clippy` shortcode in all versions up to, and including, 1.0.0. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated at...", "score": 6.4, "severity": "MEDIUM", "published": "2026-05-05T03:16:00.100Z", "lastModified": "2026-05-05T19:09:32.000", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5505", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 26.6}, {"id": "CVE-2026-6255", "description": "The Simple Owl Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'num' attribute of the 'owls_wrapper' shortcode in all versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possib...", "score": 6.4, "severity": "MEDIUM", "published": "2026-05-05T03:16:00.257Z", "lastModified": "2026-05-05T19:09:32.000", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6255", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 26.6}, {"id": "CVE-2026-2948", "description": "The Gutenverse \u2013 Ultimate WordPress FSE Blocks Addons & Ecosystem plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 3.5.3 via the import_images() function. This makes it possible for authenticated attackers, with contributor-level access and above, t...", "score": 6.4, "severity": "MEDIUM", "published": "2026-05-05T04:16:09.120Z", "lastModified": "2026-05-05T19:08:20.090", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2948", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 26.6}, {"id": "CVE-2026-4665", "description": "The WP Carousel Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via crafted fancybox `data-caption` attributes in all versions up to, and including, 2.7.10. This is due to the `fancybox-config.js` script reading the carousel container's `id` attribute directly from the DOM to ...", "score": 6.4, "severity": "MEDIUM", "published": "2026-05-05T04:16:17.687Z", "lastModified": "2026-05-05T19:08:20.090", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4665", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 26.6}, {"id": "CVE-2026-5159", "description": "The Royal Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Instagram Feed widget's 'instagram_follow_text' setting in all versions up to, and including, 1.7.1056 due to insufficient input sanitization and output escaping. This makes it possible for authe...", "score": 6.4, "severity": "MEDIUM", "published": "2026-05-05T04:16:18.390Z", "lastModified": "2026-05-05T19:08:20.090", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5159", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 26.6}, {"id": "CVE-2026-6672", "description": "The Affiliate Program Suite \u2014 SliceWP Affiliates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcode attributes in all versions up to, and including, 1.2.7. This is due to insufficient input sanitization and output escaping on user-supplied attributes in the 'slicewp_affi...", "score": 6.4, "severity": "MEDIUM", "published": "2026-05-06T08:16:03.957Z", "lastModified": "2026-05-06T13:06:42.220", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6672", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 26.6}, {"id": "CVE-2026-7457", "description": "The LatePoint plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to and including 5.5.0. This is due to insufficient input sanitization on the customer cabinet profile update endpoint \u2014 where raw POST parameters (first_name, last_name, phone, notes) bypass sanitizat...", "score": 6.4, "severity": "MEDIUM", "published": "2026-05-06T08:16:04.360Z", "lastModified": "2026-05-06T13:06:42.220", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7457", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 26.6}, {"id": "CVE-2026-20169", "description": "A vulnerability in the web-based management interface of Cisco IoT Field Network Director could allow an authenticated, remote attacker with low privileges to access files and execute commands on a remote router.\r\n\r\nThis vulnerability is due to insufficient input validation of user-supplied data. An...", "score": 6.4, "severity": "MEDIUM", "published": "2026-05-06T17:16:20.743Z", "lastModified": "2026-05-06T18:59:53.230", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20169", "is_exploited": false, "epss": 0, "vendor": "CISCO", "mts_score": 26.6}, {"id": "CVE-2026-41657", "description": "Admidio is an open-source user management solution. Prior to version 5.0.9, the contacts_data.php endpoint uses a weaker permission check (isAdministratorUsers(), requiring only rol_edit_user=true) than the frontend UI (contacts.php) which correctly requires the stronger isAdministrator() (requiring...", "score": 4.9, "severity": "MEDIUM", "published": "2026-05-07T04:16:28.920Z", "lastModified": "2026-05-07T14:51:01.740", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41657", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 26.6}, {"id": "CVE-2026-41887", "description": "Flarum is open-source forum software. Prior to versions 1.8.16 and 2.0.0-rc.1, Flarum's patch for CVE-2023-27577 restricted the @import and data-uri() LESS features in the custom_less setting, but the same restriction was never applied to other settings registered as LESS config variables (for examp...", "score": 4.9, "severity": "MEDIUM", "published": "2026-05-08T17:16:30.890Z", "lastModified": "2026-05-12T16:45:18.893", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41887", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 26.6}, {"id": "CVE-2026-7508", "description": "A vulnerability was found in Bootstrap CMS 0.9.0-alpha. Affected is an unknown function of the file resources/views/pages/show.blade.php of the component Page Creation Handler. Performing a manipulation of the argument body results in code injection. Remote exploitation of the attack is possible. Th...", "score": 6.3, "severity": "MEDIUM", "published": "2026-04-30T23:16:21.097Z", "lastModified": "2026-05-01T15:26:24.553", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7508", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 26.2}, {"id": "CVE-2026-7510", "description": "A vulnerability was determined in OWAP DefectDojo up to 2.55.4. Affected by this vulnerability is an unknown functionality of the component Benchmark/Engagement/Product/Survey. Executing a manipulation can lead to authorization bypass. The attack can be executed remotely. The exploit has been public...", "score": 6.3, "severity": "MEDIUM", "published": "2026-04-30T23:16:21.300Z", "lastModified": "2026-05-01T15:26:24.553", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7510", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 26.2}, {"id": "CVE-2026-7591", "description": "A security flaw has been discovered in TimBroddin astro-mcp-server up to 1.1.1. The impacted element is an unknown function of the file src/index.ts of the component MCP Tool Query Construction. Performing a manipulation of the argument request.params.arguments results in sql injection. The attack m...", "score": 6.3, "severity": "MEDIUM", "published": "2026-05-01T19:16:33.783Z", "lastModified": "2026-05-01T20:21:53.960", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7591", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 26.2}, {"id": "CVE-2026-7595", "description": "A flaw has been found in nextlevelbuilder ui-ux-pro-max-skill up to 2.5.0. Affected by this vulnerability is the function _format_plugins of the file .claude/skills/ui-styling/scripts/tailwind_config_gen.py of the component Tailwind Config Generator. This manipulation causes code injection. The atta...", "score": 6.3, "severity": "MEDIUM", "published": "2026-05-01T21:16:18.130Z", "lastModified": "2026-05-05T19:17:22.860", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7595", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 26.2}, {"id": "CVE-2026-7597", "description": "A vulnerability was found in mem0ai mem0 up to 1.0.11. This affects the function pickle.load/pickle.dump of the file mem0/vector_stores/faiss.py. Performing a manipulation results in deserialization. It is possible to initiate the attack remotely. The exploit has been made public and could be used. ...", "score": 6.3, "severity": "MEDIUM", "published": "2026-05-01T22:16:16.713Z", "lastModified": "2026-05-05T20:16:39.950", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7597", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 26.2}, {"id": "CVE-2026-7599", "description": "A vulnerability was detected in Dayoooun hwpx-mcp 0.2.0. This affects the function save_document/export_to_text/export_to_html of the file mcp-server/src/index.ts of the component MCP Interface. Performing a manipulation of the argument output_path results in path traversal. Remote exploitation of t...", "score": 6.3, "severity": "MEDIUM", "published": "2026-05-01T22:16:17.127Z", "lastModified": "2026-05-05T19:17:22.860", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7599", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 26.2}, {"id": "CVE-2026-7600", "description": "A flaw has been found in ArtMin96 yii2-mcp-server 1.0.2. This impacts the function yii_command_help/yii_execute_command of the file src/index.ts of the component MCP Interface. Executing a manipulation can lead to os command injection. The attack can be executed remotely. The exploit has been publis...", "score": 6.3, "severity": "MEDIUM", "published": "2026-05-02T01:16:00.903Z", "lastModified": "2026-05-05T19:17:22.860", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7600", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 26.2}, {"id": "CVE-2026-7602", "description": "A vulnerability was found in JeecgBoot up to 3.9.1. Affected by this vulnerability is an unknown functionality of the file /sys/fillRule/edit of the component FillRuleUtil Component. The manipulation of the argument ruleClass results in improper authorization. The attack may be performed from remote...", "score": 6.3, "severity": "MEDIUM", "published": "2026-05-02T04:16:23.650Z", "lastModified": "2026-05-05T19:17:22.860", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7602", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 26.2}, {"id": "CVE-2026-7603", "description": "A vulnerability was determined in JeecgBoot up to 3.9.1. Affected by this issue is the function checkPathTraversalBatch of the file FileDownloadUtils.jav of the component LoadFile Endpoint. This manipulation of the argument files causes server-side request forgery. It is possible to initiate the att...", "score": 6.3, "severity": "MEDIUM", "published": "2026-05-02T05:16:01.570Z", "lastModified": "2026-05-05T20:16:40.080", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7603", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 26.2}, {"id": "CVE-2026-7604", "description": "A vulnerability was identified in JeecgBoot up to 3.9.1. This affects the function OpenApiController.add/OpenApiController.call of the file OpenApiController.java of the component OpenApi Service. Such manipulation of the argument originUrl database leads to server-side request forgery. It is possib...", "score": 6.3, "severity": "MEDIUM", "published": "2026-05-02T05:16:01.767Z", "lastModified": "2026-05-05T19:17:22.860", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7604", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 26.2}, {"id": "CVE-2026-7605", "description": "A security flaw has been discovered in JeecgBoot up to 3.9.1. This vulnerability affects the function CommonController.uploadImgByHttp/HttpFileToMultipartFileUtil.httpFileToMultipartFile/HttpFileToMultipartFileUtil.downloadImageData of the file CommonController.java of the component uploadImgByHttpE...", "score": 6.3, "severity": "MEDIUM", "published": "2026-05-02T07:16:20.973Z", "lastModified": "2026-05-05T19:15:59.927", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7605", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 26.2}, {"id": "CVE-2026-7609", "description": "A flaw has been found in TRENDnet TEW-821DAP up to 1.12B01. The impacted element is the function tools_diagnostic of the file /tmp/diagnostic of the component Firmware Udpate. This manipulation causes os command injection. Remote exploitation of the attack is possible. The exploit has been published...", "score": 6.3, "severity": "MEDIUM", "published": "2026-05-02T10:16:19.257Z", "lastModified": "2026-05-06T20:24:21.200", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7609", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 26.2}, {"id": "CVE-2026-7627", "description": "A security vulnerability has been detected in 8nite metatrader-4-mcp 1.0.0. This vulnerability affects the function CallToolRequestSchema of the file src/index.ts of the component sync_ea_from_file. Such manipulation of the argument ea_name leads to path traversal. The attack can be launched remotel...", "score": 6.3, "severity": "MEDIUM", "published": "2026-05-02T11:15:58.083Z", "lastModified": "2026-05-05T19:15:34.330", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7627", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 26.2}, {"id": "CVE-2026-7628", "description": "A vulnerability was detected in crazyrabbitLTC mcp-code-review-server up to 0.1.0. This issue affects the function executeRepomix of the file src/repomix.ts of the component RepoMix Command Handler. Performing a manipulation results in command injection. The attack may be initiated remotely. The exp...", "score": 6.3, "severity": "MEDIUM", "published": "2026-05-02T12:16:17.163Z", "lastModified": "2026-05-05T19:15:06.200", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7628", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 26.2}, {"id": "CVE-2026-7629", "description": "A flaw has been found in kleneway awesome-cursor-mpc-server up to 2.0.1. Impacted is the function runCodeReviewTool of the file src/tools/codeReview.ts of the component Ccode-Review Tool. Executing a manipulation can lead to command injection. The attack may be launched remotely. The exploit has bee...", "score": 6.3, "severity": "MEDIUM", "published": "2026-05-02T14:16:17.990Z", "lastModified": "2026-05-05T20:16:40.213", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7629", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 26.2}, {"id": "CVE-2026-7642", "description": "A vulnerability was detected in pskill9 website-downloader up to 0.1.0. This affects the function download_website of the file src/index.ts of the component MCP Interface. Performing a manipulation of the argument outputPath results in os command injection. The attack may be initiated remotely. The ...", "score": 6.3, "severity": "MEDIUM", "published": "2026-05-02T15:16:14.047Z", "lastModified": "2026-05-05T19:15:06.200", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7642", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 26.2}, {"id": "CVE-2026-7653", "description": "A security flaw has been discovered in r-huijts mcp-server-rijksmuseum up to 1.0.4. Affected is the function open_image_in_browser of the file src/index.ts of the component MCP Interface. Performing a manipulation of the argument imageUrl results in os command injection. The attack is possible to be...", "score": 6.3, "severity": "MEDIUM", "published": "2026-05-02T16:16:16.033Z", "lastModified": "2026-05-05T19:15:06.200", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7653", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 26.2}, {"id": "CVE-2026-7672", "description": "A security vulnerability has been detected in youlaitech youlai-boot up to 2.21.1. This affects the function getUserList of the file src/main/java/com/youlai/boot/system/controller/UserController.java of the component Users Endpoint. Such manipulation of the argument order leads to sql injection. Th...", "score": 6.3, "severity": "MEDIUM", "published": "2026-05-03T00:16:16.317Z", "lastModified": "2026-05-04T15:19:34.637", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7672", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 26.2}, {"id": "CVE-2026-7678", "description": "A vulnerability was identified in YunaiV yudao-cloud up to 2026.01. This affects the function getDataBySQL of the file yudao-module-report-biz/src/main/java/io/github/ruoyi/report/service/impl/GoViewDataServiceImpl.java. Such manipulation leads to sql injection. It is possible to launch the attack r...", "score": 6.3, "severity": "MEDIUM", "published": "2026-05-03T05:15:59.030Z", "lastModified": "2026-05-05T19:13:44.530", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7678", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 26.2}, {"id": "CVE-2026-7682", "description": "A security flaw has been discovered in Edimax BR-6208AC 1.02. The impacted element is the function setWAN of the file /goform/setWAN of the component L2TP Mode. The manipulation of the argument L2TPUserName results in command injection. It is possible to launch the attack remotely. The exploit has b...", "score": 6.3, "severity": "MEDIUM", "published": "2026-05-03T07:16:24.807Z", "lastModified": "2026-05-05T19:30:15.207", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7682", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 26.2}, {"id": "CVE-2026-7683", "description": "A weakness has been identified in Edimax BR-6428nC up to 1.16. This affects an unknown function of the file /goform/setWAN of the component Web Interface. This manipulation of the argument pppUserName/pptpUserName causes command injection. The attack can be initiated remotely. The exploit has been m...", "score": 6.3, "severity": "MEDIUM", "published": "2026-05-03T07:16:25.010Z", "lastModified": "2026-05-05T19:30:15.207", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7683", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 26.2}, {"id": "CVE-2026-7687", "description": "A vulnerability was determined in langflow-ai langflow up to 1.8.4. Affected by this issue is the function CodeParser.parse_callable_details of the file src/lfx/src/lfx/custom/code_parser/code_parser.py of the component Full Builtins Module Handler. Executing a manipulation can lead to command injec...", "score": 6.3, "severity": "MEDIUM", "published": "2026-05-03T09:16:03.680Z", "lastModified": "2026-05-05T19:13:44.530", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7687", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 26.2}, {"id": "CVE-2026-7690", "description": "A weakness has been identified in Wavlink WL-WN570HA1 R70HA1 V1410_221110. This issue affects the function set_sys_adm of the file /cgi-bin/adm.cgi. This manipulation of the argument Username causes command injection. It is possible to initiate the attack remotely. The exploit has been made availabl...", "score": 6.3, "severity": "MEDIUM", "published": "2026-05-03T10:16:17.660Z", "lastModified": "2026-05-07T01:42:26.150", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7690", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 26.2}, {"id": "CVE-2026-7691", "description": "A security vulnerability has been detected in Wavlink WL-WN570HA1 R70HA1 V1410_221110. Impacted is the function set_sys_cmd of the file /cgi-bin/adm.cgi. Such manipulation of the argument command leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed...", "score": 6.3, "severity": "MEDIUM", "published": "2026-05-03T11:16:13.263Z", "lastModified": "2026-05-07T01:46:54.537", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7691", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 26.2}, {"id": "CVE-2026-7692", "description": "A vulnerability was detected in Wavlink WL-WN570HA1 R70HA1 V1410_221110. The affected element is the function ping_ddns of the file /cgi-bin/adm.cgi. Performing a manipulation of the argument DDNS results in command injection. The attack can be initiated remotely. The exploit is now public and may b...", "score": 6.3, "severity": "MEDIUM", "published": "2026-05-03T11:16:13.927Z", "lastModified": "2026-05-07T01:46:34.707", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7692", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 26.2}, {"id": "CVE-2026-7696", "description": "A vulnerability was found in Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform 1.3.0. This impacts an unknown function of the file /SubstationWEBV2/main/uploadH5Files. The manipulation of the argument File results in unrestricted upload. The attack may be launched remot...", "score": 6.3, "severity": "MEDIUM", "published": "2026-05-03T13:16:09.010Z", "lastModified": "2026-05-05T19:11:29.130", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7696", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 26.2}, {"id": "CVE-2026-7699", "description": "A security flaw has been discovered in Dromara MaxKey up to 3.5.13. Affected by this issue is the function StrUtils.checkSqlInjection of the file StrUtils.java. Performing a manipulation of the argument filtersfields results in sql injection. The attack is possible to be carried out remotely. The ex...", "score": 6.3, "severity": "MEDIUM", "published": "2026-05-03T15:15:59.483Z", "lastModified": "2026-05-05T19:11:29.130", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7699", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 26.2}, {"id": "CVE-2026-7700", "description": "A weakness has been identified in langflow-ai langflow up to 1.8.4. This affects the function eval of the file src/lfx/src/lfx/components/llm_operations/lambda_filter.p of the component LambdaFilterComponent. Executing a manipulation can lead to code injection. The attack may be performed from remot...", "score": 6.3, "severity": "MEDIUM", "published": "2026-05-03T15:15:59.693Z", "lastModified": "2026-05-05T19:11:29.130", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7700", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 26.2}, {"id": "CVE-2026-7705", "description": "A flaw has been found in JD Cloud JDCOS 4.5.1.r4518. This vulnerability affects the function set_iptv_info of the file /jdcap of the component Service Interface. Executing a manipulation of the argument vid can lead to command injection. It is possible to launch the attack remotely. The exploit has ...", "score": 6.3, "severity": "MEDIUM", "published": "2026-05-03T23:16:41.643Z", "lastModified": "2026-05-05T19:11:29.130", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7705", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 26.2}, {"id": "CVE-2026-7709", "description": "A vulnerability was identified in janeczku Calibre-Web up to 0.6.26. The impacted element is the function generate_auth_token of the file cps/kobo_auth.py of the component Endpoint. Such manipulation of the argument user_id leads to improper authorization. The attack may be launched remotely. The ex...", "score": 6.3, "severity": "MEDIUM", "published": "2026-05-03T23:16:42.383Z", "lastModified": "2026-05-05T19:11:29.130", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7709", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 26.2}, {"id": "CVE-2026-7712", "description": "A security vulnerability has been detected in MindsDB up to 26.01. Affected is the function pickle.loads of the component Pickle Handler. The manipulation leads to deserialization. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. The vendor ...", "score": 6.3, "severity": "MEDIUM", "published": "2026-05-04T00:16:39.990Z", "lastModified": "2026-05-05T19:13:44.530", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7712", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 26.2}, {"id": "CVE-2026-7713", "description": "A vulnerability was detected in crocodilestick Calibre-Web-Automated up to 4.0.6. Affected by this vulnerability is the function generate_auth_token of the file cps/kobo_auth.py of the component Kobo auth-token Route. The manipulation results in improper authorization. The attack may be performed fr...", "score": 6.3, "severity": "MEDIUM", "published": "2026-05-04T00:16:40.167Z", "lastModified": "2026-05-05T19:11:29.130", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7713", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 26.2}, {"id": "CVE-2026-7715", "description": "A vulnerability has been found in ravenwits mcp-server-arangodb up to 0.4.7. This affects the function arango_backup of the file src/tools.ts of the component MCP Interface. Such manipulation of the argument outputDir leads to path traversal. It is possible to launch the attack remotely. The exploit...", "score": 6.3, "severity": "MEDIUM", "published": "2026-05-04T01:16:05.037Z", "lastModified": "2026-05-04T15:18:40.077", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7715", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 26.2}, {"id": "CVE-2026-7716", "description": "A vulnerability was found in code-projects Gym Management System In PHP and Windows NT 1.0. This vulnerability affects unknown code of the file /index.php. Performing a manipulation of the argument day results in sql injection. The attack can be initiated remotely. The exploit has been made public a...", "score": 6.3, "severity": "MEDIUM", "published": "2026-05-04T01:16:05.207Z", "lastModified": "2026-05-04T15:18:40.077", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7716", "is_exploited": false, "epss": 0, "vendor": "WINDOWS", "mts_score": 26.2}, {"id": "CVE-2026-7718", "description": "A vulnerability was identified in Totolink WA300 5.2cu.7112_B20190227. Impacted is the function setWebWlanIdx of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument webWlanIdx leads to command injection. The attack may be initiated remotely. The expl...", "score": 6.3, "severity": "MEDIUM", "published": "2026-05-04T02:15:58.477Z", "lastModified": "2026-05-04T15:18:40.077", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7718", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 26.2}, {"id": "CVE-2026-7720", "description": "A weakness has been identified in Totolink WA300 5.2cu.7112_B20190227. The impacted element is the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. This manipulation of the argument langType causes command injection. Remote exploitation of the attack is...", "score": 6.3, "severity": "MEDIUM", "published": "2026-05-04T02:15:58.840Z", "lastModified": "2026-05-04T15:18:40.077", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7720", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 26.2}, {"id": "CVE-2026-7721", "description": "A security vulnerability has been detected in Totolink WA300 5.2cu.7112_B20190227. This affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument hostTime leads to command injection. The attack can be executed remotely. The exploit has been disclosed pu...", "score": 6.3, "severity": "MEDIUM", "published": "2026-05-04T03:16:12.683Z", "lastModified": "2026-05-04T15:18:40.077", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7721", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 26.2}, {"id": "CVE-2026-7725", "description": "A vulnerability was found in PrefectHQ prefect up to 3.6.25.dev6. Affected by this issue is some unknown functionality of the file src/prefect/runner/storage.py of the component GitRepository Pull Handler. The manipulation of the argument commit_sha/directories results in argument injection. It is p...", "score": 6.3, "severity": "MEDIUM", "published": "2026-05-04T05:16:00.577Z", "lastModified": "2026-05-05T20:16:40.960", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7725", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 26.2}, {"id": "CVE-2026-7728", "description": "A vulnerability was identified in ryanjoachim mcp-rtfm 0.1.0. This vulnerability affects the function get_doc_content/read_doc/update_doc of the component MCP Interface. Such manipulation of the argument docFile leads to path traversal. The attack can be launched remotely. The exploit is publicly av...", "score": 6.3, "severity": "MEDIUM", "published": "2026-05-04T05:16:00.977Z", "lastModified": "2026-05-04T15:18:40.077", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7728", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 26.2}, {"id": "CVE-2026-7729", "description": "A security flaw has been discovered in pixelsock directus-mcp 1.0.0. This issue affects the function validateUrl of the file index.ts of the component MCP Interface. Performing a manipulation of the argument fileUrl results in server-side request forgery. The attack may be initiated remotely. The ex...", "score": 6.3, "severity": "MEDIUM", "published": "2026-05-04T05:16:01.153Z", "lastModified": "2026-05-04T15:18:40.077", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7729", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 26.2}, {"id": "CVE-2026-7730", "description": "A weakness has been identified in privsim mcp-test-runner 0.2.0. Impacted is the function child_process.spawn of the file src/index.ts of the component MCP Interface. Executing a manipulation of the argument command can lead to os command injection. The attack may be launched remotely. The exploit h...", "score": 6.3, "severity": "MEDIUM", "published": "2026-05-04T05:16:01.340Z", "lastModified": "2026-05-04T15:18:40.077", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7730", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 26.2}, {"id": "CVE-2026-7731", "description": "A security vulnerability has been detected in code-projects BloodBank Managing System 1.0. The affected element is an unknown function of the file get_state.php. The manipulation of the argument G_STATE_ID leads to sql injection. Remote exploitation of the attack is possible. The exploit has been di...", "score": 6.3, "severity": "MEDIUM", "published": "2026-05-04T06:16:01.640Z", "lastModified": "2026-05-04T15:18:40.077", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7731", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 26.2}, {"id": "CVE-2026-7732", "description": "A vulnerability was detected in code-projects BloodBank Managing System 1.0. The impacted element is an unknown function of the file request_blood.php. The manipulation results in unrestricted upload. The attack can be executed remotely. The exploit is now public and may be used.", "score": 6.3, "severity": "MEDIUM", "published": "2026-05-04T06:16:01.857Z", "lastModified": "2026-05-05T20:16:41.097", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7732", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 26.2}, {"id": "CVE-2026-7738", "description": "A security flaw has been discovered in puchunjie doc-tools-mcp 1.0.18. This affects the function create_document/open_document of the file src/mcp-server.ts of the component MCP Interface. The manipulation of the argument filePath results in path traversal. The attack can be launched remotely. The e...", "score": 6.3, "severity": "MEDIUM", "published": "2026-05-04T07:16:01.873Z", "lastModified": "2026-05-05T20:16:41.233", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7738", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 26.2}, {"id": "CVE-2026-7741", "description": "A vulnerability was detected in CodeAstro Online Classroom 1.0. Impacted is an unknown function of the file /OnlineClassroom/studentlogin. Performing a manipulation of the argument sid results in sql injection. Remote exploitation of the attack is possible. The exploit is now public and may be used.", "score": 6.3, "severity": "MEDIUM", "published": "2026-05-04T08:16:02.007Z", "lastModified": "2026-05-04T15:17:58.710", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7741", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 26.2}, {"id": "CVE-2026-7742", "description": "A flaw has been found in CodeAstro Online Classroom 1.0. The affected element is an unknown function of the file /OnlineClassroom/facultylogin. Executing a manipulation of the argument fid can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be used.", "score": 6.3, "severity": "MEDIUM", "published": "2026-05-04T08:16:02.683Z", "lastModified": "2026-05-04T15:17:58.710", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7742", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 26.2}, {"id": "CVE-2026-7743", "description": "A vulnerability has been found in CodeAstro Online Classroom 1.0. The impacted element is an unknown function of the file /OnlineClassroom/studentdetails. The manipulation of the argument deleteid leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclos...", "score": 6.3, "severity": "MEDIUM", "published": "2026-05-04T08:16:02.847Z", "lastModified": "2026-05-04T15:17:58.710", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7743", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 26.2}, {"id": "CVE-2026-7744", "description": "A vulnerability was found in CodeAstro Online Classroom 1.0. This affects an unknown function of the file /OnlineClassroom/addnewstudent. The manipulation of the argument fname results in sql injection. The attack may be performed from remote. The exploit has been made public and could be used.", "score": 6.3, "severity": "MEDIUM", "published": "2026-05-04T08:16:03.010Z", "lastModified": "2026-05-04T15:17:58.710", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7744", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 26.2}, {"id": "CVE-2026-7745", "description": "A vulnerability was determined in CodeAstro Online Classroom 1.0. This impacts an unknown function of the file /OnlineClassroom/facultydetails. This manipulation of the argument deleteid causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and...", "score": 6.3, "severity": "MEDIUM", "published": "2026-05-04T09:16:00.793Z", "lastModified": "2026-05-04T15:17:58.710", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7745", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 26.2}, {"id": "CVE-2026-7746", "description": "A vulnerability was identified in SourceCodester Web-based Pharmacy Product Management System 1.0. Affected is an unknown function of the file /product_expiry/edit-admin.php. Such manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit is pub...", "score": 6.3, "severity": "MEDIUM", "published": "2026-05-04T09:16:00.953Z", "lastModified": "2026-05-04T15:17:58.710", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7746", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 26.2}, {"id": "CVE-2026-7782", "description": "A vulnerability was detected in CodeCanyon Perfex CRM up to 3.4.1. This affects the function Clients::project of the file application/controllers/Clients.php of the component Tenant Handler. The manipulation of the argument ID results in authorization bypass. The attack may be performed from remote....", "score": 6.3, "severity": "MEDIUM", "published": "2026-05-04T23:16:01.327Z", "lastModified": "2026-05-05T19:10:02.317", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7782", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 26.2}, {"id": "CVE-2026-7783", "description": "A flaw has been found in CodeCanyon Perfex CRM up to 3.4.1. This vulnerability affects the function AbstractKanban::applySortQuery of the file application/services/AbstractKanban.php of the component Admin Kanban Endpoint. This manipulation of the argument this causes sql injection. It is possible t...", "score": 6.3, "severity": "MEDIUM", "published": "2026-05-05T00:16:17.460Z", "lastModified": "2026-05-05T19:10:02.317", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7783", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 26.2}, {"id": "CVE-2026-7822", "description": "A vulnerability was identified in itsourcecode Courier Management System 1.0. This impacts an unknown function of the file /print_pdets.php. The manipulation of the argument ids leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be used.", "score": 6.3, "severity": "MEDIUM", "published": "2026-05-05T05:16:00.907Z", "lastModified": "2026-05-05T19:08:20.090", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7822", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 26.2}, {"id": "CVE-2026-7844", "description": "A vulnerability was detected in chatchat-space Langchain-Chatchat up to 0.3.1.3. This vulnerability affects the function files/list_files/retrieve_file/retrieve_file_content/delete_file of the file libs/chatchat-server/chatchat/server/api_server/openai_routes.py of the component Compatible File Serv...", "score": 6.3, "severity": "MEDIUM", "published": "2026-05-05T16:16:19.217Z", "lastModified": "2026-05-05T19:06:58.737", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7844", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 26.2}, {"id": "CVE-2026-6420", "description": "A flaw was found in Keylime. An attacker with root access on an enrolled monitored machine, where the Keylime agent runs, can exploit a vulnerability in the Keylime verifier. The verifier uses a hardcoded challenge nonce for Trusted Platform Module (TPM) quote attestation instead of a cryptographica...", "score": 6.3, "severity": "MEDIUM", "published": "2026-05-06T11:16:05.193Z", "lastModified": "2026-05-07T14:56:04.523", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6420", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 26.2}, {"id": "CVE-2026-7971", "description": "Inappropriate implementation in ORB in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to bypass site isolation via a crafted HTML page. (Chromium security severity: Medium)", "score": 6.3, "severity": "MEDIUM", "published": "2026-05-06T19:16:47.980Z", "lastModified": "2026-05-07T02:01:24.640", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7971", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 26.2}, {"id": "CVE-2026-7977", "description": "Inappropriate implementation in Canvas in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium)", "score": 6.3, "severity": "MEDIUM", "published": "2026-05-06T19:16:48.573Z", "lastModified": "2026-05-06T23:24:08.243", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7977", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 26.2}, {"id": "CVE-2026-8010", "description": "Insufficient validation of untrusted input in SiteIsolation in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: Low)", "score": 6.3, "severity": "MEDIUM", "published": "2026-05-06T19:16:51.970Z", "lastModified": "2026-05-07T15:17:09.823", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8010", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 26.2}, {"id": "CVE-2026-43582", "description": "OpenClaw before 2026.4.10 contains a server-side request forgery vulnerability in browser navigation policy that allows attackers to bypass hostname validation through DNS rebinding attacks. Attackers can exploit inconsistent hostname resolution between validation and actual network requests to pivo...", "score": 6.3, "severity": "MEDIUM", "published": "2026-05-06T20:16:34.050Z", "lastModified": "2026-05-07T19:35:57.473", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43582", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 26.2}, {"id": "CVE-2025-36335", "description": "IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.3.0, 5.3.1 stores user credentials in plain text which can be read by a local user.", "score": 6.2, "severity": "MEDIUM", "published": "2026-04-30T22:16:24.873Z", "lastModified": "2026-05-12T19:25:00.013", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-36335", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 25.8}, {"id": "CVE-2026-44407", "description": "A remote denial-of-service vulnerability exists in the ZTE Cloud PC client uSmartview, which may lead to memory corruption and remote denial of service.", "score": 4.7, "severity": "MEDIUM", "published": "2026-05-07T09:16:27.617Z", "lastModified": "2026-05-11T16:41:40.233", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44407", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 25.8}, {"id": "CVE-2026-41692", "description": "i18nextify is a JavaScript library that adds website internationalization via a script tag, without source code changes. Versions prior to 4.0.8 substitute {{key}} interpolation tokens inside src and href attribute values with the raw string returned by i18next.t(). The substitution logic in src/loc...", "score": 4.7, "severity": "MEDIUM", "published": "2026-05-07T21:16:29.717Z", "lastModified": "2026-05-08T16:05:43.103", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41692", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 25.8}, {"id": "CVE-2026-41506", "description": "go-git is an extensible git implementation library written in pure Go. Prior to versions 5.18.0 and 6.0.0-alpha.2, go-git may leak HTTP authentication credentials when following redirects during smart-HTTP clone and fetch operations. This issue has been patched in versions 5.18.0 and 6.0.0-alpha.2.", "score": 4.7, "severity": "MEDIUM", "published": "2026-05-08T14:16:33.983Z", "lastModified": "2026-05-12T14:33:02.040", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41506", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 25.8}, {"id": "CVE-2026-8211", "description": "A vulnerability was detected in codelibs Fess up to 15.5.1. Affected by this issue is the function update of the file org/codelibs/fess/app/web/admin/design/AdminDesignAction.java of the component JSP File Handler. The manipulation of the argument content results in code injection. The attack may be...", "score": 4.7, "severity": "MEDIUM", "published": "2026-05-09T23:16:32.930Z", "lastModified": "2026-05-13T15:32:56.063", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8211", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 25.8}, {"id": "CVE-2026-8259", "description": "A vulnerability has been found in Tenda AC6 2.0/15.03.06.23. The affected element is an unknown function of the file /goform/telnet of the component httpd. The manipulation of the argument lan.ip leads to os command injection. Remote exploitation of the attack is possible. The exploit has been discl...", "score": 4.7, "severity": "MEDIUM", "published": "2026-05-11T02:16:27.417Z", "lastModified": "2026-05-11T17:07:02.150", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8259", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 25.8}, {"id": "CVE-2026-8263", "description": "A security flaw has been discovered in Tenda AC6 15.03.06.49_multi_TDE01. Affected is the function fromSetWirelessRepeat of the file /goform/WifiExtraSet of the component httpd. Performing a manipulation of the argument mac/ssid results in os command injection. It is possible to initiate the attack ...", "score": 4.7, "severity": "MEDIUM", "published": "2026-05-11T02:16:28.120Z", "lastModified": "2026-05-12T19:41:18.873", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8263", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 25.8}, {"id": "CVE-2026-8200", "description": "When schema validation is enabled on a collection and an update or insert would violate the collection's schema, the local server log message generated may not have all user data redacted.\u00a0\n\n\nThis issue impacts MongoDB Server v7.0 versions prior to 7.0.34, v8.0 versions prior to 8.0.23, v8.2 version...", "score": 2.7, "severity": "LOW", "published": "2026-05-13T04:17:41.700Z", "lastModified": "2026-05-13T15:34:29.847", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8200", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 25.8}, {"id": "CVE-2026-2900", "description": "GitLab has remediated an issue in GitLab EE affecting all versions from 16.10 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that when instance-level approval rule editing prevention was enabled, could have allowed an authenticated user with Maintainer permissions to modify or delete ...", "score": 2.7, "severity": "LOW", "published": "2026-05-14T06:16:21.803Z", "lastModified": "2026-05-14T16:20:43.240", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2900", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 25.8}, {"id": "CVE-2026-7163", "description": "A vulnerability in the assisted-service REST API, an optional Assisted Installer (assisted-service) component in the Multicluster Engine (MCE), allows an authenticated user with minimal namespace-scoped privileges to obtain administrative credentials for arbitrary clusters provisioned through the hu...", "score": 6.1, "severity": "MEDIUM", "published": "2026-04-30T14:16:36.093Z", "lastModified": "2026-05-05T02:57:57.093", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7163", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 25.4}, {"id": "CVE-2026-38939", "description": "Cross Site Scripting vulnerability in andrewtch88 mvc-ecommerce v.1.0 allows a remote attacker to execute arbitrary code and obtain sensitive information via the product_catalogue.php component", "score": 6.1, "severity": "MEDIUM", "published": "2026-04-30T16:16:43.417Z", "lastModified": "2026-04-30T18:16:30.117", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-38939", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 25.4}, {"id": "CVE-2026-38940", "description": "Cross Site Scripting vulnerability in RafyMrX TOKO-ONLINE-ROTI v.1.0 allows a remote attacker to execute arbitrary code via the detail_produk.php component", "score": 6.1, "severity": "MEDIUM", "published": "2026-04-30T16:16:43.537Z", "lastModified": "2026-04-30T18:16:30.273", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-38940", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 25.4}, {"id": "CVE-2026-36761", "description": "A stored cross-site scripting (XSS) vulnerability in the /msg/msgInner/save endpoint of JeeSite v5.15.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted input into the msgContent parameter.", "score": 6.1, "severity": "MEDIUM", "published": "2026-04-30T18:16:29.087Z", "lastModified": "2026-04-30T19:11:18.200", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-36761", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 25.4}, {"id": "CVE-2026-36763", "description": "A stored cross-site scripting (XSS) vulnerability in the /api/blade-desk/notice/submit endpoint of SpringBlade v4.8.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted input into the content parameter.", "score": 6.1, "severity": "MEDIUM", "published": "2026-04-30T18:16:29.370Z", "lastModified": "2026-04-30T19:14:15.800", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-36763", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 25.4}, {"id": "CVE-2024-13362", "description": "Multiple plugins and/or themes for WordPress are vulnerable to Reflected Cross-Site Scripting via the url parameter in various versions due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execu...", "score": 6.1, "severity": "MEDIUM", "published": "2026-05-01T06:16:30.050Z", "lastModified": "2026-05-01T15:26:24.553", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-13362", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 25.4}, {"id": "CVE-2025-69606", "description": "Cross-Site Scripting (XSS) vulnerability was discovered in the GSVoIP web panel version 2.0.90. The `msg` parameter in the `/painel/gateways.php/error` endpoint does not properly sanitize user-supplied input, allowing attackers to inject arbitrary JavaScript into the HTML response. A remote attacker...", "score": 6.1, "severity": "MEDIUM", "published": "2026-05-01T18:16:13.607Z", "lastModified": "2026-05-07T15:15:06.770", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69606", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 25.4}, {"id": "CVE-2025-47406", "description": "Information Disclosure while processing IOCTL handler callbacks without verifying buffer size.", "score": 6.1, "severity": "MEDIUM", "published": "2026-05-04T17:16:20.957Z", "lastModified": "2026-05-06T18:02:52.680", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47406", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 25.4}, {"id": "CVE-2026-38669", "description": "wCMS v.1.4 is vulnerable to Cross Site Scripting (XSS) when creating a new blog.", "score": 6.1, "severity": "MEDIUM", "published": "2026-05-04T17:16:23.333Z", "lastModified": "2026-05-05T20:24:04.853", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-38669", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 25.4}, {"id": "CVE-2026-42138", "description": "Dify is an open-source LLM app development platform. Prior to version 1.13.1, using the method POST /api/files/upload, any unauthenticated user can upload an SVG file with XSS. The method POST /v1/files/upload, which requires authentication through the application API, is also vulnerable. This issue...", "score": 6.1, "severity": "MEDIUM", "published": "2026-05-04T18:16:31.523Z", "lastModified": "2026-05-11T21:08:32.727", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42138", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 25.4}, {"id": "CVE-2026-42144", "description": "CImg Library is a C++ library for image processing. Prior to commit 4ca26bc, there is an integer overflow vulnerability in the W*H*D size computation inside _load_pnm() that can bypass the memory allocation guard. A crafted PNM/PGM/PPM file with large dimension values causes the overflow to wrap aro...", "score": 6.1, "severity": "MEDIUM", "published": "2026-05-04T18:16:31.830Z", "lastModified": "2026-05-07T15:43:39.827", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42144", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 25.4}, {"id": "CVE-2026-42230", "description": "n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the /mcp-oauth/register endpoint accepted OAuth client registrations without authentication, allowing arbitrary redirect_uri values to be registered. When a user denies the MCP OAuth consent dialog, t...", "score": 6.1, "severity": "MEDIUM", "published": "2026-05-04T19:16:05.237Z", "lastModified": "2026-05-06T14:57:11.210", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42230", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 25.4}, {"id": "CVE-2026-6696", "description": "The Zingaya Click-to-Call plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'email', 'first_name', 'last_name', and 'phone' parameters on the plugin's sign-up admin page in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output es...", "score": 6.1, "severity": "MEDIUM", "published": "2026-05-05T03:16:00.423Z", "lastModified": "2026-05-05T19:09:32.000", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6696", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 25.4}, {"id": "CVE-2026-6702", "description": "The Publish 2 Ping.fm plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the '/wp-admin/options-general.php?page=admin.php' page. This makes it possible for unauthenticated attackers to u...", "score": 6.1, "severity": "MEDIUM", "published": "2026-05-05T03:16:00.943Z", "lastModified": "2026-05-05T19:09:32.000", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6702", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 25.4}, {"id": "CVE-2026-6704", "description": "The Blog Settings plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web ...", "score": 6.1, "severity": "MEDIUM", "published": "2026-05-05T03:16:01.090Z", "lastModified": "2026-05-05T19:09:32.000", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6704", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 25.4}, {"id": "CVE-2023-54349", "description": "AmazCart CMS 3.4 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting payloads through the search functionality. Attackers can enter script tags in the search box to execute arbitrary JavaScript that fires when search...", "score": 6.1, "severity": "MEDIUM", "published": "2026-05-05T12:16:17.440Z", "lastModified": "2026-05-05T20:24:04.853", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-54349", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 25.4}, {"id": "CVE-2025-61669", "description": "Jupyter Server is the backend for Jupyter web applications. In jupyter_server versions through 2.17.0, the next query parameter in the login flow is insufficiently validated in `LoginFormHandler._redirect_safe()`, which allows redirects to arbitrary external domains via values such as `///example.co...", "score": 6.1, "severity": "MEDIUM", "published": "2026-05-05T16:16:10.133Z", "lastModified": "2026-05-11T13:01:45.537", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61669", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 25.4}, {"id": "CVE-2026-34000", "description": "A flaw was found in the X.Org X server. This out-of-bounds read vulnerability in the XKB geometry processing, specifically within the `CheckSetGeom()` and `XkbAddGeomKeyAlias` functions, allows an attacker to read uninitialized or out-of-bounds memory. An attacker with a connection to the X11 server...", "score": 6.1, "severity": "MEDIUM", "published": "2026-05-05T16:16:11.647Z", "lastModified": "2026-05-07T14:35:33.090", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34000", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 25.4}, {"id": "CVE-2026-34002", "description": "A flaw was found in the X.Org X server. This vulnerability, an out-of-bounds read, affects the XKB (X Keyboard Extension) modifier map handling. An attacker with access to the X11 server can exploit this by sending a malformed request, which causes the server to read beyond its intended memory bound...", "score": 6.1, "severity": "MEDIUM", "published": "2026-05-05T16:16:11.787Z", "lastModified": "2026-05-07T14:39:15.240", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34002", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 25.4}, {"id": "CVE-2026-38432", "description": "ERPNext v15.103.1 and before is vulnerable to Cross Site Scripting (XSS) in the Email Template engine. An attacker with permission to create or edit email templates can inject malicious JavaScript code that are executed on the victim's browser when the template is applied.", "score": 6.1, "severity": "MEDIUM", "published": "2026-05-05T17:17:04.800Z", "lastModified": "2026-05-08T17:05:35.567", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-38432", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 25.4}, {"id": "CVE-2026-38947", "description": "FluentCMS 1.2.3 is vulnerable to Cross Site Scripting (XSS) in TextHTML plugin.", "score": 6.1, "severity": "MEDIUM", "published": "2026-05-05T20:16:38.513Z", "lastModified": "2026-05-06T16:16:08.757", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-38947", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 25.4}, {"id": "CVE-2026-35254", "description": "Vulnerability in the Oracle OCI CLI product of Oracle Open Source Projects. The supported versions that is affected is 3.77. Easily exploitable vulnerability allows unauthenticated attacker with network access to compromise Oracle OCI CLI. Successful attacks of this vulnerability can result in Oracl...", "score": 6.1, "severity": "MEDIUM", "published": "2026-05-06T08:16:03.697Z", "lastModified": "2026-05-06T20:30:44.910", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35254", "is_exploited": false, "epss": 0, "vendor": "ORACLE", "mts_score": 25.4}, {"id": "CVE-2026-42509", "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Wicket.\n\nThis issue affects Apache Wicket: from 8.0.0 through 8.17.0, 9.0.0, from 10.0.0 through 10.8.0.\n\nUsers are recommended to upgrade to version 10.9.0, which fixes the issue.", "score": 6.1, "severity": "MEDIUM", "published": "2026-05-06T10:16:20.217Z", "lastModified": "2026-05-07T13:16:12.680", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42509", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 25.4}, {"id": "CVE-2026-7953", "description": "Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via malicious network traffic. (Chromium security severity: Medium)", "score": 6.1, "severity": "MEDIUM", "published": "2026-05-06T19:16:43.603Z", "lastModified": "2026-05-07T02:06:23.207", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7953", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 25.4}, {"id": "CVE-2026-8233", "description": "A vulnerability was determined in Dotouch XproUPF 2.0.0-release-088aa7c4. Affected is an unknown function of the component UPF. This manipulation causes improper access controls. A high degree of complexity is needed for the attack. The exploitability is told to be difficult. The vendor was contacte...", "score": 4.6, "severity": "MEDIUM", "published": "2026-05-10T06:16:08.993Z", "lastModified": "2026-05-13T15:32:56.063", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8233", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 25.4}, {"id": "CVE-2026-6883", "description": "GitLab has remediated an issue in GitLab EE affecting all versions from 15.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to bypass merge request approval requirements due to improper cleanup of orphaned policy records.", "score": 2.6, "severity": "LOW", "published": "2026-05-14T06:16:25.117Z", "lastModified": "2026-05-14T16:20:43.240", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6883", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 25.4}, {"id": "CVE-2025-62309", "description": "HCL AION is affected by a vulnerability where auto-complete functionality is enabled for certain input fields. This may allow sensitive information to be stored in the browser, potentially leading to unintended exposure under specific conditions.", "score": 2.6, "severity": "LOW", "published": "2026-05-14T17:16:18.047Z", "lastModified": "2026-05-14T17:22:46.577", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62309", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 25.4}, {"id": "CVE-2025-62317", "description": "HCL AION is affected by a vulnerability where sensitive information may be included in URL parameters. Passing sensitive data in URLs may expose it through browser history, logs, or intermediary systems, potentially leading to unintended information disclosure under certain conditions.", "score": 2.6, "severity": "LOW", "published": "2026-05-14T17:16:19.107Z", "lastModified": "2026-05-14T17:22:46.577", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62317", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 25.4}, {"id": "CVE-2026-41656", "description": "Admidio is an open-source user management solution. Prior to version 5.0.9, the add mode in modules/documents-files.php accepts a name parameter validated only as 'string' type (HTML encoding), allowing path traversal characters (../) to pass through unfiltered. Combined with the absence of CSRF pro...", "score": 4.5, "severity": "MEDIUM", "published": "2026-05-07T04:16:28.633Z", "lastModified": "2026-05-07T15:16:08.050", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41656", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 25.0}, {"id": "CVE-2026-44348", "description": "PoDoFo is a C++17 PDF manipulation library. From 1.0.0 to before 1.0.4, a double-free vulnerability exists in compute_hash_to_sign() in src/podofo/private/OpenSSLInternal_Ripped.cpp. If EVP_DigestFinal fails after buf has already been freed, the Error label frees buf a second time, causing heap corr...", "score": 2.5, "severity": "LOW", "published": "2026-05-14T17:16:22.553Z", "lastModified": "2026-05-14T18:16:49.800", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44348", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 25.0}, {"id": "CVE-2026-44638", "description": "libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. From  to 1.8.7-r1, a wrong NULL check after an allocation call in sixel_decode_raw and sixel_decode causes a NULL pointer dereference whenever the allocation fails. The check tests the address of the output parameter (alw...", "score": 2.5, "severity": "LOW", "published": "2026-05-14T20:17:08.983Z", "lastModified": "2026-05-14T21:21:10.620", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44638", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 25.0}, {"id": "CVE-2026-8275", "description": "A vulnerability was detected in bettercap up to 2.41.5. Affected by this vulnerability is the function ippReadChunkedBody of the file modules/zerogod/zerogod_ipp_primitives.go of the component zerogod IPP Service. Performing a manipulation results in integer coercion error. The attack can be initiat...", "score": 3.7, "severity": "LOW", "published": "2026-05-11T06:16:09.840Z", "lastModified": "2026-05-13T15:32:56.063", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8275", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 24.8}, {"id": "CVE-2026-8276", "description": "A flaw has been found in bettercap up to 2.41.5. Affected by this issue is some unknown functionality of the file modules/mysql_server/mysql_server.go of the component MySQL Server. Executing a manipulation can lead to integer coercion error. The attack can be launched remotely. The attack requires ...", "score": 3.7, "severity": "LOW", "published": "2026-05-11T06:16:10.077Z", "lastModified": "2026-05-13T15:32:56.063", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8276", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 24.8}, {"id": "CVE-2026-44996", "description": "OpenClaw before 2026.4.15 contains an arbitrary local file read vulnerability in the webchat audio embedding helper that fails to apply local media root containment checks. Attackers can influence agent or tool-produced ReplyPayload.mediaUrl parameters to resolve absolute local paths or file URLs, r...", "score": 3.7, "severity": "LOW", "published": "2026-05-11T18:16:39.530Z", "lastModified": "2026-05-13T14:12:01.707", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44996", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 24.8}, {"id": "CVE-2026-42874", "description": "Microdot is a minimalistic Python web framework. Prior to 2.6.1, the Response.set_cookie() method does not sanitize its string arguments, and in particular will not detect the presence of the \\r\\n sequence in them. This can be a potential source of header injection attacks. For a header injection at...", "score": 3.7, "severity": "LOW", "published": "2026-05-11T20:25:43.973Z", "lastModified": "2026-05-13T18:31:17.630", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42874", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 24.8}, {"id": "CVE-2026-43514", "description": "Observable Timing Discrepancy vulnerability\u00a0when comparing AJP secret in Apache Tomcat.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 8.5.0 through 8.5.100, from 7.0.0 through 7.0.109.\nOlder unsupported versions...", "score": 3.7, "severity": "LOW", "published": "2026-05-12T16:16:18.370Z", "lastModified": "2026-05-14T18:46:41.457", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43514", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 24.8}, {"id": "CVE-2026-44219", "description": "ciguard is a static security auditor for CI/CD pipelines. From 0.6.0 to 0.8.1, both SCA HTTP clients (src/ciguard/analyzer/sca/osv.py and src/ciguard/analyzer/sca/endoflife.py) call payload = json.loads(resp.read().decode('utf-8')) without a maximum-bytes cap. A hostile or compromised endoflife.date...", "score": 3.7, "severity": "LOW", "published": "2026-05-12T20:16:42.767Z", "lastModified": "2026-05-13T17:02:28.447", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44219", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 24.8}, {"id": "CVE-2026-44242", "description": "Micronaut Framework is a JVM-based full stack Java framework designed for building modular, easily testable JVM applications. Prior to 4.10.22, the bundleCache is keyed by (Locale, baseName) where the locale originates from the HTTP Accept-Language header. In applications that explicitly register a ...", "score": 3.7, "severity": "LOW", "published": "2026-05-12T22:16:35.617Z", "lastModified": "2026-05-13T16:16:55.043", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44242", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 24.8}, {"id": "CVE-2026-41016", "description": "Apache Airflow's SMTP provider `SmtpHook` called Python's `smtplib.SMTP.starttls()` without an SSL context, so no certificate validation was performed on the TLS upgrade. A man-in-the-middle between the Airflow worker and the SMTP server could present a self-signed certificate, complete the STARTTLS...", "score": 5.9, "severity": "MEDIUM", "published": "2026-04-30T10:16:01.930Z", "lastModified": "2026-05-01T17:54:49.593", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41016", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 24.6}, {"id": "CVE-2026-5080", "description": "Dancer::Session::Abstract versions through 1.3522 for Perl generates session ids insecurely.\n\nThe session id is generated from summing the character codepoints of the absolute pathname with the process id, the epoch time and calls to the built-in rand() function to return a number between 0 and 999-...", "score": 5.9, "severity": "MEDIUM", "published": "2026-04-30T12:16:24.333Z", "lastModified": "2026-05-05T02:54:42.853", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5080", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 24.6}, {"id": "CVE-2026-32148", "description": "Insufficient Verification of Data Authenticity vulnerability in hexpm hex (Hex.RemoteConverger module) allows dependency integrity bypass via unverified lockfile checksums.\n\nHex stores checksums for dependencies in the mix.lock file to ensure reproducible and integrity-checked builds. However, Hex.R...", "score": 5.9, "severity": "MEDIUM", "published": "2026-04-30T19:16:09.000Z", "lastModified": "2026-05-05T02:16:49.597", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32148", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 24.6}, {"id": "CVE-2026-40684", "description": "In Exim before 4.99.2, on systems using musl libc (not glibc), an attacker can crash the connection instance when malformed DNS data is present in PTR records. This is caused by a dn_expand oddity in octal printing.", "score": 5.9, "severity": "MEDIUM", "published": "2026-04-30T22:16:25.477Z", "lastModified": "2026-05-01T18:16:15.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40684", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 24.6}, {"id": "CVE-2025-70071", "description": "An issue in Assimp v.6.0.2 allows a remote attacker to cause a denial of service via the FBXParser.cpp, ParseVectorDataArray()", "score": 5.9, "severity": "MEDIUM", "published": "2026-05-04T16:16:01.453Z", "lastModified": "2026-05-05T19:47:31.297", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-70071", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 24.6}, {"id": "CVE-2026-28510", "description": "eLabFTW is an open source electronic lab notebook. In elabftw versions through 5.4.1, the login flow did not reliably preserve the multi-factor authentication state across authentication steps. Under certain conditions, an attacker with valid primary credentials could complete authentication with an...", "score": 5.9, "severity": "MEDIUM", "published": "2026-05-05T13:16:28.667Z", "lastModified": "2026-05-12T13:58:22.663", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28510", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 24.6}, {"id": "CVE-2026-34956", "description": "A flaw was found in Open vSwitch. When Open vSwitch is configured with a conntrack flow using FTP helpers over the userspace datapath, a remote attacker can send a specially crafted FTP stream with an EPASV command exceeding 255 characters. This heap access error can lead to a crash, resulting in a ...", "score": 5.9, "severity": "MEDIUM", "published": "2026-05-05T16:16:11.927Z", "lastModified": "2026-05-05T19:31:10.400", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34956", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 24.6}, {"id": "CVE-2026-41483", "description": "OpenTelemetry.Resources.Azure is the .NET resource detector for Azure environments. In versions 1.15.0-beta.1 and earlier, the AzureVmMetaDataRequestor class makes HTTP requests to the Azure VM instance metadata service and reads the response body into memory without any size limit. An attacker who ...", "score": 5.9, "severity": "MEDIUM", "published": "2026-05-06T22:16:25.920Z", "lastModified": "2026-05-07T15:04:40.967", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41483", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 24.6}, {"id": "CVE-2026-41004", "description": "When enabling trace logging in Spring Cloud Config Server sensitive information was placed in plain text in the logs.\nSpring Cloud Config 3.1.x: affected from 3.1.0 through 3.1.13 (inclusive); upgrade to 3.1.14 or greater (Enterprise Support Only). Spring Cloud Config 4.1.x: affected from 4.1.0 thro...", "score": 4.4, "severity": "MEDIUM", "published": "2026-05-07T04:16:25.863Z", "lastModified": "2026-05-12T16:52:55.213", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41004", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 24.6}, {"id": "CVE-2026-42307", "description": "Vim is an open source, command line text editor. Prior to version 9.2.0383, an OS command injection vulnerability exists in the netrw standard plugin bundled with Vim. By inducing a user to open a crafted URL (e.g., using the sftp:// or file:// protocol handlers), an attacker can execute arbitrary s...", "score": 4.4, "severity": "MEDIUM", "published": "2026-05-08T23:16:36.777Z", "lastModified": "2026-05-14T13:55:49.753", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42307", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 24.6}, {"id": "CVE-2026-6817", "description": "The Quiz Maker by AYS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'rate_reason' parameter in all versions up to, and including, 6.7.1.29 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary ...", "score": 5.8, "severity": "MEDIUM", "published": "2026-05-02T12:16:17.023Z", "lastModified": "2026-05-05T19:15:34.330", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6817", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 24.2}, {"id": "CVE-2026-44117", "description": "OpenClaw before 2026.4.20 contains a server-side request forgery vulnerability in QQBot direct media upload that skips URL validation. Attackers can bypass SSRF protections by sending crafted image URLs to uploadC2CMedia and uploadGroupMedia endpoints to relay unintended requests.", "score": 5.8, "severity": "MEDIUM", "published": "2026-05-06T20:16:35.770Z", "lastModified": "2026-05-07T17:07:28.483", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44117", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 24.2}, {"id": "CVE-2026-27415", "description": "Cross-Site Request Forgery (CSRF) vulnerability in PluginUs.Net BEAR allows Cross Site Request Forgery.\n\nThis issue affects BEAR: from n/a through 1.1.5.", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-07T11:15:59.983Z", "lastModified": "2026-05-07T14:08:07.340", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27415", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 24.2}, {"id": "CVE-2026-41685", "description": "Incus is a system container and virtual machine manager. Prior to version 7.0.0, uploads of large amount of data by authenticated users can run the Incus server out of disk space, potentially taking down the host system. The impact here is limited for anyone using storage.images_volume and storage.b...", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-07T14:16:03.500Z", "lastModified": "2026-05-07T19:50:49.387", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41685", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 24.2}, {"id": "CVE-2026-41687", "description": "Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.8.1, the SSRF protection in endpoints/subscription/add.php (line 42) and endpoints/payments/add.php (line 40) uses an inline IP validation check (FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE) that does ...", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-07T15:16:09.107Z", "lastModified": "2026-05-07T16:16:20.470", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41687", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 24.2}, {"id": "CVE-2026-44263", "description": "Weblate is a web based localization tool. Prior to version 5.17.1, the screenshots, tasks, and component link API allowed for the enumeration of translations in a project inaccessible to the user. This issue has been patched in version 5.17.1.", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-07T15:16:10.613Z", "lastModified": "2026-05-11T17:24:45.273", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44263", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 24.2}, {"id": "CVE-2026-44264", "description": "Weblate is a web based localization tool. Prior to version 5.17.1, the Markdown renderer used in user comments and other user-provided content didn't properly sanitize some attributes. This issue has been patched in version 5.17.1.", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-07T15:16:10.760Z", "lastModified": "2026-05-11T14:50:31.097", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44264", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 24.2}, {"id": "CVE-2026-8113", "description": "A vulnerability was determined in 8421bit MiniClaw up to 43905b934cf76489ab28e4d17da28ee97970f91f. Affected by this vulnerability is the function isPathInside of the file src/kernel.ts of the component executeSkillScript. Executing a manipulation can lead to path traversal. It is possible to launch ...", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-07T22:16:37.680Z", "lastModified": "2026-05-14T18:02:15.327", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8113", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 24.2}, {"id": "CVE-2026-8117", "description": "A security vulnerability has been detected in SourceCodester Pizzafy Ecommerce System 1.0. This issue affects some unknown processing of the file /admin/index.php. Such manipulation of the argument page leads to cross site scripting. The attack may be launched remotely. The exploit has been disclose...", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-08T00:16:10.320Z", "lastModified": "2026-05-08T15:41:07.867", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8117", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 24.2}, {"id": "CVE-2026-8120", "description": "A flaw has been found in Open5GS up to 2.7.7. The affected element is the function nssf_nnrf_nsselection_handle_get_from_amf_or_vnssf of the file /src/nssf/nnssf-handler.c of the component NSSF. Executing a manipulation can lead to denial of service. The attack can be executed remotely. The exploit ...", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-08T01:16:09.643Z", "lastModified": "2026-05-11T14:28:27.137", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8120", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 24.2}, {"id": "CVE-2026-8121", "description": "A vulnerability has been found in Open5GS up to 2.7.7. The impacted element is the function ogs_sbi_parse_plmn_list in the library /lib/sbi/conv.c of the component NSSF. The manipulation leads to denial of service. The attack is possible to be carried out remotely. The exploit has been disclosed to ...", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-08T01:16:09.860Z", "lastModified": "2026-05-11T14:26:39.523", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8121", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 24.2}, {"id": "CVE-2026-8122", "description": "A vulnerability was found in Open5GS up to 2.7.7. This affects the function ogs_sbi_discovery_option_add_service_names in the library /lib/sbi/message.c of the component NSSF. The manipulation results in denial of service. The attack may be performed from remote. The exploit has been made public and...", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-08T01:16:10.053Z", "lastModified": "2026-05-11T14:00:25.753", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8122", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 24.2}, {"id": "CVE-2026-8123", "description": "A vulnerability was determined in Open5GS up to 2.7.7. This impacts the function ogs_sbi_discovery_option_add_snssais in the library /lib/sbi/message.c of the component NSSF. This manipulation causes denial of service. It is possible to initiate the attack remotely. The exploit has been publicly dis...", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-08T02:16:07.803Z", "lastModified": "2026-05-11T13:39:21.977", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8123", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 24.2}, {"id": "CVE-2026-42276", "description": "Onyx is an open-source AI platform. Prior to versions 3.0.9, 3.1.6, and 3.2.6, the POST /chat/stop-chat-session/{chat_session_id} endpoint lets any authenticated user stop any other user's active chat session. The endpoint checks authentication but never verifies the session belongs to the caller. A...", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-08T05:16:10.557Z", "lastModified": "2026-05-12T14:08:02.613", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42276", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 24.2}, {"id": "CVE-2026-42282", "description": "n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. Prior to version 2.47.13, when n8n-mcp runs in HTTP transport mode, authenticated MCP tools/call requests had their full arguments and JSON-RPC params written to server logs by the requ...", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-08T20:16:31.717Z", "lastModified": "2026-05-14T18:07:37.850", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42282", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 24.2}, {"id": "CVE-2026-42456", "description": "AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to version 1.12.1, GET /api/workspace/:slug/tts/:chatId in AnythingLLM returns the text-to-speech audio for another user's chat response within the same workspace because...", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-08T23:16:39.230Z", "lastModified": "2026-05-13T16:58:40.557", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42456", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 24.2}, {"id": "CVE-2026-6667", "description": "PgBouncer before 1.25.2 did not perform an appropriate authorization check for the KILL_CLIENT admin command. All users with access to the administration console (which itself requires authorization) could run this command. It would have been correct to allow only users listed in the admin_users par...", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-09T01:16:09.287Z", "lastModified": "2026-05-14T18:49:06.290", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6667", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 24.2}, {"id": "CVE-2025-15634", "description": "A missing authorization vulnerability in HCL BigFix WebUI allows an authenticated user without proper permissions to view sensitive environmental information via direct URL access to the unauthorized page.", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-09T06:16:09.130Z", "lastModified": "2026-05-14T20:28:14.120", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15634", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 24.2}, {"id": "CVE-2026-8194", "description": "A security vulnerability has been detected in osTicket up to 1.18.3. Impacted is an unknown function of the file include/class.dispatcher.php of the component Dispatcher. The manipulation of the argument _method leads to cross-site request forgery. Remote exploitation of the attack is possible. The ...", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-09T20:16:30.320Z", "lastModified": "2026-05-11T15:11:48.807", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8194", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 24.2}, {"id": "CVE-2026-8195", "description": "A vulnerability was detected in JeecgBoot up to 3.9.1. The affected element is an unknown function of the file jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/CommonController.java of the component SVG File Handler. The manipulation results in cross site script...", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-09T20:16:30.517Z", "lastModified": "2026-05-11T15:11:48.807", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8195", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 24.2}, {"id": "CVE-2021-47953", "description": "OpenCart 3.0.3.7 contains a cross-site request forgery vulnerability that allows attackers to change user passwords by sending crafted requests to the account/password endpoint. Attackers can trick authenticated users into submitting hidden forms with new password values in the 'password' and 'confi...", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-10T13:16:31.853Z", "lastModified": "2026-05-12T14:24:15.210", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47953", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 24.2}, {"id": "CVE-2022-50955", "description": "WordPress Plugin Curtain 1.0.2 contains a cross-site request forgery vulnerability that allows attackers to activate or deactivate site maintenance mode by crafting malicious requests. Attackers can trick authenticated administrators into submitting forged requests to the options-general.php page wi...", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-10T13:16:33.047Z", "lastModified": "2026-05-12T14:24:15.210", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50955", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 24.2}, {"id": "CVE-2026-8248", "description": "A vulnerability was detected in Open5GS up to 2.7.7. The affected element is the function update_authorized_pcc_rule_and_qos of the file /src/smf/npcf-handler.c of the component SMF. The manipulation results in denial of service. The attack may be launched remotely. The exploit is now public and may...", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-10T23:16:27.057Z", "lastModified": "2026-05-12T17:35:25.860", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8248", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 24.2}, {"id": "CVE-2026-8249", "description": "A flaw has been found in Open5GS up to 2.7.7. The impacted element is the function update_authorized_pcc_rule_and_qos of the file /src/smf/npcf-handler.c of the component SMF. This manipulation causes denial of service. Remote exploitation of the attack is possible. The exploit has been published an...", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-10T23:16:27.243Z", "lastModified": "2026-05-13T16:10:49.797", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8249", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 24.2}, {"id": "CVE-2026-8250", "description": "A vulnerability has been found in Open5GS up to 2.7.7. This affects the function smf_n4_build_qos_flow_to_modify_list of the file /src/smf/n4-build.c of the component SMF. Such manipulation leads to denial of service. The attack can be executed remotely. The exploit has been disclosed to the public ...", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-10T23:16:27.403Z", "lastModified": "2026-05-12T17:35:15.353", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8250", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 24.2}, {"id": "CVE-2026-8251", "description": "A vulnerability was found in Open5GS up to 2.7.7. This impacts the function update_authorized_pcc_rule_and_qos of the file /src/smf/npcf-handler.c of the component SMF. Performing a manipulation results in denial of service. The attack is possible to be carried out remotely. The exploit has been mad...", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-10T23:16:27.563Z", "lastModified": "2026-05-12T17:35:08.440", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8251", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 24.2}, {"id": "CVE-2026-8252", "description": "A vulnerability was determined in Open5GS up to 2.7.7. Affected is the function smf_nsmf_handle_create_data_in_hsmf of the component SMF. Executing a manipulation can lead to null pointer dereference. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilize...", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-11T00:16:33.317Z", "lastModified": "2026-05-12T17:34:50.597", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8252", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 24.2}, {"id": "CVE-2025-62316", "description": "HCL AION is affected by a vulnerability where certain security-related HTTP response headers are not properly configured. Absence of these headers may reduce the effectiveness of browser-based security controls and could expose the application to limited security risks under specific conditions.", "score": 2.3, "severity": "LOW", "published": "2026-05-14T17:16:18.957Z", "lastModified": "2026-05-14T17:22:46.577", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62316", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 24.2}, {"id": "CVE-2026-31205", "description": "Cross Site Scripting vulnerability in Pluck CMS before v.4.7.21dev allows a remote attacker to escalate privileges via the editpage.php and the sanitizePageContent function", "score": 5.7, "severity": "MEDIUM", "published": "2026-05-04T14:16:32.863Z", "lastModified": "2026-05-05T19:44:42.893", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31205", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 23.8}, {"id": "CVE-2026-41519", "description": "Weblate is a web based localization tool. Prior to version 5.17.1, when a user changes their password, browser sessions are correctly invalidated via \"cycle_session_keys()\", but DRF API tokens (\"wlu_*\" prefix) stored in \"authtoken_token\" are not revoked. This issue has been patched in version 5.17.1...", "score": 4.2, "severity": "MEDIUM", "published": "2026-05-07T15:16:07.160Z", "lastModified": "2026-05-11T17:00:55.653", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41519", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 23.8}, {"id": "CVE-2026-40131", "description": "SQL injection vulnerability exists in @sap/hdi-deploy package, where SQL queries are dynamically constructed using user input without proper parameterization or prepared statements. Successful exploitation could allow the high privileged users to alter the SELECT statements impacting confidentiality...", "score": 3.4, "severity": "LOW", "published": "2026-05-12T03:16:11.910Z", "lastModified": "2026-05-12T14:19:41.400", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40131", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 23.6}, {"id": "CVE-2026-34685", "description": "Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier [NEEDS REVIEW: impact mismatch \u2014 ticket says 'Arbitrary file system write', CIA triad derives 'Security Feature Bypass'. Verify CVSS vector before publishing.] are affected by an Improper Input Valid...", "score": 3.4, "severity": "LOW", "published": "2026-05-12T20:16:38.480Z", "lastModified": "2026-05-13T14:49:11.830", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34685", "is_exploited": false, "epss": 0, "vendor": "ADOBE", "mts_score": 23.6}, {"id": "CVE-2026-7554", "description": "A vulnerability was determined in D-Link M60 up to 1.20B02. Affected by this issue is some unknown functionality of the file /usr/bin/httpd. This manipulation causes weak password recovery. The attack can be initiated remotely. A high degree of complexity is needed for the attack. The exploitation i...", "score": 5.6, "severity": "MEDIUM", "published": "2026-05-01T06:16:32.420Z", "lastModified": "2026-05-06T18:10:51.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7554", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 23.4}, {"id": "CVE-2026-7669", "description": "A vulnerability was detected in sgl-project SGLang up to 0.5.9. Impacted is the function get_tokenizer of the file python/sglang/srt/utils/hf_transformers_utils.py of the component HuggingFace Transformer Handler. The manipulation of the argument trust_remote_code with the input False as part of Boo...", "score": 5.6, "severity": "MEDIUM", "published": "2026-05-02T22:16:24.080Z", "lastModified": "2026-05-05T19:15:06.200", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7669", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 23.4}, {"id": "CVE-2026-44298", "description": "Kimai is an open-source time tracking application. From version 2.32.0 to before version 2.56.0, users with the role System-Admin (ROLE_SYSTE_ADMIN) and the permission upload_invoice_template can upload PDF invoice templates, which can call pdfContext.setOption('associated_files', ...) inside the sa...", "score": 4.1, "severity": "MEDIUM", "published": "2026-05-08T04:16:24.230Z", "lastModified": "2026-05-08T20:01:41.847", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44298", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 23.4}, {"id": "CVE-2026-28910", "description": "This issue was addressed with improved permissions checking. This issue is fixed in macOS Tahoe 26.4. A malicious app may be able to access arbitrary files.", "score": 3.3, "severity": "LOW", "published": "2026-05-11T21:18:53.707Z", "lastModified": "2026-05-13T14:02:20.380", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28910", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 23.2}, {"id": "CVE-2026-28957", "description": "An issue with app access to camera metadata was addressed with improved logic. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, visionOS 26.5. An app may be able to capture a user's screen.", "score": 3.3, "severity": "LOW", "published": "2026-05-11T21:18:56.780Z", "lastModified": "2026-05-13T14:36:41.723", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28957", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 23.2}, {"id": "CVE-2026-41530", "description": "The automatic folder creation feature of Lhaz and Lhaz+ provided by Chitora soft contains a path traversal vulnerability. When the affected product is configured with the automatic folder creation feature enabled, and a product user tries to extract an archive file which has a crafted file name, the...", "score": 3.3, "severity": "LOW", "published": "2026-05-12T06:16:09.073Z", "lastModified": "2026-05-12T15:10:27.993", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41530", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 23.2}, {"id": "CVE-2026-42355", "description": "NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an uncontrolled recursion vulnerability exists in the Electron Archive (ASAR) parser in NanaZip. When opening a crafted .asar file with deeply nested JSON in the header, both nlohmann::json::parse and the handler's GetAllP...", "score": 3.3, "severity": "LOW", "published": "2026-05-12T20:16:41.260Z", "lastModified": "2026-05-13T16:26:29.697", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42355", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 23.2}, {"id": "CVE-2026-42442", "description": "NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a null-pointer dereference exists in the UFS/UFS2 filesystem image parser in NanaZip. The vulnerability is triggered when opening a crafted UFS image where the root inode (inode 2) is set to IFLNK (symlink) instead of IFDI...", "score": 3.3, "severity": "LOW", "published": "2026-05-12T20:16:41.393Z", "lastModified": "2026-05-13T16:26:29.697", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42442", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 23.2}, {"id": "CVE-2026-42443", "description": "NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an integer divide-by-zero exists in the UFS/UFS2 filesystem image parser in NanaZip. The vulnerability is triggered when opening a crafted UFS image where the superblock field fs_ipg (inodes per cylinder group) is set to z...", "score": 3.3, "severity": "LOW", "published": "2026-05-12T20:16:41.520Z", "lastModified": "2026-05-13T16:26:29.697", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42443", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 23.2}, {"id": "CVE-2026-42444", "description": "NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a denial-of-service vulnerability exists in the littlefs filesystem image parser in NanaZip. The handler's Open method reads BlockCount directly from the attacker-controlled superblock without any validation against the ac...", "score": 3.3, "severity": "LOW", "published": "2026-05-12T20:16:41.653Z", "lastModified": "2026-05-14T20:17:04.670", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42444", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 23.2}, {"id": "CVE-2026-42445", "description": "NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an uncontrolled recursion vulnerability exists in the UFS/UFS2 filesystem image parser in NanaZip. The function GetAllPaths recurses into subdirectories without any depth limit or visited-inode tracking. A crafted UFS imag...", "score": 3.3, "severity": "LOW", "published": "2026-05-12T20:16:41.777Z", "lastModified": "2026-05-14T15:54:37.373", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42445", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 23.2}, {"id": "CVE-2026-6868", "description": "HTTP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service", "score": 5.5, "severity": "MEDIUM", "published": "2026-04-30T06:16:16.783Z", "lastModified": "2026-05-01T19:01:36.567", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6868", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 23.0}, {"id": "CVE-2026-7375", "description": "UDS protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service", "score": 5.5, "severity": "MEDIUM", "published": "2026-04-30T06:16:16.927Z", "lastModified": "2026-05-01T19:00:59.430", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7375", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 23.0}, {"id": "CVE-2026-7376", "description": "Crash in sharkd 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service", "score": 5.5, "severity": "MEDIUM", "published": "2026-04-30T06:16:17.053Z", "lastModified": "2026-05-06T16:16:12.250", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7376", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 23.0}, {"id": "CVE-2026-7378", "description": "Crash in sharkd 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service", "score": 5.5, "severity": "MEDIUM", "published": "2026-04-30T06:16:17.183Z", "lastModified": "2026-05-01T18:55:20.637", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7378", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 23.0}, {"id": "CVE-2026-7379", "description": "Memory leak in sharkd 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service", "score": 5.5, "severity": "MEDIUM", "published": "2026-04-30T06:16:17.333Z", "lastModified": "2026-05-01T18:41:41.590", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7379", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 23.0}, {"id": "CVE-2026-5299", "description": "ICMPv6 PvD protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service", "score": 5.5, "severity": "MEDIUM", "published": "2026-04-30T07:16:37.593Z", "lastModified": "2026-05-01T19:26:43.617", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5299", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 23.0}, {"id": "CVE-2026-5401", "description": "AFP Spotlight protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service", "score": 5.5, "severity": "MEDIUM", "published": "2026-04-30T07:16:37.720Z", "lastModified": "2026-05-01T19:26:36.903", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5401", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 23.0}, {"id": "CVE-2026-5406", "description": "FC-SWILS protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service", "score": 5.5, "severity": "MEDIUM", "published": "2026-04-30T07:16:37.990Z", "lastModified": "2026-05-01T19:26:17.060", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5406", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 23.0}, {"id": "CVE-2026-5407", "description": "SMB2 protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service", "score": 5.5, "severity": "MEDIUM", "published": "2026-04-30T07:16:38.140Z", "lastModified": "2026-05-01T19:25:47.907", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5407", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 23.0}, {"id": "CVE-2026-5408", "description": "BT-DHT protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service", "score": 5.5, "severity": "MEDIUM", "published": "2026-04-30T07:16:38.263Z", "lastModified": "2026-05-01T19:25:38.157", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5408", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 23.0}, {"id": "CVE-2026-5409", "description": "Monero protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service", "score": 5.5, "severity": "MEDIUM", "published": "2026-04-30T07:16:38.383Z", "lastModified": "2026-05-01T19:27:46.780", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5409", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 23.0}, {"id": "CVE-2026-5653", "description": "DCP-ETSI protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service", "score": 5.5, "severity": "MEDIUM", "published": "2026-04-30T07:16:38.520Z", "lastModified": "2026-05-01T17:04:57.713", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5653", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 23.0}, {"id": "CVE-2026-5654", "description": "AMR-NB codec crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service", "score": 5.5, "severity": "MEDIUM", "published": "2026-04-30T07:16:38.650Z", "lastModified": "2026-05-01T17:02:54.637", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5654", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 23.0}, {"id": "CVE-2026-5655", "description": "SDP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 allows denial of service", "score": 5.5, "severity": "MEDIUM", "published": "2026-04-30T07:16:38.780Z", "lastModified": "2026-05-01T16:49:18.977", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5655", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 23.0}, {"id": "CVE-2026-5657", "description": "iLBC codec crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service", "score": 5.5, "severity": "MEDIUM", "published": "2026-04-30T07:16:38.907Z", "lastModified": "2026-05-01T16:45:56.247", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5657", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 23.0}, {"id": "CVE-2026-6519", "description": "MBIM protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service", "score": 5.5, "severity": "MEDIUM", "published": "2026-04-30T07:16:39.030Z", "lastModified": "2026-05-01T16:41:02.167", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6519", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 23.0}, {"id": "CVE-2026-6520", "description": "OpenFlow v6 protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service", "score": 5.5, "severity": "MEDIUM", "published": "2026-04-30T07:16:39.153Z", "lastModified": "2026-05-01T16:37:23.097", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6520", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 23.0}, {"id": "CVE-2026-6521", "description": "OpenFlow v5 protocol dissector infinite loops in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service", "score": 5.5, "severity": "MEDIUM", "published": "2026-04-30T07:16:39.273Z", "lastModified": "2026-05-01T19:27:39.780", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6521", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 23.0}, {"id": "CVE-2026-6522", "description": "RPKI-Router protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service", "score": 5.5, "severity": "MEDIUM", "published": "2026-04-30T07:16:39.390Z", "lastModified": "2026-05-01T19:27:28.520", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6522", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 23.0}, {"id": "CVE-2026-6523", "description": "GNW protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service", "score": 5.5, "severity": "MEDIUM", "published": "2026-04-30T07:16:39.510Z", "lastModified": "2026-05-01T19:27:21.163", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6523", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 23.0}, {"id": "CVE-2026-6524", "description": "MySQL protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service", "score": 5.5, "severity": "MEDIUM", "published": "2026-04-30T07:16:39.637Z", "lastModified": "2026-05-01T19:27:14.617", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6524", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 23.0}, {"id": "CVE-2026-6526", "description": "RTSP protocol dissector crash in Wireshark 4.6.0 to 4.6.4", "score": 5.5, "severity": "MEDIUM", "published": "2026-04-30T07:16:39.770Z", "lastModified": "2026-05-01T19:29:03.427", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6526", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 23.0}, {"id": "CVE-2026-6527", "description": "ASN.1 PER protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service", "score": 5.5, "severity": "MEDIUM", "published": "2026-04-30T07:16:39.890Z", "lastModified": "2026-05-01T19:28:51.470", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6527", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 23.0}, {"id": "CVE-2026-6528", "description": "TLS protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 allows denial of service", "score": 5.5, "severity": "MEDIUM", "published": "2026-04-30T07:16:40.013Z", "lastModified": "2026-05-01T19:28:42.117", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6528", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 23.0}, {"id": "CVE-2026-6529", "description": "iLBC audio codec crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service", "score": 5.5, "severity": "MEDIUM", "published": "2026-04-30T07:16:40.130Z", "lastModified": "2026-05-01T19:28:30.840", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6529", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 23.0}, {"id": "CVE-2026-6530", "description": "DCP-ETSI protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service", "score": 5.5, "severity": "MEDIUM", "published": "2026-04-30T07:16:40.250Z", "lastModified": "2026-05-01T19:28:23.070", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6530", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 23.0}, {"id": "CVE-2026-6531", "description": "SANE protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service", "score": 5.5, "severity": "MEDIUM", "published": "2026-04-30T07:16:40.373Z", "lastModified": "2026-05-01T18:16:54.217", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6531", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 23.0}, {"id": "CVE-2026-6532", "description": "Kismet protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service", "score": 5.5, "severity": "MEDIUM", "published": "2026-04-30T07:16:40.500Z", "lastModified": "2026-05-01T18:16:44.330", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6532", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 23.0}, {"id": "CVE-2026-6533", "description": "Dissection engine LZ77 decompression crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service", "score": 5.5, "severity": "MEDIUM", "published": "2026-04-30T07:16:40.627Z", "lastModified": "2026-05-01T18:16:34.720", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6533", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 23.0}, {"id": "CVE-2026-6534", "description": "USB HID protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service", "score": 5.5, "severity": "MEDIUM", "published": "2026-04-30T07:16:40.753Z", "lastModified": "2026-05-01T18:16:21.030", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6534", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 23.0}, {"id": "CVE-2026-6535", "description": "Dissection engine zlib decompression crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service", "score": 5.5, "severity": "MEDIUM", "published": "2026-04-30T07:16:40.870Z", "lastModified": "2026-05-01T18:16:11.087", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6535", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 23.0}, {"id": "CVE-2026-6536", "description": "DLMS/COSEM protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4", "score": 5.5, "severity": "MEDIUM", "published": "2026-04-30T07:16:40.987Z", "lastModified": "2026-05-01T18:16:00.143", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6536", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 23.0}, {"id": "CVE-2026-6537", "description": "ZigBee protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service", "score": 5.5, "severity": "MEDIUM", "published": "2026-04-30T07:16:41.103Z", "lastModified": "2026-05-01T18:15:45.017", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6537", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 23.0}, {"id": "CVE-2026-6538", "description": "BEEP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service", "score": 5.5, "severity": "MEDIUM", "published": "2026-04-30T07:16:41.227Z", "lastModified": "2026-05-01T18:15:37.547", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6538", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 23.0}, {"id": "CVE-2026-6867", "description": "SMB2 protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service", "score": 5.5, "severity": "MEDIUM", "published": "2026-04-30T07:16:41.350Z", "lastModified": "2026-05-01T18:15:20.687", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6867", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 23.0}, {"id": "CVE-2026-6869", "description": "WebSocket protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service", "score": 5.5, "severity": "MEDIUM", "published": "2026-04-30T07:16:41.470Z", "lastModified": "2026-05-01T18:15:10.147", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6869", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 23.0}, {"id": "CVE-2026-6870", "description": "GSM RP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service", "score": 5.5, "severity": "MEDIUM", "published": "2026-04-30T07:16:41.590Z", "lastModified": "2026-05-01T18:11:06.100", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6870", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 23.0}, {"id": "CVE-2026-31692", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nrtnetlink: add missing netlink_ns_capable() check for peer netns\n\nrtnl_newlink() lacks a CAP_NET_ADMIN capability check on the peer\nnetwork namespace when creating paired devices (veth, vxcan,\nnetkit). This allows an unprivileged u...", "score": 5.5, "severity": "MEDIUM", "published": "2026-04-30T11:16:20.860Z", "lastModified": "2026-05-06T20:05:55.800", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31692", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-33450", "description": "CVE-2026-33450 is an out of bounds read vulnerability in the Secure \nAccess MacOS client prior to 14.50. Attackers with control of a modified\n server can send a malformed packet to the client causing a denial of \nservice.", "score": 5.5, "severity": "MEDIUM", "published": "2026-04-30T21:16:31.683Z", "lastModified": "2026-05-05T02:31:13.537", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33450", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 23.0}, {"id": "CVE-2026-33452", "description": "CVE-2026-33452 is a buffer overflow vulnerability in the Secure Access \nWindows client prior to 14.50. Attackers with local control of the \nWindows client can use it to \u2018blue screen\u2019 the system.", "score": 5.5, "severity": "MEDIUM", "published": "2026-04-30T21:16:31.920Z", "lastModified": "2026-05-05T02:31:58.700", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33452", "is_exploited": false, "epss": 0, "vendor": "WINDOWS", "mts_score": 23.0}, {"id": "CVE-2026-40951", "description": "CVE-2026-40951 is a memory corruption vulnerability on Secure Access \nWindows clients prior to 14.50. Attackers with local control of the \nWindows client can send malformed data to an API and trigger a denial of\n service.", "score": 5.5, "severity": "MEDIUM", "published": "2026-04-30T21:16:33.127Z", "lastModified": "2026-05-04T18:54:40.590", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40951", "is_exploited": false, "epss": 0, "vendor": "WINDOWS", "mts_score": 23.0}, {"id": "CVE-2026-31701", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: caiaq: take a reference on the USB device in create_card()\n\nThe caiaq driver stores a pointer to the parent USB device in\ncdev->chip.dev but never takes a reference on it. The card's\nprivate_free callback, snd_usb_caiaq_card_...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-01T14:16:20.020Z", "lastModified": "2026-05-06T18:55:49.450", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31701", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-31704", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: use check_add_overflow() to prevent u16 DACL size overflow\n\nset_posix_acl_entries_dacl() and set_ntacl_dacl() accumulate ACE sizes\nin u16 variables. When a file has many POSIX ACL entries, the\naccumulated size can wrap past ...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-01T14:16:20.367Z", "lastModified": "2026-05-06T20:46:54.840", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31704", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-31710", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix dir separator in SMB1 UNIX mounts\n\nWhen calling cifs_mount_get_tcon() with SMB1 UNIX mounts,\n@cifs_sb->mnt_cifs_flags needs to be read or updated only after\ncalling reset_cifs_unix_caps(), otherwise it might end up...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-01T14:16:21.040Z", "lastModified": "2026-05-06T20:21:16.730", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31710", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-31713", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nfuse: abort on fatal signal during sync init\n\nWhen sync init is used and the server exits for some reason (error, crash)\nwhile processing FUSE_INIT, the filesystem creation will hang.  The reason\nis that while all other threads wil...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-01T14:16:21.390Z", "lastModified": "2026-05-06T21:13:45.243", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31713", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-31714", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to avoid memory leak in f2fs_rename()\n\nsyzbot reported a f2fs bug as below:\n\nBUG: memory leak\nunreferenced object 0xffff888127f70830 (size 16):\n  comm \"syz.0.23\", pid 6144, jiffies 4294943712\n  hex dump (first 16 bytes):\n...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-01T14:16:21.493Z", "lastModified": "2026-05-06T21:12:45.730", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31714", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-31721", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: f_hid: move list and spinlock inits from bind to alloc\n\nThere was an issue when you did the following:\n- setup and bind an hid gadget\n- open /dev/hidg0\n- use the resulting fd in EPOLL_CTL_ADD\n- unbind the UDC\n- bind th...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-01T15:16:34.490Z", "lastModified": "2026-05-06T20:56:34.973", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31721", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-31722", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: f_rndis: Fix net_device lifecycle with device_move\n\nThe net_device is allocated during function instance creation and\nregistered during the bind phase with the gadget device as its sysfs\nparent. When the function unbin...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-01T15:16:34.617Z", "lastModified": "2026-05-06T20:55:31.143", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31722", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-31723", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: f_subset: Fix net_device lifecycle with device_move\n\nThe net_device is allocated during function instance creation and\nregistered during the bind phase with the gadget device as its sysfs\nparent. When the function unbi...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-01T15:16:34.727Z", "lastModified": "2026-05-07T17:03:30.180", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31723", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-31724", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: f_eem: Fix net_device lifecycle with device_move\n\nThe net_device is allocated during function instance creation and\nregistered during the bind phase with the gadget device as its sysfs\nparent. When the function unbinds...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-01T15:16:34.833Z", "lastModified": "2026-05-07T17:00:23.647", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31724", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-31725", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: f_ecm: Fix net_device lifecycle with device_move\n\nThe net_device is allocated during function instance creation and\nregistered during the bind phase with the gadget device as its sysfs\nparent. When the function unbinds...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-01T15:16:34.947Z", "lastModified": "2026-05-07T16:58:44.850", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31725", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-31726", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: uvc: fix NULL pointer dereference during unbind race\n\nCommit b81ac4395bbe (\"usb: gadget: uvc: allow for application to cleanly\nshutdown\") introduced two stages of synchronization waits totaling 1500ms\nin uvc_function_u...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-01T15:16:35.063Z", "lastModified": "2026-05-07T16:26:18.460", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31726", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-31727", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: u_ether: Fix NULL pointer deref in eth_get_drvinfo\n\nCommit ec35c1969650 (\"usb: gadget: f_ncm: Fix net_device lifecycle with\ndevice_move\") reparents the gadget device to /sys/devices/virtual during\nunbind, clearing the ...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-01T15:16:35.210Z", "lastModified": "2026-05-07T16:20:52.677", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31727", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-31732", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: Fix resource leaks on errors in gpiochip_add_data_with_key()\n\nSince commit aab5c6f20023 (\"gpio: set device type for GPIO chips\"),\n`gdev->dev.release` is unset.  As a result, the reference count to\n`gdev->dev` isn't dropped on...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-01T15:16:35.807Z", "lastModified": "2026-05-07T15:36:58.830", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31732", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-31733", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched_ext: Fix stale direct dispatch state in ddsp_dsq_id\n\n@p->scx.ddsp_dsq_id can be left set (non-SCX_DSQ_INVALID) triggering a\nspurious warning in mark_direct_dispatch() when the next wakeup's\nops.select_cpu() calls scx_bpf_dsq_...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-01T15:16:35.913Z", "lastModified": "2026-05-07T16:44:45.520", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31733", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-31734", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched_ext: Fix is_bpf_migration_disabled() false negative on non-PREEMPT_RCU\n\nSince commit 8e4f0b1ebcf2 (\"bpf: use rcu_read_lock_dont_migrate() for\ntrampoline.c\"), the BPF prolog (__bpf_prog_enter) calls migrate_disable()\nonly when...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-01T15:16:36.030Z", "lastModified": "2026-05-07T16:50:47.197", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31734", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-31736", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ethernet: mtk_ppe: avoid NULL deref when gmac0 is disabled\n\nIf the gmac0 is disabled, the precheck for a valid ingress device will\ncause a NULL pointer deref and crash the system. This happens because\neth->netdev[0] will be NU...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-01T15:16:36.240Z", "lastModified": "2026-05-07T16:53:14.840", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31736", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-31737", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ftgmac100: fix ring allocation unwind on open failure\n\nftgmac100_alloc_rings() allocates rx_skbs, tx_skbs, rxdes, txdes, and\nrx_scratch in stages. On intermediate failures it returned -ENOMEM\ndirectly, leaking resources alloca...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-01T15:16:36.347Z", "lastModified": "2026-05-07T18:55:56.863", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31737", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-31738", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nvxlan: validate ND option lengths in vxlan_na_create\n\nvxlan_na_create() walks ND options according to option-provided\nlengths. A malformed option can make the parser advance beyond the\ncomputed option span or use a too-short source...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-01T15:16:36.473Z", "lastModified": "2026-05-07T18:58:07.237", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31738", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-31740", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncounter: rz-mtu3-cnt: do not use struct rz_mtu3_channel's dev member\n\nThe counter driver can use HW channels 1 and 2, while the PWM driver can\nuse HW channels 0, 1, 2, 3, 4, 6, 7.\n\nThe dev member is assigned both by the counter dri...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-01T15:16:36.710Z", "lastModified": "2026-05-07T19:56:03.380", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31740", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-31741", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncounter: rz-mtu3-cnt: prevent counter from being toggled multiple times\n\nRuntime PM counter is incremented / decremented each time the sysfs\nenable file is written to.\n\nIf user writes 0 to the sysfs enable file multiple times, runt...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-01T15:16:36.820Z", "lastModified": "2026-05-07T19:55:42.487", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31741", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-31744", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nPM: EM: Fix NULL pointer dereference when perf domain ID is not found\n\ndev_energymodel_nl_get_perf_domains_doit() calls\nem_perf_domain_get_by_id() but does not check the return value before\npassing it to __em_nl_get_pd_size(). When...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-01T15:16:37.157Z", "lastModified": "2026-05-07T19:33:39.850", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31744", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-31746", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/zcrypt: Fix memory leak with CCA cards used as accelerator\n\nTests showed that there is a memory leak if CCA cards are used as\naccelerator for clear key RSA requests (ME and CRT). With the last\nrework for the memory allocation ...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-01T15:16:37.363Z", "lastModified": "2026-05-07T19:29:56.453", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31746", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-31749", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncomedi: ni_atmio16d: Fix invalid clean-up after failed attach\n\nIf the driver's COMEDI \"attach\" handler function (`atmio16d_attach()`)\nreturns an error, the COMEDI core will call the driver's \"detach\"\nhandler function (`atmio16d_det...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-01T15:16:37.723Z", "lastModified": "2026-05-07T19:18:34.470", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31749", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-31750", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncomedi: runflags cannot determine whether to reclaim chanlist\n\nsyzbot reported a memory leak [1], because commit 4e1da516debb (\"comedi:\nAdd reference counting for Comedi command handling\") did not consider\nthe exceptional exit case...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-01T15:16:37.850Z", "lastModified": "2026-05-07T19:13:00.677", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31750", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-31752", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbridge: br_nd_send: validate ND option lengths\n\nbr_nd_send() walks ND options according to option-provided lengths.\nA malformed option can make the parser advance beyond the computed\noption span or use a too-short source LLADDR opt...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-01T15:16:38.090Z", "lastModified": "2026-05-07T19:08:55.830", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31752", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-31753", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nauxdisplay: line-display: fix NULL dereference in linedisp_release\n\nlinedisp_release() currently retrieves the enclosing struct linedisp via\nto_linedisp(). That lookup depends on the attachment list, but the\nattachment may already ...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-01T15:16:38.223Z", "lastModified": "2026-05-08T18:52:16.810", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31753", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-31754", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: cdns3: gadget: fix state inconsistency on gadget init failure\n\nWhen cdns3_gadget_start() fails, the DRD hardware is left in gadget mode\nwhile software state remains INACTIVE, creating hardware/software state\ninconsistency.\n\nWh...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-01T15:16:38.330Z", "lastModified": "2026-05-08T18:49:44.267", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31754", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-31755", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: cdns3: gadget: fix NULL pointer dereference in ep_queue\n\nWhen the gadget endpoint is disabled or not yet configured, the ep->desc\npointer can be NULL. This leads to a NULL pointer dereference when\n__cdns3_gadget_ep_queue() is ...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-01T15:16:38.460Z", "lastModified": "2026-05-08T18:45:57.797", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31755", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-31756", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: dwc2: gadget: Fix spin_lock/unlock mismatch in dwc2_hsotg_udc_stop()\n\ndwc2_gadget_exit_clock_gating() internally calls call_gadget() macro,\nwhich expects hsotg->lock to be held since it does spin_unlock/spin_lock\naround the ga...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-01T15:16:38.580Z", "lastModified": "2026-05-08T18:30:40.390", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31756", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-31757", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: misc: usbio: Fix URB memory leak on submit failure\n\nWhen usb_submit_urb() fails in usbio_probe(), the previously allocated\nURB is never freed, causing a memory leak.\n\nFix this by jumping to err_free_urb label to properly relea...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-01T15:16:38.700Z", "lastModified": "2026-05-08T18:26:44.207", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31757", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-31760", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpib: lpvo_usb: fix memory leak on disconnect\n\nThe driver iterates over the registered USB interfaces during GPIB\nattach and takes a reference to their USB devices until a match is\nfound. These references are never released which l...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-01T15:16:39.047Z", "lastModified": "2026-05-08T18:11:51.870", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31760", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-31762", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: gyro: mpu3050: Fix irq resource leak\n\nThe interrupt handler is setup but only a few lines down if\niio_trigger_register() fails the function returns without properly\nreleasing the handler.\n\nAdd cleanup goto to resolve resource ...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-01T15:16:39.277Z", "lastModified": "2026-05-08T18:09:23.737", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31762", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-31763", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: gyro: mpu3050: Fix incorrect free_irq() variable\n\nThe handler for the IRQ part of this driver is mpu3050->trig but,\nin the teardown free_irq() is called with handler mpu3050.\n\nUse correct IRQ handler when calling free_irq().", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-01T15:16:39.400Z", "lastModified": "2026-05-08T18:05:36.157", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31763", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-31765", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Change AMDGPU_VA_RESERVED_TRAP_SIZE to 64KB\n\nCurrently, AMDGPU_VA_RESERVED_TRAP_SIZE is hardcoded to 8KB, while\nKFD_CWSR_TBA_TMA_SIZE is defined as 2 * PAGE_SIZE. On systems with\n4K pages, both values match (8KB), so al...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-01T15:16:39.633Z", "lastModified": "2026-05-11T17:48:57.713", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31765", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-31767", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915/dsi: Don't do DSC horizontal timing adjustments in command mode\n\nStop adjusting the horizontal timing values based on the\ncompression ratio in command mode. Bspec seems to be telling\nus to do this only in video mode, and t...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-01T15:16:39.870Z", "lastModified": "2026-05-11T17:53:02.707", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31767", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-31770", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (occ) Fix division by zero in occ_show_power_1()\n\nIn occ_show_power_1() case 1, the accumulator is divided by\nupdate_tag without checking for zero. If no samples have been\ncollected yet (e.g. during early boot when the senso...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-01T15:16:40.200Z", "lastModified": "2026-05-11T17:58:07.823", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31770", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-31775", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: ctxfi: Don't enumerate SPDIF1 at DAIO initialization\n\nThe recent refactoring of xfi driver changed the assignment of\natc->daios[] at atc_get_resources(); now it loops over all enum\nDAIOTYP entries while it looped formerly onl...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-01T15:16:40.863Z", "lastModified": "2026-05-07T02:28:36.717", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31775", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-31777", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: ctxfi: Check the error for index mapping\n\nThe ctxfi driver blindly assumed a proper value returned from\ndaio_device_index(), but it's not always true.  Add a proper error\ncheck to deal with the error from the function.", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-01T15:16:41.087Z", "lastModified": "2026-05-07T02:27:02.030", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31777", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-31781", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/ioc32: stop speculation on the drm_compat_ioctl path\n\nThe drm compat ioctl path takes a user controlled pointer, and then\ndereferences it into a table of function pointers, the signature method\nof spectre problems.  Fix this up...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-01T15:16:41.577Z", "lastModified": "2026-05-11T20:51:42.783", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31781", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-31783", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: amlogic: spifc-a4: unregister ECC engine on probe failure and remove() callback\n\naml_sfc_probe() registers the on-host NAND ECC engine, but teardown was\nmissing from both probe unwind and remove-time cleanup. Add a devm cleanu...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-01T15:16:41.813Z", "lastModified": "2026-05-11T20:47:03.257", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31783", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-31784", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe/pxp: Clear restart flag in pxp_start after jumping back\n\nIf we don't clear the flag we'll keep jumping back at the beginning of\nthe function once we reach the end.\n\n(cherry picked from commit 0850ec7bb2459602351639dccf7a68a0...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-01T15:16:41.923Z", "lastModified": "2026-05-12T15:09:18.907", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31784", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-31785", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe/xe_pagefault: Disallow writes to read-only VMAs\n\nThe page fault handler should reject write/atomic access to read only\nVMAs.  Add code to handle this in xe_pagefault_service after the VMA\nlookup.\n\nv2:\n- Apply max line length...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-01T15:16:42.033Z", "lastModified": "2026-05-12T19:26:31.830", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31785", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-42479", "description": "An out-of-bounds read vulnerability in VrmlData_IndexedLineSet::TShape in the VRML parser in Open CASCADE Technology (OCCT) V8_0_0_rc5 allows attackers to cause a denial of service via a crafted VRML file. The issue occurs because coordIndex values from parsed input are used as direct array indices ...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-01T15:16:43.967Z", "lastModified": "2026-05-01T19:16:32.267", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42479", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 23.0}, {"id": "CVE-2026-43004", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: stm32-ospi: Fix resource leak in remove() callback\n\nThe remove() callback returned early if pm_runtime_resume_and_get()\nfailed, skipping the cleanup of spi controller and other resources.\n\nRemove the early return so cleanup co...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-01T15:16:44.237Z", "lastModified": "2026-05-12T18:06:12.783", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43004", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43008", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: qixis-fpga: Fix error handling for devm_regmap_init_mmio()\n\ndevm_regmap_init_mmio() returns an ERR_PTR() on failure, not NULL.\nThe original code checked for NULL which would never trigger on error,\npotentially leading to an i...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-01T15:16:44.670Z", "lastModified": "2026-05-07T20:24:50.790", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43008", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43010", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Reject sleepable kprobe_multi programs at attach time\n\nkprobe.multi programs run in atomic/RCU context and cannot sleep.\nHowever, bpf_kprobe_multi_link_attach() did not validate whether the\nprogram being attached had the sleep...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-01T15:16:44.887Z", "lastModified": "2026-05-07T20:26:12.200", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43010", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43012", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Fix switchdev mode rollback in case of failure\n\nIf for some internal reason switchdev mode fails, we rollback to legacy\nmode, before this patch, rollback will unregister the uplink netdev and\nleave it unregistered causing...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-01T15:16:45.117Z", "lastModified": "2026-05-07T20:28:15.953", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43012", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43013", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: lag: Check for LAG device before creating debugfs\n\n__mlx5_lag_dev_add_mdev() may return 0 (success) even when an error\noccurs that is handled gracefully. Consequently, the initialization\nflow proceeds to call mlx5_ldev_ad...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-01T15:16:45.243Z", "lastModified": "2026-05-07T20:28:55.537", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43013", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43014", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: macb: properly unregister fixed rate clocks\n\nThe additional resources allocated with clk_register_fixed_rate() need\nto be released with clk_unregister_fixed_rate(), otherwise they are lost.", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-01T15:16:45.367Z", "lastModified": "2026-05-07T20:29:24.053", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43014", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43017", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: MGMT: validate mesh send advertising payload length\n\nmesh_send() currently bounds MGMT_OP_MESH_SEND by total command\nlength, but it never verifies that the bytes supplied for the\nflexible adv_data[] array actually match ...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-01T15:16:45.837Z", "lastModified": "2026-05-08T14:13:28.580", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43017", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43021", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_sync: fix leaks when hci_cmd_sync_queue_once fails\n\nWhen hci_cmd_sync_queue_once() returns with error, the destroy callback\nwill not be called.\n\nFix leaking references / memory on these failures.", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-01T15:16:46.367Z", "lastModified": "2026-05-08T14:50:04.047", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43021", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43022", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_sync: hci_cmd_sync_queue_once() return -EEXIST if exists\n\nhci_cmd_sync_queue_once() needs to indicate whether a queue item was\nadded, so caller can know if callbacks are called, so it can avoid\nleaking resources.\n\nCh...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-01T15:16:46.483Z", "lastModified": "2026-05-08T14:53:58.163", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43022", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43024", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: reject immediate NF_QUEUE verdict\n\nnft_queue is always used from userspace nftables to deliver the NF_QUEUE\nverdict. Immediately emitting an NF_QUEUE verdict is never used by the\nuserspace nft tools, so reject...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-01T15:16:46.760Z", "lastModified": "2026-05-08T18:15:22.237", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43024", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43026", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: ctnetlink: zero expect NAT fields when CTA_EXPECT_NAT absent\n\nctnetlink_alloc_expect() allocates expectations from a non-zeroing\nslab cache via nf_ct_expect_alloc().  When CTA_EXPECT_NAT is not\npresent in the netlink mes...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-01T15:16:47.033Z", "lastModified": "2026-05-08T18:21:45.207", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43026", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43032", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFC: pn533: bound the UART receive buffer\n\npn532_receive_buf() appends every incoming byte to dev->recv_skb and\nonly resets the buffer after pn532_uart_rx_is_frame() recognizes a\ncomplete frame. A continuous stream of bytes without...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-01T15:16:47.787Z", "lastModified": "2026-05-08T18:39:32.083", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43032", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43034", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbnxt_en: set backing store type from query type\n\nbnxt_hwrm_func_backing_store_qcaps_v2() stores resp->type from the\nfirmware response in ctxm->type and later uses that value to index\nfixed backing-store metadata arrays such as ctx_...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-01T15:16:48.037Z", "lastModified": "2026-05-08T18:41:52.870", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43034", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43035", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: cls_api: fix tc_chain_fill_node to initialize tcm_info to zero to prevent an info-leak\n\nWhen building netlink messages, tc_chain_fill_node() never initializes\nthe tcm_info field of struct tcmsg. Since the allocation is ...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-01T15:16:48.147Z", "lastModified": "2026-05-08T18:43:05.513", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43035", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43036", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: use skb_header_pointer() for TCPv4 GSO frag_off check\n\nSyzbot reported a KMSAN uninit-value warning in gso_features_check()\ncalled from netif_skb_features() [1].\n\ngso_features_check() reads iph->frag_off to decide whether to c...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-01T15:16:48.273Z", "lastModified": "2026-05-08T18:44:10.900", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43036", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43041", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: qrtr: replace qrtr_tx_flow radix_tree with xarray to fix memory leak\n\n__radix_tree_create() allocates and links intermediate nodes into the\ntree one by one. If a subsequent allocation fails, the already-linked\nnodes remain in ...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-01T15:16:50.270Z", "lastModified": "2026-05-08T18:54:39.410", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43041", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43043", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: af-alg - fix NULL pointer dereference in scatterwalk\n\nThe AF_ALG interface fails to unmark the end of a Scatter/Gather List (SGL)\nwhen chaining a new af_alg_tsgl structure. If a sendmsg() fills an SGL\nexactly to MAX_SGL_ENT...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-01T15:16:50.563Z", "lastModified": "2026-05-08T18:57:17.780", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43043", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43045", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmshv: Fix error handling in mshv_region_pin\n\nThe current error handling has two issues:\n\nFirst, pin_user_pages_fast() can return a short pin count (less than\nrequested but greater than zero) when it cannot pin all requested pages.\n...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-01T15:16:50.817Z", "lastModified": "2026-05-08T14:04:13.097", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43045", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43046", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: reject root items with drop_progress and zero drop_level\n\n[BUG]\nWhen recovering relocation at mount time, merge_reloc_root() and\nbtrfs_drop_snapshot() both use BUG_ON(level == 0) to guard against\nan impossible state: a non-z...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-01T15:16:50.933Z", "lastModified": "2026-05-08T13:52:16.790", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43046", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43054", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: target: tcm_loop: Drain commands in target_reset handler\n\ntcm_loop_target_reset() violates the SCSI EH contract: it returns SUCCESS\nwithout draining any in-flight commands.  The SCSI EH documentation\n(scsi_eh.rst) requires th...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-01T15:16:51.910Z", "lastModified": "2026-05-07T18:28:19.040", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43054", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-42480", "description": "A stack-based out-of-bounds read vulnerability in VrmlData_Scene::ReadLine in the VRML parser in Open CASCADE Technology (OCCT) V8_0_0_rc5 allows attackers to cause a denial of service via a crafted VRML file. The issue occurs because the quoted-string escape handler uses ptr[++anOffset] without pro...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-01T16:16:32.047Z", "lastModified": "2026-05-07T15:53:49.717", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42480", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 23.0}, {"id": "CVE-2026-42481", "description": "Open CASCADE Technology (OCCT) V8_0_0_rc5 contains multiple vulnerabilities in its IGES and STEP file parsers that can be triggered by crafted IGES or STEP files. These issues include an out-of-bounds read in Geom2d_BSplineCurve::EvalD0 during IGES B-spline curve evaluation, an out-of-bounds read in...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-01T16:16:32.163Z", "lastModified": "2026-05-07T15:15:06.770", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42481", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 23.0}, {"id": "CVE-2026-7608", "description": "A vulnerability was detected in TRENDnet TEW-821DAP up to 1.12B01. The affected element is the function tools_diagnostic. The manipulation results in os command injection. The exploit is now public and may be used. The vendor explains: \"That firmware version will only work on our hardware version v1...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-02T09:16:22.657Z", "lastModified": "2026-05-06T20:24:09.917", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7608", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 23.0}, {"id": "CVE-2026-6525", "description": "IEEE 802.11 protocol dissector crash in Wireshark 4.6.0 to 4.6.4", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-02T12:16:16.887Z", "lastModified": "2026-05-05T15:42:55.010", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6525", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 23.0}, {"id": "CVE-2026-25266", "description": "Memory corruption while processing IOCTL command when device is in power-save state.", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-04T17:16:22.107Z", "lastModified": "2026-05-06T18:02:02.110", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25266", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 23.0}, {"id": "CVE-2026-42146", "description": "CImg Library is a C++ library for image processing. Prior to commit c3aacf5, the nb_colors field read from the BMP file header is used directly to compute an allocation size without validating it against the remaining file size. A crafted BMP file with a large nb_colors value triggers an out-of-memo...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-04T18:16:31.977Z", "lastModified": "2026-05-07T15:50:00.160", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42146", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 23.0}, {"id": "CVE-2026-5247", "description": "The Schedule Post Changes With PublishPress Future plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wrapper' attribute of the [futureaction] shortcode in all versions up to, and including, 4.10.0. This is due to insufficient input sanitization on the wrapper attribute. The ...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-05T03:15:59.930Z", "lastModified": "2026-05-05T19:09:32.000", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5247", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 23.0}, {"id": "CVE-2026-39103", "description": "Buffer Overflow vulnerability in GPAC before commit v391dc7f4d234988ea0bc3cc294eb725eddf8f702 allows an attacker to cause a denial of service via the src/scenegraph/svg_attributes.c, svg_parse_strings(), gf_svg_parse_attribute()", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-05T16:16:12.993Z", "lastModified": "2026-05-07T15:15:06.770", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39103", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 23.0}, {"id": "CVE-2026-43098", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: s3fwrn5: allocate rx skb before consuming bytes\n\ns3fwrn82_uart_read() reports the number of accepted bytes to the serdev\ncore. The current code consumes bytes into recv_skb and may already\ndeliver a complete frame before alloc...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T10:16:23.250Z", "lastModified": "2026-05-14T19:24:03.903", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43098", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43100", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbridge: guard local VLAN-0 FDB helpers against NULL vlan group\n\nWhen CONFIG_BRIDGE_VLAN_FILTERING is not set, br_vlan_group() and\nnbp_vlan_group() return NULL (br_private.h stub definitions). The\nBR_BOOLOPT_FDB_LOCAL_VLAN_0 toggle ...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T10:16:23.523Z", "lastModified": "2026-05-11T17:35:52.550", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43100", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43102", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: airoha: Fix memory leak in airoha_qdma_rx_process()\n\nIf an error occurs on the subsequents buffers belonging to the\nnon-linear part of the skb (e.g. due to an error in the payload length\nreported by the NIC or if we consumed a...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T10:16:23.750Z", "lastModified": "2026-05-11T17:34:42.620", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43102", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43103", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: lapbether: handle NETDEV_PRE_TYPE_CHANGE\n\nlapbeth_data_transmit() expects the underlying device type\nto be ARPHRD_ETHER.\n\nReturning NOTIFY_BAD from lapbeth_device_event() makes sure\nbonding driver can not break this expectatio...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T10:16:23.867Z", "lastModified": "2026-05-11T17:33:50.670", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43103", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43104", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vc4: Fix a memory leak in hang state error path\n\nWhen vc4_save_hang_state() encounters an early return condition, it\nreturns without freeing the previously allocated `kernel_state`,\nleaking memory.\n\nAdd the missing kfree() call...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T10:16:23.980Z", "lastModified": "2026-05-11T17:32:55.727", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43104", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43105", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vc4: Fix memory leak of BO array in hang state\n\nThe hang state's BO array is allocated separately with kzalloc() in\nvc4_save_hang_state() but never freed in vc4_free_hang_state(). Add the\nmissing kfree() for the BO array before...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T10:16:24.097Z", "lastModified": "2026-05-11T17:32:11.270", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43105", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43107", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: account XFRMA_IF_ID in aevent size calculation\n\nxfrm_get_ae() allocates the reply skb with xfrm_aevent_msgsize(), then\nbuild_aevent() appends attributes including XFRMA_IF_ID when x->if_id is\nset.\n\nxfrm_aevent_msgsize() does ...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T10:16:24.330Z", "lastModified": "2026-05-11T17:30:05.550", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43107", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43108", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: qcom: pd-mapper: Fix element length in servreg_loc_pfr_req_ei\n\nIt looks element length declared in servreg_loc_pfr_req_ei for reason\nnot matching servreg_loc_pfr_req's reason field due which we could\nobserve decoding error on ...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T10:16:24.460Z", "lastModified": "2026-05-11T17:27:25.167", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43108", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43109", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86: shadow stacks: proper error handling for mmap lock\n\n\uae40\uc601\ubbfc reports that shstk_pop_sigframe() doesn't check for errors from\nmmap_read_lock_killable(), which is a silly oversight, and also shows\nthat we haven't marked those functio...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T10:16:24.577Z", "lastModified": "2026-05-14T15:16:47.120", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43109", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43115", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsrcu: Use irq_work to start GP in tiny SRCU\n\nTiny SRCU's srcu_gp_start_if_needed() directly calls schedule_work(),\nwhich acquires the workqueue pool->lock.\n\nThis causes a lockdep splat when call_srcu() is called with a scheduler\nlo...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T10:16:25.290Z", "lastModified": "2026-05-08T17:51:44.920", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43115", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43118", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix zero size inode with non-zero size after log replay\n\nWhen logging that an inode exists, as part of logging a new name or\nlogging new dir entries for a directory, we always set the generation of\nthe logged inode item to 0...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T10:16:25.633Z", "lastModified": "2026-05-08T17:30:34.710", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43118", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43119", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_sync: annotate data-races around hdev->req_status\n\n__hci_cmd_sync_sk() sets hdev->req_status under hdev->req_lock:\n\n    hdev->req_status = HCI_REQ_PEND;\n\nHowever, several other functions read or write hdev->req_statu...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T10:16:25.773Z", "lastModified": "2026-05-12T21:36:28.793", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43119", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2025-71271", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfsplus: ensure sb->s_fs_info is always cleaned up\n\nWhen hfsplus was converted to the new mount api a bug was introduced by\nchanging the allocation pattern of sb->s_fs_info. If setup_bdev_super()\nfails after a new superblock has be...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T12:16:27.090Z", "lastModified": "2026-05-12T21:25:25.097", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71271", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2025-71272", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmost: core: fix resource leak in most_register_interface error paths\n\nThe function most_register_interface() did not correctly release resources\nif it failed early (before registering the device). In these cases, it\nreturned an err...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T12:16:27.213Z", "lastModified": "2026-05-12T21:28:49.290", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71272", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2025-71273", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw88: Use devm_kmemdup() in rtw_set_supported_band()\n\nSimplify the code by using device managed memory allocations.\n\nThis also fixes a memory leak in rtw_register_hw(). The supported bands\nwere not freed in the error path.\n\n...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T12:16:27.330Z", "lastModified": "2026-05-12T21:27:31.877", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71273", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2025-71285", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: qrtr: Drop the MHI auto_queue feature for IPCR DL channels\n\nMHI stack offers the 'auto_queue' feature, which allows the MHI stack to\nauto queue the buffers for the RX path (DL channel). Though this feature\nsimplifies the clien...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T12:16:27.613Z", "lastModified": "2026-05-12T21:25:04.157", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71285", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2025-71286", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: SOF: ipc4-topology: Correct the allocation size for bytes controls\n\nThe size of the data behind of scontrol->ipc_control_data for bytes\ncontrols is:\n[1] sizeof(struct sof_ipc4_control_data) + // kernel only struct\n[2] sizeof(...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T12:16:27.737Z", "lastModified": "2026-05-12T21:24:55.000", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71286", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2025-71287", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmemory: mtk-smi: fix device leak on larb probe\n\nMake sure to drop the reference taken when looking up the SMI device\nduring larb probe on late probe failure (e.g. probe deferral) and on\ndriver unbind.", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T12:16:27.857Z", "lastModified": "2026-05-13T18:42:19.490", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71287", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2025-71288", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmemory: mtk-smi: fix device leaks on common probe\n\nMake sure to drop the reference taken when looking up the SMI device\nduring common probe on late probe failure (e.g. probe deferral) and on\ndriver unbind.", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T12:16:27.987Z", "lastModified": "2026-05-13T18:42:11.303", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71288", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2025-71289", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: handle attr_set_size() errors when truncating files\n\nIf attr_set_size() fails while truncating down, the error is silently\nignored and the inode may be left in an inconsistent state.", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T12:16:28.103Z", "lastModified": "2026-05-13T21:08:55.063", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71289", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2025-71290", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: ti_fpc202: fix a potential memory leak in probe function\n\nUse for_each_child_of_node_scoped() to simplify the code and ensure the\ndevice node reference is automatically released when the loop scope\nends.", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T12:16:28.210Z", "lastModified": "2026-05-13T21:07:09.193", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71290", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2025-71291", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: bcm_vk: Fix possible null-pointer dereferences in bcm_vk_read()\n\nIn the function bcm_vk_read(), the pointer entry is checked, indicating\nthat it can be NULL. If entry is NULL and rc is set to -EMSGSIZE, the\nfollowing code may...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T12:16:28.330Z", "lastModified": "2026-05-13T21:04:54.180", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71291", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2025-71292", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: nlink overflow in jfs_rename\n\nIf nlink is maximal for a directory (-1) and inside that directory you\nperform a rename for some child directory (not moving from the parent),\nthen the nlink of the first directory is first increm...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T12:16:28.453Z", "lastModified": "2026-05-13T21:03:37.953", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71292", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2025-71293", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu/ras: Move ras data alloc before bad page check\n\nIn the rare event if eeprom has only invalid address entries,\nallocation is skipped, this causes following NULL pointer issue\n[  547.103445] BUG: kernel NULL pointer derefe...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T12:16:28.583Z", "lastModified": "2026-05-13T20:55:15.357", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71293", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2025-71294", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix NULL pointer issue buffer funcs\n\nIf SDMA block not enabled, buffer_funcs will not initialize,\nfix the null pointer issue if buffer_funcs not initialized.", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T12:16:28.707Z", "lastModified": "2026-05-12T21:22:32.903", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71294", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2025-71295", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/buffer: add alert in try_to_free_buffers() for folios without buffers\n\ntry_to_free_buffers() can be called on folios with no buffers attached\nwhen filemap_release_folio() is invoked on a folio belonging to a mapping\nwith AS_RELE...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T12:16:28.820Z", "lastModified": "2026-05-12T21:21:32.197", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71295", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43122", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: processor: Update cpuidle driver check in __acpi_processor_start()\n\nCommit 7a8c994cbb2d (\"ACPI: processor: idle: Optimize ACPI idle\ndriver registration\") moved the ACPI idle driver registration to\nacpi_processor_driver_init()...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T12:16:29.067Z", "lastModified": "2026-05-12T21:17:44.983", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43122", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43123", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbcon: check return value of con2fb_acquire_newinfo()\n\nIf fbcon_open() fails when called from con2fb_acquire_newinfo() then\ninfo->fbcon_par pointer remains NULL which is later dereferenced.\n\nAdd check for return value of the functi...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T12:16:29.180Z", "lastModified": "2026-05-12T21:17:55.990", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43123", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43124", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\npstore: ram_core: fix incorrect success return when vmap() fails\n\nIn persistent_ram_vmap(), vmap() may return NULL on failure.\n\nIf offset is non-zero, adding offset_in_page(start) causes the function\nto return a non-NULL pointer ev...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T12:16:29.313Z", "lastModified": "2026-05-08T18:02:22.100", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43124", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43127", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nntfs3: fix circular locking dependency in run_unpack_ex\n\nSyzbot reported a circular locking dependency between wnd->rw_lock\n(sbi->used.bitmap) and ni->file.run_lock.\n\nThe deadlock scenario:\n1. ntfs_extend_mft() takes ni->file.run_l...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T12:16:29.727Z", "lastModified": "2026-05-08T17:54:46.340", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43127", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43129", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nima: verify the previous kernel's IMA buffer lies in addressable RAM\n\nPatch series \"Address page fault in ima_restore_measurement_list()\", v3.\n\nWhen the second-stage kernel is booted via kexec with a limiting command\nline such as \"...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T12:16:29.963Z", "lastModified": "2026-05-11T13:08:54.557", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43129", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43130", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/vt-d: Flush dev-IOTLB only when PCIe device is accessible in scalable mode\n\nCommit 4fc82cd907ac (\"iommu/vt-d: Don't issue ATS Invalidation\nrequest when device is disconnected\") relies on\npci_dev_is_disconnected() to skip ATS ...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T12:16:30.083Z", "lastModified": "2026-05-08T17:44:36.210", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43130", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43131", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: Fix null pointer dereference issue\n\nIf SMU is disabled, during RAS initialization,\nthere will be null pointer dereference issue here.", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T12:16:30.243Z", "lastModified": "2026-05-08T17:42:07.630", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43131", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43132", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm-verity: correctly handle dm_bufio_client_create() failure\n\nIf either of the calls to dm_bufio_client_create() in verity_fec_ctr()\nfails, then dm_bufio_client_destroy() is later called with an ERR_PTR()\nargument.  That causes a c...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T12:16:30.357Z", "lastModified": "2026-05-08T17:26:57.643", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43132", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43135", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: cx23885: Add missing unmap in snd_cx23885_hw_params()\n\nIn error path, add cx23885_alsa_dma_unmap() to release the\nresource acquired by cx23885_alsa_dma_map().", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T12:16:30.747Z", "lastModified": "2026-05-12T21:11:19.143", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43135", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43136", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: logitech-hidpp: Check maxfield in hidpp_get_report_length()\n\nDo not crash when a report has no fields.\n\nFake USB gadgets can send their own HID report descriptors and can define report\nstructures without valid fields.  This ca...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T12:16:30.880Z", "lastModified": "2026-05-12T21:14:20.437", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43136", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43137", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: SOF: Intel: hda: Fix NULL pointer dereference\n\nIf there's a mismatch between the DAI links in the machine driver and\nthe topology, it is possible that the playback/capture widget is not\nset, especially in the case of loopback...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T12:16:31.007Z", "lastModified": "2026-05-12T21:15:52.423", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43137", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43140", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: magicmouse: Do not crash on missing msc->input\n\nFake USB devices can send their own report descriptors for which the\ninput_mapping() hook does not get called.  In this case, msc->input stays NULL,\nleading to a crash at a later...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T12:16:31.370Z", "lastModified": "2026-05-13T20:56:43.210", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43140", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43142", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: iris: gen1: Destroy internal buffers after FW releases\n\nAfter the firmware releases internal buffers, the driver was not\ndestroying them. This left stale allocations that were no longer used,\nespecially across resolution cha...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T12:16:31.633Z", "lastModified": "2026-05-13T18:41:13.520", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43142", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43143", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmfd: core: Add locking around 'mfd_of_node_list'\n\nManipulating a list in the kernel isn't safe without some sort of\nmutual exclusion. Add a mutex any time we access / modify\n'mfd_of_node_list' to prevent possible crashes.", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T12:16:31.747Z", "lastModified": "2026-05-13T18:41:04.083", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43143", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43144", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: brcmfmac: Fix potential kernel oops when probe fails\n\nWhen probe of the sdio brcmfmac device fails for some reasons (i.e.\nmissing firmware), the sdiodev->bus is set to error instead of NULL, thus\nthe cleanup later in brcmf_sd...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T12:16:31.870Z", "lastModified": "2026-05-13T21:10:13.997", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43144", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43145", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nremoteproc: imx_rproc: Fix invalid loaded resource table detection\n\nimx_rproc_elf_find_loaded_rsc_table() may incorrectly report a loaded\nresource table even when the current firmware does not provide one.\n\nWhen the device tree con...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T12:16:31.983Z", "lastModified": "2026-05-13T21:10:02.407", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43145", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43146", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: iris: Add buffer to list only after successful allocation\n\nMove `list_add_tail()` to after `dma_alloc_attrs()` succeeds when creating\ninternal buffers. Previously, the buffer was enqueued in `buffers->list`\nbefore the DMA al...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T12:16:32.127Z", "lastModified": "2026-05-13T20:19:38.283", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43146", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43147", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nRevert \"PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV\"\n\nThis reverts commit 05703271c3cd (\"PCI/IOV: Add PCI rescan-remove locking\nwhen enabling/disabling SR-IOV\"), which causes a deadlock by recursively\ntaki...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T12:16:32.240Z", "lastModified": "2026-05-13T20:18:47.387", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43147", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43148", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/smp: Add check for kcalloc() failure in parse_thread_groups()\n\nAs kcalloc() may fail, check its return value to avoid a NULL pointer\ndereference when passing it to of_property_read_u32_array().", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T12:16:32.417Z", "lastModified": "2026-05-13T20:15:47.247", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43148", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43149", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: wan/fsl_ucc_hdlc: Fix dma_free_coherent() in uhdlc_memclean()\n\nThe priv->rx_buffer and priv->tx_buffer are alloc'd together as\ncontiguous buffers in uhdlc_init() but freed as two buffers in\nuhdlc_memclean().\n\nChange the cleanu...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T12:16:32.553Z", "lastModified": "2026-05-13T20:15:21.293", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43149", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43151", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nRevert \"media: iris: Add sanity check for stop streaming\"\n\nThis reverts commit ad699fa78b59241c9d71a8cafb51525f3dab04d4.\n\nRevert the check that skipped stop_streaming when the instance was in\nIRIS_INST_ERROR, as it caused multiple ...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T12:16:32.827Z", "lastModified": "2026-05-13T20:12:57.850", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43151", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43152", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: hid-pl: handle probe errors\n\nErrors in init must be reported back or we'll\nfollow a NULL pointer the first time FF is used.", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T12:16:32.943Z", "lastModified": "2026-05-13T20:12:10.063", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43152", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43154", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nerofs: fix incorrect early exits in volume label handling\n\nCrafted EROFS images containing valid volume labels can trigger\nincorrect early returns, leading to folio reference leaks.\n\nHowever, this does not cause system crashes or o...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T12:16:33.193Z", "lastModified": "2026-05-13T20:06:24.863", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43154", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43155", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmux: mmio: fix regmap leak on probe failure\n\nThe mmio regmap that may be allocated during probe is never freed.\n\nSwitch to using the device managed allocator so that the regmap is\nreleased on probe failures (e.g. probe deferral) an...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T12:16:33.310Z", "lastModified": "2026-05-13T21:09:24.813", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43155", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43156", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: pegasus: enable basic endpoint checking\n\npegasus_probe() fills URBs with hardcoded endpoint pipes without\nverifying the endpoint descriptors:\n\n  - usb_rcvbulkpipe(dev, 1) for RX data\n  - usb_sndbulkpipe(dev, 2) for TX dat...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T12:16:33.427Z", "lastModified": "2026-05-13T21:09:16.583", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43156", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43157", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteontx2-af: CGX: fix bitmap leaks\n\nThe RX/TX flow-control bitmaps (rx_fc_pfvf_bmap and tx_fc_pfvf_bmap)\nare allocated by cgx_lmac_init() but never freed in cgx_lmac_exit().\nUnbinding and rebinding the driver therefore triggers km...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T12:16:33.563Z", "lastModified": "2026-05-13T21:09:08.057", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43157", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43159", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: rtl8723bs: fix null dereference in find_network\n\nThe variable pwlan has the possibility of being NULL when passed into\nrtw_free_network_nolock() which would later dereference the variable.", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T12:16:33.853Z", "lastModified": "2026-05-13T21:20:28.190", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43159", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43160", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmfd: macsmc: Initialize mutex\n\nInitialize struct apple_smc's mutex in apple_smc_probe(). Using the\nmutex uninitialized surprisingly resulted only in occasional NULL\npointer dereferences in apple_smc_read() calls from the probe()\nfu...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T12:16:33.997Z", "lastModified": "2026-05-13T21:20:17.603", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43160", "is_exploited": false, "epss": 0, "vendor": "APPLE", "mts_score": 23.0}, {"id": "CVE-2026-43161", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/vt-d: Skip dev-iotlb flush for inaccessible PCIe device without scalable mode\n\nPCIe endpoints with ATS enabled and passed through to userspace\n(e.g., QEMU, DPDK) can hard-lock the host when their link drops,\neither by surpris...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T12:16:34.137Z", "lastModified": "2026-05-13T21:20:09.950", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43161", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43162", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: tegra-video: Fix memory leak in __tegra_channel_try_format()\n\nThe state object allocated by __v4l2_subdev_state_alloc() must be freed\nwith __v4l2_subdev_state_free() when it is no longer needed.\n\nIn __tegra_channel_try_forma...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T12:16:34.280Z", "lastModified": "2026-05-13T21:19:56.020", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43162", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43165", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (nct7363) Fix a resource leak in nct7363_present_pwm_fanin\n\nWhen calling of_parse_phandle_with_args(), the caller is responsible\nto call of_node_put() to release the reference of device node.\nIn nct7363_present_pwm_fanin, it...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T12:16:34.687Z", "lastModified": "2026-05-13T21:21:50.680", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43165", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43167", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: always flush state and policy upon NETDEV_UNREGISTER event\n\nsyzbot is reporting that \"struct xfrm_state\" refcount is leaking.\n\n  unregister_netdevice: waiting for netdevsim0 to become free. Usage count = 2\n  ref_tracker: netd...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T12:16:34.913Z", "lastModified": "2026-05-13T14:50:02.110", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43167", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43168", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: fix reflink preserve cleanup issue\n\ncommit c06c303832ec (\"ocfs2: fix xattr array entry __counted_by error\")\ndoesn't handle all cases and the cleanup job for preserved xattr entries\nstill has bug:\n- the 'last' pointer should ...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T12:16:35.060Z", "lastModified": "2026-05-13T14:51:05.960", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43168", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43169", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/buddy: Prevent BUG_ON by validating rounded allocation\n\nWhen DRM_BUDDY_CONTIGUOUS_ALLOCATION is set, the requested size is\nrounded up to the next power-of-two via roundup_pow_of_two().\nSimilarly, for non-contiguous allocations ...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T12:16:35.197Z", "lastModified": "2026-05-13T14:51:48.950", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43169", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43170", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: dwc3: gadget: Move vbus draw to workqueue context\n\nCurrently dwc3_gadget_vbus_draw() can be called from atomic\ncontext, which in turn invokes power-supply-core APIs. And\nsome these PMIC APIs have operations that may sleep, lea...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T12:16:35.320Z", "lastModified": "2026-05-13T14:52:52.250", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43170", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43171", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nEFI/CPER: don't dump the entire memory region\n\nThe current logic at cper_print_fw_err() doesn't check if the\nerror record length is big enough to handle offset. On a bad firmware,\nif the ofset is above the actual record, length -= ...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T12:16:35.447Z", "lastModified": "2026-05-13T14:55:22.277", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43171", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43173", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ethernet: xscale: Check for PTP support properly\n\nIn ixp4xx_get_ts_info() ixp46x_ptp_find() is called\nunconditionally despite this feature only existing on\nixp46x, leading to the following splat from tcpdump:\n\nroot@OpenWrt:~# ...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T12:16:35.707Z", "lastModified": "2026-05-12T20:01:45.853", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43173", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43174", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/zcrx: fix post open error handling\n\nClosing a queue doesn't guarantee that all associated page pools are\nterminated right away, let the refcounting do the work instead of\nreleasing the zcrx ctx directly.", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T12:16:35.850Z", "lastModified": "2026-05-12T20:01:34.590", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43174", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43175", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: rs9: Reserve 8 struct clk_hw slots for for 9FGV0841\n\nThe 9FGV0841 has 8 outputs and registers 8 struct clk_hw, make sure\nthere are 8 slots for those newly registered clk_hw pointers, else\nthere is going to be out of bounds wri...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T12:16:35.967Z", "lastModified": "2026-05-12T20:01:25.497", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43175", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43177", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: ipu6: Fix RPM reference leak in probe error paths\n\nSeveral error paths in ipu6_pci_probe() were jumping directly to\nout_ipu6_bus_del_devices without releasing the runtime PM reference.\nAdd pm_runtime_put_sync() before cleani...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T12:16:36.190Z", "lastModified": "2026-05-12T19:54:16.280", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43177", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43179", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nerofs: fix incorrect early exits for invalid metabox-enabled images\n\nCrafted EROFS images with metadata compression enabled can trigger\nincorrect early returns, leading to folio reference leaks.\n\nHowever, this does not cause system...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T12:16:36.417Z", "lastModified": "2026-05-12T19:48:29.533", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43179", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43181", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: sysfs: fix chip removal with GPIOs exported over sysfs\n\nCurrently if we export a GPIO over sysfs and unbind the parent GPIO\ncontroller, the exported attribute will remain under /sys/class/gpio\nbecause once we remove the paren...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T12:16:36.670Z", "lastModified": "2026-05-11T20:53:27.147", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43181", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43182", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: ccs: Avoid possible division by zero\n\nCalculating maximum M for scaler configuration involves dividing by\nMIN_X_OUTPUT_SIZE limit register's value. Albeit the value is presumably\nnon-zero, the driver was missing the check it...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T12:16:36.787Z", "lastModified": "2026-05-11T20:53:18.160", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43182", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43183", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: cx25821: Fix a resource leak in cx25821_dev_setup()\n\nAdd release_mem_region() if ioremap() fails to release the memory\nregion obtained by cx25821_get_resources().", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T12:16:36.920Z", "lastModified": "2026-05-11T20:55:02.073", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43183", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43188", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nceph: do not propagate page array emplacement errors as batch errors\n\nWhen fscrypt is enabled, move_dirty_folio_in_page_array() may fail\nbecause it needs to allocate bounce buffers to store the encrypted\nversions of each folio. Eac...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T12:16:37.600Z", "lastModified": "2026-05-11T20:38:38.500", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43188", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43189", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: v4l2-async: Fix error handling on steps after finding a match\n\nOnce an async connection is found to be matching with an fwnode, a\nsub-device may be registered (in case it wasn't already), its bound\noperation is called, ancil...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T12:16:37.723Z", "lastModified": "2026-05-11T20:47:45.730", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43189", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43191", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Adjust PHY FSM transition to TX_EN-to-PLL_ON for TMDS on DCN35\n\n[Why]\nA backport of the change made for DCN401 that addresses an issue where\nwe turn off the PHY PLL when disabling TMDS output, which causes the\nOTG ...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T12:16:37.970Z", "lastModified": "2026-05-11T20:51:38.467", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43191", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43192", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm mpath: Add missing dm_put_device when failing to get scsi dh name\n\nWhen commit fd81bc5cca8f (\"scsi: device_handler: Return error pointer in\nscsi_dh_attached_handler_name()\") added code to fail parsing the path if\nscsi_dh_attache...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T12:16:38.083Z", "lastModified": "2026-05-11T20:36:39.877", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43192", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43193", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: fix nfs4_file refcount leak in nfsd_get_dir_deleg()\n\nClaude pointed out that there is a nfs4_file refcount leak in\nnfsd_get_dir_deleg(). Ensure that the reference to \"fp\" is released\nbefore returning.", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T12:16:38.197Z", "lastModified": "2026-05-11T20:36:27.623", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43193", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43195", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: validate user queue size constraints\n\nAdd validation to ensure user queue sizes meet hardware requirements:\n- Size must be a power of two for efficient ring buffer wrapping\n- Size must be at least AMDGPU_GPU_PAGE_SIZE t...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T12:16:38.487Z", "lastModified": "2026-05-11T20:21:56.267", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43195", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43200", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: endpoint: Fix swapped parameters in pci_{primary/secondary}_epc_epf_unlink() functions\n\nstruct configfs_item_operations callbacks are defined like the following:\n\n  int (*allow_link)(struct config_item *src, struct config_item...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T12:16:39.090Z", "lastModified": "2026-05-11T20:10:53.497", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43200", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43201", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nAPEI/GHES: ARM processor Error: don't go past allocated memory\n\nIf the BIOS generates a very small ARM Processor Error, or\nan incomplete one, the current logic will fail to deferrence\n\n\terr->section_length\nand\n\tctx_info->size\n\nAdd ...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T12:16:39.223Z", "lastModified": "2026-05-11T20:20:33.693", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43201", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43202", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: vt8500lcdfb: fix missing dma_free_coherent()\n\nfbi->fb.screen_buffer is allocated with dma_alloc_coherent() but is not\nfreed if the error path is reached.", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T12:16:39.347Z", "lastModified": "2026-05-11T20:10:35.477", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43202", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43204", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: qcom: q6asm: drop DSP responses for closed data streams\n\n'Commit a354f030dbce (\"ASoC: qcom: q6asm: handle the responses\nafter closing\")' attempted to ignore DSP responses arriving\nafter a stream had been closed.\n\nHowever, tho...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T12:16:39.623Z", "lastModified": "2026-05-11T20:06:22.667", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43204", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43209", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nminix: Add required sanity checking to minix_check_superblock()\n\nThe fs/minix implementation of the minix filesystem does not currently\nsupport any other value for s_log_zone_size than 0. This is also the\nonly value supported in ut...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T12:16:40.283Z", "lastModified": "2026-05-11T20:04:07.517", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43209", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43210", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: ring-buffer: Fix to check event length before using\n\nCheck the event length before adding it for accessing next index in\nrb_read_data_buffer(). Since this function is used for validating\npossibly broken ring buffers, the l...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T12:16:40.417Z", "lastModified": "2026-05-11T19:58:20.160", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43210", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43216", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: Drop the lock in skb_may_tx_timestamp()\n\nskb_may_tx_timestamp() may acquire sock::sk_callback_lock. The lock must\nnot be taken in IRQ context, only softirq is okay. A few drivers receive\nthe timestamp via a dedicated interrupt...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T12:16:41.190Z", "lastModified": "2026-05-11T19:28:01.940", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43216", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43217", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: iris: gen2: Add sanity check for session stop\n\nIn iris_kill_session, inst->state is set to IRIS_INST_ERROR and\nsession_close is executed, which will kfree(inst_hfi_gen2->packet).\nIf stop_streaming is called afterward, it wil...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T12:16:41.300Z", "lastModified": "2026-05-11T19:27:49.807", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43217", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43218", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: i2c/tw9903: Fix potential memory leak in tw9903_probe()\n\nIn one of the error paths in tw9903_probe(), the memory allocated in\nv4l2_ctrl_handler_init() and v4l2_ctrl_new_std() is not freed. Fix that\nby calling v4l2_ctrl_handl...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T12:16:41.413Z", "lastModified": "2026-05-11T19:27:37.530", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43218", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43219", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: cpsw_new: Fix potential unregister of netdev that has not been registered yet\n\nIf an error occurs during register_netdev() for the first MAC in\ncpsw_register_ports(), even though cpsw->slaves[0].ndev is set to NULL,\ncpsw->slav...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T12:16:41.543Z", "lastModified": "2026-05-12T19:12:37.900", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43219", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43220", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/amd: serialize sequence allocation under concurrent TLB invalidations\n\nWith concurrent TLB invalidations, completion wait randomly gets timed out\nbecause cmd_sem_val was incremented outside the IOMMU spinlock, allowing\nCMD_CO...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T12:16:41.660Z", "lastModified": "2026-05-14T15:16:47.237", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43220", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43221", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nipmi: ipmb: initialise event handler read bytes\n\nIPMB doesn't use i2c reads, but the handler needs to set a value.\nOtherwise an i2c read will return an uninitialised value from the bus\ndriver.", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T12:16:41.780Z", "lastModified": "2026-05-12T19:09:12.717", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43221", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43223", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: pvrusb2: fix URB leak in pvr2_send_request_ex\n\nWhen pvr2_send_request_ex() submits a write URB successfully but fails to\nsubmit the read URB (e.g. returns -ENOMEM), it returns immediately without\nwaiting for the write URB to...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T12:16:42.020Z", "lastModified": "2026-05-08T21:14:54.480", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43223", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43224", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/zcrx: fix sgtable leak on mapping failures\n\nIn an unlikely case when io_populate_area_dma() fails, which could only\nhappen on a PAGE_POOL_32BIT_ARCH_WITH_64BIT_DMA machine,\nio_zcrx_map_area() will have an initialised and n...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T12:16:42.153Z", "lastModified": "2026-05-08T21:13:21.063", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43224", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43225", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: rtl8723bs: fix memory leak on failure path\n\ncfg80211_inform_bss_frame() may return NULL on failure. In that case,\nthe allocated buffer 'buf' is not freed and the function returns early,\nleading to potential memory leak.\nFi...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T12:16:42.270Z", "lastModified": "2026-05-08T21:22:38.057", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43225", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43227", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nclocksource/drivers/sh_tmu: Always leave device running after probe\n\nThe TMU device can be used as both a clocksource and a clockevent\nprovider. The driver tries to be smart and power itself on and off, as\nwell as enabling and disa...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T12:16:42.537Z", "lastModified": "2026-05-08T21:11:53.367", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43227", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43228", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfs: Replace BUG_ON with error handling for CNID count checks\n\nIn a06ec283e125 next_id, folder_count, and file_count in the super block\ninfo were expanded to 64 bits, and BUG_ONs were added to detect\noverflow. This triggered an err...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T12:16:42.710Z", "lastModified": "2026-05-08T21:16:13.633", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43228", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43229", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: chips-media: wave5: Fix device cleanup order to prevent kernel panic\n\nMove video device unregistration to the beginning of the remove function\nto ensure all video operations are stopped before cleaning up the worker\nthread a...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T12:16:42.830Z", "lastModified": "2026-05-08T21:08:53.743", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43229", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43231", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: radio-keene: fix memory leak in error path\n\nFix a memory leak in usb_keene_probe(). The v4l2 control handler is\ninitialized and controls are added, but if v4l2_device_register() or\nvideo_register_device() fails afterward, th...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T12:16:43.083Z", "lastModified": "2026-05-08T21:09:10.137", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43231", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43234", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nteam: avoid NETDEV_CHANGEMTU event when unregistering slave\n\nsyzbot is reporting\n\n  unregister_netdevice: waiting for netdevsim0 to become free. Usage count = 3\n  ref_tracker: netdev@ffff88807dcf8618 has 1/2 users at\n       __netde...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T12:16:43.570Z", "lastModified": "2026-05-12T19:02:56.147", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43234", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43235", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: iris: Add missing platform data entries for SM8750\n\nTwo platform-data fields for SM8750 were missed:\n\n  - get_vpu_buffer_size = iris_vpu33_buf_size\n    Without this, the driver fails to allocate the required internal\n    buf...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T12:16:43.693Z", "lastModified": "2026-05-12T19:02:14.483", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43235", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43238", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: act_skbedit: fix divide-by-zero in tcf_skbedit_hash()\n\nCommit 38a6f0865796 (\"net: sched: support hash selecting tx queue\")\nadded SKBEDIT_F_TXQ_SKBHASH support. The inclusive range size is\ncomputed as:\n\nmapping_mod = queu...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T12:16:44.093Z", "lastModified": "2026-05-12T18:54:31.840", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43238", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43240", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/kexec: add a sanity check on previous kernel's ima kexec buffer\n\nWhen the second-stage kernel is booted via kexec with a limiting command\nline such as \"mem=<size>\", the physical range that contains the carried\nover IMA measurem...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T12:16:44.330Z", "lastModified": "2026-05-11T14:27:36.347", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43240", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43242", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: ti: k3-socinfo: Fix regmap leak on probe failure\n\nThe mmio regmap allocated during probe is never freed.\n\nSwitch to using the device managed allocator so that the regmap is\nreleased on probe failures (e.g. probe deferral) and ...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T12:16:44.590Z", "lastModified": "2026-05-11T14:22:05.640", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43242", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43243", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add signal type check for dcn401 get_phyd32clk_src\n\nTrying to access link enc on a dpia link will cause a crash otherwise", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T12:16:44.720Z", "lastModified": "2026-05-11T14:16:58.187", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43243", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43244", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nkcm: fix zero-frag skb in frag_list on partial sendmsg error\n\nSyzkaller reported a warning in kcm_write_msgs() when processing a\nmessage with a zero-fragment skb in the frag_list.\n\nWhen kcm_sendmsg() fills MAX_SKB_FRAGS fragments i...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T12:16:44.873Z", "lastModified": "2026-05-11T14:12:18.633", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43244", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43246", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: i2c/tw9906: Fix potential memory leak in tw9906_probe()\n\nIn one of the error paths in tw9906_probe(), the memory allocated in\nv4l2_ctrl_handler_init() and v4l2_ctrl_new_std() is not freed. Fix that\nby calling v4l2_ctrl_handl...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T12:16:45.103Z", "lastModified": "2026-05-11T13:32:06.267", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43246", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43247", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: chips-media: wave5: Fix SError of kernel panic when closed\n\nSError of kernel panic rarely happened while testing fluster.\nThe root cause was to enter suspend mode because timeout of autosuspend\ndelay happened.\n\n[   48.834439...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T12:16:45.237Z", "lastModified": "2026-05-11T13:28:31.730", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43247", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43251", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: prodikeys: Check presence of pm->input_ep82\n\nFake USB devices can send their own report descriptors for which the\ninput_mapping() hook does not get called.  In this case, pm->input_ep82 stays\nNULL, which leads to a crash later...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T12:16:45.740Z", "lastModified": "2026-05-11T18:51:22.587", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43251", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43252", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: in-kernel: always set ID as avail when rm endp\n\nSyzkaller managed to find a combination of actions that was generating\nthis warning:\n\n  WARNING: net/mptcp/pm_kernel.c:1074 at __mark_subflow_endp_available net/mptcp/pm_ke...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T12:16:45.873Z", "lastModified": "2026-05-11T18:49:20.270", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43252", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43255", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: libertas: fix WARNING in usb_tx_block\n\nThe function usb_tx_block() submits cardp->tx_urb without ensuring that\nany previous transmission on this URB has completed. If a second call\noccurs while the URB is still active (e.g. d...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T12:16:46.263Z", "lastModified": "2026-05-11T18:18:36.687", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43255", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43257", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: cx88: Add missing unmap in snd_cx88_hw_params()\n\nIn error path, add cx88_alsa_dma_unmap() to release\nresource acquired by cx88_alsa_dma_map().", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T12:16:46.520Z", "lastModified": "2026-05-11T18:16:01.917", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43257", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43259", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nphy: fsl-imx8mq-usb: set platform driver data\n\nAdd missing platform_set_drvdata() as the data will be used in remove().", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T12:16:46.777Z", "lastModified": "2026-05-08T20:31:42.360", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43259", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43261", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: Add support for TSV110 Spectre-BHB mitigation\n\nThe TSV110 processor is vulnerable to the Spectre-BHB (Branch History\nBuffer) attack, which can be exploited to leak information through\nbranch prediction side channels. This co...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T12:16:47.003Z", "lastModified": "2026-05-08T20:37:34.800", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43261", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43262", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ngfs2: fiemap page fault fix\n\nIn gfs2_fiemap(), we are calling iomap_fiemap() while holding the inode\nglock.  This can lead to recursive glock taking if the fiemap buffer is\nmemory mapped to the same inode and accessing it triggers ...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T12:16:47.133Z", "lastModified": "2026-05-08T20:41:51.240", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43262", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43264", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: of: display_timing: fix refcount leak in of_get_display_timings()\n\nof_parse_phandle() returns a device_node with refcount incremented,\nwhich is stored in 'entry' and then copied to 'native_mode'. When the\nerror paths at line...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T12:16:47.373Z", "lastModified": "2026-05-08T20:33:27.567", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43264", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43265", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86: Ignore -EBUSY when checking nested events from vcpu_block()\n\nIgnore -EBUSY when checking nested events after exiting a blocking state\nwhile L2 is active, as exiting to userspace will generate a spurious\nuserspace exit, us...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T12:16:47.510Z", "lastModified": "2026-05-08T20:33:43.293", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43265", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43266", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nEFI/CPER: don't go past the ARM processor CPER record buffer\n\nThere's a logic inside GHES/CPER to detect if the section_length\nis too small, but it doesn't detect if it is too big.\n\nCurrently, if the firmware receives an ARM proces...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T12:16:47.647Z", "lastModified": "2026-05-08T20:46:52.477", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43266", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43267", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw89: fix potential zero beacon interval in beacon tracking\n\nDuring fuzz testing, it was discovered that bss_conf->beacon_int\nmight be zero, which could result in a division by zero error in\nsubsequent calculations. Set a de...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T12:16:47.810Z", "lastModified": "2026-05-08T21:03:42.570", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43267", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43268", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfsplus: pretend special inodes as regular files\n\nSince commit af153bb63a33 (\"vfs: catch invalid modes in may_open()\")\nrequires any inode be one of S_IFDIR/S_IFLNK/S_IFREG/S_IFCHR/S_IFBLK/\nS_IFIFO/S_IFSOCK type, use S_IFREG for spe...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T12:16:47.930Z", "lastModified": "2026-05-08T21:02:20.383", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43268", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43269", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/atmel-hlcdc: fix memory leak from the atomic_destroy_state callback\n\nAfter several commits, the slab memory increases. Some drm_crtc_commit\nobjects are not freed. The atomic_destroy_state callback only put the\nframebuffer. Use ...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T12:16:48.053Z", "lastModified": "2026-05-08T19:40:49.737", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43269", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43270", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: mtk-mdp: Fix a reference leak bug in mtk_mdp_remove()\n\nIn mtk_mdp_probe(), vpu_get_plat_device() increases the reference\ncount of the returned platform device. Add platform_device_put()\nto prevent reference leak.", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T12:16:48.190Z", "lastModified": "2026-05-08T20:00:20.540", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43270", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43271", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd-cluster: fix NULL pointer dereference in process_metadata_update\n\nThe function process_metadata_update() blindly dereferences the 'thread'\npointer (acquired via rcu_dereference_protected) within the wait_event()\nmacro.\n\nWhile th...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T12:16:48.313Z", "lastModified": "2026-05-08T20:00:00.693", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43271", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43272", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nring-buffer: Fix possible dereference of uninitialized pointer\n\nThere is a pointer head_page in rb_meta_validate_events() which is not\ninitialized at the beginning of a function. This pointer can be dereferenced\nif there is a failu...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T12:16:48.433Z", "lastModified": "2026-05-08T20:00:37.403", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43272", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43273", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nceph: supply snapshot context in ceph_zero_partial_object()\n\nThe ceph_zero_partial_object function was missing proper snapshot\ncontext for its OSD write operations, which could lead to data\ninconsistencies in snapshots.\n\nReproducer...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T12:16:48.543Z", "lastModified": "2026-05-08T20:01:19.023", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43273", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43277", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nAPEI/GHES: ensure that won't go past CPER allocated record\n\nThe logic at ghes_new() prevents allocating too large records, by\nchecking if they're bigger than GHES_ESTATUS_MAX_SIZE (currently, 64KB).\nYet, the allocation is done with...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T12:16:49.057Z", "lastModified": "2026-05-08T19:34:27.130", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43277", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-43282", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/ionic: Fix potential NULL pointer dereference in ionic_query_port\n\nThe function ionic_query_port() calls ib_device_get_netdev() without\nchecking the return value which could lead to NULL pointer dereference,\nFix it by checking...", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T12:16:49.703Z", "lastModified": "2026-05-08T19:09:00.997", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43282", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 23.0}, {"id": "CVE-2026-3291", "description": "Samsung Print Service Plugin for Android is potentially vulnerable to information disclosure when using an outdated version of the application via mobile devices. HP is releasing updates to mitigate these potential vulnerabilities.", "score": 5.5, "severity": "MEDIUM", "published": "2026-05-06T22:16:25.367Z", "lastModified": "2026-05-11T14:43:00.500", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3291", "is_exploited": false, "epss": 0, "vendor": "ANDROID", "mts_score": 23.0}, {"id": "CVE-2026-45362", "description": "Sangoma Switchvox before 8.4 places cleartext SIP authentication credentials in a backup file.", "score": 3.2, "severity": "LOW", "published": "2026-05-12T01:16:47.017Z", "lastModified": "2026-05-13T15:46:19.993", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45362", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 22.8}, {"id": "CVE-2026-44220", "description": "ciguard is a static security auditor for CI/CD pipelines. From 0.8.0 to 0.8.1 , the discover_pipeline_files() function in src/ciguard/discovery.py walks a directory tree following symlinks, with cycle protection via tracking visited resolved paths. An attacker who can plant a symlink in a directory ...", "score": 3.2, "severity": "LOW", "published": "2026-05-12T20:16:42.893Z", "lastModified": "2026-05-13T17:02:28.447", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44220", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 22.8}, {"id": "CVE-2026-1493", "description": "LEX Baza Dokument\u00f3w is vulnerable to DOM-based XSS in \"em\"\u00a0cookie parameter.\u00a0The application unsafely\nprocesses the parameter on the client side, allowing an attacker to execute arbitrary\nJavaScript in the context of the victim's browser.\nAn attacker with ability to set a cookie can perform a more s...", "score": 5.4, "severity": "MEDIUM", "published": "2026-04-30T12:16:23.120Z", "lastModified": "2026-05-05T00:30:17.043", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1493", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 22.6}, {"id": "CVE-2026-7500", "description": "When Keycloak is started with `--features-disabled=account,account-api`, the Account REST API is only partially disabled. Five endpoints under the versioned path `/account/v1alpha1` remain fully functional \u2014 including both read and write operations \u2014 because they lack the `checkAccountApiEnabled()` ...", "score": 5.4, "severity": "MEDIUM", "published": "2026-04-30T15:16:23.673Z", "lastModified": "2026-05-05T03:00:08.177", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7500", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 22.6}, {"id": "CVE-2026-36756", "description": "A Server-Side Request Forgery (SSRF) in the /plugins/-/install-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request.", "score": 5.4, "severity": "MEDIUM", "published": "2026-04-30T16:16:42.280Z", "lastModified": "2026-04-30T18:16:28.307", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-36756", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 22.6}, {"id": "CVE-2026-36766", "description": "Multiple authenticated cross-site scripting (XSS) vulnerabilities in the XssHttpServletRequestWrapper class of shopizer v3.2.5 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the getInputStream() or getReader() functions.", "score": 5.4, "severity": "MEDIUM", "published": "2026-04-30T18:16:29.830Z", "lastModified": "2026-04-30T19:16:09.377", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-36766", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 22.6}, {"id": "CVE-2026-7502", "description": "A security vulnerability has been detected in LinkStackOrg LinkStack up to 4.8.6. The affected element is the function saveLink of the file app/Http/Controllers/UserController.php of the component Management Endpoint. The manipulation leads to authorization bypass. The attack can be initiated remote...", "score": 5.4, "severity": "MEDIUM", "published": "2026-04-30T22:16:26.710Z", "lastModified": "2026-05-01T15:26:24.553", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7502", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 22.6}, {"id": "CVE-2026-40201", "description": "@diplodoc/search-extension 1.0.0 through 3.x before 3.0.3 allows stored XSS via the title in a .md file.", "score": 5.4, "severity": "MEDIUM", "published": "2026-05-01T09:16:16.810Z", "lastModified": "2026-05-05T02:16:03.690", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40201", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 22.6}, {"id": "CVE-2026-6446", "description": "The My Social Feeds \u2013 Social Feeds Embedder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to and including 1.0.4 via the 'ttp_get_accounts' AJAX action. This is due to the complete absence of authorization checks (no capability verification) and nonce verifi...", "score": 5.4, "severity": "MEDIUM", "published": "2026-05-02T05:16:01.093Z", "lastModified": "2026-05-05T19:17:22.860", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6446", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 22.6}, {"id": "CVE-2026-5077", "description": "The Total theme for WordPress is vulnerable to Stored Cross-Site Scripting via post titles in versions up to, and including, 2.2.1 due to insufficient output escaping when rendering the_title() inside HTML attribute context in the home blog section template. This makes it possible for authenticated ...", "score": 5.4, "severity": "MEDIUM", "published": "2026-05-02T10:16:17.990Z", "lastModified": "2026-05-05T19:17:22.860", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5077", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 22.6}, {"id": "CVE-2026-4790", "description": "The Premium Addons for Elementor \u2013 Powerful Elementor Templates & Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'custom_svg' parameter in versions up to, and including, 4.11.70 due to insufficient input sanitization and output escaping. This makes it possible for ...", "score": 5.4, "severity": "MEDIUM", "published": "2026-05-02T12:16:16.613Z", "lastModified": "2026-05-05T19:15:34.330", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4790", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 22.6}, {"id": "CVE-2026-7631", "description": "A vulnerability was found in code-projects Online Hospital Management System 1.0. The impacted element is an unknown function of the component Registration Handler. The manipulation of the argument Username results in improper authorization. The attack can be executed remotely. The exploit has been ...", "score": 5.4, "severity": "MEDIUM", "published": "2026-05-02T14:16:18.337Z", "lastModified": "2026-05-05T19:15:06.200", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7631", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 22.6}, {"id": "CVE-2026-27693", "description": "Traccar is an open source GPS tracking system. In org.traccar:traccar versions starting at 6.11.1 before 6.13.0, the KML and GPX export functionality writes device names to XML output without proper escaping. An attacker with low privileges can create a device with a crafted name that injects XML co...", "score": 5.4, "severity": "MEDIUM", "published": "2026-05-05T13:16:28.367Z", "lastModified": "2026-05-08T20:04:19.057", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27693", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 22.6}, {"id": "CVE-2026-27694", "description": "Traccar is an open source GPS tracking system. In org.traccar:traccar versions starting at 6.11.1 before 6.13.0, the email notification templates insert user-controlled device, geofence, and driver names into HTML email output without proper escaping. An attacker with low privileges can store crafte...", "score": 5.4, "severity": "MEDIUM", "published": "2026-05-05T13:16:28.513Z", "lastModified": "2026-05-08T20:03:41.007", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27694", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 22.6}, {"id": "CVE-2026-31835", "description": "Vaultwarden is a Bitwarden-compatible server written in Rust. In versions 1.35.4 and earlier, the WebAuthn authentication flow in `validate_webauthn_login()` updates persistent credential metadata (1backup_eligible1 and 1backup_state flags1) based on unverified `authenticatorData` before signature v...", "score": 5.4, "severity": "MEDIUM", "published": "2026-05-05T19:16:21.733Z", "lastModified": "2026-05-11T16:59:34.180", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31835", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 22.6}, {"id": "CVE-2026-35453", "description": "PhpSpreadsheet is a library for reading and writing spreadsheet files. In versions 1.30.3 and earlier, 2.0.0 through 2.1.15, 2.2.0 through 2.4.4, 3.3.0 through 3.10.4, and 4.0.0 through 5.6.0, the HTML Writer skips htmlspecialchars() output escaping when a cell uses a custom number format containing...", "score": 5.4, "severity": "MEDIUM", "published": "2026-05-05T20:16:38.367Z", "lastModified": "2026-05-08T17:08:50.897", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35453", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 22.6}, {"id": "CVE-2026-36358", "description": "Cross Site Scripting vulnerability in Juzaweb CMS v.5.0.0 allows a remote attacker via execute arbitrary code via a crafted script to the Add Banner Ads function", "score": 5.4, "severity": "MEDIUM", "published": "2026-05-06T14:16:19.583Z", "lastModified": "2026-05-07T15:53:11.027", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-36358", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 22.6}, {"id": "CVE-2026-20219", "description": "A vulnerability in the REST API of Cisco Slido could have allowed an authenticated, remote attacker to access the social profile data of other users or affect quiz and poll results. Cisco has addressed this vulnerability in Cisco Slido and no customer action is needed.\r\n\r This vulnerability existed ...", "score": 5.4, "severity": "MEDIUM", "published": "2026-05-06T17:16:21.760Z", "lastModified": "2026-05-06T18:59:53.230", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20219", "is_exploited": false, "epss": 0, "vendor": "CISCO", "mts_score": 22.6}, {"id": "CVE-2026-7931", "description": "Insufficient validation of untrusted input in iOS in Google Chrome on iOS prior to 148.0.7778.96 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)", "score": 5.4, "severity": "MEDIUM", "published": "2026-05-06T19:16:41.443Z", "lastModified": "2026-05-06T23:36:43.060", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7931", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 22.6}, {"id": "CVE-2026-7935", "description": "Inappropriate implementation in Speech in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)", "score": 5.4, "severity": "MEDIUM", "published": "2026-05-06T19:16:41.840Z", "lastModified": "2026-05-06T23:34:33.197", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7935", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 22.6}, {"id": "CVE-2026-7939", "description": "Inappropriate implementation in SanitizerAPI in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: Medium)", "score": 5.4, "severity": "MEDIUM", "published": "2026-05-06T19:16:42.237Z", "lastModified": "2026-05-06T23:33:57.270", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7939", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 22.6}, {"id": "CVE-2026-7950", "description": "Out of bounds read and write in GFX in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform arbitrary read/write via malicious network traffic. (Chromium security severity: Medium)", "score": 5.4, "severity": "MEDIUM", "published": "2026-05-06T19:16:43.317Z", "lastModified": "2026-05-07T02:09:44.507", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7950", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 22.6}, {"id": "CVE-2026-7958", "description": "Inappropriate implementation in ServiceWorker in Google Chrome prior to 148.0.7778.96 allowed an attacker who convinced a user to install a malicious extension to inject arbitrary scripts or HTML (UXSS) via a crafted Chrome Extension. (Chromium security severity: Medium)", "score": 5.4, "severity": "MEDIUM", "published": "2026-05-06T19:16:45.693Z", "lastModified": "2026-05-07T02:05:24.340", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7958", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 22.6}, {"id": "CVE-2026-7962", "description": "Insufficient policy enforcement in DirectSockets in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform arbitrary read/write via a crafted Chrome Extension. (Chromium security severity: Medium)", "score": 5.4, "severity": "MEDIUM", "published": "2026-05-06T19:16:46.290Z", "lastModified": "2026-05-07T02:02:56.917", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7962", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 22.6}, {"id": "CVE-2026-7998", "description": "Insufficient validation of untrusted input in Dialog in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)", "score": 5.4, "severity": "MEDIUM", "published": "2026-05-06T19:16:50.720Z", "lastModified": "2026-05-07T13:40:01.117", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7998", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 22.6}, {"id": "CVE-2026-8003", "description": "Insufficient validation of untrusted input in TabGroups in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform UI spoofing via malicious network traffic. (Chromium security severity: Low)", "score": 5.4, "severity": "MEDIUM", "published": "2026-05-06T19:16:51.290Z", "lastModified": "2026-05-07T14:00:54.447", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8003", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 22.6}, {"id": "CVE-2026-8006", "description": "Insufficient policy enforcement in DevTools in Google Chrome prior to 148.0.7778.96 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low)", "score": 5.4, "severity": "MEDIUM", "published": "2026-05-06T19:16:51.580Z", "lastModified": "2026-05-07T15:17:48.737", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8006", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 22.6}, {"id": "CVE-2026-8008", "description": "Inappropriate implementation in DevTools in Google Chrome prior to 148.0.7778.96 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low)", "score": 5.4, "severity": "MEDIUM", "published": "2026-05-06T19:16:51.773Z", "lastModified": "2026-05-07T15:17:23.163", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8008", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 22.6}, {"id": "CVE-2026-8012", "description": "Inappropriate implementation in MHTML in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: Low)", "score": 5.4, "severity": "MEDIUM", "published": "2026-05-06T19:16:52.160Z", "lastModified": "2026-05-07T15:19:48.613", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8012", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 22.6}, {"id": "CVE-2026-8015", "description": "Inappropriate implementation in Media in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)", "score": 5.4, "severity": "MEDIUM", "published": "2026-05-06T19:16:52.450Z", "lastModified": "2026-05-07T15:30:17.050", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8015", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 22.6}, {"id": "CVE-2026-8019", "description": "Insufficient policy enforcement in WebApp in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)", "score": 5.4, "severity": "MEDIUM", "published": "2026-05-06T19:16:52.863Z", "lastModified": "2026-05-07T15:26:05.523", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8019", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 22.6}, {"id": "CVE-2026-40296", "description": "PhpSpreadsheet is a pure PHP library for reading and writing spreadsheet files. The HTML writer skips htmlspecialchars escaping when a cell's formatted value differs from the original value. When a cell has a custom number format containing the text placeholder @ along with any additional literal ch...", "score": 5.4, "severity": "MEDIUM", "published": "2026-05-06T22:16:25.510Z", "lastModified": "2026-05-11T14:42:03.367", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40296", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 22.6}, {"id": "CVE-2026-40020", "description": "Attacker can use the IMAP SETACL command to inject the anyone permission to user's dovecot-acl file even if imap_acl_allow_anyone=no. This causes folders to be spammed to all users. The impact is limited to being able to spam folders to other users, no unexpected access is gained. Install to fixed v...", "score": 3.1, "severity": "LOW", "published": "2026-05-12T14:17:03.687Z", "lastModified": "2026-05-12T15:08:22.857", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40020", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 22.4}, {"id": "CVE-2026-6498", "description": "The Five Star Restaurant Reservations plugin for WordPress is vulnerable to a payment bypass via PHP type juggling in versions up to, and including, 2.7.16 This is due to the valid_payment() function using a PHP loose comparison (==) between the attacker-controlled payment_id POST parameter and the ...", "score": 5.3, "severity": "MEDIUM", "published": "2026-04-30T10:16:02.327Z", "lastModified": "2026-04-30T14:52:54.847", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6498", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 22.2}, {"id": "CVE-2025-14688", "description": "IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic when certain configurations exist.", "score": 5.3, "severity": "MEDIUM", "published": "2026-04-30T22:16:24.093Z", "lastModified": "2026-05-01T17:52:29.293", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14688", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 22.2}, {"id": "CVE-2025-36180", "description": "IBM watsonx.data 2.2 through 2.3 IBM Lakehouse does not properly restrict communication between pods which could allow an attacker to transfer data between pods without restrictions.", "score": 5.3, "severity": "MEDIUM", "published": "2026-04-30T22:16:24.737Z", "lastModified": "2026-05-12T19:23:30.040", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-36180", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 22.2}, {"id": "CVE-2026-7536", "description": "A vulnerability was determined in Open5GS up to 2.7.7. This vulnerability affects the function bsf_sess_add_by_ip_address of the file /nbsf-management/v1/pcfBindings of the component BSF. Executing a manipulation of the argument ipv4Addr can lead to denial of service. The attack can be launched remo...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-01T02:16:04.347Z", "lastModified": "2026-05-01T15:26:24.553", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7536", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 22.2}, {"id": "CVE-2026-7580", "description": "A vulnerability was detected in Exiftool up to 13.53. Impacted is the function Process_mrld of the file lib/Image/ExifTool/GM.pm of the component JPEG/QuickTime/MOV/MP4. The manipulation of the argument -ee results in code injection. Attacking locally is a requirement. Upgrading to version 13.54 is ...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-01T12:16:17.257Z", "lastModified": "2026-05-01T15:26:24.553", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7580", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 22.2}, {"id": "CVE-2026-3143", "description": "The Total Upkeep \u2013 WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wp_ajax_cli_cancel' function in all versions up to, and including, 1.17.1. This makes it possible for unauth...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-01T14:16:22.190Z", "lastModified": "2026-05-01T15:26:24.553", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3143", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 22.2}, {"id": "CVE-2026-7582", "description": "A vulnerability was detected in AcademySoftwareFoundation OpenImageIO up to 3.2.0.1-dev. This vulnerability affects unknown code of the file src/dds.imageio/ddsinput.cpp of the component DDS Image Handler. The manipulation results in out-of-bounds write. The attack needs to be approached locally. Th...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-01T14:16:23.403Z", "lastModified": "2026-05-01T15:26:24.553", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7582", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 22.2}, {"id": "CVE-2026-43506", "description": "An issue was discovered in Prosody before 0.12.6 and 1.0.0 through 13.0.0 before 13.0.5. A Denial of Service can occur via memory exhaustion caused by memory leaks from unauthenticated connections.", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-01T15:16:52.820Z", "lastModified": "2026-05-01T17:09:39.790", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43506", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 22.2}, {"id": "CVE-2026-43507", "description": "An issue was discovered in Prosody before 0.12.6 and 1.0.0 through 13.0.0 before 13.0.5. A Denial of Service can occur via memory exhaustion caused by XML parsing resource amplification from unauthenticated connections.", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-01T15:16:52.990Z", "lastModified": "2026-05-01T17:09:17.600", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43507", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 22.2}, {"id": "CVE-2026-37504", "description": "Sensitive server_token exposed via GET parameter in V2Board thru 1.7.4. In app/Http/Controllers/Server/UniProxyController.php, the server authentication token is accepted via GET parameter transmission. The token appears in URLs such as /api/v1/server/UniProxy/user?token=SECRET, causing it to be rec...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-01T16:16:30.633Z", "lastModified": "2026-05-11T19:25:20.300", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-37504", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 22.2}, {"id": "CVE-2026-7588", "description": "A vulnerability was found in ggerve coding-standards-mcp. This issue affects the function get_style_guide/get_best_practices of the file server.py. The manipulation of the argument Language results in path traversal. It is possible to launch the attack remotely. The exploit has been made public and ...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-01T18:16:16.300Z", "lastModified": "2026-05-01T20:21:53.960", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7588", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 22.2}, {"id": "CVE-2026-7589", "description": "A vulnerability was determined in ghantakiran splunk-mcp-integration up to 0b86b09d5e5adf0433acd43c975951224613a1a6. Impacted is the function create_csv_export of the file services/csv-export-service/app/api/v1/endpoints/csv_export.py of the component CSV Export. This manipulation of the argument jo...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-01T19:16:33.423Z", "lastModified": "2026-05-01T20:21:53.960", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7589", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 22.2}, {"id": "CVE-2026-7638", "description": "The App Builder \u2013 Create Native Android & iOS Apps On The Flight plugin for WordPress is vulnerable to Insecure Direct Object Reference  in all versions up to and including 5.6.0. This is due to missing authorization validation in the `upload_avatar()` function, which accepts an attacker-controlled ...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-02T04:16:23.927Z", "lastModified": "2026-05-05T19:17:22.860", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7638", "is_exploited": false, "epss": 0, "vendor": "ANDROID", "mts_score": 22.2}, {"id": "CVE-2026-4650", "description": "The FundPress \u2013 WordPress Donation Plugin for WordPress is vulnerable to authorization bypass in versions up to and including 2.0.8. This is due to missing authorization and nonce verification in the donate_action_status() AJAX handler, which is registered to be accessible to unauthenticated users v...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-02T08:16:27.307Z", "lastModified": "2026-05-05T19:15:59.927", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4650", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 22.2}, {"id": "CVE-2026-6449", "description": "The Booking for Appointments and Events Calendar \u2013 Amelia plugin for WordPress is vulnerable to Improper Authorization in all versions up to, and including, 2.1.2. This is due to a logical short-circuit flaw in authorization logic that causes token validation to be entirely skipped when a booking ha...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-02T08:16:27.640Z", "lastModified": "2026-05-05T19:15:59.927", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6449", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 22.2}, {"id": "CVE-2026-4024", "description": "The Royal Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `wpr_update_form_action_meta` AJAX action in all versions up to, and including, 1.7.1056. The handler is registered on both `wp_ajax` and `wp_ajax_nopriv` h...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-02T09:16:22.270Z", "lastModified": "2026-05-05T19:19:23.900", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4024", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 22.2}, {"id": "CVE-2026-3504", "description": "The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.1 via the '/dokan/v1/stores/{id}/reviews' REST API endpoint. This is due to the 'prepare_reviews_for_response' method incl...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-02T14:16:17.847Z", "lastModified": "2026-05-05T19:15:06.200", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3504", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 22.2}, {"id": "CVE-2026-40561", "description": "Starlet versions through 0.31 for Perl allows HTTP Request Smuggling via Improper Header Precedence.\n\nStarlet incorrectly prioritizes \"Content-Length\" over \"Transfer-Encoding: chunked\" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence.\n\nAn a...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-03T01:15:58.390Z", "lastModified": "2026-05-07T17:15:58.750", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40561", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 22.2}, {"id": "CVE-2026-7686", "description": "A vulnerability was found in eyeo Adblock Plus up to 4.36.2 on Chrome. Affected by this vulnerability is the function postMessage of the file premium.preload.js of the component Legacy Premium Activation. Performing a manipulation results in improper access controls. Remote exploitation of the attac...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-03T08:16:01.073Z", "lastModified": "2026-05-05T19:13:44.530", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7686", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 22.2}, {"id": "CVE-2026-7702", "description": "A vulnerability was detected in toeverything AFFiNE up to 0.26.3. This issue affects the function allowDocPreview of the file /workspace/:workspaceId/:docId of the component Public Markdown Preview Endpoint. The manipulation results in authorization bypass. It is possible to launch the attack remote...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-03T16:15:57.937Z", "lastModified": "2026-05-05T19:11:29.130", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7702", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 22.2}, {"id": "CVE-2026-7722", "description": "A vulnerability was detected in PrefectHQ prefect up to 3.6.21. This impacts the function endswith of the file /api/health of the component Health Check API. Performing a manipulation results in improper authentication. The attack is possible to be carried out remotely. The exploit is now public and...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-04T03:16:12.967Z", "lastModified": "2026-05-04T22:16:19.803", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7722", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 22.2}, {"id": "CVE-2026-7734", "description": "A vulnerability has been found in osrg GoBGP up to 4.3.0. This impacts the function SRv6L3ServiceAttribute.DecodeFromBytes of the file pkg/packet/bgp/prefix_sid.go of the component SRv6 L3 Service. Such manipulation of the argument data leads to denial of service. The attack may be performed from re...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-04T06:16:02.197Z", "lastModified": "2026-05-06T20:26:55.097", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7734", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 22.2}, {"id": "CVE-2026-5335", "description": "The Magic Export & Import WordPress plugin before 1.2.0 stores exported CSV files at a publicly accessible location, making it possible for any visitors to leak sensitive user information.", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-04T07:16:01.343Z", "lastModified": "2026-05-04T15:23:19.800", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5335", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 22.2}, {"id": "CVE-2026-7737", "description": "A vulnerability was identified in osrg GoBGP up to 4.3.0. Affected by this issue is the function BMPPeerUpNotification.ParseBody/BMPStatisticsReport.ParseBody of the file pkg/packet/bmp/bmp.go of the component BMP Parser. The manipulation leads to out-of-bounds read. The attack can be initiated remo...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-04T07:16:01.700Z", "lastModified": "2026-05-06T20:27:58.080", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7737", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 22.2}, {"id": "CVE-2026-33857", "description": "Out-of-bounds Read vulnerability in mod_proxy_ajp of \n\nApache HTTP Server.\n\nThis issue affects Apache HTTP Server: through 2.4.66.\n\nUsers are recommended to upgrade to version 2.4.67, which fixes the issue.", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-04T14:16:33.253Z", "lastModified": "2026-05-04T20:26:20.463", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33857", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 22.2}, {"id": "CVE-2026-34032", "description": "Improper Null Termination, Out-of-bounds Read vulnerability in Apache HTTP Server.\n\nThis issue affects Apache HTTP Server: through 2.4.66.\n\nUsers are recommended to upgrade to version 2.4.67, which fixes the issue.", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-04T14:16:33.447Z", "lastModified": "2026-05-04T20:25:47.733", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34032", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 22.2}, {"id": "CVE-2026-33007", "description": "A NULL pointer dereference in the mod_authn_socache in Apache HTTP Server 2.4.66 and earlier allows an unauthenticated remote user to crash a child process in a caching forward proxy configuration.\n\nUsers are recommended to upgrade to version 2.4.67, which fixes this issue.", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-04T15:16:04.107Z", "lastModified": "2026-05-04T20:22:13.073", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33007", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 22.2}, {"id": "CVE-2026-41572", "description": "Note Mark is an open-source note-taking application. Prior to version 0.19.3, after a note-mark owner soft-deletes a public book, its notes and uploaded assets stay readable at /api/notes/{id}, /api/notes/{id}/content, the slug URL, and the asset endpoints. Unauthenticated callers who hold the note ...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-04T18:16:29.763Z", "lastModified": "2026-05-07T15:43:39.827", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41572", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 22.2}, {"id": "CVE-2026-44029", "description": "An issue was discovered in Nix before 2.34.7. Writing to arbitrary files can occur via \"nix-prefetch-url --unpack\" or \"nix store prefetch-file --unpack\" directory traversal. The fixed versions are 2.34.7, 2.33.6, 2.32.8, 2.31.5, 2.30.5, 2.29.4, and 2.28.7 (introduced in 2.24.7);", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-05T01:16:07.170Z", "lastModified": "2026-05-05T19:47:31.297", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44029", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 22.2}, {"id": "CVE-2026-2729", "description": "The Forminator plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.52.0. This is due to the plugin not properly verifying that a user is authorized to perform an action when processing attacker-supplied Stripe PaymentIntent identifiers in the public pay...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-05T07:15:59.960Z", "lastModified": "2026-05-05T19:08:20.090", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2729", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 22.2}, {"id": "CVE-2026-43868", "description": "Memory Allocation with Excessive Size Value vulnerability in Apache Thrift.\n\nThis issue affects Apache Thrift: before 0.23.0.\n\nUsers are recommended to upgrade to version 0.23.0, which fixes the issue.", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-05T09:16:04.123Z", "lastModified": "2026-05-06T18:05:16.190", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43868", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 22.2}, {"id": "CVE-2026-43572", "description": "OpenClaw versions 2026.4.10 before 2026.4.14 contain a missing authorization vulnerability in the Microsoft Teams SSO invoke handler that fails to apply sender allowlist checks. Attackers can bypass sender authorization by sending SSO invoke requests that are processed without proper validation, all...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-05T12:16:21.023Z", "lastModified": "2026-05-07T16:03:59.523", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43572", "is_exploited": false, "epss": 0, "vendor": "MICROSOFT", "mts_score": 22.2}, {"id": "CVE-2026-5766", "description": "An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14.\nASGI requests with a missing or understated `Content-Length` header can bypass the `FILE_UPLOAD_MAX_MEMORY_SIZE` limit, potentially loading large files into memory and causing service degradation.\r\n \r\nAs a reminder, Django expects a ...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-05T16:16:17.740Z", "lastModified": "2026-05-07T14:16:39.443", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5766", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 22.2}, {"id": "CVE-2026-43002", "description": "An issue was discovered in OpenStack Horizon 25.6 and 25.7 before 25.7.3. There is a write operation to the session storage backend before authentication and thus storage can be exhausted by unauthenticated requests. This is a regression of the CVE-2014-8124 fix.", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-05T17:17:04.920Z", "lastModified": "2026-05-07T15:53:49.717", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43002", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 22.2}, {"id": "CVE-2026-33420", "description": "Vaultwarden is a Bitwarden-compatible server written in Rust. In version 1.35.4 and earlier, the get_org_collections_details endpoint (GET /api/organizations/{org_id}/collections/details) is missing the has_full_access() authorization check that exists on the sibling get_org_collections endpoint. Th...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-05T20:16:36.483Z", "lastModified": "2026-05-08T19:19:39.903", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33420", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 22.2}, {"id": "CVE-2026-34527", "description": "Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, SbieIniServer::HashPassword converts a SHA-1 digest to hexadecimal incorrectly. The high nibble of each byte is shifted right by 8 instead of 4, which always produces zero for an 8-bit valu...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-05T20:16:37.930Z", "lastModified": "2026-05-08T19:17:20.550", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34527", "is_exploited": false, "epss": 0, "vendor": "WINDOWS", "mts_score": 22.2}, {"id": "CVE-2026-3208", "description": "The Mercado Pago payments for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'mp_pix_image' WooCommerce API endpoint in all versions up to, and including, 8.7.11. This makes it possible for unauthenticated attackers to retrieve ...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-06T04:16:06.223Z", "lastModified": "2026-05-06T13:06:42.220", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3208", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 22.2}, {"id": "CVE-2026-6860", "description": "A TCP client can perform a TLS handshake and present the server name extension with a server name that is accepted by a server wildcard name, e.g. if the server is configured with a certificate accepting *.example.com, any XYZ.example.com where xyz is a valid name can be used.", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-06T10:16:26.293Z", "lastModified": "2026-05-12T13:42:01.617", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6860", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 22.2}, {"id": "CVE-2025-31970", "description": "HCL DFXAnalytics is affected by an Insecure Security Header configuration vulnerability where the Content-Security-Policy does not define strict directives for object-src and base-uri, which could allow an attacker to exploit injection vectors such as Cross-Site Scripting (XSS)", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-06T11:16:03.650Z", "lastModified": "2026-05-07T19:58:05.827", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31970", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 22.2}, {"id": "CVE-2026-20195", "description": "A vulnerability in an identity management API endpoint of Cisco ISE could allow an unauthenticated, remote attacker to enumerate valid user accounts on an affected device.\r\n\r\nThis vulnerability exists because error messages are observed when the affected API endpoint is called. An attacker could exp...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-06T17:16:21.630Z", "lastModified": "2026-05-06T18:59:53.230", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20195", "is_exploited": false, "epss": 0, "vendor": "CISCO", "mts_score": 22.2}, {"id": "CVE-2025-31960", "description": "HCL BigFix Service Management (SM) is vulnerable to information exposure due to improper error handling within its reporting module. It was observed that supplying an invalid or out-of-range value to the consumer_company parameter during a report-viewing request causes the application to trigger an ...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-06T19:16:35.480Z", "lastModified": "2026-05-07T17:05:54.430", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31960", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 22.2}, {"id": "CVE-2026-41931", "description": "Vvveb before version 1.0.8.2 contains an information disclosure vulnerability that allows unauthenticated attackers to obtain sensitive server information by triggering unhandled exceptions in the password-reset module. Attackers can access the admin password-reset endpoint to trigger a fatal error ...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-06T19:16:37.277Z", "lastModified": "2026-05-06T20:16:32.670", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41931", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 22.2}, {"id": "CVE-2026-7955", "description": "Uninitialized Use in GPU in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-06T19:16:43.860Z", "lastModified": "2026-05-07T02:06:16.157", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7955", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 22.2}, {"id": "CVE-2026-7960", "description": "Race in Speech in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-06T19:16:45.987Z", "lastModified": "2026-05-07T02:03:46.827", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7960", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 22.2}, {"id": "CVE-2026-8020", "description": "Uninitialized Use in GPU in Google Chrome on Android prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Low)", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-06T19:16:52.953Z", "lastModified": "2026-05-07T15:21:55.327", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8020", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 22.2}, {"id": "CVE-2026-8031", "description": "A vulnerability was detected in PicoTronica e-Clinic Healthcare System ECHS 5.7. The affected element is an unknown function of the file /cdemos/echs/api/v2/patient-records of the component API Endpoint. The manipulation results in missing authentication. The attack can be executed remotely. The exp...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-06T19:16:53.250Z", "lastModified": "2026-05-07T14:08:07.340", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8031", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 22.2}, {"id": "CVE-2026-43583", "description": "OpenClaw versions 2026.4.10 before 2026.4.14 fail to persist session context during delivery queue recovery for media replay. Attackers can exploit recovered queued outbound media to bypass group tool policy enforcement and weaken channel media restrictions after service restart or recovery.", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-06T20:16:34.203Z", "lastModified": "2026-05-07T19:36:10.440", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43583", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 22.2}, {"id": "CVE-2026-8033", "description": "A vulnerability has been found in PicoTronica e-Clinic Healthcare System ECHS 5.7. This affects an unknown function of the file /cdemos/echs/api/v2/ of the component Response Header Handler. Such manipulation leads to information disclosure. The attack may be performed from remote. The exploit has b...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-06T20:16:36.360Z", "lastModified": "2026-05-07T14:08:07.340", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8033", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 22.2}, {"id": "CVE-2026-41310", "description": "OpenTelemetry.Exporter.Zipkin is the .NET Zipkin exporter for OpenTelemetry. In versions 1.15.2 and earlier, the Zipkin exporter remote endpoint cache accepts unbounded key growth derived from span attributes. In high-cardinality scenarios, a process using Zipkin export for client or producer spans ...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-06T22:16:25.643Z", "lastModified": "2026-05-11T14:40:45.183", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41310", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 22.2}, {"id": "CVE-2026-41417", "description": "Netty allows request-line validation to be bypassed when a `DefaultHttpRequest` or `DefaultFullHttpRequest` is created first and its URI is later changed via `setUri()`. The constructors reject CRLF and whitespace characters that would break the start-line, but `setUri()` does not apply the same val...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-06T22:16:25.780Z", "lastModified": "2026-05-11T14:29:48.360", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41417", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 22.2}, {"id": "CVE-2026-41484", "description": "OpenTelemetry.Exporter.OneCollector is a .NET exporter that sends telemetry to a OneCollector back-end over HTTP. In versions 1.15.0 and earlier, when a request to the configured back-end or collector results in an unsuccessful HTTP 4xx or 5xx response, the HttpJsonPostTransport class reads the enti...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-06T22:16:26.050Z", "lastModified": "2026-05-07T15:04:40.967", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41484", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 22.2}, {"id": "CVE-2026-6222", "description": "The Forminator Forms plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.51.1. This is due to the `processRequest()` method in `Forminator_Admin_Module_Edit_Page` (admin/abstracts/class-admin-module-edit-page.php) dispatching sensitive module-management acti...", "score": 5.3, "severity": "MEDIUM", "published": "2026-05-07T02:16:37.920Z", "lastModified": "2026-05-07T14:00:05.650", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6222", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 22.2}, {"id": "CVE-2026-44987", "description": "SysReptor is a fully customizable pentest reporting platform. Prior to version 2026.29, users with \"User Admin\" permissions can change the email addresses of users with \"Superuser\" permissions. If the SysReptor installation has the \"Forgot Password\" functionality enabled (non-default), they can rese...", "score": 3.8, "severity": "LOW", "published": "2026-05-08T23:16:39.917Z", "lastModified": "2026-05-13T16:49:32.233", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44987", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 22.2}, {"id": "CVE-2026-30904", "description": "Protection Mechanism Failure in Zoom Workplace for iOS before version 7.0.0 may allow an authenticated user to conduct a disclosure of information via physical access.", "score": 1.8, "severity": "LOW", "published": "2026-05-13T19:17:05.210Z", "lastModified": "2026-05-14T18:15:05.433", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-30904", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 22.2}, {"id": "CVE-2026-44218", "description": "ciguard is a static security auditor for CI/CD pipelines. From 0.1.0 to 0.8.1, the published ghcr.io/jo-jo98/ciguard container image inherits the default root user because the Dockerfile lacks a USER directive. This vulnerability is fixed in 0.8.2.", "score": 3.0, "severity": "LOW", "published": "2026-05-12T20:16:42.637Z", "lastModified": "2026-05-13T17:02:28.447", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44218", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 22.0}, {"id": "CVE-2026-42077", "description": "Evolver is a GEP-powered self-evolving engine for AI agents. Prior to version 1.69.3, a prototype pollution vulnerability in the mailbox store module allows attackers to modify the behavior of all JavaScript objects by injecting malicious properties into Object.prototype. The vulnerability exists in...", "score": 5.2, "severity": "MEDIUM", "published": "2026-05-04T17:16:24.587Z", "lastModified": "2026-05-07T15:46:40.943", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42077", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 21.8}, {"id": "CVE-2026-40001", "description": "There is a local privilege escalation vulnerability in the ZTE PROCESS Guard service of the cloud computer client, which may allow local arbitrary code execution, privilege escalation and path traversal bypass.", "score": 5.2, "severity": "MEDIUM", "published": "2026-05-06T10:16:19.950Z", "lastModified": "2026-05-07T14:56:04.523", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40001", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 21.8}, {"id": "CVE-2026-44599", "description": "Tor before 0.4.9.7 can attempt or accept BEGIN_DIR via conflux legs, aka TROVE-2026-008.", "score": 3.7, "severity": "LOW", "published": "2026-05-07T03:16:07.327Z", "lastModified": "2026-05-07T17:31:37.787", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44599", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 21.8}, {"id": "CVE-2026-44600", "description": "Tor before 0.4.9.7 mishandles accounting of the conflux out-of-order queue during the clearing of a queue, aka TROVE-2026-010.", "score": 3.7, "severity": "LOW", "published": "2026-05-07T03:16:08.523Z", "lastModified": "2026-05-07T17:26:29.483", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44600", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 21.8}, {"id": "CVE-2026-44601", "description": "Tor before 0.4.9.7, when circuit queue memory pressure exists, can experience a client crash because of a double close of a circuit, aka TROVE-2026-009.", "score": 3.7, "severity": "LOW", "published": "2026-05-07T04:16:35.030Z", "lastModified": "2026-05-08T17:07:19.250", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44601", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 21.8}, {"id": "CVE-2026-44602", "description": "Tor before 0.4.9.7 has a NULL pointer dereference when a CERT cell is received out of order, aka TROVE-2026-006.", "score": 3.7, "severity": "LOW", "published": "2026-05-07T04:16:35.223Z", "lastModified": "2026-05-08T17:06:51.067", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44602", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 21.8}, {"id": "CVE-2026-44603", "description": "Tor before 0.4.9.7 has an out-of-bounds read by one byte via a malformed BEGIN cell, aka TROVE-2026-007.", "score": 3.7, "severity": "LOW", "published": "2026-05-07T04:16:35.387Z", "lastModified": "2026-05-07T17:24:36.110", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44603", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 21.8}, {"id": "CVE-2026-8196", "description": "A flaw has been found in JeecgBoot 3.9.1. The impacted element is an unknown function of the file jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/LoginController.java of the component mLogin Endpoint. This manipulation causes authorization bypass. The attack is...", "score": 3.7, "severity": "LOW", "published": "2026-05-09T21:16:26.793Z", "lastModified": "2026-05-11T15:11:48.807", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8196", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 21.8}, {"id": "CVE-2026-8242", "description": "A vulnerability was found in Industrial Application Software IAS Canias ERP 8.03. The impacted element is the function doAction of the component Login RMI Interface. Performing a manipulation results in observable response discrepancy. The attack is possible to be carried out remotely. A high degree...", "score": 3.7, "severity": "LOW", "published": "2026-05-10T09:16:32.027Z", "lastModified": "2026-05-11T15:08:09.893", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8242", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 21.8}, {"id": "CVE-2026-32684", "description": "The application does not impose strict enough restrictions on directory access permissions, posing a risk that other malicious applications could obtain sensitive information.", "score": 2.9, "severity": "LOW", "published": "2026-05-12T11:16:19.283Z", "lastModified": "2026-05-13T15:53:17.173", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32684", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 21.6}, {"id": "CVE-2026-40003", "description": "ZTE ZX297520V3 BootROM contains a vulnerability that allows arbitrary memory writes via USB. Attackers can exploit the lack of target address validation in the USB download mode to write data to any location in BootROM runtime memory, thereby overwriting the stack, hijacking the execution flow, bypa...", "score": 5.1, "severity": "MEDIUM", "published": "2026-05-07T02:16:03.453Z", "lastModified": "2026-05-13T19:19:26.713", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40003", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 21.4}, {"id": "CVE-2026-36764", "description": "A Server-Side Request Forgery (SSRF) in the /ureport/datasource/testConnection endpoint of SpringBlade v4.8.0 allows authenticated attackers to scan internal resources via a crafted GET request.", "score": 5.0, "severity": "MEDIUM", "published": "2026-04-30T17:16:26.157Z", "lastModified": "2026-04-30T18:16:29.540", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-36764", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 21.0}, {"id": "CVE-2026-22726", "description": "Route Services can be leveraged to send app traffic to network destinations outside of an app's configured egress rules. As a result, a malicious developer with access to Cloudfoundry could configure a route-service that would allow it to send requests to HTTP services on internal networks reachable...", "score": 5.0, "severity": "MEDIUM", "published": "2026-05-01T00:16:23.650Z", "lastModified": "2026-05-04T18:30:01.760", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22726", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 21.0}, {"id": "CVE-2026-7688", "description": "A vulnerability was identified in Dolibarr ERP CRM up to 23.0.2. This affects the function _checkValForAPI of the file htdocs/expedition/class/expedition.class.php of the component Shipments API Endpoint. The manipulation of the argument fields leads to sql injection. The attack is possible to be ca...", "score": 5.0, "severity": "MEDIUM", "published": "2026-05-03T10:16:17.170Z", "lastModified": "2026-05-05T20:16:40.350", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7688", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 21.0}, {"id": "CVE-2026-7724", "description": "A vulnerability has been found in PrefectHQ prefect up to 3.6.28.dev1. Affected by this vulnerability is the function validate_restricted_url of the component Webhook/Notification. The manipulation leads to time-of-check time-of-use. It is possible to initiate the attack remotely. The attack is cons...", "score": 5.0, "severity": "MEDIUM", "published": "2026-05-04T03:16:13.317Z", "lastModified": "2026-05-04T22:16:20.087", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7724", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 21.0}, {"id": "CVE-2026-7778", "description": "An issue that could allow a dashboard configuration to be viewed from outside of the authorized organization scope has been resolved. This is an instance of CWE-269: Improper Privilege Management, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N (5.0, Medium). This iss...", "score": 5.0, "severity": "MEDIUM", "published": "2026-05-05T14:16:09.473Z", "lastModified": "2026-05-07T15:12:06.120", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7778", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 21.0}, {"id": "CVE-2026-35527", "description": "Incus is an open source container and virtual machine manager. In versions prior to 7.0.0, the image import flow issues an outbound HEAD request to a user-supplied URL before validating the request against project restrictions such as restricted.images.servers. The imgPostURLInfo function constructs...", "score": 5.0, "severity": "MEDIUM", "published": "2026-05-05T21:16:22.097Z", "lastModified": "2026-05-07T17:06:30.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35527", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 21.0}, {"id": "CVE-2026-7573", "description": "An authorization bypass (CWE-639) in the GetUserRoles gRPC API endpoint in Velocidex Velociraptor below version 0.76.5 allows any authenticated low-privilege user to retrieve the complete ACL policy (roles and permissions) for any user across all organizations by supplying targeted Name and Org para...", "score": 5.0, "severity": "MEDIUM", "published": "2026-05-06T03:15:59.440Z", "lastModified": "2026-05-07T14:56:04.523", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7573", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 21.0}, {"id": "CVE-2026-8009", "description": "Inappropriate implementation in Cast in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)", "score": 5.0, "severity": "MEDIUM", "published": "2026-05-06T19:16:51.863Z", "lastModified": "2026-05-07T15:20:00.953", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8009", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 21.0}, {"id": "CVE-2026-41663", "description": "Admidio is an open-source user management solution. Prior to version 5.0.9, several administrative operations in Admidio's preferences module (database backup, test email, htaccess generation) fire via GET requests with no CSRF token validation. Because SameSite=Lax cookies travel with top-level GET...", "score": 3.5, "severity": "LOW", "published": "2026-05-07T04:16:30.243Z", "lastModified": "2026-05-07T14:51:01.740", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41663", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 21.0}, {"id": "CVE-2026-8232", "description": "A vulnerability was found in Dotouch XproUPF 2.0.0-release-088aa7c4. This impacts the function vlib_worker_loop in the library /usr/xpro/upf/tools/libs/libvlib.so of the component UPF Process. The manipulation results in denial of service. The vendor was contacted early about this disclosure.", "score": 3.5, "severity": "LOW", "published": "2026-05-10T06:16:08.827Z", "lastModified": "2026-05-13T15:32:56.063", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8232", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 21.0}, {"id": "CVE-2026-37505", "description": "SQL Injection via ORDER BY clause in V2Board thru 1.7.4. In app/Http/Controllers/Admin/UserController.php, the sort parameter from user input is passed directly to User::orderBy($sort, $sortType) without validation. An authenticated admin can sort users by any database column including password, rem...", "score": 4.9, "severity": "MEDIUM", "published": "2026-05-01T16:16:30.773Z", "lastModified": "2026-05-11T19:26:38.897", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-37505", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 20.6}, {"id": "CVE-2026-6948", "description": "Velociraptor versions prior to 0.76.4 contain a resource exhaustion vulnerability in the server's agent control channel.\n\n\n\nThis allows a compromised or rogue Velociraptor client to crash the server via out-of-memory (OOM) by sending crafted messages through the normal client communication channel.", "score": 4.9, "severity": "MEDIUM", "published": "2026-05-04T00:16:39.467Z", "lastModified": "2026-05-04T15:22:52.850", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6948", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 20.6}, {"id": "CVE-2026-1921", "description": "The Loco Translate plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.8.2 via the `fsReference` AJAX route. This is due to the `findSourceFile()` method normalizing user-supplied `ref` paths containing `../` directory traversal sequences without validating t...", "score": 4.9, "severity": "MEDIUM", "published": "2026-05-05T03:15:59.100Z", "lastModified": "2026-05-05T19:09:32.000", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1921", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 20.6}, {"id": "CVE-2026-6418", "description": "An issue was discovered in the Shared Account Synchronization component of PaperCut MF (version 25.0.4). The application allows administrative users to configure a source path for account data synchronization.\n\n\n\nDue to a lack of proper path validation and sanitization, an authenticated user with ad...", "score": 4.9, "severity": "MEDIUM", "published": "2026-05-05T07:16:00.970Z", "lastModified": "2026-05-12T15:53:35.860", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6418", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 20.6}, {"id": "CVE-2026-6344", "description": "The Fluent Forms plugin for WordPress is vulnerable to Arbitrary File Read in versions up to and including 6.2.1. This is due to insufficient path validation in the getAttachments() method of EmailNotificationActions, which resolves attacker-supplied file-upload URLs into filesystem paths without ve...", "score": 4.9, "severity": "MEDIUM", "published": "2026-05-06T08:16:03.813Z", "lastModified": "2026-05-06T13:06:42.220", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6344", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 20.6}, {"id": "CVE-2026-42195", "description": "draw.io is a configurable diagramming and whiteboarding application. Prior to version 29.7.9, the draw.io client accepts a ?gitlab= URL parameter that overrides the GitLab server URL used during OAuth sign-in. A crafted link causes the user's click on draw.io's \"Authorize in GitLab\" dialog to open a...", "score": 3.4, "severity": "LOW", "published": "2026-05-08T22:16:31.410Z", "lastModified": "2026-05-12T16:45:18.893", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42195", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 20.6}, {"id": "CVE-2026-40687", "description": "In Exim before 4.99.2, when the SPA authentication driver is used with an adversarial SPA resource, there can be an out-of-bounds write that crashes the connection instance, or erroneous data processing that divulges data from uninitialized heap memory.", "score": 4.8, "severity": "MEDIUM", "published": "2026-04-30T22:16:25.923Z", "lastModified": "2026-05-01T19:17:51.200", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40687", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 20.2}, {"id": "CVE-2026-33006", "description": "A timing attack against mod_auth_digest in Apache HTTP Server 2.4.66 allows a bypass of Digest authentication by a remote attacker.\n\nUsers are recommended to upgrade to version 2.4.67, which fixes this issue.", "score": 4.8, "severity": "MEDIUM", "published": "2026-05-04T15:16:03.977Z", "lastModified": "2026-05-04T20:23:31.303", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33006", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 20.2}, {"id": "CVE-2025-31976", "description": "HCL BigFix Service Management (SM) is vulnerable to insufficiently protected credentials for a short duration while communicating with a backend, internal application which could allow an attacker to potentially misuse them, if exfiltrated.  .", "score": 4.8, "severity": "MEDIUM", "published": "2026-05-06T15:16:06.100Z", "lastModified": "2026-05-07T16:30:53.400", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31976", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 20.2}, {"id": "CVE-2026-40243", "description": "Incus is a system container and virtual machine manager. In versions before 7.0.0, broken TLS validation logic in the OVN database connection logic can allow connections to an attacker's OVN database. The OVN client implementations disable Go standard TLS server verification and replace it with cust...", "score": 4.8, "severity": "MEDIUM", "published": "2026-05-06T21:16:01.070Z", "lastModified": "2026-05-08T17:23:38.943", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40243", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 20.2}, {"id": "CVE-2026-8084", "description": "A vulnerability was determined in OSGeo gdal up to 3.13.0dev-4. This vulnerability affects the function memmove of the file frmts/hdf4/hdf-eos/SWapi.c of the component HDF-EOS Grid File Handler. This manipulation causes out-of-bounds read. The attack is restricted to local execution. The exploit has...", "score": 3.3, "severity": "LOW", "published": "2026-05-07T19:16:02.950Z", "lastModified": "2026-05-08T20:11:59.013", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8084", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 20.2}, {"id": "CVE-2026-8088", "description": "A weakness has been identified in OSGeo gdal up to 3.13.0dev-4. The affected element is the function GDfieldinfo of the file frmts/hdf4/hdf-eos/GDapi.c. Executing a manipulation can lead to out-of-bounds read. The attack needs to be launched locally. The exploit has been made available to the public...", "score": 3.3, "severity": "LOW", "published": "2026-05-07T20:16:45.510Z", "lastModified": "2026-05-08T20:11:23.747", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8088", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 20.2}, {"id": "CVE-2026-8119", "description": "A vulnerability was detected in Open5GS up to 2.7.7. Impacted is the function ogs_sbi_stream_find_by_id in the library /lib/sbi/nghttp2-server.c of the component NSSF. Performing a manipulation results in denial of service. Attacking locally is a requirement. The exploit is now public and may be use...", "score": 3.3, "severity": "LOW", "published": "2026-05-08T01:16:08.367Z", "lastModified": "2026-05-11T14:29:35.443", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8119", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 20.2}, {"id": "CVE-2026-8124", "description": "A security vulnerability has been detected in GPAC up to 26.02.0. This affects the function sidx_box_read of the file src/isomedia/box_code_base.c. The manipulation leads to allocation of resources. The attack must be carried out locally. The exploit has been disclosed publicly and may be used. The ...", "score": 3.3, "severity": "LOW", "published": "2026-05-08T02:16:08.000Z", "lastModified": "2026-05-14T18:02:30.917", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8124", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 20.2}, {"id": "CVE-2026-41498", "description": "Kimai is an open-source time tracking application. Prior to version 2.54.0, the Team API endpoints use #[IsGranted('edit_team')] instead of #[IsGranted('edit', 'team')], causing Symfony TeamVoter to abstain from voting. This removes entity-level ownership checks on team operations, allowing any user...", "score": 3.3, "severity": "LOW", "published": "2026-05-08T04:16:14.617Z", "lastModified": "2026-05-12T13:59:03.430", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41498", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 20.2}, {"id": "CVE-2026-32803", "description": "Dell PowerScale OneFS versions 9.5.0.0 through 9.5.1.6, 9.6.0.0 through 9.7.1.13, 9.8.0.0 through 9.10.1.5 and 9.11.0.0 through 9.12.0.1 contains an Insufficient Logging vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information ta...", "score": 3.3, "severity": "LOW", "published": "2026-05-08T14:16:31.787Z", "lastModified": "2026-05-08T19:48:35.453", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32803", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 20.2}, {"id": "CVE-2026-8257", "description": "A vulnerability was detected in WebAssembly Binaryen up to 117. This issue affects the function IRBuilder::makeBrOn of the file src/wasm/wasm-ir-builder.cpp of the component BrOn Parser. Performing a manipulation results in reachable assertion. The attack needs to be approached locally. The exploit ...", "score": 3.3, "severity": "LOW", "published": "2026-05-11T02:16:27.090Z", "lastModified": "2026-05-13T15:32:39.193", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8257", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 20.2}, {"id": "CVE-2026-41226", "description": "Open redirect vulnerability exists in Multiple laser printers and MFPs which implement Ricoh Web Image Monitor. When accessing a specially crafted URL, the user may be redirected to an arbitrary website. As a result, the user may become a victim of a phishing attack.", "score": 4.7, "severity": "MEDIUM", "published": "2026-04-30T07:16:37.143Z", "lastModified": "2026-05-01T08:16:00.523", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41226", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 19.8}, {"id": "CVE-2026-5404", "description": "K12 RF5 file parser crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service", "score": 4.7, "severity": "MEDIUM", "published": "2026-05-01T00:16:24.820Z", "lastModified": "2026-05-01T19:22:11.793", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5404", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 19.8}, {"id": "CVE-2026-7553", "description": "A vulnerability was found in code-projects Gym Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/edit_exercises.php. The manipulation of the argument edit_exercise results in sql injection. It is possible to launch the attack remotely. The exploit h...", "score": 4.7, "severity": "MEDIUM", "published": "2026-05-01T05:16:04.020Z", "lastModified": "2026-05-01T15:26:24.553", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7553", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 19.8}, {"id": "CVE-2026-7578", "description": "A weakness has been identified in MacCMS Pro up to 2022.1.3. This vulnerability affects the function install of the file /admi.php/admin/addon/add.html of the component Plugin Installation Handler. Executing a manipulation can lead to unrestricted upload. The attack may be performed from remote. The...", "score": 4.7, "severity": "MEDIUM", "published": "2026-05-01T11:16:19.680Z", "lastModified": "2026-05-01T15:26:24.553", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7578", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 19.8}, {"id": "CVE-2026-31728", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: u_ether: Fix race between gether_disconnect and eth_stop\n\nA race condition between gether_disconnect() and eth_stop() leads to a\nNULL pointer dereference. Specifically, if eth_stop() is triggered\nconcurrently while get...", "score": 4.7, "severity": "MEDIUM", "published": "2026-05-01T15:16:35.333Z", "lastModified": "2026-05-07T16:16:19.930", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31728", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 19.8}, {"id": "CVE-2026-31751", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncomedi: dt2815: add hardware detection to prevent crash\n\nThe dt2815 driver crashes when attached to I/O ports without actual\nhardware present. This occurs because syzkaller or users can attach\nthe driver to arbitrary I/O addresses ...", "score": 4.7, "severity": "MEDIUM", "published": "2026-05-01T15:16:37.960Z", "lastModified": "2026-05-07T19:11:00.483", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31751", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 19.8}, {"id": "CVE-2026-43053", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfs: close crash window in attr dabtree inactivation\n\nWhen inactivating an inode with node-format extended attributes,\nxfs_attr3_node_inactive() invalidates all child leaf/node blocks via\nxfs_trans_binval(), but intentionally does ...", "score": 4.7, "severity": "MEDIUM", "published": "2026-05-01T15:16:51.777Z", "lastModified": "2026-05-07T18:24:03.143", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43053", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 19.8}, {"id": "CVE-2026-7612", "description": "A vulnerability was determined in itsourcecode Courier Management System 1.0. Affected is an unknown function of the file /edit_user.php. Executing a manipulation of the argument ID can lead to sql injection. The attack may be performed from remote. The exploit has been publicly disclosed and may be...", "score": 4.7, "severity": "MEDIUM", "published": "2026-05-02T10:16:19.820Z", "lastModified": "2026-05-05T19:15:34.330", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7612", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 19.8}, {"id": "CVE-2026-7673", "description": "A vulnerability was detected in crmeb_java up to 1.3.4. This vulnerability affects unknown code of the file crmeb/crmeb-service/src/main/java/com/zbkj/service/service/impl/UploadServiceImpl.java of the component Admin Upload. Performing a manipulation of the argument model results in unrestricted up...", "score": 4.7, "severity": "MEDIUM", "published": "2026-05-03T02:17:12.537Z", "lastModified": "2026-05-04T15:19:34.637", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7673", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 19.8}, {"id": "CVE-2026-7697", "description": "A vulnerability was determined in AMTT Hotel Broadband Operation System 1.0. Affected is an unknown function of the file /manager/card/cardhand_submit.php. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly disclose...", "score": 4.7, "severity": "MEDIUM", "published": "2026-05-03T14:16:26.930Z", "lastModified": "2026-05-05T19:11:29.130", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7697", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 19.8}, {"id": "CVE-2025-52206", "description": "ISPConfig 3.3.0 is vulnerable to Cross Site Scripting (XSS) via the system status webpage.", "score": 4.7, "severity": "MEDIUM", "published": "2026-05-05T16:16:09.633Z", "lastModified": "2026-05-12T15:54:14.190", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52206", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 19.8}, {"id": "CVE-2026-35253", "description": "Vulnerability in the Oracle Macoron Tool product of Oracle Open Source Projects. The supported versions that is affected is v0.22.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Macaron Tool. Successful attacks of this vulnerabili...", "score": 4.7, "severity": "MEDIUM", "published": "2026-05-06T08:16:03.570Z", "lastModified": "2026-05-12T19:10:53.430", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35253", "is_exploited": false, "epss": 0, "vendor": "ORACLE", "mts_score": 19.8}, {"id": "CVE-2025-71274", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nrpmsg: core: fix race in driver_override_show() and use core helper\n\nThe driver_override_show function reads the driver_override string\nwithout holding the device_lock. However, the store function modifies\nand frees the string whil...", "score": 4.7, "severity": "MEDIUM", "published": "2026-05-06T12:16:27.447Z", "lastModified": "2026-05-12T21:25:11.597", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71274", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 19.8}, {"id": "CVE-2026-43121", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/zcrx: fix user_ref race between scrub and refill paths\n\nThe io_zcrx_put_niov_uref() function uses a non-atomic\ncheck-then-decrement pattern (atomic_read followed by separate\natomic_dec) to manipulate user_refs. This is ser...", "score": 4.7, "severity": "MEDIUM", "published": "2026-05-06T12:16:28.950Z", "lastModified": "2026-05-12T21:17:31.950", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43121", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 19.8}, {"id": "CVE-2026-43163", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd/bitmap: fix GPF in write_page caused by resize race\n\nA General Protection Fault occurs in write_page() during array resize:\nRIP: 0010:write_page+0x22b/0x3c0 [md_mod]\n\nThis is a use-after-free race between bitmap_daemon_work() an...", "score": 4.7, "severity": "MEDIUM", "published": "2026-05-06T12:16:34.410Z", "lastModified": "2026-05-13T21:19:39.323", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43163", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 19.8}, {"id": "CVE-2026-43275", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: core: Flush exception handling work when RPM level is zero\n\nEnsure that the exception event handling work is explicitly flushed during\nsuspend when the runtime power management level is set to UFS_PM_LVL_0.\n\nWhen the RPM...", "score": 4.7, "severity": "MEDIUM", "published": "2026-05-06T12:16:48.800Z", "lastModified": "2026-05-08T19:30:22.640", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43275", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 19.8}, {"id": "CVE-2026-44658", "description": "Zen is a firefox-based browser. Prior to 1.19.12b, RSS feed URLs entered by the user are validated to http: or https: in promptForFeedUrl, but item links inside the feed are not subject to the same restriction. The provider maps each RSS/Atom item link into item.url, filters only for presence and da...", "score": 2.4, "severity": "LOW", "published": "2026-05-11T18:16:38.243Z", "lastModified": "2026-05-13T15:37:58.427", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44658", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 19.6}, {"id": "CVE-2026-42188", "description": "Geyser is a bridge between Minecraft: Bedrock Edition and Minecraft: Java Edition. Prior to 2.9.3, a server-side request forgery (SSRF) vulnerability exists in Geyser\u2019s handling of Bedrock player head texture data. By supplying a crafted Base64-encoded skin texture URL via the /give command, an atta...", "score": 2.4, "severity": "LOW", "published": "2026-05-11T22:22:11.277Z", "lastModified": "2026-05-13T16:32:31.457", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42188", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 19.6}, {"id": "CVE-2026-7429", "description": "SSCMS v7.4.0 contains a reflected cross-site scripting vulnerability in the STL processing endpoint that allows attackers to execute arbitrary JavaScript by crafting malicious STL template payloads that are decrypted and returned without proper sanitization. Attackers can exploit improper output enc...", "score": 4.6, "severity": "MEDIUM", "published": "2026-04-30T20:16:24.997Z", "lastModified": "2026-05-01T15:28:46.093", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7429", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 19.4}, {"id": "CVE-2026-42078", "description": "PPTAgent is an agentic framework for reflective PowerPoint generation. Prior to commit 418491a, PPTAgent is vulnerable to arbitrary file write and directory creation via markdown_table_to_image. This issue has been patched via commit 418491a.", "score": 4.6, "severity": "MEDIUM", "published": "2026-05-04T17:16:24.740Z", "lastModified": "2026-05-05T20:19:04.323", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42078", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 19.4}, {"id": "CVE-2026-42080", "description": "PPTAgent is an agentic framework for reflective PowerPoint generation. Prior to commit 418491a, there is an arbitrary file write vulnerability via `save_generated_slides`. This issue has been patched via commit 418491a.", "score": 4.6, "severity": "MEDIUM", "published": "2026-05-04T17:16:25.037Z", "lastModified": "2026-05-05T20:19:04.323", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42080", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 19.4}, {"id": "CVE-2026-42086", "description": "OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to version 7.0.0, the Command Sender UI uses an unsafe eval() function on array-like command parameters, which allows a user-supplied payload to execute in the browser when s...", "score": 4.6, "severity": "MEDIUM", "published": "2026-05-04T18:16:30.667Z", "lastModified": "2026-05-08T19:54:39.990", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42086", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 19.4}, {"id": "CVE-2025-31978", "description": "HCL BigFix Service Management (SM) does not adequately sanitize or safely render spreadsheet files (CSV, XLS, XLSX) before processing or distributing them. An attacker could populate data fields which, when saved to a CSV file, may attempt information exfiltration or other malicious activity when au...", "score": 4.6, "severity": "MEDIUM", "published": "2026-05-06T15:16:06.207Z", "lastModified": "2026-05-07T16:26:10.870", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31978", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 19.4}, {"id": "CVE-2025-52613", "description": "HCL BigFix Service Management (SM) is affected by use of a vulnerable WSGI Server was identified. Deploying an outdated or insecure WSGI server may expose the application to known security weaknesses, potentially increasing the risk of exploitation and unauthorized access.", "score": 4.6, "severity": "MEDIUM", "published": "2026-05-06T15:16:08.247Z", "lastModified": "2026-05-07T14:59:40.533", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52613", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 19.4}, {"id": "CVE-2026-44278", "description": "A use of hard-coded cryptographic key vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.2, FortiClientWindows 7.2 all versions may allow attacker to information disclosure via <insert attack vector here>", "score": 2.3, "severity": "LOW", "published": "2026-05-12T18:17:30.177Z", "lastModified": "2026-05-12T18:57:02.307", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44278", "is_exploited": false, "epss": 0, "vendor": "WINDOWS", "mts_score": 19.2}, {"id": "CVE-2026-44916", "description": "In OpenStack Ironic before 35.0.2 (in a certain non-default configuration), instance_info['ks_template'] is rendered without sandboxing.", "score": 3.0, "severity": "LOW", "published": "2026-05-08T07:16:29.163Z", "lastModified": "2026-05-12T00:17:03.067", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44916", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 19.0}, {"id": "CVE-2026-40949", "description": "CVE-2026-40949 is a buffer overflow vulnerability in the Secure Access \nWindows client prior to 14.50. Attackers with local control of the \nWindows client can use it to trigger a denial of service.", "score": 4.4, "severity": "MEDIUM", "published": "2026-04-30T21:16:32.883Z", "lastModified": "2026-05-05T02:32:29.440", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40949", "is_exploited": false, "epss": 0, "vendor": "WINDOWS", "mts_score": 18.6}, {"id": "CVE-2026-6539", "description": "Notepad++ 8.9.3 contains a format string injection vulnerability in the Find Results panel handler that allows attackers to cause denial of service and information disclosure by crafting a malicious nativeLang.xml language pack file. Attackers can distribute a poisoned language pack through communit...", "score": 4.4, "severity": "MEDIUM", "published": "2026-04-30T21:16:33.820Z", "lastModified": "2026-05-01T19:30:02.887", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6539", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 18.6}, {"id": "CVE-2026-35233", "description": "An unprivileged attacker can craft a user-space process with a malicious ELF binary containing an out-of-range sh_link field. When root-level dtrace attaches to -- or instruments -- that process (via dtrace -p , pid probes, or USDT), the ELF parser reads heap memory beyond the allocated section cach...", "score": 4.4, "severity": "MEDIUM", "published": "2026-05-01T18:16:14.647Z", "lastModified": "2026-05-05T17:46:30.743", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35233", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 18.6}, {"id": "CVE-2026-6447", "description": "The Call for Price for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...", "score": 4.4, "severity": "MEDIUM", "published": "2026-05-02T06:16:04.173Z", "lastModified": "2026-05-05T19:16:18.390", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6447", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 18.6}, {"id": "CVE-2026-6812", "description": "The Ona theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.26 via the ona_activate_child_theme. This makes it possible for authenticated attackers, with administrator-level access and above, to make web requests to arbitrary locations originating...", "score": 4.4, "severity": "MEDIUM", "published": "2026-05-02T06:16:04.337Z", "lastModified": "2026-05-05T19:16:18.390", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6812", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 18.6}, {"id": "CVE-2026-42140", "description": "PlantUML Macro is a macro for rendering UML diagrams from simple textual schemes. Prior to version 2.4.1, the PlantUML Macro is vulnerable to Server-Side Request Forgery (SSRF). The macro allows users to specify an alternative PlantUML server via the server parameter. However, the application does n...", "score": 4.4, "severity": "MEDIUM", "published": "2026-05-04T18:16:31.677Z", "lastModified": "2026-05-07T15:43:39.827", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42140", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 18.6}, {"id": "CVE-2026-41686", "description": "Claude SDK for TypeScript provides access to the Claude API from server-side TypeScript or JavaScript applications. From version 0.79.0 to before version 0.91.1, the BetaLocalFilesystemMemoryTool in the Anthropic TypeScript SDK created memory files and directories using the Node.js default modes (0o...", "score": 4.4, "severity": "MEDIUM", "published": "2026-05-04T19:16:03.883Z", "lastModified": "2026-05-12T18:37:14.560", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41686", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 18.6}, {"id": "CVE-2026-7572", "description": "An off-by-one error (CWE-193) in the ConsumeUnit16Array and ConsumeUnit64Array functions in Velocidex Velociraptor before version 0.76.5 on Windows and Linux allows a local attacker to cause a Denial of Service (DoS) via a process crash by providing a specially crafted .evtx file to the parse_evtx V...", "score": 4.4, "severity": "MEDIUM", "published": "2026-05-06T03:15:58.470Z", "lastModified": "2026-05-07T14:56:04.523", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7572", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 18.6}, {"id": "CVE-2026-7932", "description": "Insufficient policy enforcement in Downloads in Google Chrome prior to 148.0.7778.96 allowed a local attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)", "score": 4.4, "severity": "MEDIUM", "published": "2026-05-06T19:16:41.540Z", "lastModified": "2026-05-08T20:16:32.687", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7932", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 18.6}, {"id": "CVE-2026-7941", "description": "Insufficient validation of untrusted input in Mobile in Google Chrome on Android prior to 148.0.7778.96 allowed a local attacker to inject arbitrary scripts or HTML (UXSS) via a crafted Chrome Extension. (Chromium security severity: Medium)", "score": 4.4, "severity": "MEDIUM", "published": "2026-05-06T19:16:42.427Z", "lastModified": "2026-05-06T23:33:34.560", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7941", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 18.6}, {"id": "CVE-2026-44927", "description": "In uriparser before 1.0.2, there is pointer difference truncation to int in various places.", "score": 2.9, "severity": "LOW", "published": "2026-05-08T08:16:43.973Z", "lastModified": "2026-05-12T15:12:04.613", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44927", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 18.6}, {"id": "CVE-2026-44928", "description": "In uriparser before 1.0.2, the function family EqualsUri can misclassify two unequal URIs as equal.", "score": 2.9, "severity": "LOW", "published": "2026-05-08T08:16:44.153Z", "lastModified": "2026-05-12T15:00:56.403", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44928", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 18.6}, {"id": "CVE-2026-45186", "description": "In libexpat before 2.8.1, the computational complexity of attribute name collision checks allows a denial of service via moderately sized crafted XML input.", "score": 2.9, "severity": "LOW", "published": "2026-05-10T07:16:07.883Z", "lastModified": "2026-05-14T17:20:32.570", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45186", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 18.6}, {"id": "CVE-2026-36758", "description": "A Server-Side Request Forgery (SSRF) in the /themes/-/install-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request.", "score": 4.3, "severity": "MEDIUM", "published": "2026-04-30T16:16:42.400Z", "lastModified": "2026-04-30T18:16:28.620", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-36758", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 18.2}, {"id": "CVE-2026-36757", "description": "A Server-Side Request Forgery (SSRF) in the /plugins/{name}/upgrade-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request.", "score": 4.3, "severity": "MEDIUM", "published": "2026-04-30T17:16:25.943Z", "lastModified": "2026-04-30T18:16:28.460", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-36757", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 18.2}, {"id": "CVE-2026-7518", "description": "A flaw has been found in Open5GS up to 2.7.7. This issue affects the function amf_namf_callback_handle_sdm_data_change_notify of the file /namf-callback/v1/{id}/sdmsubscription-notify of the component AMF SBI Endpoint. This manipulation of the argument changeItem.newValue causes denial of service. T...", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-01T01:16:17.307Z", "lastModified": "2026-05-01T15:26:24.553", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7518", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 18.2}, {"id": "CVE-2026-7535", "description": "A vulnerability was found in Open5GS up to 2.7.7. This affects the function amf_namf_comm_handle_registration_status_update_request in the library /lib/app/ogs-init.c of the file /namf-comm/v1/ue-contexts/{ueContextId}/transfer-update. Performing a manipulation of the argument ueContextId results in...", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-01T01:16:18.087Z", "lastModified": "2026-05-01T15:26:24.553", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7535", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 18.2}, {"id": "CVE-2026-3140", "description": "The Ultimate Dashboard plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.14. This is due to a flawed nonce validation conditional in the 'handle_module_actions' function. This makes it possible for unauthenticated attackers to toggle plugin mo...", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-01T12:16:15.940Z", "lastModified": "2026-05-01T15:26:24.553", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3140", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 18.2}, {"id": "CVE-2026-7581", "description": "A security vulnerability has been detected in alexta69 MeTube up to 2026.04.09. This affects the function on_prepare of the file app/main.py of the component CORS Policy. The manipulation leads to permissive cross-domain policy with untrusted domains. The attack is possible to be carried out remotel...", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-01T13:15:59.477Z", "lastModified": "2026-05-01T15:26:24.553", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7581", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 18.2}, {"id": "CVE-2026-7583", "description": "A flaw has been found in Open5GS up to 2.7.7. This issue affects the function bsf_sess_find_by_ipv6prefix of the file /src/bsf/context.c of the component BSF. This manipulation of the argument ipv6Prefix causes denial of service. It is possible to initiate the attack remotely. The exploit has been p...", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-01T15:16:54.180Z", "lastModified": "2026-05-01T15:26:24.553", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7583", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 18.2}, {"id": "CVE-2026-23866", "description": "Incomplete validation of AI rich response messages for Instagram Reels in WhatsApp for iOS v2.25.8.0 to v2.26.15.72 and WhatsApp for Android v2.25.8.0 to v2.26.7.10 could have allowed a user to trigger processing of media content from an arbitrary URL on another user\u2019s device, including triggering O...", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-01T16:16:29.980Z", "lastModified": "2026-05-11T20:00:28.507", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23866", "is_exploited": false, "epss": 0, "vendor": "ANDROID", "mts_score": 18.2}, {"id": "CVE-2026-7585", "description": "A vulnerability was determined in Open5GS up to 2.7.7. The impacted element is the function amf_nudm_sdm_handle_provisioned of the file /src/amf/nudm-handler.c of the component AMF. Executing a manipulation can lead to denial of service. The attack can be launched remotely. The exploit has been publ...", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-01T16:16:33.490Z", "lastModified": "2026-05-07T01:47:52.527", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7585", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 18.2}, {"id": "CVE-2026-7586", "description": "A weakness has been identified in Open5GS up to 2.7.7. Affected is the function ogs_id_get_value of the file /src/amf/nudm-handler.c of the component AMF. This manipulation causes denial of service. Remote exploitation of the attack is possible. The exploit has been made available to the public and ...", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-01T16:16:33.677Z", "lastModified": "2026-05-07T01:47:39.617", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7586", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 18.2}, {"id": "CVE-2026-7587", "description": "A vulnerability has been found in Open5GS up to 2.7.7. This vulnerability affects the function amf_nsmf_pdusession_handle_update_sm_context of the file /src/amf/nsmf-handler.c of the component AMF. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The explo...", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-01T17:16:25.633Z", "lastModified": "2026-05-07T01:47:28.740", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7587", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 18.2}, {"id": "CVE-2026-7596", "description": "A vulnerability has been found in nextlevelbuilder ui-ux-pro-max-skill up to 2.5.0. Affected by this issue is the function data.get of the file .claude/skills/design-system/scripts/generate-slide.py of the component Slide Generator. Such manipulation leads to cross site scripting. The attack may be ...", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-01T21:16:18.300Z", "lastModified": "2026-05-05T19:17:22.860", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7596", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 18.2}, {"id": "CVE-2026-7601", "description": "A vulnerability has been found in Open5GS up to 2.7.6. Affected is an unknown function of the file src/amf/gmm-handler.c of the component AMF. The manipulation of the argument reg_type leads to denial of service. The attack is possible to be carried out remotely. Upgrading to version 2.7.7 is able t...", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-02T03:15:59.997Z", "lastModified": "2026-05-05T19:17:22.860", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7601", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 18.2}, {"id": "CVE-2026-7643", "description": "A flaw has been found in ChatGPTNextWeb NextChat up to 2.16.1. This impacts an unknown function of the file Next.js of the component API Endpoint. Executing a manipulation can lead to permissive cross-domain policy with untrusted domains. The attack may be launched remotely. The exploit has been pub...", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-02T15:16:14.203Z", "lastModified": "2026-05-05T19:15:06.200", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7643", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 18.2}, {"id": "CVE-2026-7676", "description": "A vulnerability was found in kerwincui FastBee up to 1.2.1. The affected element is the function ToolController.download of the file springboot/fastbee-open-api/src/main/java/com/fastbee/data/controller/ToolController.java of the component Tool Download Endpoint. The manipulation of the argument fil...", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-03T05:15:58.660Z", "lastModified": "2026-05-05T19:15:06.200", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7676", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 18.2}, {"id": "CVE-2026-7680", "description": "A weakness has been identified in jsbroks COCO Annotator up to 0.11.1. Affected is an unknown function of the file backend/webserver/api/datasets.py of the component Data Endpoint. Executing a manipulation of the argument folder can lead to path traversal. The attack can be launched remotely. The ex...", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-03T06:15:57.983Z", "lastModified": "2026-05-05T19:13:44.530", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7680", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 18.2}, {"id": "CVE-2026-7701", "description": "A security vulnerability has been detected in Telegram Desktop up to 6.7.5. This vulnerability affects the function RequestButton of the file Telegram/SourceFiles/boxes/url_auth_box.cpp of the component Bot API. The manipulation of the argument login_url leads to null pointer dereference. It is poss...", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-03T16:15:57.757Z", "lastModified": "2026-05-05T20:16:40.627", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7701", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 18.2}, {"id": "CVE-2026-7704", "description": "A vulnerability has been found in AV Stumpfl Pixera Two Media Server up to 25.1 R2. The affected element is an unknown function of the component Service Port 1338. Such manipulation leads to path traversal. The exploit has been disclosed to the public and may be used. Upgrading to version 25.2 R3 is...", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-03T17:16:13.580Z", "lastModified": "2026-05-05T19:13:44.530", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7704", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 18.2}, {"id": "CVE-2026-7706", "description": "A vulnerability has been found in Open5GS up to 2.7.7. This issue affects the function gmm_handle_service_request of the file /src/amf/gmm-handler.c of the component AMF. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public a...", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-03T23:16:41.850Z", "lastModified": "2026-05-05T19:13:44.530", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7706", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 18.2}, {"id": "CVE-2026-7707", "description": "A vulnerability was found in Open5GS up to 2.7.7. Impacted is the function udr_nudr_dr_handle_subscription_context of the file /src/udr/nudr-handler.c of the component UDR. The manipulation of the argument pei results in denial of service. The attack can be launched remotely. The exploit has been ma...", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-03T23:16:42.027Z", "lastModified": "2026-05-05T21:16:24.660", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7707", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 18.2}, {"id": "CVE-2026-7708", "description": "A vulnerability was determined in Open5GS up to 2.7.7. The affected element is the function ogs_dbi_subscription_data in the library /lib/dbi/subscription.c of the component UDR. This manipulation of the argument supi_id causes denial of service. The attack may be initiated remotely. The exploit has...", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-03T23:16:42.207Z", "lastModified": "2026-05-05T19:13:44.530", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7708", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 18.2}, {"id": "CVE-2026-42085", "description": "OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to versions 6.10.5 and 7.0.0-rc3, OpenC3 COSMOS contains a design flaw in the save_tool_config() function that allows saving tool configuration files at arbitrary locations i...", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-04T18:16:30.510Z", "lastModified": "2026-05-08T19:54:30.723", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42085", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 18.2}, {"id": "CVE-2026-7779", "description": "A security flaw has been discovered in Open5GS up to 2.7.7. Affected is the function udm_nudr_dr_handle_subscription_authentication of the file /src/udm/nudr-handler.c of the component authentication-subscription Endpoint. Performing a manipulation results in denial of service. Remote exploitation o...", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-04T21:16:33.080Z", "lastModified": "2026-05-05T19:10:02.317", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7779", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 18.2}, {"id": "CVE-2026-7780", "description": "A weakness has been identified in Open5GS up to 2.7.7. Affected by this vulnerability is the function udm_state_operational of the file /src/udm/udm-sm.c of the component smf-registrations Endpoint. Executing a manipulation can lead to denial of service. The attack can be executed remotely. The expl...", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-04T22:16:20.493Z", "lastModified": "2026-05-05T19:10:02.317", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7780", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 18.2}, {"id": "CVE-2026-7781", "description": "A security vulnerability has been detected in Open5GS up to 2.7.7. Affected by this issue is the function udm_nudm_uecm_handle_amf_registration_update of the file /src/udm/nudm-handler.c of the component amf-3gpp-access Endpoint. The manipulation leads to denial of service. The attack is possible to...", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-04T23:16:01.113Z", "lastModified": "2026-05-05T19:10:02.317", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7781", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 18.2}, {"id": "CVE-2026-6700", "description": "The DX Sources plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.1. This is due to missing or incorrect nonce validation on the settings_page_build function. This makes it possible for unauthenticated attackers to trick a logged-in administrat...", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-05T03:16:00.627Z", "lastModified": "2026-05-05T19:09:32.000", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6700", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 18.2}, {"id": "CVE-2026-6701", "description": "The addfreespace plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.1.3. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts ...", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-05T03:16:00.790Z", "lastModified": "2026-05-05T19:09:32.000", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6701", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 18.2}, {"id": "CVE-2026-3601", "description": "The User Registration & Membership plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `embed_form_action()` function in all versions up to, and including, 5.1.4. This makes it possible for authenticated attackers, with Contributor-level a...", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-05T09:16:03.980Z", "lastModified": "2026-05-05T19:08:20.090", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3601", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 18.2}, {"id": "CVE-2026-6907", "description": "An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14.\n`django.middleware.cache.UpdateCacheMiddleware` erroneously caches requests where the `Vary` header contained an asterisk (`'*'`). This can lead to private data being stored and served.\nEarlier, unsupported Django series (such as 5.0...", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-05T16:16:18.227Z", "lastModified": "2026-05-07T14:16:04.940", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6907", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 18.2}, {"id": "CVE-2026-2306", "description": "The Ninja Tables \u2013 Easy Data Table Builder plugin for WordPress is vulnerable to unauthorized database table creation due to missing authorization checks on the `createFluentCartTable` function in all versions up to, and including, 5.2.6. This makes it possible for authenticated attackers, with Subs...", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-06T06:16:03.660Z", "lastModified": "2026-05-06T13:06:42.220", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2306", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 18.2}, {"id": "CVE-2026-8027", "description": "A weakness has been identified in FlowiseAI Flowise up to 3.0.12. Affected by this vulnerability is an unknown functionality of the component User Controller Handler. This manipulation of the argument userId/organizationId/workspaceId/email causes authorization bypass. The attack may be initiated re...", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-06T15:16:13.050Z", "lastModified": "2026-05-07T14:50:57.317", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8027", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 18.2}, {"id": "CVE-2026-20172", "description": "A vulnerability in the Lite Agent feature of Cisco Enterprise Chat and Email (ECE) could allow an authenticated, remote attacker to conduct browser-based attacks. To exploit this vulnerability, the attacker must have valid credentials for a user account with at least the role of Agent.\r\n\r\nThis vulne...", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-06T17:16:20.880Z", "lastModified": "2026-05-06T18:59:53.230", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20172", "is_exploited": false, "epss": 0, "vendor": "CISCO", "mts_score": 18.2}, {"id": "CVE-2026-20189", "description": "A vulnerability in the log file download functionality of Cisco Prime Infrastructure could allow an&nbsp;authenticated, remote attacker to download arbitrary log files from the server.\r\n\r\nThis vulnerability is due to insufficient authorization checks on the download service API. An attacker could ex...", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-06T17:16:21.360Z", "lastModified": "2026-05-06T18:59:53.230", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20189", "is_exploited": false, "epss": 0, "vendor": "CISCO", "mts_score": 18.2}, {"id": "CVE-2026-20193", "description": "A vulnerability in the RADIUS Policy API endpoints of Cisco ISE could allow an&nbsp;authenticated, remote attacker with read-only Administrator privileges to gain unauthorized access to sensitive information on an affected device.\r\n\r\nThis vulnerability is due to improper role-based access control (R...", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-06T17:16:21.500Z", "lastModified": "2026-05-06T18:59:53.230", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20193", "is_exploited": false, "epss": 0, "vendor": "CISCO", "mts_score": 18.2}, {"id": "CVE-2026-7904", "description": "Out of bounds read in Fonts in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-06T19:16:38.697Z", "lastModified": "2026-05-06T23:42:14.127", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7904", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 18.2}, {"id": "CVE-2026-7915", "description": "Insufficient data validation in DevTools in Google Chrome on Android prior to 148.0.7778.96 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: High)", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-06T19:16:39.787Z", "lastModified": "2026-05-10T14:16:51.527", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7915", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 18.2}, {"id": "CVE-2026-7933", "description": "Out of bounds read in WebCodecs in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform an out of bounds memory read via a crafted video file. (Chromium security severity: Medium)", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-06T19:16:41.637Z", "lastModified": "2026-05-06T23:34:54.613", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7933", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 18.2}, {"id": "CVE-2026-7936", "description": "Object lifecycle issue in V8 in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-06T19:16:41.933Z", "lastModified": "2026-05-06T23:34:23.097", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7936", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 18.2}, {"id": "CVE-2026-7942", "description": "Integer overflow in ANGLE in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-06T19:16:42.530Z", "lastModified": "2026-05-06T23:33:07.083", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7942", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 18.2}, {"id": "CVE-2026-7946", "description": "Insufficient policy enforcement in WebUI in Google Chrome on Linux, Mac, Windows, ChromeOS prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: Medium)", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-06T19:16:42.927Z", "lastModified": "2026-05-08T20:16:32.850", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7946", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 18.2}, {"id": "CVE-2026-7961", "description": "Insufficient validation of untrusted input in Permissions in Google Chrome prior to 148.0.7778.96 allowed an attacker on the local network segment to leak cross-origin data via malicious network traffic. (Chromium security severity: Medium)", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-06T19:16:46.150Z", "lastModified": "2026-05-07T02:03:31.953", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7961", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 18.2}, {"id": "CVE-2026-7969", "description": "Integer overflow in Network in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium)", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-06T19:16:47.710Z", "lastModified": "2026-05-07T02:01:44.223", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7969", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 18.2}, {"id": "CVE-2026-7972", "description": "Uninitialized Use in GPU in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-06T19:16:48.073Z", "lastModified": "2026-05-07T02:01:11.110", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7972", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 18.2}, {"id": "CVE-2026-7979", "description": "Inappropriate implementation in Media in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-06T19:16:48.763Z", "lastModified": "2026-05-12T01:16:47.327", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7979", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 18.2}, {"id": "CVE-2026-7983", "description": "Out of bounds read in Dawn in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-06T19:16:49.177Z", "lastModified": "2026-05-06T23:21:46.353", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7983", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 18.2}, {"id": "CVE-2026-7986", "description": "Insufficient policy enforcement in Autofill in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-06T19:16:49.483Z", "lastModified": "2026-05-06T23:21:14.823", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7986", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 18.2}, {"id": "CVE-2026-7999", "description": "Inappropriate implementation in V8 in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Low)", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-06T19:16:50.833Z", "lastModified": "2026-05-07T13:39:23.503", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7999", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 18.2}, {"id": "CVE-2026-8004", "description": "Insufficient policy enforcement in DevTools in Google Chrome prior to 148.0.7778.96 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: Low)", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-06T19:16:51.390Z", "lastModified": "2026-05-07T13:54:23.817", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8004", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 18.2}, {"id": "CVE-2026-8005", "description": "Insufficient validation of untrusted input in Cast in Google Chrome prior to 148.0.7778.96 allowed an attacker on the local network segment to bypass same origin policy via malicious network traffic. (Chromium security severity: Low)", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-06T19:16:51.477Z", "lastModified": "2026-05-07T13:54:02.197", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8005", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 18.2}, {"id": "CVE-2026-8011", "description": "Insufficient policy enforcement in Search in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-06T19:16:52.067Z", "lastModified": "2026-05-07T15:16:58.667", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8011", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 18.2}, {"id": "CVE-2026-8013", "description": "Insufficient validation of untrusted input in FedCM in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-06T19:16:52.250Z", "lastModified": "2026-05-07T15:19:30.703", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8013", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 18.2}, {"id": "CVE-2026-8014", "description": "Inappropriate implementation in Preload in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-06T19:16:52.353Z", "lastModified": "2026-05-07T15:16:42.573", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8014", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 18.2}, {"id": "CVE-2026-44111", "description": "OpenClaw before 2026.4.15 contains an arbitrary file read vulnerability in the QMD backend memory_get function that allows callers to read any Markdown files within the workspace root. Attackers with access to the memory tool can bypass path restrictions by providing arbitrary workspace Markdown pat...", "score": 4.3, "severity": "MEDIUM", "published": "2026-05-06T20:16:34.907Z", "lastModified": "2026-05-07T19:42:03.230", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44111", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 18.2}, {"id": "CVE-2026-7912", "description": "Integer overflow in GPU in Google Chrome on Android prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)", "score": 4.2, "severity": "MEDIUM", "published": "2026-05-06T19:16:39.487Z", "lastModified": "2026-05-06T23:40:48.260", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7912", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 17.8}, {"id": "CVE-2026-7934", "description": "Insufficient validation of untrusted input in Popup Blocker in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)", "score": 4.2, "severity": "MEDIUM", "published": "2026-05-06T19:16:41.740Z", "lastModified": "2026-05-06T23:34:43.543", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7934", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 17.8}, {"id": "CVE-2026-7943", "description": "Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Medium)", "score": 4.2, "severity": "MEDIUM", "published": "2026-05-06T19:16:42.627Z", "lastModified": "2026-05-06T23:32:58.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7943", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 17.8}, {"id": "CVE-2026-7947", "description": "Insufficient validation of untrusted input in Network in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)", "score": 4.2, "severity": "MEDIUM", "published": "2026-05-06T19:16:43.017Z", "lastModified": "2026-05-06T23:32:04.600", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7947", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 17.8}, {"id": "CVE-2026-7952", "description": "Insufficient policy enforcement in Extensions in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Medium)", "score": 4.2, "severity": "MEDIUM", "published": "2026-05-06T19:16:43.510Z", "lastModified": "2026-05-07T02:06:58.837", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7952", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 17.8}, {"id": "CVE-2026-7964", "description": "Insufficient validation of untrusted input in FileSystem in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Medium)", "score": 4.2, "severity": "MEDIUM", "published": "2026-05-06T19:16:46.873Z", "lastModified": "2026-05-07T02:02:37.210", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7964", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 17.8}, {"id": "CVE-2026-7989", "description": "Insufficient data validation in DataTransfer in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Medium)", "score": 4.2, "severity": "MEDIUM", "published": "2026-05-06T19:16:49.783Z", "lastModified": "2026-05-08T20:16:33.150", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7989", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 17.8}, {"id": "CVE-2026-7993", "description": "Insufficient validation of untrusted input in Payments in Google Chrome on Android prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)", "score": 4.2, "severity": "MEDIUM", "published": "2026-05-06T19:16:50.177Z", "lastModified": "2026-05-06T23:19:28.493", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7993", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 17.8}, {"id": "CVE-2026-7996", "description": "Insufficient validation of untrusted input in SSL in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)", "score": 4.2, "severity": "MEDIUM", "published": "2026-05-06T19:16:50.477Z", "lastModified": "2026-05-06T23:18:54.167", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7996", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 17.8}, {"id": "CVE-2026-8021", "description": "Script injection in UI in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: Low)", "score": 4.2, "severity": "MEDIUM", "published": "2026-05-06T19:16:53.053Z", "lastModified": "2026-05-07T15:18:04.463", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8021", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 17.8}, {"id": "CVE-2026-41659", "description": "Admidio is an open-source user management solution. Prior to version 5.0.9, the member assignment DataTables endpoint (members_assignment_data.php) includes hidden profile fields (BIRTHDAY, STREET, CITY, POSTCODE, COUNTRY) in its SQL search condition regardless of field visibility settings. While th...", "score": 2.7, "severity": "LOW", "published": "2026-05-07T04:16:29.567Z", "lastModified": "2026-05-07T15:16:08.253", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41659", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 17.8}, {"id": "CVE-2026-42798", "description": "Little CMS (lcms2) 2.16 through 2.18 before 2.19 has an integer overflow in ParseCube in cmscgats.c.", "score": 4.0, "severity": "MEDIUM", "published": "2026-04-30T07:16:37.423Z", "lastModified": "2026-04-30T15:48:04.627", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42798", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 17.0}, {"id": "CVE-2025-31974", "description": "HCL BigFix Service Management (SM) is susceptible to a Root File System Not Mounted as Read-Only. An improperly configured root file system may allow\n\nunintended modifications to critical system components, potentially increasing the risk of system compromise or unauthorized changes.", "score": 3.9, "severity": "LOW", "published": "2026-05-06T19:16:35.593Z", "lastModified": "2026-05-11T13:51:22.940", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31974", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 16.6}, {"id": "CVE-2026-8136", "description": "A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects an unknown part of the file /index.php?page=users. Executing a manipulation of the argument Name can lead to cross site scripting. The attack may be launched remotely. The exploit has been published and may...", "score": 2.4, "severity": "LOW", "published": "2026-05-08T04:16:26.940Z", "lastModified": "2026-05-08T15:41:07.867", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8136", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 16.6}, {"id": "CVE-2026-8218", "description": "A weakness has been identified in Devs Palace ERP Online up to 4.0.0. The affected element is an unknown function of the file /inventory/purchase_return_save. Executing a manipulation can lead to cross site scripting. The attack may be launched remotely. The exploit has been made available to the pu...", "score": 2.4, "severity": "LOW", "published": "2026-05-10T02:16:10.110Z", "lastModified": "2026-05-11T15:08:09.893", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8218", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 16.6}, {"id": "CVE-2026-8219", "description": "A security vulnerability has been detected in Devs Palace ERP Online up to 4.0.0. The impacted element is an unknown function of the file /inventory/supplier-save. The manipulation leads to cross site scripting. Remote exploitation of the attack is possible. The exploit has been disclosed publicly a...", "score": 2.4, "severity": "LOW", "published": "2026-05-10T02:16:10.307Z", "lastModified": "2026-05-11T15:08:09.893", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8219", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 16.6}, {"id": "CVE-2026-8220", "description": "A vulnerability was detected in Devs Palace ERP Online up to 4.0.0. This affects an unknown function of the file /inventory/customer-save. The manipulation results in cross site scripting. The attack can be executed remotely. The exploit is now public and may be used. The vendor was contacted early ...", "score": 2.4, "severity": "LOW", "published": "2026-05-10T03:16:07.703Z", "lastModified": "2026-05-11T15:08:09.893", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8220", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 16.6}, {"id": "CVE-2026-8221", "description": "A flaw has been found in Devs Palace ERP Online up to 4.0.0. This impacts an unknown function of the file /inventory/item-save. This manipulation causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been published and may be used. The vendor was contacted e...", "score": 2.4, "severity": "LOW", "published": "2026-05-10T03:16:08.523Z", "lastModified": "2026-05-11T15:08:09.893", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8221", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 16.6}, {"id": "CVE-2026-8253", "description": "A vulnerability was identified in Devs Palace ERP Online up to 4.0.0. Affected by this vulnerability is an unknown functionality of the file /inventory/purchase_save. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit is publicly available and...", "score": 2.4, "severity": "LOW", "published": "2026-05-11T00:16:33.590Z", "lastModified": "2026-05-11T15:08:09.893", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8253", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 16.6}, {"id": "CVE-2026-8254", "description": "A security flaw has been discovered in Devs Palace ERP Online up to 4.0.0. Affected by this issue is some unknown functionality of the file /inventory/sales_save. The manipulation results in cross site scripting. It is possible to launch the attack remotely. The exploit has been released to the publ...", "score": 2.4, "severity": "LOW", "published": "2026-05-11T00:16:33.770Z", "lastModified": "2026-05-11T15:08:09.893", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8254", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 16.6}, {"id": "CVE-2026-8255", "description": "A weakness has been identified in Devs Palace ERP Online up to 4.0.0. This affects an unknown part of the file /inventory/add_new_customer. This manipulation causes cross site scripting. The attack can be initiated remotely. The exploit has been made available to the public and could be used for att...", "score": 2.4, "severity": "LOW", "published": "2026-05-11T00:16:33.960Z", "lastModified": "2026-05-11T15:08:09.893", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8255", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 16.6}, {"id": "CVE-2026-8256", "description": "A security vulnerability has been detected in Devs Palace ERP Online up to 4.0.0. This vulnerability affects unknown code of the file /accounts/mr-save. Such manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. The ...", "score": 2.4, "severity": "LOW", "published": "2026-05-11T02:16:26.867Z", "lastModified": "2026-05-11T15:08:09.893", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8256", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 16.6}, {"id": "CVE-2026-8262", "description": "A vulnerability was identified in Devs Palace ERP Online up to 4.0.0. This impacts an unknown function of the file /accounts/chart-save. Such manipulation leads to cross site scripting. The attack may be performed from remote. The exploit is publicly available and might be used. The vendor was conta...", "score": 2.4, "severity": "LOW", "published": "2026-05-11T02:16:27.930Z", "lastModified": "2026-05-11T15:08:09.893", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8262", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 16.6}, {"id": "CVE-2026-3832", "description": "A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted Online Certificate Status Protocol (OCSP) response during a TLS handshake. Due to a logic error in how gnutls processes multi-record OCSP responses, a client with OCSP verification enable...", "score": 3.7, "severity": "LOW", "published": "2026-04-30T18:16:30.433Z", "lastModified": "2026-05-11T19:15:57.277", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3832", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.8}, {"id": "CVE-2026-41263", "description": "Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a timing side-channel vulnerability in Traefik's BasicAuth middleware that allows an attacker to enumerate valid usernames through response-time differences. The variable intended to hold ...", "score": 3.7, "severity": "LOW", "published": "2026-04-30T21:16:33.390Z", "lastModified": "2026-05-01T17:37:12.580", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41263", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.8}, {"id": "CVE-2026-40686", "description": "In Exim before 4.99.2, when utf8 operators are enabled, there is an out-of-bounds read if large UTF-8 trailing characters are present (malformed UTF-8 header data). Information might be divulged within an error message produced during handling of an unrelated e-mail message.", "score": 3.7, "severity": "LOW", "published": "2026-04-30T22:16:25.787Z", "lastModified": "2026-05-01T17:44:15.677", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40686", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.8}, {"id": "CVE-2026-7606", "description": "A weakness has been identified in TRENDnet TEW-821DAP 1.12B01. This issue affects the function find_hwid/new_gui_update_firmware of the component Firmware Update Handler. Executing a manipulation of the argument dest can lead to insufficient verification of data authenticity. The attack can be launc...", "score": 3.7, "severity": "LOW", "published": "2026-05-02T08:16:27.967Z", "lastModified": "2026-05-06T20:23:49.230", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7606", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.8}, {"id": "CVE-2026-7610", "description": "A vulnerability has been found in TRENDnet TEW-821DAP 1.12B01. This affects an unknown function of the file /www/cgi/ssi of the component Firmware Update. Such manipulation leads to cleartext transmission of sensitive information. The attack can be executed remotely. This attack is characterized by ...", "score": 3.7, "severity": "LOW", "published": "2026-05-02T10:16:19.460Z", "lastModified": "2026-05-06T20:25:45.243", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7610", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.8}, {"id": "CVE-2026-7611", "description": "A vulnerability was found in TRENDnet TEW-821DAP up to 1.12B01. This impacts the function platform_do_upgrade_cameo_dev of the file cameo_dev.sh of the component Firmware Update Handler. Performing a manipulation results in insufficient verification of data authenticity. The attack is possible to be...", "score": 3.7, "severity": "LOW", "published": "2026-05-02T10:16:19.640Z", "lastModified": "2026-05-06T20:26:26.900", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7611", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.8}, {"id": "CVE-2026-7671", "description": "A vulnerability has been found in CodeWise Tornet Scooter Mobile App 4.75 on iOS/Android. The impacted element is an unknown function of the file /TwoFactor. Such manipulation leads to improper restriction of excessive authentication attempts. The attack may be performed from remote. Attacks of this...", "score": 3.7, "severity": "LOW", "published": "2026-05-03T00:16:16.157Z", "lastModified": "2026-05-04T15:19:34.637", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7671", "is_exploited": false, "epss": 0, "vendor": "ANDROID", "mts_score": 15.8}, {"id": "CVE-2026-7689", "description": "A security flaw has been discovered in Dolibarr ERP CRM up to 23.0.2. This vulnerability affects the function dol_verifyHash in the library htdocs/core/lib/security.lib.php of the component Online Signature Module. The manipulation results in improper verification of cryptographic signature. The att...", "score": 3.7, "severity": "LOW", "published": "2026-05-03T10:16:17.470Z", "lastModified": "2026-05-05T19:30:15.207", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7689", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.8}, {"id": "CVE-2026-43859", "description": "mutt before 2.3.2 sometimes uses strfcpy instead of memcpy for the IMAP auth_cram MD5 digest.", "score": 3.7, "severity": "LOW", "published": "2026-05-04T07:16:00.400Z", "lastModified": "2026-05-05T19:44:42.893", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43859", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.8}, {"id": "CVE-2026-43860", "description": "mutt before 2.3.2 sometimes truncates the hash_passwd by one byte for IMAP auth_cram MD5 digest.", "score": 3.7, "severity": "LOW", "published": "2026-05-04T07:16:00.573Z", "lastModified": "2026-05-05T19:44:42.893", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43860", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.8}, {"id": "CVE-2026-43861", "description": "mutt before 2.3.2 does not check for '\\0' in url_pct_decode.", "score": 3.7, "severity": "LOW", "published": "2026-05-04T07:16:00.730Z", "lastModified": "2026-05-05T19:44:42.893", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43861", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.8}, {"id": "CVE-2026-43862", "description": "In mutt before 2.3.2, the imap_auth_gss security level is mishandled.", "score": 3.7, "severity": "LOW", "published": "2026-05-04T07:16:00.883Z", "lastModified": "2026-05-05T19:44:42.893", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43862", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.8}, {"id": "CVE-2026-43863", "description": "mutt before 2.3.2 has an infinite loop in data_object_to_stream in crypt-gpgme.c.", "score": 3.7, "severity": "LOW", "published": "2026-05-04T07:16:01.033Z", "lastModified": "2026-05-05T19:44:42.893", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43863", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.8}, {"id": "CVE-2026-43964", "description": "Postfix before 3.8.16, 3.9 before 3.9.10, and 3.10 before 3.10.9 sometimes allows a buffer over-read and process crash via an enhanced status code that lacks text after the third number.", "score": 3.7, "severity": "LOW", "published": "2026-05-04T19:16:07.143Z", "lastModified": "2026-05-11T21:17:31.630", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43964", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.8}, {"id": "CVE-2025-59851", "description": "HCL DFXAnalytics is affected by a Using Components with Known Vulnerabilities flaw where the application utilizes unpatched libraries or sub-components, which could allow an attacker to identify and exploit publicly known security vulnerabilities to gain unauthorized access or compromise the applica...", "score": 3.7, "severity": "LOW", "published": "2026-05-06T11:16:04.440Z", "lastModified": "2026-05-07T20:04:10.620", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59851", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.8}, {"id": "CVE-2025-59852", "description": "HCL  DFXAnalytics  is affected by an Insufficient Transport Layer Protection vulnerability where data is transmitted over the network without encryption, which could allow an attacker to compromise the confidentiality, integrity, and authentication of sensitive information.", "score": 3.7, "severity": "LOW", "published": "2026-05-06T11:16:04.560Z", "lastModified": "2026-05-07T20:03:28.500", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59852", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.8}, {"id": "CVE-2026-8026", "description": "A security flaw has been discovered in FlowiseAI Flowise up to 3.0.12. Affected is the function Login of the file packages/server/src/enterprise/services/account.service.ts of the component API Response Handler. The manipulation results in information disclosure. The attack can be launched remotely....", "score": 3.7, "severity": "LOW", "published": "2026-05-06T13:16:10.577Z", "lastModified": "2026-05-07T15:04:56.137", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8026", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.8}, {"id": "CVE-2025-31982", "description": "HCL BigFix Service Management (SM) had directories that were not linked or publicly visible but could be accessed directly. This could allow an increased risk of information disclosure or misuse of sensitive functionality.", "score": 3.7, "severity": "LOW", "published": "2026-05-06T15:16:06.320Z", "lastModified": "2026-05-06T23:16:36.953", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31982", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.8}, {"id": "CVE-2025-31983", "description": "HCL BigFix Service Management (SM) is affected by a security misconfiguration vulnerability due to CSP header.  This could allow attackers to inject malicious scripts increasing the risk of cross-site scripting (XSS) and potential exposure of sensitive information.", "score": 3.7, "severity": "LOW", "published": "2026-05-06T15:16:07.783Z", "lastModified": "2026-05-06T23:17:39.177", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31983", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.8}, {"id": "CVE-2025-31984", "description": "HCL BigFix Service Management (SM) is affected by a security misconfiguration due to a missing or insecure \u201cX-Content-Type-Options\u201d header.  This could allow browsers to perform MIME-type sniffing, potentially causing malicious content to be interpreted and executed incorrectly.", "score": 3.7, "severity": "LOW", "published": "2026-05-06T15:16:07.900Z", "lastModified": "2026-05-07T16:25:03.180", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31984", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.8}, {"id": "CVE-2026-8028", "description": "A vulnerability was detected in FlowiseAI Flowise up to 3.0.12. This affects the function verify of the file packages/server/src/enterprise/services/account.service.ts of the component Endpoint. Performing a manipulation results in information disclosure. Remote exploitation of the attack is possibl...", "score": 3.7, "severity": "LOW", "published": "2026-05-06T15:16:13.210Z", "lastModified": "2026-05-07T14:47:19.257", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8028", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.8}, {"id": "CVE-2026-44597", "description": "Tor before 0.4.9.7 has an out-of-bounds read when an END, a TRUNCATE, or a TRUNCATED cell lacks a reason in its payload, aka TROVE-2026-011.", "score": 3.7, "severity": "LOW", "published": "2026-05-07T01:16:01.163Z", "lastModified": "2026-05-07T17:34:30.283", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44597", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.8}, {"id": "CVE-2026-45182", "description": "GrapheneOS before 2026050400 allows attackers to discover the real IP address of a VPN user as a consequence of a registerQuicConnectionClosePayload optimization, because an application can let system_server transmit UDP traffic on its behalf. This occurs when the \"Block connections without VPN\" and...", "score": 2.2, "severity": "LOW", "published": "2026-05-09T23:16:32.277Z", "lastModified": "2026-05-13T15:46:19.993", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45182", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.8}, {"id": "CVE-2026-7501", "description": "A weakness has been identified in LinkStackOrg LinkStack up to 4.8.6. Impacted is the function editPage of the file app/Http/Controllers/UserController.php. Executing a manipulation of the argument pageDescription can lead to cross site scripting. It is possible to launch the attack remotely. The ex...", "score": 3.5, "severity": "LOW", "published": "2026-04-30T21:16:34.360Z", "lastModified": "2026-05-01T15:26:24.553", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7501", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2026-7677", "description": "A vulnerability was determined in kerwincui FastBee up to 1.2.1. The impacted element is the function Add of the file springboot/fastbee-admin/src/main/java/com/fastbee/web/controller/system/SysNoticeController.java of the component System Notice Handler. This manipulation of the argument noticeCont...", "score": 3.5, "severity": "LOW", "published": "2026-05-03T05:15:58.857Z", "lastModified": "2026-05-05T19:15:06.200", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7677", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2025-31959", "description": "HCL BigFix Service Management (SM) application fails to strip EXIF metadata from uploaded images.  This could lead to confidentiality and privacy risks if sensitive location information is unintentionally shared. .", "score": 3.5, "severity": "LOW", "published": "2026-05-06T15:16:05.870Z", "lastModified": "2026-05-07T16:35:04.127", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31959", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2024-36315", "description": "Improper enforcement of the LFENCE serialization property may allow an attacker to bypass speculation barriers and potentially disclose sensitive information, potentially resulting in loss of confidentiality.", "score": 0.0, "severity": "PENDING", "published": "2026-05-13T04:16:43.977Z", "lastModified": "2026-05-13T14:49:11.830", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-36315", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2025-61971", "description": "Missing lock bit protection for NBIO registers could allow a local admin-privileged attacker to modify MMIO routing configurations, potentially resulting in loss of SEV-SNP guest integrity.", "score": 0.0, "severity": "PENDING", "published": "2026-05-13T04:17:31.187Z", "lastModified": "2026-05-13T14:49:11.830", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61971", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2025-61972", "description": "Missing lock bit protection for NBIO registers could allow a local admin-privileged attacker to gain arbitrary System Management Network (SMN) access, potentially resulting in arbitrary code execution in AMD Secure Processor (ASP) and loss of the SEV-SNP guest's confidentiality and integrity.", "score": 0.0, "severity": "PENDING", "published": "2026-05-13T04:17:34.867Z", "lastModified": "2026-05-13T14:49:11.830", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61972", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2025-62623", "description": "A heap-based buffer overflow in the ionic cloud driver for VMware ESXi could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.", "score": 0.0, "severity": "PENDING", "published": "2026-05-13T04:17:35.217Z", "lastModified": "2026-05-13T14:49:11.830", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62623", "is_exploited": false, "epss": 0, "vendor": "VMWARE", "mts_score": 15.0}, {"id": "CVE-2025-62624", "description": "A heap-based buffer overflow in the ionic cloud driver for VMware ESXi could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.", "score": 0.0, "severity": "PENDING", "published": "2026-05-13T04:17:35.607Z", "lastModified": "2026-05-13T14:49:11.830", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62624", "is_exploited": false, "epss": 0, "vendor": "VMWARE", "mts_score": 15.0}, {"id": "CVE-2025-62627", "description": "An untrusted pointer dereference in the ionic cloud driver for VMWare ESXi could allow an attacker with an unprivileged VM to read kernel memory or co-located guest VM memory, potentially resulting in loss of confidentiality or availability.", "score": 0.0, "severity": "PENDING", "published": "2026-05-13T04:17:35.780Z", "lastModified": "2026-05-13T14:49:11.830", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62627", "is_exploited": false, "epss": 0, "vendor": "VMWARE", "mts_score": 15.0}, {"id": "CVE-2026-21019", "description": "Improper input validation in FacAtFunction in Galaxy Watch prior to SMR May-2026 Release 1 allows local attacker to execute arbitrary code with system privilege.", "score": 0.0, "severity": "PENDING", "published": "2026-05-13T06:16:13.403Z", "lastModified": "2026-05-13T15:33:53.233", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21019", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2026-21024", "description": "Improper privilege management in Samsung System Support Service prior to version 8.0.8.0 allows local attackers to trigger privileged functions.", "score": 0.0, "severity": "PENDING", "published": "2026-05-13T06:16:13.920Z", "lastModified": "2026-05-13T15:33:53.233", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21024", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2026-2725", "description": "Incorrect authorization in the \"submitted together\" feature in Gerrit versions 2.12 and later allows an authenticated attacker with force push permissions on a secondary branch to bypass code review and forcefully submit code to restricted branches via a crafted submission matching the \"topic\" tag o...", "score": 0.0, "severity": "PENDING", "published": "2026-05-13T06:16:14.090Z", "lastModified": "2026-05-13T16:16:38.627", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2725", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2024-47091", "description": "Privilege escalation in the mk_mysql agent plugin on Windows in Checkmk <2.4.0p29, <2.3.0p47, and 2.2.0 (EOL) allows a local unprivileged user able to create a Windows service whose name matches 'MySQL' or 'MariaDB' (or with write access to a binary referenced by such a service) to execute arbitrary...", "score": 0.0, "severity": "PENDING", "published": "2026-05-13T10:16:14.460Z", "lastModified": "2026-05-13T15:57:03.607", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47091", "is_exploited": false, "epss": 0, "vendor": "WINDOWS", "mts_score": 15.0}, {"id": "CVE-2026-25710", "description": "The new upstream added a privileged D-Bus\nhelper called plasmaloginauthhelper, which suffers from multiple issues, e.g.aA compromised plasmalogin service account can chown()\u00a0arbitrary files in the system.", "score": 0.0, "severity": "PENDING", "published": "2026-05-13T13:01:30.807Z", "lastModified": "2026-05-13T15:35:35.267", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25710", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2026-44931", "description": "The newly introduced  RecordUsage D-Bus method https://gitlab.freedesktop.org/pwithnall/malcontent/-/blob/0.14.0/libmalcontent-timer/child-timer-service.c  in\nmalcontent-timerd\u00a0allows arbitrary users in the system to slowly fill up disk space\nin /var/lib/malcontent-timerd", "score": 0.0, "severity": "PENDING", "published": "2026-05-13T13:01:55.490Z", "lastModified": "2026-05-13T15:35:35.267", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44931", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2026-39803", "description": "Allocation of Resources Without Limits or Throttling vulnerability in mtrudel bandit allows unauthenticated remote denial of service via memory exhaustion.\n\nThe chunked clause of 'Elixir.Bandit.HTTP1.Socket':read_data/2 in lib/bandit/http1/socket.ex ignores the caller-supplied :length option when re...", "score": 0.0, "severity": "PENDING", "published": "2026-05-13T14:17:32.633Z", "lastModified": "2026-05-13T16:16:41.540", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39803", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2026-39806", "description": "Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in mtrudel bandit allows unauthenticated remote denial of service via worker process exhaustion.\n\n'Elixir.Bandit.HTTP1.Socket':do_read_chunked_data!/5 in lib/bandit/http1/socket.ex terminates only when the last-chunk line 0\\r\\n is ...", "score": 0.0, "severity": "PENDING", "published": "2026-05-13T14:17:35.700Z", "lastModified": "2026-05-13T16:16:41.917", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39806", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2026-8369", "description": "Improper Input Validation in the NAT64 translator in The OpenThread Authors OpenThread before commit 26a882d on all platforms allows an attacker on the adjacent IPv4 network to inject corrupted IPv6 packets into the Thread mesh or bypass security checks via crafted IPv4 packets with options.", "score": 0.0, "severity": "PENDING", "published": "2026-05-13T14:18:16.953Z", "lastModified": "2026-05-13T15:54:22.820", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8369", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2025-32425", "description": "AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. In AutoGPT, the execution process is recorded to the console (stdout/stderr), and deployed in container mode, which is automatically captured by Docker and...", "score": 0.0, "severity": "PENDING", "published": "2026-05-13T16:16:35.297Z", "lastModified": "2026-05-13T16:32:31.457", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32425", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2026-42557", "description": "jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. Prior to 4.5.7, JupyterLab's HTML sanitizer allowlists data-commandlinker-command and data-commandlinker-args on button elements, while CommandLinker listens for all click ...", "score": 0.0, "severity": "PENDING", "published": "2026-05-13T16:16:48.167Z", "lastModified": "2026-05-13T16:32:31.457", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42557", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2026-43476", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: chemical: sps30_i2c: fix buffer size in sps30_i2c_read_meas()\n\nsizeof(num) evaluates to sizeof(size_t) (8 bytes on 64-bit) instead\nof the intended __be32 element size (4 bytes). Use sizeof(*meas) to\ncorrectly match the buffer ...", "score": 0.0, "severity": "PENDING", "published": "2026-05-13T16:16:50.680Z", "lastModified": "2026-05-13T16:16:50.680", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43476", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 15.0}, {"id": "CVE-2026-43477", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915/vrr: Configure VRR timings after enabling TRANS_DDI_FUNC_CTL\n\nApparently ICL may hang with an MCE if we write TRANS_VRR_VMAX/FLIPLINE\nbefore enabling TRANS_DDI_FUNC_CTL.\n\nPersonally I was only able to reproduce a hang (on ...", "score": 0.0, "severity": "PENDING", "published": "2026-05-13T16:16:50.807Z", "lastModified": "2026-05-13T16:16:50.807", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43477", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 15.0}, {"id": "CVE-2026-43478", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: codecs: rt1011: Use component to get the dapm context in spk_mode_put\n\nThe correct helper to use in rt1011_recv_spk_mode_put() to retrieve the\nDAPM context is snd_soc_component_to_dapm(), from kcontrol we will\nreceive NULL po...", "score": 0.0, "severity": "PENDING", "published": "2026-05-13T16:16:50.940Z", "lastModified": "2026-05-13T16:16:50.940", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43478", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 15.0}, {"id": "CVE-2026-43479", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: lan78xx: fix WARN in __netif_napi_del_locked on disconnect\n\nRemove redundant netif_napi_del() call from disconnect path.\n\nA WARN may be triggered in __netif_napi_del_locked() during USB device\ndisconnect:\n\n  WARNING: CPU:...", "score": 0.0, "severity": "PENDING", "published": "2026-05-13T16:16:51.040Z", "lastModified": "2026-05-13T16:16:51.040", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43479", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 15.0}, {"id": "CVE-2026-43480", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: amd: acp3x-rt5682-max9836: Add missing error check for clock acquisition\n\nThe acp3x_5682_init() function did not check the return value of\nclk_get(), which could lead to dereferencing error pointers in\nrt5682_clk_enable().\n\nF...", "score": 0.0, "severity": "PENDING", "published": "2026-05-13T16:16:51.163Z", "lastModified": "2026-05-13T16:16:51.163", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43480", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 15.0}, {"id": "CVE-2026-43481", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet-shapers: don't free reply skb after genlmsg_reply()\n\ngenlmsg_reply() hands the reply skb to netlink, and\nnetlink_unicast() consumes it on all return paths, whether the\nskb is queued successfully or freed on an error path.\n\nnet_...", "score": 0.0, "severity": "PENDING", "published": "2026-05-13T16:16:51.287Z", "lastModified": "2026-05-13T16:16:51.287", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43481", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 15.0}, {"id": "CVE-2026-43482", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched_ext: Disable preemption between scx_claim_exit() and kicking helper work\n\nscx_claim_exit() atomically sets exit_kind, which prevents scx_error() from\ntriggering further error handling. After claiming exit, the caller must kic...", "score": 0.0, "severity": "PENDING", "published": "2026-05-13T16:16:51.390Z", "lastModified": "2026-05-13T16:16:51.390", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43482", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 15.0}, {"id": "CVE-2026-43483", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: SVM: Set/clear CR8 write interception when AVIC is (de)activated\n\nExplicitly set/clear CR8 write interception when AVIC is (de)activated to\nfix a bug where KVM leaves the interception enabled after AVIC is\nactivated.  E.g. if ...", "score": 0.0, "severity": "PENDING", "published": "2026-05-13T16:16:51.497Z", "lastModified": "2026-05-13T16:16:51.497", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43483", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 15.0}, {"id": "CVE-2026-43484", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmmc: core: Avoid bitfield RMW for claim/retune flags\n\nMove claimed and retune control flags out of the bitfield word to\navoid unrelated RMW side effects in asynchronous contexts.\n\nThe host->claimed bit shared a word with retune fla...", "score": 0.0, "severity": "PENDING", "published": "2026-05-13T16:16:51.623Z", "lastModified": "2026-05-13T16:16:51.623", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43484", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 15.0}, {"id": "CVE-2026-43485", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnouveau/gsp: drop WARN_ON in ACPI probes\n\nThese WARN_ONs seem to trigger a lot, and we don't seem to have a\nplan to fix them, so just drop them, as they are most likely\nharmless.", "score": 0.0, "severity": "PENDING", "published": "2026-05-13T16:16:51.750Z", "lastModified": "2026-05-13T16:16:51.750", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43485", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 15.0}, {"id": "CVE-2026-43486", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: contpte: fix set_access_flags() no-op check for SMMU/ATS faults\n\ncontpte_ptep_set_access_flags() compared the gathered ptep_get() value\nagainst the requested entry to detect no-ops. ptep_get() ORs AF/dirty\nfrom all sub-PTEs ...", "score": 0.0, "severity": "PENDING", "published": "2026-05-13T16:16:51.880Z", "lastModified": "2026-05-13T16:16:51.880", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43486", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 15.0}, {"id": "CVE-2026-43487", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nata: libata-core: Disable LPM on ST1000DM010-2EP102\n\nAccording to a user report, the ST1000DM010-2EP102 has problems with LPM,\ncausing random system freezes. The drive belongs to the same BarraCuda\nfamily as the ST2000DM008-2FR102 ...", "score": 0.0, "severity": "PENDING", "published": "2026-05-13T16:16:51.997Z", "lastModified": "2026-05-13T16:16:51.997", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43487", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 15.0}, {"id": "CVE-2026-43488", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: xhci: Prevent interrupt storm on host controller error (HCE)\n\nThe xHCI controller reports a Host Controller Error (HCE) in UAS Storage\nDevice plug/unplug scenarios on Android devices. HCE is checked in\nxhci_irq() function and ...", "score": 0.0, "severity": "PENDING", "published": "2026-05-13T16:16:52.107Z", "lastModified": "2026-05-13T16:16:52.107", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43488", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 15.0}, {"id": "CVE-2026-43489", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nliveupdate: luo_file: remember retrieve() status\n\nLUO keeps track of successful retrieve attempts on a LUO file.  It does so\nto avoid multiple retrievals of the same file.  Multiple retrievals cause\nproblems because once the file i...", "score": 0.0, "severity": "PENDING", "published": "2026-05-13T16:16:52.230Z", "lastModified": "2026-05-13T16:16:52.230", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43489", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 15.0}, {"id": "CVE-2026-44467", "description": "The Claude Desktop app gives you Claude Code with a graphical interface built for running multiple sessions side by side. From 1.2581.0 to before 1.4304.0, Claude Desktop's SSH remote development feature verified only whether a hostname existed in ~/.ssh/known_hosts without comparing the server's pr...", "score": 0.0, "severity": "PENDING", "published": "2026-05-13T16:16:58.100Z", "lastModified": "2026-05-13T16:58:40.557", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44467", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2026-44470", "description": "The Claude Desktop app gives you Claude Code with a graphical interface built for running multiple sessions side by side. Prior to 1.3834.0, the CoworkVMService component in Claude Desktop for Windows ran as SYSTEM and did not validate whether the VM bundle directory was a real directory or an NTFS ...", "score": 0.0, "severity": "PENDING", "published": "2026-05-13T16:16:58.263Z", "lastModified": "2026-05-13T16:58:40.557", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44470", "is_exploited": false, "epss": 0, "vendor": "WINDOWS", "mts_score": 15.0}, {"id": "CVE-2026-45033", "description": "GitHub Copilot CLI brings AI-powered coding assistance directly to your command line. Prior to 1.0.43, a  security vulnerability has been identified in GitHub Copilot CLI where a malicious bare git repository nested inside a project directory can achieve arbitrary code execution when the agent perfo...", "score": 0.0, "severity": "PENDING", "published": "2026-05-13T16:17:00.313Z", "lastModified": "2026-05-13T19:17:29.767", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45033", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2026-0237", "description": "An improper protection of alternate path vulnerability in Palo Alto Networks Prisma\u00ae Browser on macOS fails to properly restrict access to an internal automation bridge. This allows a locally authenticated non-admin user to leverage an exposed communication channel to send unauthorized commands to t...", "score": 0.0, "severity": "PENDING", "published": "2026-05-13T18:16:12.990Z", "lastModified": "2026-05-13T18:17:47.830", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0237", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2026-0263", "description": "A buffer overflow vulnerability in the IKEv2 processing of Palo Alto Networks PAN-OS\u00ae software allows an unauthenticated network-based attacker to execute arbitrary code with elevated privileges on the firewall, or cause a denial of service (DoS) condition.\n\n\nPanorama, Cloud NGFW, and Prisma\u00ae Access...", "score": 0.0, "severity": "PENDING", "published": "2026-05-13T18:16:14.003Z", "lastModified": "2026-05-13T18:17:47.830", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0263", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2026-0264", "description": "A buffer overflow vulnerability in the DNS proxy and DNS Server features of Palo Alto Networks PAN-OS\u00ae Software allows an unauthenticated attacker with network access to cause a denial of service (DoS) condition (all PAN-OS platforms except Cloud NGFW and Prisma Access) or potentially execute arbitr...", "score": 0.0, "severity": "PENDING", "published": "2026-05-13T18:16:14.283Z", "lastModified": "2026-05-13T18:17:47.830", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0264", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2026-0265", "description": "An authentication bypass vulnerability in Palo Alto Networks PAN-OS\u00ae software enables an unauthenticated attacker with network access to bypass authentication controls when Cloud Authentication Service (CAS) is enabled.\n\n\n\nThe risk is higher if CAS is enabled on the management interface and lower wh...", "score": 0.0, "severity": "PENDING", "published": "2026-05-13T18:16:14.693Z", "lastModified": "2026-05-13T18:17:47.830", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0265", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2026-0235", "description": "A race condition vulnerability in Palo Alto Networks Prisma\u00ae Browser enables a locally authenticated non-admin user to bypass certain access and data control policies.", "score": 0.0, "severity": "PENDING", "published": "2026-05-13T19:16:56.960Z", "lastModified": "2026-05-14T16:21:23.190", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0235", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2026-0236", "description": "A code injection vulnerability in Palo Alto Networks Prisma\u00ae Browser on macOS fails to properly restrict access to its AppleScript interface allowing a locally authenticated non-admin user to leverage this exposed Apple Event handler to send unauthorized commands to the browser.", "score": 0.0, "severity": "PENDING", "published": "2026-05-13T19:16:57.183Z", "lastModified": "2026-05-14T16:21:23.190", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0236", "is_exploited": false, "epss": 0, "vendor": "APPLE", "mts_score": 15.0}, {"id": "CVE-2026-0238", "description": "A vulnerability in Palo Alto Networks Broker VM allows an authenticated administrator to inject arbitrary content into certain Broker VM fields.", "score": 0.0, "severity": "PENDING", "published": "2026-05-13T19:16:57.417Z", "lastModified": "2026-05-14T16:21:23.190", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0238", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2026-0239", "description": "An information disclosure vulnerability in the Chronosphere Chronocollector enables an unauthenticated attacker with network access to the collector service to retrieve sensitive information.", "score": 0.0, "severity": "PENDING", "published": "2026-05-13T19:16:57.573Z", "lastModified": "2026-05-14T16:21:23.190", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0239", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2026-0240", "description": "An information disclosure vulnerability in Trust Protection Foundation enables an authenticated attacker to obtain sensitive information from the server's vault. Successful exploitation of this issue allows the attacker to impersonate any user within the environment and arbitrarily modify configurat...", "score": 0.0, "severity": "PENDING", "published": "2026-05-13T19:16:57.767Z", "lastModified": "2026-05-14T16:21:23.190", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0240", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2026-0241", "description": "Incorrect Authorization vulnerabilities in Trust Protection Foundation allow attackers to bypass access controls and perform unauthorized actions on restricted resources.", "score": 0.0, "severity": "PENDING", "published": "2026-05-13T19:16:57.973Z", "lastModified": "2026-05-14T16:21:23.190", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0241", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2026-0242", "description": "A SQL injection vulnerability in Trust Protection Foundation allows an authenticated attacker to execute arbitrary SQL commands against the product database. Successful exploitation could allow an attacker to read sensitive data, modify database contents, and escalate privileges to gain full adminis...", "score": 0.0, "severity": "PENDING", "published": "2026-05-13T19:16:58.130Z", "lastModified": "2026-05-14T16:21:23.190", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0242", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2026-0244", "description": "An improper certificate validation vulnerability in the Palo Alto Networks Prisma SD-WAN ION enables man-in-the-middle (MitM) attacker to impersonate the controller.", "score": 0.0, "severity": "PENDING", "published": "2026-05-13T19:16:58.297Z", "lastModified": "2026-05-14T16:21:23.190", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0244", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2026-0245", "description": "Multiple information disclosure vulnerabilities in Prisma Access Agent\u00ae allow a local user to access sensitive configuration data and credentials.\n\n\n\nThe Prisma Access Agent on Linux, ChromeOS, Android, and iOS are not affected.", "score": 0.0, "severity": "PENDING", "published": "2026-05-13T19:16:58.450Z", "lastModified": "2026-05-14T16:21:23.190", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0245", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 15.0}, {"id": "CVE-2026-0246", "description": "A vulnerability with a privilege management mechanism in the Palo Alto Networks Prisma Access Agent\u00ae enables a locally authenticated non-administrative user to escalate their privileges to root on macOS and Linux or NT AUTHORITY\\SYSTEM on Windows. This allows the user to execute arbitrary code and r...", "score": 0.0, "severity": "PENDING", "published": "2026-05-13T19:16:58.603Z", "lastModified": "2026-05-14T16:21:23.190", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0246", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 15.0}, {"id": "CVE-2026-0247", "description": "Multiple authorization bypass vulnerabilities in the Endpoint DLP component of Prisma Access Agent\u00ae allow a local attacker to bypass authentication controls and execute privileged operations.", "score": 0.0, "severity": "PENDING", "published": "2026-05-13T19:16:58.780Z", "lastModified": "2026-05-14T16:21:23.190", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0247", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2026-0248", "description": "An improper certificate validation vulnerability in the Prisma Access Agent\u00ae for Android and Chrome OS enables an attacker to perform a man-in-the-middle (MitM) attack to intercept VPN traffic. By presenting a certificate for any domain issued by a trusted Certificate Authority, the attacker can cap...", "score": 0.0, "severity": "PENDING", "published": "2026-05-13T19:16:58.920Z", "lastModified": "2026-05-14T16:21:23.190", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0248", "is_exploited": false, "epss": 0, "vendor": "ANDROID", "mts_score": 15.0}, {"id": "CVE-2026-0249", "description": "Multiple improper certificate validation vulnerabilities in the Palo Alto Networks GlobalProtect\u2122 app enables an attacker to intercept encrypted communications and potentially compromise the endpoint. This can enable a local non-administrative operating system user or an attacker on the same subnet ...", "score": 0.0, "severity": "PENDING", "published": "2026-05-13T19:16:59.073Z", "lastModified": "2026-05-14T16:21:23.190", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0249", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2026-0250", "description": "A buffer overflow vulnerability exists in the Palo Alto Networks GlobalProtect\u2122 app that enables a man in the middle attacker to disrupt system processes and potentially execute arbitrary code with SYSTEM privileges. This vulnerability is triggered during the processing of requests and responses exc...", "score": 0.0, "severity": "PENDING", "published": "2026-05-13T19:16:59.260Z", "lastModified": "2026-05-14T16:21:23.190", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0250", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2026-0251", "description": "Multiple local privilege escalation vulnerabilities in the Palo Alto Networks GlobalProtect\u2122 app allow a local user to escalate their privileges to NT AUTHORITY\\SYSTEM on Windows and root on macOS and Linux. This enables a non-administrative user to execute arbitrary commands with administrative pri...", "score": 0.0, "severity": "PENDING", "published": "2026-05-13T19:16:59.470Z", "lastModified": "2026-05-14T16:21:23.190", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0251", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 15.0}, {"id": "CVE-2026-0256", "description": "A stored cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS\u00ae software enables a malicious authenticated administrator to store a JavaScript payload using the web interface.\n\n\nThis issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual ...", "score": 0.0, "severity": "PENDING", "published": "2026-05-13T19:17:00.603Z", "lastModified": "2026-05-14T16:21:23.190", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0256", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2026-0257", "description": "Authentication bypass vulnerabilities in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OS\u00ae software allows the attacker to bypass security restrictions and establish an unauthorized VPN connection.\n\nPanorama and Cloud NGFW are not impacted by these issues.", "score": 0.0, "severity": "PENDING", "published": "2026-05-13T19:17:01.040Z", "lastModified": "2026-05-14T16:21:23.190", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0257", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2026-0258", "description": "A server-side request forgery (SSRF) vulnerability in the IKEv2 implementation of Palo Alto Networks PAN-OS\u00ae software allows an unauthenticated attacker to cause the firewall to send network requests to unintended destinations or cause a denial of service (DoS) condition.\n\n\n\nPanorama, Cloud NGFW and...", "score": 0.0, "severity": "PENDING", "published": "2026-05-13T19:17:01.483Z", "lastModified": "2026-05-14T16:21:23.190", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0258", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2026-0259", "description": "An arbitrary File Read and Delete Vulnerability in Palo Alto Networks WildFire\u00ae WF-500 and WF-500-B appliances enables users to read sensitive information and delete arbitrary files. This vulnerability affects WF-500 and WF-500-B appliances running in the default non-FIPS configuration mode.\n\n\n\nThe ...", "score": 0.0, "severity": "PENDING", "published": "2026-05-13T19:17:01.873Z", "lastModified": "2026-05-14T16:21:23.190", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0259", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2026-0261", "description": "Multiple command injection vulnerabilities in Palo Alto Networks PAN-OS\u00ae software enable an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. To be able to exploit this issue, the user must have access to the PAN-OS CLI or Web UI.\n\n\n\nThe security ri...", "score": 0.0, "severity": "PENDING", "published": "2026-05-13T19:17:02.097Z", "lastModified": "2026-05-14T16:21:23.190", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0261", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2026-0262", "description": "Multiple denial of service vulnerabilities in Palo Alto Networks PAN-OS\u00ae software allow an unauthenticated attacker with network access to cause a denial of service (DoS) condition by sending specially crafted network traffic. \n\nPanorama and Cloud NGFW are not impacted by these vulnerabilities.", "score": 0.0, "severity": "PENDING", "published": "2026-05-13T19:17:02.603Z", "lastModified": "2026-05-14T16:21:23.190", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0262", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2026-41132", "description": "CKAN is an open-source DMS (data management system) for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, the configured SMTP server may be spoofed with any certificate (e.g. self-signed), leaving credentials and all emails sent open to MITM attacks. This vulnerability is fixed in 2....", "score": 0.0, "severity": "PENDING", "published": "2026-05-13T19:17:21.553Z", "lastModified": "2026-05-14T16:26:50.047", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41132", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2026-41410", "description": "Rejected reason: REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-40520. Reason: This candidate is a duplicate of CVE-2026-40520. Notes: All CVE users should reference CVE-2026-40520 instead of this candidate.", "score": 0.0, "severity": "PENDING", "published": "2026-05-13T19:17:22.270Z", "lastModified": "2026-05-13T19:17:22.270", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41410", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2026-42031", "description": "CKAN is an open-source DMS (data management system) for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, a vulnerability in datastore_search_sql allowed attackers to inject SQL in order to gain access to private resources and PostgreSQL system information This vulnerability is fixed...", "score": 0.0, "severity": "PENDING", "published": "2026-05-13T19:17:22.637Z", "lastModified": "2026-05-14T16:26:50.047", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42031", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2026-42032", "description": "CKAN is an open-source DMS (data management system) for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, a vulnerability in datastore_search_sql allowed attackers to bypass authorization in order to gain access to private resources and PostgreSQL system information This vulnerabilit...", "score": 0.0, "severity": "PENDING", "published": "2026-05-13T19:17:22.853Z", "lastModified": "2026-05-14T16:26:50.047", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42032", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2026-42578", "description": "Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty's HttpProxyHandler constructs HTTP CONNECT requests with header validation explicitly disabled. The newInitialMessage() method creates headers using DefaultHttpHeadersFactory.headersF...", "score": 0.0, "severity": "PENDING", "published": "2026-05-13T19:17:23.210Z", "lastModified": "2026-05-14T16:26:50.047", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42578", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2026-43970", "description": "Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in ninenines cowlib allows unauthenticated remote denial of service via memory exhaustion.\n\ncow_spdy:inflate/2 in cowlib passes peer-supplied compressed bytes directly to zlib:inflate/2 with no output size bound. The SPDY...", "score": 0.0, "severity": "PENDING", "published": "2026-05-13T19:17:25.440Z", "lastModified": "2026-05-14T17:07:07.030", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43970", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2026-8466", "description": "Allocation of Resources Without Limits or Throttling vulnerability in ninenines cowboy allows denial of service via unbounded buffer accumulation in multipart header parsing.\n\ncowboy_req:read_part/3 in src/cowboy_req.erl accumulates incoming request bytes into a Buffer binary with no upper-bound che...", "score": 0.0, "severity": "PENDING", "published": "2026-05-13T19:17:30.540Z", "lastModified": "2026-05-14T17:07:07.030", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8466", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2026-0243", "description": "A denial of service (DoS) vulnerability in Palo Alto Networks Prisma SD-WAN ION devices enables an unauthenticated attacker in a network adjacent to a Prisma SD-WAN ION device to cause a system disruption by sending a specially crafted IPv6 packet.", "score": 0.0, "severity": "PENDING", "published": "2026-05-13T20:16:18.043Z", "lastModified": "2026-05-14T16:21:23.190", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0243", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2026-42548", "description": "Flight is an extensible micro-framework for PHP. Prior to 3.18.1, Flight::jsonp() concatenates the ?jsonp= query parameter directly into an application/javascript response body without validating that the value is a legal JavaScript identifier. An attacker can inject arbitrary JavaScript that execut...", "score": 0.0, "severity": "PENDING", "published": "2026-05-13T20:16:21.787Z", "lastModified": "2026-05-14T16:51:08.300", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42548", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2026-44363", "description": "MISP modules are autonomous modules that can be used to extend MISP for new services. Prior to 3.0.7, an unsafe remote resource fetching vulnerability existed in MISP Modules expansion modules. The html_to_markdown module accepted arbitrary HTTP(S) URLs without sufficient validation, which could all...", "score": 0.0, "severity": "PENDING", "published": "2026-05-13T20:16:23.007Z", "lastModified": "2026-05-14T16:54:37.963", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44363", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2026-44364", "description": "MISP modules are autonomous modules that can be used to extend MISP for new services. In 3.0.7 and earlier, a Cross-Site Request Forgery vulnerability in the MISP Modules website allowed an attacker to cause an authenticated user to submit unintended requests to the home endpoint. The vulnerability ...", "score": 0.0, "severity": "PENDING", "published": "2026-05-13T20:16:23.157Z", "lastModified": "2026-05-14T16:54:37.963", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44364", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2026-44368", "description": "PyQuorum is a cryptographic library for secret sharing and key management. Prior to 0.2.1, the mul_mod function implements multiplication via a binary expansion loop whose execution time depends on the Hamming weight of the second operand (the exponent). An attacker who can measure the time of secre...", "score": 0.0, "severity": "PENDING", "published": "2026-05-13T21:16:47.730Z", "lastModified": "2026-05-14T17:00:31.310", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44368", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2026-44372", "description": "Nitro is a next generation server toolkit. Prior to 3.0.260429-beta, an attacker could turn a redirect route rule using wildcards rewrite into a cross-host redirect by sliding an extra slash in after the rule prefix. This vulnerability is fixed in 3.0.260429-beta.", "score": 0.0, "severity": "PENDING", "published": "2026-05-13T21:16:47.890Z", "lastModified": "2026-05-14T16:57:26.740", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44372", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2026-44379", "description": "MISP is an open source threat intelligence and sharing platform. Prior to 2.5.37, MISP Collections did not enforce RFC 4122 UUID validation on the uuid field. As a result, a user able to create or modify Collection records could submit malformed UUID values, potentially causing integrity issues or u...", "score": 0.0, "severity": "PENDING", "published": "2026-05-13T21:16:48.480Z", "lastModified": "2026-05-14T16:57:26.740", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44379", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2026-44380", "description": "MISP is an open source threat intelligence and sharing platform. Prior to 2.5.37, an improper access control vulnerability in the authentication key reset functionality allowed an authenticated organization administrator to reset authentication keys belonging to site administrator accounts within th...", "score": 0.0, "severity": "PENDING", "published": "2026-05-13T21:16:48.623Z", "lastModified": "2026-05-14T16:57:26.740", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44380", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2026-44381", "description": "MISP is an open source threat intelligence and sharing platform. Prior to 2.5.37, a SQL injection vulnerability existed in the handling of user-controlled ordering parameters in the event and shadow attribute listing endpoints. The affected code accepted order or sort values from request parameters ...", "score": 0.0, "severity": "PENDING", "published": "2026-05-13T21:16:48.770Z", "lastModified": "2026-05-14T16:57:26.740", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44381", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2026-44418", "description": "EcclesiaCRM is CRM Software for church management. In 8.0.0 and earlier, the ValidateInput() function's default case in EcclesiaCRM's query view passes user-supplied POST parameters directly into SQL queries via str_replace without any sanitization, enabling SQL injection through query parameters th...", "score": 0.0, "severity": "PENDING", "published": "2026-05-13T21:16:48.913Z", "lastModified": "2026-05-14T17:00:31.310", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44418", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2026-8328", "description": "The ftpcp() function in Lib/ftplib.py was not updated when \nCVE-2021-4189 was fixed. While makepasv() was patched to replace \nserver-supplied PASV host addresses with the actual peer address \n(getpeername()[0]), ftpcp() still calls parse227() directly and passes \nthe raw attacker-controllable IP add...", "score": 0.0, "severity": "PENDING", "published": "2026-05-13T21:16:50.167Z", "lastModified": "2026-05-14T16:21:23.190", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8328", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2026-40327", "description": "Rejected reason: This CVE is a duplicate of another CVE.", "score": 0.0, "severity": "PENDING", "published": "2026-05-13T22:16:43.267Z", "lastModified": "2026-05-13T22:16:43.267", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40327", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2026-40328", "description": "Rejected reason: This CVE is a duplicate of another CVE.", "score": 0.0, "severity": "PENDING", "published": "2026-05-13T22:16:43.327Z", "lastModified": "2026-05-13T22:16:43.327", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40328", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2026-42463", "description": "SQLBot is an intelligent Text-to-SQL system based on large language models and RAG. Prior to 1.8.0, SQLBot contains a Cross-Workspace IDOR (Insecure Direct Object Reference) and Authorization Bypass vulnerability in the /api/v1/datasource/exportDsSchema and /api/v1/datasource/uploadDsSchema endpoint...", "score": 0.0, "severity": "PENDING", "published": "2026-05-13T22:16:43.397Z", "lastModified": "2026-05-14T17:18:18.640", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42463", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2026-44369", "description": "CVAT is an open source interactive video and image annotation tool for computer vision. From 2.5.0 to 2.63.0, an attacker who is able to create or edit an annotation guide on a task is able to add malicious JavaScript code, which will then run in the browser of anyone who opens this annotation guide...", "score": 0.0, "severity": "PENDING", "published": "2026-05-13T22:16:43.963Z", "lastModified": "2026-05-14T18:19:25.260", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44369", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2026-44437", "description": "The Angular SSR is a server-rise rendering tool for Angular applications. From 19.0.0-next.0 to before 19.2.25, 20.3.25, 21.2.9, and 22.0.0-next.7, a vulnerability exists in the X-Forwarded-Prefix header processing logic within Angular SSR. The internal validation mechanism fails to properly account...", "score": 0.0, "severity": "PENDING", "published": "2026-05-13T22:16:44.710Z", "lastModified": "2026-05-14T18:17:11.253", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44437", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2026-44439", "description": "PlaywrightCapture is a simple replacement for splash using playwright. Prior to 1.39.6, PlaywrightCapture did not sufficiently restrict navigations and resource requests initiated by rendered pages. An attacker-controlled page could abuse browser-side redirection mechanisms, such as window.location....", "score": 0.0, "severity": "PENDING", "published": "2026-05-13T22:16:44.850Z", "lastModified": "2026-05-14T18:17:11.253", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44439", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2025-68420", "description": "Comarch\u00a0ERP Optima client connects to a database using a high privileged account regardless of an application account to which a user logs in. It is possible for a local attacker who controls the client process to dump it's memory, extract credentials and use them to gain a privileged access to the ...", "score": 0.0, "severity": "PENDING", "published": "2026-05-14T11:16:16.177Z", "lastModified": "2026-05-14T16:07:11.137", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68420", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2025-68421", "description": "Comarch ERP Optima client makes use of a hard-coded password for a database user. These credentials cannot be changed. It is possible for a remote attacker to gain an access to the database with elevated privileges including executing system commands on a server.\nThis issue has been fixed in version...", "score": 0.0, "severity": "PENDING", "published": "2026-05-14T11:16:17.240Z", "lastModified": "2026-05-14T16:07:11.137", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68421", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2026-8295", "description": "An integer overflow vulnerability in the simdjson document-builder API allows incorrect buffer size calculations in \"string_builder::escape_and_append()\" when processing very large input strings on platforms with limited \"size_t\" width (e.g., 32-bit builds). The overflow can cause insufficient buffe...", "score": 0.0, "severity": "PENDING", "published": "2026-05-14T11:16:18.770Z", "lastModified": "2026-05-14T16:04:49.770", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8295", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2026-8468", "description": "Allocation of Resources Without Limits or Throttling vulnerability in plug_project plug allows denial of service via unbounded buffer accumulation in multipart header parsing.\n\n'Elixir.Plug.Conn':read_part_headers/2 in lib/plug/conn.ex does not obey its :length parameter. There is no upper bound on ...", "score": 0.0, "severity": "PENDING", "published": "2026-05-14T11:16:18.900Z", "lastModified": "2026-05-14T17:07:07.030", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8468", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2026-5790", "description": "Stored Cross-Site Scripting (XSS) in Stel Order v3.25.1 and earlier, located at the \u2018/app/FrontController\u2019 endpoint via the \u2018legalName\u2019 and \u2018employeeID\u2019 parameters. The lack of proper input sanitization allows an attacker to inject malicious code that is persistently stored in the database. When oth...", "score": 0.0, "severity": "PENDING", "published": "2026-05-14T13:16:21.173Z", "lastModified": "2026-05-14T16:46:53.510", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5790", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2026-5798", "description": "Unsafe object reference (IDOR) in Stel Order v3.25.1 and earlier versions, specifically in the \u2018/app/FrontController\u2019 endpoint, through manipulation of the \u2018employeeID\u2019 parameter. An authenticated attacker could exploit this vulnerability to access information about any employee (first names, last n...", "score": 0.0, "severity": "PENDING", "published": "2026-05-14T13:16:21.300Z", "lastModified": "2026-05-14T16:46:53.510", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5798", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2026-1630", "description": "WEBCON BPS is vulnerable to Reflected XSS via one of parameters used by \"/openinmobileapp\" endpoint.\u00a0An attacker can send a specially crafted URL that, when opened by an authenticated user, results in arbitrary JavaScript execution in the victim's browser.\n\nThis issue was fixed in versions 2026.1.3....", "score": 0.0, "severity": "PENDING", "published": "2026-05-14T14:16:16.537Z", "lastModified": "2026-05-14T16:07:11.137", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1630", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2025-62619", "description": "Missing authentication in the KVM key download endpoint could allow an unauthenticated attacker with knowledge of the exposed URL to retrieve sensitive keys, potentially leading to loss of confidentiality.", "score": 0.0, "severity": "PENDING", "published": "2026-05-14T15:16:43.147Z", "lastModified": "2026-05-14T15:53:24.703", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62619", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2025-62625", "description": "Improper privilege management in the KVM key download component could allow an attacker to swap tokens and download sensitive keys, potentially resulting in unauthorized access to privileged resources and loss of confidentiality.", "score": 0.0, "severity": "PENDING", "published": "2026-05-14T15:16:43.957Z", "lastModified": "2026-05-14T15:53:24.703", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62625", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2025-62628", "description": "Unsafe OpenSSL initialization within some AMD optional tools may allow a local user-privileged attacker to inject a malicious DLL, potentially resulting in arbitrary code execution.", "score": 0.0, "severity": "PENDING", "published": "2026-05-14T15:16:44.207Z", "lastModified": "2026-05-14T15:53:24.703", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62628", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2025-69443", "description": "Remote Code Execution in coleam00 Archon 0.1.0. A crafted HTML page, when accessed by a victim, can execute commands, run prompts on behalf of the user, control the Archon UI features, and steal all Archon information available on the UI including API keys.", "score": 0.0, "severity": "PENDING", "published": "2026-05-14T15:16:44.430Z", "lastModified": "2026-05-14T16:49:18.583", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69443", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2026-21730", "description": "Verba is affected by a Stored Cross-Site Scripting (XSS) vulnerability within its login logging mechanism. When an unauthenticated remote attacker attempts to log in using an incorrect username and password combination, the supplied username value is recorded in the application logs. Due to lack of ...", "score": 0.0, "severity": "PENDING", "published": "2026-05-14T15:16:44.577Z", "lastModified": "2026-05-14T16:04:49.770", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21730", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2026-24711", "description": "Northern.tech CFEngine Enterprise before 3.21.8, 3.24.3, and 3.27.0 has Incorrect Access Control.", "score": 0.0, "severity": "PENDING", "published": "2026-05-14T15:16:44.860Z", "lastModified": "2026-05-14T17:06:08.693", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24711", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2026-24712", "description": "Northern.tech CFEngine Enterprise and Community before 3.21.8, 3.24.3, and 3.27.0 allows Command injection.", "score": 0.0, "severity": "PENDING", "published": "2026-05-14T15:16:44.977Z", "lastModified": "2026-05-14T17:06:08.693", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24712", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2026-42186", "description": "OpenBao is an open source identity-based secrets management system. Prior to 2.5.3, when OpenBao's initial namespace deletion fails, subsequent retries fail to properly remove all data before marking the namespace as deleted. This can affect any outstanding leases as well as potentially leaving unre...", "score": 0.0, "severity": "PENDING", "published": "2026-05-14T15:16:46.337Z", "lastModified": "2026-05-14T17:18:18.640", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42186", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2026-42881", "description": "STIGQter is an open-source reimplementation of DISA's STIG Viewer. From 0.1.2 to before 1.2.7, an attacker can achieve local code execution (LCE) with the privileges of the user running STIGQter. This requires user interaction: the victim must open the malicious .stigqter file and explicitly run the...", "score": 0.0, "severity": "PENDING", "published": "2026-05-14T15:16:46.887Z", "lastModified": "2026-05-14T18:16:49.083", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42881", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2026-44216", "description": "Wasmtime is a runtime for WebAssembly. From 30.0.0 to 36.0.8, 43.0.2, and 44.0.1, Wasmtime's allocation logic for a WebAssembly table contained checked arithmetic which panicked on overflow. This overflow is possible to trigger, and thus panic, when a table with an extremely large size is allocated....", "score": 0.0, "severity": "PENDING", "published": "2026-05-14T15:16:47.793Z", "lastModified": "2026-05-14T18:17:11.253", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44216", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2026-44308", "description": "Spring Cloud AWS simplifies using AWS managed services in a Spring and Spring Boot applications. From 3.0.0 to 4.0.1, pplications using Spring Cloud AWS SNS HTTP/HTTPS endpoint support (@NotificationMessageMapping, @NotificationSubscriptionMapping, @NotificationUnsubscribeConfirmationMapping) did no...", "score": 0.0, "severity": "PENDING", "published": "2026-05-14T15:16:47.983Z", "lastModified": "2026-05-14T18:19:25.260", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44308", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2026-44371", "description": "Open OnDemand is an open-source high-performance computing portal. Prior to 4.0.11, 4.1.5, and 4.2.2, specially crafted filenames can execute javascript in the file browser This vulnerability is fixed in 4.0.11, 4.1.5, and 4.2.2.", "score": 0.0, "severity": "PENDING", "published": "2026-05-14T15:16:48.117Z", "lastModified": "2026-05-14T18:19:25.260", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44371", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2026-44484", "description": "PyTorch Lightning is a deep learning framework to pretrain and finetune AI models. Versions 2.6.2 and 2.6.2 have introduced functionality consistent with a credential harvesting mechanism.", "score": 0.0, "severity": "PENDING", "published": "2026-05-14T15:16:48.933Z", "lastModified": "2026-05-14T16:57:26.740", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44484", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2026-42159", "description": "Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Prior to 1.2.3, Flowsint allows a user to create investigations, which are used to manage sketches and analyses. Sketches have controllable graphs, which are comprised of...", "score": 0.0, "severity": "PENDING", "published": "2026-05-14T16:16:20.993Z", "lastModified": "2026-05-14T19:16:35.603", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42159", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2026-42281", "description": "MagicMirror\u00b2 is an open source modular smart mirror platform. Prior to 2.36.0, an unauthenticated Server-Side Request Forgery (SSRF) vulnerability in the /cors endpoint allows any remote attacker to force the MagicMirror\u00b2 server to perform arbitrary HTTP requests to internal networks, cloud metadata...", "score": 0.0, "severity": "PENDING", "published": "2026-05-14T16:16:21.200Z", "lastModified": "2026-05-14T20:17:04.560", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42281", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2026-44503", "description": "The RedirectHandler middleware in microsoft/kiota-java (com.microsoft.kiota:microsoft-kiota-http-okHttp v1.9.0) and other Kiota libraries fails to strip sensitive HTTP headers when following 3xx redirects to a different host or scheme. Only the Authorization header is removed; Cookie, Proxy-Authoriz...", "score": 0.0, "severity": "PENDING", "published": "2026-05-14T16:16:24.223Z", "lastModified": "2026-05-14T20:17:08.177", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44503", "is_exploited": false, "epss": 0, "vendor": "MICROSOFT", "mts_score": 15.0}, {"id": "CVE-2026-44504", "description": "Aegra is a drop-in replacement for LangSmith Deployments. Prior to 0.9.7, with multiple authenticated users on a shared instance are vulnerable to a cross-tenant IDOR. Any authenticated attacker, given another user's thread_id, can execute graph runs against the user's thread, read the user's full c...", "score": 0.0, "severity": "PENDING", "published": "2026-05-14T16:16:24.380Z", "lastModified": "2026-05-14T18:13:33.660", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44504", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2026-44515", "description": "Nextcloud News is an RSS/Atom feed reader. Prior to 28.3.0-beta.1, Nextcloud News allows authenticated users to add feeds by providing a feed URL (via the web interface or the API). In affected versions, an authenticated attacker could provide a URL pointing to internal/private IP ranges or localhos...", "score": 0.0, "severity": "PENDING", "published": "2026-05-14T17:16:23.197Z", "lastModified": "2026-05-14T18:31:45.970", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44515", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2026-7805", "description": "Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-3258. Reason: This candidate is a reservation duplicate of CVE-2026-3258. Notes: All CVE users should reference CVE-2026-3258instead of this candidate. All references and descriptions in this candidate have been rem...", "score": 0.0, "severity": "PENDING", "published": "2026-05-14T17:16:24.347Z", "lastModified": "2026-05-14T17:16:24.347", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7805", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2026-41888", "description": "Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.1, tag deletion via the DELETE /v2/<name>/manifests/<tag> endpoint bypasses the storage.delete.enabled: false configuration, allowing any API client to remove tags from repositories even when the operator has...", "score": 0.0, "severity": "PENDING", "published": "2026-05-14T18:16:47.380Z", "lastModified": "2026-05-14T19:16:35.390", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41888", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2026-42598", "description": "Pode is a Cross-Platform PowerShell web framework for creating REST APIs, Web Sites, and TCP/SMTP servers. From 2.4.0, to before 2.13.0, when requesting content from a Static Route, it was possible to request paths such as http://localhost:8080/c:/Windows/System32/drivers/etc/hosts and have the cont...", "score": 0.0, "severity": "PENDING", "published": "2026-05-14T18:16:48.313Z", "lastModified": "2026-05-14T18:27:25.110", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42598", "is_exploited": false, "epss": 0, "vendor": "WINDOWS", "mts_score": 15.0}, {"id": "CVE-2026-44283", "description": "etcd is a distributed key-value store for the data of a distributed system. Prior to 3.4.44, 3.5.30, and 3.6.11, a vulnerability in etcd allows read access via PrevKv, or lease attachment in Put requests within transaction operations, to bypass RBAC authorization checks. An authenticated user withou...", "score": 0.0, "severity": "PENDING", "published": "2026-05-14T18:16:49.650Z", "lastModified": "2026-05-14T18:26:39.827", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44283", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2026-44544", "description": "gittuf is a platform-agnostic Git security system. Prior to 0.14.0, an attacker with push access to gittuf's Reference State Log (RSL) can roll back the current policy to any previous policy trusted by the current set of root keys. gittuf determines the policy to load by inspecting the RSL. Except f...", "score": 0.0, "severity": "PENDING", "published": "2026-05-14T18:16:50.297Z", "lastModified": "2026-05-14T18:27:25.110", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44544", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2026-6332", "description": "CWE-312: Cleartext Storage of Sensitive Information vulnerability exists that could cause the disclosure of a sensitive information  which could result in revealing protected source code and loss of confidentiality, When an authorized attacker accesses the source code for editing or compiling it.", "score": 0.0, "severity": "PENDING", "published": "2026-05-14T18:16:51.067Z", "lastModified": "2026-05-14T18:24:08.747", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6332", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2025-64526", "description": "Strapi is an open source headless content management system. In Strapi versions prior to 5.45.0, the rate-limit middleware in the users-permissions plugin derived its rate-limit key in part from `ctx.request.body.email`, including on routes whose body schema does not contain an `email` field (`/auth...", "score": 0.0, "severity": "PENDING", "published": "2026-05-14T19:16:29.233Z", "lastModified": "2026-05-14T21:23:28.673", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64526", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2026-22599", "description": "Strapi is an open source headless content management system. In versions on the 4.x branch prior to 4.26.1 and on the 5.x branch prior to 5.33.2, a database-query injection vulnerability existed in the Strapi Content-Type Builder write API. An authenticated administrator could inject arbitrary datab...", "score": 0.0, "severity": "PENDING", "published": "2026-05-14T19:16:29.650Z", "lastModified": "2026-05-14T21:23:28.673", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22599", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2026-22706", "description": "Strapi is an open source headless content management system. In Strapi versions prior to 5.33.3, changing or resetting a user's password did not invalidate the user's existing refresh-token sessions by default. The refresh-token invalidation step in the users-permissions and admin authentication con...", "score": 0.0, "severity": "PENDING", "published": "2026-05-14T19:16:30.700Z", "lastModified": "2026-05-14T21:23:28.673", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22706", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2026-22707", "description": "Strapi is an open source headless content management system. In Strapi versions prior to 5.33.3, the Upload plugin's Content API endpoints did not enforce the administrator-configured MIME type restrictions (`plugin.upload.security.allowedTypes` and `deniedTypes`). The same restrictions were correct...", "score": 0.0, "severity": "PENDING", "published": "2026-05-14T19:16:30.837Z", "lastModified": "2026-05-14T21:23:28.673", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22707", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2026-23998", "description": "Fleet is open source device management software. Prior to version 4.81.0, a vulnerability in Fleet\u2019s Windows MDM management endpoint could allow requests to be processed without proper client certificate validation. In certain circumstances, this could allow an attacker to impersonate an enrolled Wi...", "score": 0.0, "severity": "PENDING", "published": "2026-05-14T19:16:30.983Z", "lastModified": "2026-05-14T21:24:23.440", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23998", "is_exploited": false, "epss": 0, "vendor": "WINDOWS", "mts_score": 15.0}, {"id": "CVE-2026-27886", "description": "Strapi is an open source headless content management system. Strapi versions starting in 4.0.0 and prior to 5.37.0 did not sufficiently sanitize query parameters when filtering content via relational fields. An unauthenticated attacker could use the `where` query parameter on any publicly-accessible...", "score": 0.0, "severity": "PENDING", "published": "2026-05-14T19:16:31.580Z", "lastModified": "2026-05-14T21:23:28.673", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27886", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2026-38740", "description": "Foscam VD1 Video Doorbell before V5.3.13_1072 is vulnerable to Cleartext Transmission of Sensitive Information. The device transmits sensitive Session Description Protocol (SDP), including ICE credentials and candidates, in cleartext over network interfaces. An attacker with network visibility can i...", "score": 0.0, "severity": "PENDING", "published": "2026-05-14T19:16:32.903Z", "lastModified": "2026-05-14T19:16:32.903", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-38740", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2026-41315", "description": "mdserver-web is a simple Linux panel. From 0.18.0 to 0.18.4, mdserver-web has a front-end unauthorized remote command execution vulnerability. Due to the lack of authentication on the /modify_crond and /start_task interfaces, it is possible to modify the default built-in scheduled tasks and start th...", "score": 0.0, "severity": "PENDING", "published": "2026-05-14T19:16:35.127Z", "lastModified": "2026-05-14T19:16:35.127", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41315", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 15.0}, {"id": "CVE-2026-44522", "description": "Note Mark is an open-source note-taking application. From 0.13.0 to before 0.19.4, the Note Mark application allows authenticated users to upload assets to notes via POST /api/notes/{noteID}/assets, where the asset filename is provided through the X-Name HTTP request header. This value is stored dir...", "score": 0.0, "severity": "PENDING", "published": "2026-05-14T19:16:37.330Z", "lastModified": "2026-05-14T20:17:08.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44522", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2026-44588", "description": "SiYuan is an open-source personal knowledge management system. Prior to 3.7.0,  he tooltip mouseover handler in app/src/block/popover.ts reads aria-label via getAttribute and passes it through decodeURIComponent before assigning to messageElement.innerHTML in app/src/dialog/tooltip.ts:41. The encode...", "score": 0.0, "severity": "PENDING", "published": "2026-05-14T19:16:37.867Z", "lastModified": "2026-05-14T21:22:56.313", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44588", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2026-44670", "description": "SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, the kernel stores Attribute View (AV / database) names without any HTML escape, then a render template uses raw strings.ReplaceAll(tpl, \"${avName}\", nodeAvName) to embed the name in HTML before pushing to all clients via ...", "score": 0.0, "severity": "PENDING", "published": "2026-05-14T19:16:38.437Z", "lastModified": "2026-05-14T21:22:56.313", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44670", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2026-45371", "description": "SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, SiYuan publish-mode Reader can mutate Conf and SQL index via 8 ungated APIs. POST /api/graph/getGraph, POST /api/graph/getLocalGraph, POST /api/sync/setSyncInterval, POST /api/storage/updateRecentDocViewTime, POST /api/st...", "score": 0.0, "severity": "PENDING", "published": "2026-05-14T19:16:38.897Z", "lastModified": "2026-05-14T21:22:56.313", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45371", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2026-24000", "description": "Fleet is open source device management software. Prior to version 4.80.1, Fleet trusted client-supplied IP address headers when determining the source IP for incoming requests. This allowed authenticated and unauthenticated clients to spoof their apparent IP address and bypass per-IP rate limiting c...", "score": 0.0, "severity": "PENDING", "published": "2026-05-14T20:17:01.713Z", "lastModified": "2026-05-14T21:24:23.440", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24000", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2026-24899", "description": "Fleet is open source device management software. Prior to version 4.82.0, a vulnerability in Fleet's Windows MDM enrollment flow allows authentication tokens from any Azure AD tenant to be accepted. Because Fleet validates JWT signatures using Microsoft's multi-tenant JWKS endpoint but does not enfo...", "score": 0.0, "severity": "PENDING", "published": "2026-05-14T20:17:01.873Z", "lastModified": "2026-05-14T21:24:23.440", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24899", "is_exploited": false, "epss": 0, "vendor": "MICROSOFT", "mts_score": 15.0}, {"id": "CVE-2026-26062", "description": "Fleet is open source device management software. Prior to version 4.81.0, Fleet contained a denial-of-service (DoS) issue in the gRPC Launcher `PublishLogs` endpoint. In affected versions, certain unexpected input values were not handled gracefully, which could cause the Fleet server process to term...", "score": 0.0, "severity": "PENDING", "published": "2026-05-14T20:17:02.020Z", "lastModified": "2026-05-14T21:24:23.440", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26062", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2026-26191", "description": "Fleet is open source device management software. Prior to version 4.81.0, a vulnerability in Fleet's software installer pipeline could allow a crafted software package to execute arbitrary commands as root (macOS/Linux) or SYSTEM (Windows) on managed endpoints when an uninstall is triggered. When a ...", "score": 0.0, "severity": "PENDING", "published": "2026-05-14T20:17:02.173Z", "lastModified": "2026-05-14T21:24:23.440", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26191", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 15.0}, {"id": "CVE-2026-3290", "description": "Timing limitations of the HRNG in RS9116 when power save mode is enabled results in predictable values", "score": 0.0, "severity": "PENDING", "published": "2026-05-14T20:17:04.093Z", "lastModified": "2026-05-14T20:17:04.093", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3290", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2026-43903", "description": "OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, sgiinput.cpp:265,274 use OIIO_DASSERT for bounds checking in the RLE decode loop. In release builds, OIIO_DASSERT compiles to ((void)sizeo...", "score": 0.0, "severity": "PENDING", "published": "2026-05-14T20:17:06.077Z", "lastModified": "2026-05-14T21:21:10.620", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43903", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2026-43904", "description": "OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, softimageinput.cpp:469 (mixed RLE) and :345 (pure RLE) do not clamp the run length to remaining scanline width before writing pixels. The ...", "score": 0.0, "severity": "PENDING", "published": "2026-05-14T20:17:06.240Z", "lastModified": "2026-05-14T21:21:10.620", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43904", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2026-43905", "description": "OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, jpeg2000input.cpp:395 computes buffer size as const int bufsize = w * h * ch * buffer_bpp using signed 32-bit arithmetic. When the product...", "score": 0.0, "severity": "PENDING", "published": "2026-05-14T20:17:06.447Z", "lastModified": "2026-05-14T21:21:10.620", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43905", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2026-43906", "description": "OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, a heap-based buffer overflow in the HEIF decoder of OpenImageIO allows out-of-bounds writes via crafted images due to a subimage metadata ...", "score": 0.0, "severity": "PENDING", "published": "2026-05-14T20:17:06.607Z", "lastModified": "2026-05-14T21:21:10.620", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43906", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2026-46356", "description": "Fleet is open source device management software. Prior to version 4.80.1, a vulnerability in Fleet's IP extraction logic allows unauthenticated attackers to bypass API rate limiting by spoofing client IP headers. This may allow brute-force login attempts or other abuse against Fleet instances expose...", "score": 0.0, "severity": "PENDING", "published": "2026-05-14T20:17:09.540Z", "lastModified": "2026-05-14T21:24:23.440", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46356", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2026-8528", "description": "Insufficient validation of untrusted input in SiteIsolation in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to bypass Site Isolation via a crafted HTML page. (Chromium security severity: High)", "score": 0.0, "severity": "PENDING", "published": "2026-05-14T20:17:13.613Z", "lastModified": "2026-05-14T21:19:23.923", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8528", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 15.0}, {"id": "CVE-2026-8536", "description": "Insufficient validation of untrusted input in ReadingMode in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to bypass site Isolation via a crafted HTML page. (Chromium security severity: High)", "score": 0.0, "severity": "PENDING", "published": "2026-05-14T20:17:14.457Z", "lastModified": "2026-05-14T21:19:23.923", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8536", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 15.0}, {"id": "CVE-2026-8537", "description": "Insufficient policy enforcement in ViewTransitions in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)", "score": 0.0, "severity": "PENDING", "published": "2026-05-14T20:17:14.560Z", "lastModified": "2026-05-14T21:19:23.923", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8537", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 15.0}, {"id": "CVE-2026-8545", "description": "Object corruption in Compositing in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)", "score": 0.0, "severity": "PENDING", "published": "2026-05-14T20:17:15.377Z", "lastModified": "2026-05-14T21:19:23.923", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8545", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 15.0}, {"id": "CVE-2026-8554", "description": "Type Confusion in ANGLE in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)", "score": 0.0, "severity": "PENDING", "published": "2026-05-14T20:17:16.817Z", "lastModified": "2026-05-14T21:19:23.923", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8554", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 15.0}, {"id": "CVE-2026-8556", "description": "Inappropriate implementation in ANGLE in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)", "score": 0.0, "severity": "PENDING", "published": "2026-05-14T20:17:17.250Z", "lastModified": "2026-05-14T21:19:23.923", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8556", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 15.0}, {"id": "CVE-2026-8562", "description": "Side-channel information leakage in Navigation in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)", "score": 0.0, "severity": "PENDING", "published": "2026-05-14T20:17:18.317Z", "lastModified": "2026-05-14T21:19:23.923", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8562", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 15.0}, {"id": "CVE-2026-8563", "description": "Insufficient policy enforcement in IFrame Sandbox in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)", "score": 0.0, "severity": "PENDING", "published": "2026-05-14T20:17:18.440Z", "lastModified": "2026-05-14T21:19:23.923", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8563", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 15.0}, {"id": "CVE-2026-8566", "description": "Insufficient policy enforcement in Payments in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Medium)", "score": 0.0, "severity": "PENDING", "published": "2026-05-14T20:17:18.787Z", "lastModified": "2026-05-14T21:19:23.923", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8566", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 15.0}, {"id": "CVE-2026-8568", "description": "Insufficient policy enforcement in AI in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to bypass Site Isolation via a crafted HTML page. (Chromium security severity: Medium)", "score": 0.0, "severity": "PENDING", "published": "2026-05-14T20:17:19.017Z", "lastModified": "2026-05-14T21:19:23.923", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8568", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 15.0}, {"id": "CVE-2026-8572", "description": "Insufficient policy enforcement in Network in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)", "score": 0.0, "severity": "PENDING", "published": "2026-05-14T20:17:19.493Z", "lastModified": "2026-05-14T21:19:23.923", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8572", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 15.0}, {"id": "CVE-2026-8576", "description": "Inappropriate implementation in CORS in Google Chrome on Linux and ChromeOS prior to 148.0.7778.168 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)", "score": 0.0, "severity": "PENDING", "published": "2026-05-14T20:17:19.967Z", "lastModified": "2026-05-14T21:19:23.923", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8576", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 15.0}, {"id": "CVE-2026-8578", "description": "Out of bounds read in GPU in Google Chrome on Linux prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)", "score": 0.0, "severity": "PENDING", "published": "2026-05-14T20:17:20.160Z", "lastModified": "2026-05-14T21:19:23.923", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8578", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 15.0}, {"id": "CVE-2026-8579", "description": "Insufficient validation of untrusted input in Skia in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted print file. (Chromium security severity: Medium)", "score": 0.0, "severity": "PENDING", "published": "2026-05-14T20:17:20.267Z", "lastModified": "2026-05-14T21:19:23.923", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8579", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 15.0}, {"id": "CVE-2026-8585", "description": "Inappropriate implementation in Media in Google Chrome on iOS prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)", "score": 0.0, "severity": "PENDING", "published": "2026-05-14T20:17:20.900Z", "lastModified": "2026-05-14T21:19:23.923", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8585", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 15.0}, {"id": "CVE-2026-8586", "description": "Inappropriate implementation in Chromoting in Google Chrome prior to 148.0.7778.168 allowed a local attacker to bypass discretionary access control via a malicious file. (Chromium security severity: Medium)", "score": 0.0, "severity": "PENDING", "published": "2026-05-14T20:17:20.990Z", "lastModified": "2026-05-14T21:19:23.923", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8586", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 15.0}, {"id": "CVE-2026-42327", "description": "rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.7 to before 0.10.79, X509Ref::ocsp_responders returns OCSP responder URLs from a certificate's AIA extension as OpensslString, whose Deref<Target = str> wraps the raw bytes with str::from_utf8_unchecked. OpenSSL does ...", "score": 0.0, "severity": "PENDING", "published": "2026-05-14T21:16:45.430Z", "lastModified": "2026-05-14T21:16:45.430", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42327", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2026-42847", "description": "ClipBucket v5 is an open source video sharing platform. Prior to 5.5.3 - #122, there is a critical SQL Injection (SQLi) vulnerability in ClipBucket, exploitable through the type parameter on the authenticated admin endpoint admin_area/action_logs.php. The endpoint admin_area/action_logs.php reads $_...", "score": 0.0, "severity": "PENDING", "published": "2026-05-14T21:16:46.393Z", "lastModified": "2026-05-14T21:16:46.393", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42847", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2026-44429", "description": "The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. Prior to 1.7.7, the public catalogue UI served at GET / (file internal/api/handlers/v0/ui_index.html) is vulnerable to stored cross-site scripting via the server.websiteUrl field of any published ser...", "score": 0.0, "severity": "PENDING", "published": "2026-05-14T21:16:46.677Z", "lastModified": "2026-05-14T21:16:46.677", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44429", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2026-44430", "description": "The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. Prior to 1.7.7, the Registry's HTTP-based namespace verification (POST /v0/auth/http, POST /v0.1/auth/http) uses safeDialContext (internal/api/handlers/v0/auth/http.go:67-110) to refuse dialling priv...", "score": 0.0, "severity": "PENDING", "published": "2026-05-14T21:16:46.827Z", "lastModified": "2026-05-14T21:16:46.827", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44430", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2026-44647", "description": "OneDev is a Git server with CI/CD, kanban, and packages. Prior to 15.0.2, there is behavior that breaks the expected boundary between repository-controlled LFS metadata and server-local filesystem paths. A repository object can steer raw blob reads to arbitrary local files that the server account ca...", "score": 0.0, "severity": "PENDING", "published": "2026-05-14T21:16:46.967Z", "lastModified": "2026-05-14T21:16:46.967", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44647", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2026-44662", "description": "rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.10.0 to before 0.10.79, CipherCtxRef::cipher_update, CipherCtxRef::cipher_update_vec, and symm::Crypter::update incorrectly sized output buffers when used with AES key-wrap-with-padding ciphers (EVP_aes_{128,192,256}_wr...", "score": 0.0, "severity": "PENDING", "published": "2026-05-14T21:16:47.237Z", "lastModified": "2026-05-14T21:16:47.237", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44662", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2026-44666", "description": "HRConvert2 is a self-hosted, drag-and-drop & nosql file conversion server & share tool. Prior to 3.3.8, the sanitizeString() function in convertCore.php is missing backtick (`) and tab (\\t) from its strip list. User input then reaches shell_exec(), where the shell interprets these characters and com...", "score": 0.0, "severity": "PENDING", "published": "2026-05-14T21:16:47.370Z", "lastModified": "2026-05-14T21:16:47.370", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44666", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2026-44678", "description": "Tuist is a virtual platform team for Swift app devs. In 1.180.8 and earlier, the DELETE /api/projects/{account_handle}/{project_handle}/previews/{preview_id} endpoint loads the preview by its UUID without verifying that the preview belongs to the project resolved from the URL path. The route's proje...", "score": 0.0, "severity": "PENDING", "published": "2026-05-14T21:16:47.640Z", "lastModified": "2026-05-14T21:16:47.640", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44678", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2026-44679", "description": "Tuist is a virtual platform team for Swift app devs. Prior to 1.180.10, the forgot password flow allows an unauthenticated attacker to repeatedly trigger password reset emails for a known account without server-side throttling. In self-hosted deployments, this can be abused to send large volumes of ...", "score": 0.0, "severity": "PENDING", "published": "2026-05-14T21:16:47.780Z", "lastModified": "2026-05-14T21:16:47.780", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44679", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2026-44700", "description": "Elixir WebRTC is an Elixir implementation of the W3C WebRTC API. Prior to 0.15.1 and 0.16.1, missing DTLS peer certificate fingerprint validation in the DTLS client (active) role removes one side of WebRTC's mutual authentication. The bug is not independently exploitable for media interception in st...", "score": 0.0, "severity": "PENDING", "published": "2026-05-14T21:16:47.907Z", "lastModified": "2026-05-14T21:16:47.907", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44700", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2026-44427", "description": "The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. From 1.1.0 to 1.7.4, the TrailingSlashMiddleware in internal/api/server.go is vulnerable to an open redirect attack. An attacker can craft a URL with a protocol-relative path (e.g., //evil.com/) that...", "score": 0.0, "severity": "PENDING", "published": "2026-05-14T22:16:44.450Z", "lastModified": "2026-05-14T22:16:44.450", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44427", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2026-44428", "description": "The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. Prior to 1.7.6, the client-side and server-side GitHub OIDC flow is bound only to a global audience string, not to the specific registry instance being targeted. On the client side, the publisher alw...", "score": 0.0, "severity": "PENDING", "published": "2026-05-14T22:16:44.593Z", "lastModified": "2026-05-14T22:16:44.593", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44428", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2024-36345", "description": "Improper input validation in the AMD OverDrive (AOD) System Management Mode (SMM) module could allow a privileged attacker to perform an out-of-bounds read, potentially resulting in loss of confidentiality.", "score": 0.0, "severity": "PENDING", "published": "2026-05-15T02:16:20.773Z", "lastModified": "2026-05-15T02:16:20.773", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-36345", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2025-0045", "description": "Improper Input validation in the AMD Secure Processor (ASP) PCI driver may allow a local attacker to create a buffer overflow condition, potentially resulting in a crash or denial of service", "score": 0.0, "severity": "PENDING", "published": "2026-05-15T02:16:22.353Z", "lastModified": "2026-05-15T02:16:22.353", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0045", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2025-48512", "description": "Incorrect default permissions in the installation directory for the AMD general-purpose input/output controller (GPIO) could allow an attacker to achieve privilege escalation resulting in arbitrary code execution.", "score": 0.0, "severity": "PENDING", "published": "2026-05-15T02:16:22.597Z", "lastModified": "2026-05-15T02:16:22.597", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48512", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2025-48519", "description": "An improper input validation vulnerability within the AMD Platform Management Framework (PMF) driver can allow a local attacker to read or write Out-of-Bounds, potentially resulting in privilege escalation", "score": 0.0, "severity": "PENDING", "published": "2026-05-15T02:16:22.823Z", "lastModified": "2026-05-15T02:16:22.823", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48519", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2025-48520", "description": "An improper input validation vulnerability within the AMD Platform Management Framework (PMF) driver can allow a local attacker to read Out-of-Bounds potentially resulting in information disclosure or a crash", "score": 0.0, "severity": "PENDING", "published": "2026-05-15T02:16:22.953Z", "lastModified": "2026-05-15T02:16:22.953", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48520", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2025-48521", "description": "Improper input validation in the AMD Secure Processor (ASP) PCI driver could allow a local attacker to trigger a Use-After-Free (UAF) condition, potentially resulting in a loss of platform integrity or crash.", "score": 0.0, "severity": "PENDING", "published": "2026-05-15T02:16:23.077Z", "lastModified": "2026-05-15T02:16:23.077", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48521", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2025-52540", "description": "An improper input validation vulnerability within the AMD Platform Management Framework (PMF) Driver can allow a local attacker to write Out-of-Bounds, potentially resulting in privilege escalation.", "score": 0.0, "severity": "PENDING", "published": "2026-05-15T02:16:23.280Z", "lastModified": "2026-05-15T02:16:23.280", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52540", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2026-0432", "description": "Incorrect default permissions in the installation directory for the AMD chipset driver could allow an attacker to achieve privilege escalation resulting in arbitrary code execution.", "score": 0.0, "severity": "PENDING", "published": "2026-05-15T02:16:23.413Z", "lastModified": "2026-05-15T02:16:23.413", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0432", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2026-0438", "description": "A System Management Mode (SMM) handler could perform a callout to code located in non-SMM/untrusted memory. A highly privileged attacker could, with active user interaction and under high complexity and present preconditions, trigger execution of attacker-controlled code in SMM, potentially compromi...", "score": 0.0, "severity": "PENDING", "published": "2026-05-15T02:16:23.637Z", "lastModified": "2026-05-15T02:16:23.637", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0438", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2026-8612", "description": "WWW::Mechanize::Cached versions before 2.00 for Perl deserialize cached HTTP responses from a world-writable on-disk cache, enabling local response forgery and code execution.\n\nWith no explicit cache backend, WWW::Mechanize::Cached constructs a default Cache::FileCache under /tmp/FileCache without o...", "score": 0.0, "severity": "PENDING", "published": "2026-05-15T02:16:23.843Z", "lastModified": "2026-05-15T02:16:23.843", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8612", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 15.0}, {"id": "CVE-2026-44405", "description": "In Paramiko through 4.0.0 before a448945, rsakey.py allows the SHA-1 algorithm.", "score": 3.4, "severity": "LOW", "published": "2026-05-06T00:16:04.883Z", "lastModified": "2026-05-07T15:53:49.717", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44405", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 14.6}, {"id": "CVE-2026-33448", "description": "CVE-2026-33448 is a format string vulnerability in the logging subsystem\n of Secure Access client for MacOS prior to 14.50. Attackers with \ncontrol of a modified server can force the client to dump the contents \nof a small portion of memory to the log files potentially revealing \nsecrets.", "score": 3.3, "severity": "LOW", "published": "2026-04-30T20:16:24.093Z", "lastModified": "2026-05-05T02:27:26.273", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33448", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 14.2}, {"id": "CVE-2026-21996", "description": "An unprivileged attacker can reliably trigger a crash of the dtrace process with a malicious ELF binary due to an integer Divide-by-Zero in Pbuild_file_symtab()", "score": 3.3, "severity": "LOW", "published": "2026-05-01T18:16:13.750Z", "lastModified": "2026-05-05T17:45:58.153", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21996", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 14.2}, {"id": "CVE-2026-7739", "description": "A weakness has been identified in justdan96 tsMuxer up to 2.7.0. This vulnerability affects the function HevcVpsUnit::setFPS of the file /AFLplusplus/tsMuxer_prev/tsMuxer/hevc.cpp. This manipulation of the argument track_id causes denial of service. The attack requires local access. The exploit has ...", "score": 3.3, "severity": "LOW", "published": "2026-05-04T07:16:02.053Z", "lastModified": "2026-05-04T15:17:58.710", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7739", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 14.2}, {"id": "CVE-2026-7740", "description": "A security vulnerability has been detected in justdan96 tsMuxer up to 2.7.0. This issue affects the function VvcVpsUnit::setFPS of the file tsMuxer/vvc.cpp. Such manipulation of the argument track_id leads to denial of service. An attack has to be approached locally. The exploit has been disclosed p...", "score": 3.3, "severity": "LOW", "published": "2026-05-04T07:16:02.257Z", "lastModified": "2026-05-04T15:17:58.710", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7740", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 14.2}, {"id": "CVE-2025-59853", "description": "HCL DFXAnalytics is affected by an Improper Error Handling vulnerability where the application exposes detailed stack traces in responses, which could allow an attacker to gain insights into the application's internal structure, code logic, and environment configurations.", "score": 3.1, "severity": "LOW", "published": "2026-05-06T11:16:04.683Z", "lastModified": "2026-05-07T20:03:12.647", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59853", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 13.4}, {"id": "CVE-2025-59854", "description": "HCL DFXAnalytics is affected by an Insecure Security Header Configuration vulnerability where the application utilizes the outdated X-XSS-Protection header, which could allow an attacker to exploit browser-specific rendering flaws or bypass security controls that should instead be managed by a robus...", "score": 3.1, "severity": "LOW", "published": "2026-05-06T11:16:04.810Z", "lastModified": "2026-05-07T20:02:54.710", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59854", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 13.4}, {"id": "CVE-2026-7909", "description": "Inappropriate implementation in ServiceWorker in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: High)", "score": 3.1, "severity": "LOW", "published": "2026-05-06T19:16:39.197Z", "lastModified": "2026-05-06T23:41:05.763", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7909", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 13.4}, {"id": "CVE-2026-7937", "description": "Insufficient policy enforcement in DevTools in Google Chrome prior to 148.0.7778.96 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (Chromium security severity: Medium)", "score": 3.1, "severity": "LOW", "published": "2026-05-06T19:16:42.027Z", "lastModified": "2026-05-06T23:34:15.650", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7937", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 13.4}, {"id": "CVE-2026-7944", "description": "Insufficient validation of untrusted input in Persistent Cache in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: Medium)", "score": 3.1, "severity": "LOW", "published": "2026-05-06T19:16:42.730Z", "lastModified": "2026-05-06T23:32:48.223", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7944", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 13.4}, {"id": "CVE-2026-7945", "description": "Insufficient validation of untrusted input in COOP in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: Medium)", "score": 3.1, "severity": "LOW", "published": "2026-05-06T19:16:42.827Z", "lastModified": "2026-05-06T23:32:29.287", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7945", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 13.4}, {"id": "CVE-2026-7949", "description": "Out of bounds read in Skia in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: Medium)", "score": 3.1, "severity": "LOW", "published": "2026-05-06T19:16:43.217Z", "lastModified": "2026-05-07T02:07:45.610", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7949", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 13.4}, {"id": "CVE-2026-7954", "description": "Race in Shared Storage in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)", "score": 3.1, "severity": "LOW", "published": "2026-05-06T19:16:43.707Z", "lastModified": "2026-05-07T02:06:34.103", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7954", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 13.4}, {"id": "CVE-2026-7959", "description": "Inappropriate implementation in Navigation in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: Medium)", "score": 3.1, "severity": "LOW", "published": "2026-05-06T19:16:45.847Z", "lastModified": "2026-05-08T20:16:33.000", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7959", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 13.4}, {"id": "CVE-2026-7965", "description": "Insufficient validation of untrusted input in DevTools in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)", "score": 3.1, "severity": "LOW", "published": "2026-05-06T19:16:47.053Z", "lastModified": "2026-05-07T02:02:26.503", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7965", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 13.4}, {"id": "CVE-2026-7966", "description": "Insufficient validation of untrusted input in SiteIsolation in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: Medium)", "score": 3.1, "severity": "LOW", "published": "2026-05-06T19:16:47.223Z", "lastModified": "2026-05-07T02:02:16.627", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7966", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 13.4}, {"id": "CVE-2026-7968", "description": "Insufficient validation of untrusted input in CORS in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium)", "score": 3.1, "severity": "LOW", "published": "2026-05-06T19:16:47.573Z", "lastModified": "2026-05-07T02:01:55.287", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7968", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 13.4}, {"id": "CVE-2026-8017", "description": "Side-channel information leakage in Media in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)", "score": 3.1, "severity": "LOW", "published": "2026-05-06T19:16:52.663Z", "lastModified": "2026-05-07T15:29:05.613", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8017", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 13.4}, {"id": "CVE-2026-8022", "description": "Inappropriate implementation in MHTML in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted MHTML page. (Chromium security severity: Low)", "score": 3.1, "severity": "LOW", "published": "2026-05-06T19:16:53.153Z", "lastModified": "2026-05-07T15:15:31.760", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8022", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 13.4}, {"id": "CVE-2025-62345", "description": "HCL BigFix RunBookAI is affected by a Continued availability of Less-Secure \u201cInput Text\u201d Vulnerability . A component contains a security weakness in its input handling implementation, increasing the risk of misconfiguration and operational errors.", "score": 2.7, "severity": "LOW", "published": "2026-05-06T12:16:26.957Z", "lastModified": "2026-05-06T19:05:56.337", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62345", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 11.8}, {"id": "CVE-2026-7845", "description": "A flaw has been found in chatchat-space Langchain-Chatchat up to 0.3.1.3. This issue affects the function PIL.Image.tobytes of the file libs/chatchat-server/chatchat/webui_pages/dialogue/dialogue.py of the component Vision Chat Paste Image Handler. This manipulation of the argument paste_image.image...", "score": 2.6, "severity": "LOW", "published": "2026-05-05T16:16:19.383Z", "lastModified": "2026-05-05T20:16:41.363", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7845", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 11.4}, {"id": "CVE-2026-7846", "description": "A vulnerability has been found in chatchat-space Langchain-Chatchat up to 0.3.1.3. Impacted is the function files of the file libs/chatchat-server/chatchat/server/api_server/openai_routes.py of the component OpenAI-Compatible File Upload API. Such manipulation of the argument file.filename leads to ...", "score": 2.6, "severity": "LOW", "published": "2026-05-05T16:16:19.577Z", "lastModified": "2026-05-05T19:06:58.737", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7846", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 11.4}, {"id": "CVE-2026-7847", "description": "A vulnerability was found in chatchat-space Langchain-Chatchat up to 0.3.1.3. The affected element is the function _get_file_id of the file libs/chatchat-server/chatchat/server/api_server/openai_routes.py of the component Uploaded File Handler. Performing a manipulation results in insufficiently ran...", "score": 2.6, "severity": "LOW", "published": "2026-05-05T17:17:05.153Z", "lastModified": "2026-05-05T19:06:58.737", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7847", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 11.4}, {"id": "CVE-2025-31957", "description": "HHCL BigFix Service Management (SM) is affected by a Cross\u2011Site Request Forgery (CSRF) vulnerability.  This could lead to unauthorized changes or exposure of sensitive data.", "score": 2.6, "severity": "LOW", "published": "2026-05-06T15:16:05.750Z", "lastModified": "2026-05-07T16:35:43.083", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31957", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 11.4}, {"id": "CVE-2025-31975", "description": "HCL BigFix Service Management (SM) is affected by an Information Disclosure \u2013 Server Banner issue was identified. Exposed server banners may reveal software versions and system details, potentially aiding attackers in targeting known vulnerabilities.", "score": 2.6, "severity": "LOW", "published": "2026-05-06T15:16:05.980Z", "lastModified": "2026-05-07T16:33:48.723", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31975", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 11.4}, {"id": "CVE-2026-43864", "description": "mutt before 2.3.2 has a show_sig_summary NULL pointer dereference.", "score": 2.5, "severity": "LOW", "published": "2026-05-04T07:16:01.190Z", "lastModified": "2026-05-05T19:44:42.893", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43864", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 11.0}, {"id": "CVE-2026-43529", "description": "OpenClaw before 2026.4.10 contains a time-of-check-time-of-use vulnerability in the validateScriptFileForShellBleed function that allows local attackers to bypass workspace boundary checks. An attacker with workspace write access can race-condition swap the target file between validation and preflig...", "score": 2.5, "severity": "LOW", "published": "2026-05-05T12:16:19.057Z", "lastModified": "2026-05-07T01:54:29.780", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43529", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 11.0}, {"id": "CVE-2025-12659", "description": "The affected applications contains a memory corruption vulnerability while parsing specially crafted IPT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-27349, ZDI-CAN-27389)", "score": 0.0, "severity": "PENDING", "published": "2026-05-12T14:16:49.460Z", "lastModified": "2026-05-12T14:20:56.547", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12659", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 10.0}, {"id": "CVE-2026-6909", "description": "ATutor is vulnerable to Reflected XSS in\u00a0/install/upgrade.php endpoint. An attacker can provide a specially crafted URL that, when opened, results in arbitrary JavaScript execution in the victim's browser.\n\nProduct is no longer actively supported. Maintainers of this project were notified early abou...", "score": 0.0, "severity": "PENDING", "published": "2026-05-11T10:16:15.097Z", "lastModified": "2026-05-12T14:15:25.170", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6909", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 10.0}, {"id": "CVE-2026-6956", "description": "ATutor is vulnerable to Reflected XSS in\u00a0/install/install.php endpoint. An attacker can provide a specially crafted URL that, when opened, results in arbitrary JavaScript execution in the victim's browser.\n\nProduct is no longer actively supported. Maintainers of this project were notified early abou...", "score": 0.0, "severity": "PENDING", "published": "2026-05-11T10:16:15.253Z", "lastModified": "2026-05-12T14:15:25.170", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6956", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 10.0}, {"id": "CVE-2025-63750", "description": "Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2026-21709. Reason: This record is a duplicate of CVE-2026-21709. Notes: All CVE users should reference CVE-2026-21709 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage.", "score": 0.0, "severity": "PENDING", "published": "2026-05-11T16:17:28.850Z", "lastModified": "2026-05-11T16:17:28.850", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-63750", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 10.0}, {"id": "CVE-2026-34086", "description": "Vulnerability in Wikimedia Foundation AbuseFilter.\n\nThis issue affects AbuseFilter: from * before 1.43.7, 1.44.4, 1.45.2.", "score": 0.0, "severity": "PENDING", "published": "2026-05-11T16:17:29.857Z", "lastModified": "2026-05-12T14:45:49.820", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34086", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 10.0}, {"id": "CVE-2026-34089", "description": "Vulnerability in Wikimedia Foundation Scribunto.\n\nThis issue affects Scribunto: from 1.45.0 before 1.45.2.", "score": 0.0, "severity": "PENDING", "published": "2026-05-11T16:17:30.293Z", "lastModified": "2026-05-12T14:45:49.820", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34089", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 10.0}, {"id": "CVE-2026-3319", "description": "Reflected Cross-Site Scripting (XSS) in the latest demo version of the Cradle eCommerce platform. User-controlled input is insecurely reflected in the HTML output in the\u00a0endpoint /collection/. Exploitation of this vulnerability would allow an attacker to execute arbitrary JavaScript code.", "score": 0.0, "severity": "PENDING", "published": "2026-05-11T16:17:30.850Z", "lastModified": "2026-05-13T15:36:46.970", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3319", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 10.0}, {"id": "CVE-2026-3320", "description": "Reflected Cross-Site Scripting (XSS) in the latest demo version of the Cradle eCommerce platform. User-controlled input is insecurely reflected in the HTML output in the\u00a0endpoint /product/. Exploitation of this vulnerability would allow an attacker to execute arbitrary JavaScript code.", "score": 0.0, "severity": "PENDING", "published": "2026-05-11T16:17:31.000Z", "lastModified": "2026-05-13T15:36:46.970", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3320", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 10.0}, {"id": "CVE-2026-6093", "description": "Corteza contains a SQL injection vulnerability in its Microsoft SQL Server (MSSQL) backend when filtering Compose records by the meta field.This issue affects corteza: 2024.9.8.", "score": 0.0, "severity": "PENDING", "published": "2026-05-11T16:17:36.800Z", "lastModified": "2026-05-12T18:56:44.480", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6093", "is_exploited": false, "epss": 0, "vendor": "MICROSOFT", "mts_score": 10.0}, {"id": "CVE-2026-42349", "description": "Clerk JavaScript is the official JavaScript repository for Clerk authentication. has(), auth.protect(), and related authorization predicates in @clerk/shared, @clerk/nextjs, @clerk/backend, and other framework SDKs can return true for certain combined authorization checks when the result should be f...", "score": 0.0, "severity": "PENDING", "published": "2026-05-11T17:16:33.147Z", "lastModified": "2026-05-14T19:16:35.777", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42349", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 10.0}, {"id": "CVE-2026-42845", "description": "The form plugin for Grav adds the ability to create and use forms. Prior to 9.1.0 , there is an unauthenticated page-content overwrite via file upload (GHSA-w4rc-p66m-x6qq). Public form uploads now strip path components from the POST-supplied filename and hard-block page-content extensions (`md`, `y...", "score": 0.0, "severity": "PENDING", "published": "2026-05-11T17:16:34.157Z", "lastModified": "2026-05-12T14:51:21.830", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42845", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 10.0}, {"id": "CVE-2026-44737", "description": "grav-plugin-admin is the admin plugin for Grav is an HTML user interface that provides a convenient way to configure Grav and easily create and modify pages. Prior to 1.10.49.5, the application fails to properly validate and sanitize user input in the data[header][title] parameter. As a result, atta...", "score": 0.0, "severity": "PENDING", "published": "2026-05-11T17:16:34.610Z", "lastModified": "2026-05-13T16:04:38.397", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44737", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 10.0}, {"id": "CVE-2026-34093", "description": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki.\n\n This vulnerability is associated with program files includes/Specials/SpecialUserRights.Php.\n\n\n\nThis issue affects MediaWiki: from * before 1.43.7, 1.44.4, 1.45.2.", "score": 0.0, "severity": "PENDING", "published": "2026-05-11T18:16:31.963Z", "lastModified": "2026-05-12T14:45:49.820", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34093", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 10.0}, {"id": "CVE-2026-34094", "description": "Vulnerability in Wikimedia Foundation MediaWiki.\n\n This vulnerability is associated with program files includes/Page/Article.Php.\n\n\n\nThis issue affects MediaWiki: from * before 1.43.7, 1.44.4, 1.45.2.", "score": 0.0, "severity": "PENDING", "published": "2026-05-11T18:16:32.100Z", "lastModified": "2026-05-12T14:45:49.820", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34094", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 10.0}, {"id": "CVE-2026-3048", "description": "An authenticated administrator who configures or tests LDAP connectivity in Sonatype Nexus Repository Manager versions 3.0.0 through 3.91.1 may be able to initiate unintended server-side connections when interacting with a malicious LDAP server.", "score": 0.0, "severity": "PENDING", "published": "2026-05-11T18:16:33.200Z", "lastModified": "2026-05-13T15:36:58.913", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3048", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 10.0}, {"id": "CVE-2026-42856", "description": "Network-AI is a TypeScript/Node.js multi-agent orchestrator. Prior to 5.1.3, the MCP HTTP transport accepts JSON-RPC tools/call requests with no authentication, session, origin, or token check, and dispatches them directly to the orchestrator's tool registry. The default bind address is 0.0.0.0. As ...", "score": 0.0, "severity": "PENDING", "published": "2026-05-11T18:16:35.990Z", "lastModified": "2026-05-13T17:31:40.840", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42856", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 10.0}, {"id": "CVE-2026-42859", "description": "Neat VNC is a VNC server library. Prior to 0.9.6, a pre-authentication stack buffer overflow exists in neatvnc in the RSA-AES security type handler. An unauthenticated remote attacker who can reach the VNC listening socket can send a crafted security type 5 (RSA-AES) or security type 129 (RSA-AES-25...", "score": 0.0, "severity": "PENDING", "published": "2026-05-11T18:16:36.400Z", "lastModified": "2026-05-13T16:58:09.717", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42859", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 10.0}, {"id": "CVE-2026-42865", "description": "Inbox Zero is an AI personal assistant for email. Prior to 2.29.3, the cleaner email stream endpoint used a shared Redis subscription listener, which could deliver thread events for one authenticated account to another authenticated account using the cleaner feature at the same time. This vulnerabil...", "score": 0.0, "severity": "PENDING", "published": "2026-05-11T18:16:36.683Z", "lastModified": "2026-05-13T17:26:28.013", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42865", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 10.0}, {"id": "CVE-2026-43995", "description": "Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, multiple tool implementations directly import and invoke raw HTTP clients (node-fetch, axios) instead of using the secured wrapper. These tools include (1) OpenAPIToolkit/OpenAPIToolkit.ts, (2) W...", "score": 0.0, "severity": "PENDING", "published": "2026-05-11T18:16:37.660Z", "lastModified": "2026-05-13T17:26:28.013", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43995", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 10.0}, {"id": "CVE-2026-5266", "description": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation Echo.\n\n This vulnerability is associated with program files includes/Api/ApiEchoNotifications.Php.\n\n\n\nThis issue affects Echo: from * before 1.43.7, 1.44.4, 1.45.2.", "score": 0.0, "severity": "PENDING", "published": "2026-05-11T18:16:42.033Z", "lastModified": "2026-05-12T14:45:49.820", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5266", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 10.0}, {"id": "CVE-2026-7210", "description": "`xml.parsers.expat` and `xml.etree.ElementTree` use insufficient entropy for Expat hash-flooding protection, which allows a crafted XML document to trigger hash flooding.\\r\\n\\r\\nFully mitigating this vulnerability requires both updating libexpat to 2.8.0 or later and applying this patch.", "score": 0.0, "severity": "PENDING", "published": "2026-05-11T18:16:42.413Z", "lastModified": "2026-05-12T14:20:56.547", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7210", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 10.0}, {"id": "CVE-2026-7308", "description": "An authenticated user with upload permission to a hosted repository can store content that causes arbitrary JavaScript to execute in the browser of any user who browses that repository directory via the HTML index page in Sonatype Nexus Repository versions 3.6.0 through versions before 3.92.0. This ...", "score": 0.0, "severity": "PENDING", "published": "2026-05-11T18:16:42.573Z", "lastModified": "2026-05-13T15:36:58.913", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7308", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 10.0}, {"id": "CVE-2026-42866", "description": "Tookie is a advanced OSINT information gathering tool. Prior to 4.1fix, modules/modules.py's write_txt, write_csv, write_json, and (commented-but-shipping) scan_file helpers open their output as open(f\"{user}.<ext>\"), where user comes unsanitized from the -u CLI flag or any line of a -U usernames fi...", "score": 0.0, "severity": "PENDING", "published": "2026-05-11T19:16:24.617Z", "lastModified": "2026-05-13T18:31:17.630", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42866", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 10.0}, {"id": "CVE-2026-42871", "description": "WeGIA is a web manager for charitable institutions. In versions prior to 3.7.0, atendido/familiar_docfamiliar.php displays an overly descriptive error message, including database-related details. This verbosity leads to information disclosure, which could assist a potential attacker in mapping the b...", "score": 0.0, "severity": "PENDING", "published": "2026-05-11T19:16:24.817Z", "lastModified": "2026-05-13T17:03:32.490", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42871", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 10.0}, {"id": "CVE-2026-43968", "description": "Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability in ninenines cowlib allows SSE event splitting and injection via unvalidated field values.\n\ncow_sse:event/1 in cowlib guards the id and event fields against \\n but not against bare \\r, and the internal prefix_lines/2 function...", "score": 0.0, "severity": "PENDING", "published": "2026-05-11T19:16:25.100Z", "lastModified": "2026-05-13T15:57:03.607", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43968", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 10.0}, {"id": "CVE-2026-43969", "description": "Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability in ninenines cowlib allows HTTP request splitting and cookie smuggling via unvalidated cookie name and value fields.\n\ncow_cookie:cookie/1 in cowlib builds a client-side Cookie: request header from a list of name-value pairs w...", "score": 0.0, "severity": "PENDING", "published": "2026-05-11T19:16:25.330Z", "lastModified": "2026-05-13T15:57:03.607", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43969", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 10.0}, {"id": "CVE-2026-7790", "description": "Uncontrolled Resource Consumption vulnerability in ninenines cowlib (cow_http_te module) allows Excessive Allocation.\n\nThe chunked transfer-encoding parser in cow_http_te accepts an unbounded number of hex digits in the chunk-size field. Each digit causes a bignum multiplication (Len * 16 + digit), ...", "score": 0.0, "severity": "PENDING", "published": "2026-05-11T19:16:29.477Z", "lastModified": "2026-05-13T15:57:03.607", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7790", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 10.0}, {"id": "CVE-2026-42870", "description": "WeGIA is a web manager for charitable institutions. In versions prior to 3.7.0, a Stored Cross-Site Scripting (XSS) flaw was identified at the following endpoint: funcionario/profile_funcionario.php?id_funcionario=2. By injecting a malicious payload into the 'Description' (Descri\u00e7\u00e3o) field and savin...", "score": 0.0, "severity": "PENDING", "published": "2026-05-11T20:25:43.537Z", "lastModified": "2026-05-13T17:03:32.490", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42870", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 10.0}, {"id": "CVE-2026-42873", "description": "WeGIA is a web manager for charitable institutions. In versions prior to 3.6.10, when attempting to upload a file with malicious content to funcionario/docdependente_upload.php, the application responds with an overly descriptive error message. This leads to information disclosure, effectively incre...", "score": 0.0, "severity": "PENDING", "published": "2026-05-11T20:25:43.833Z", "lastModified": "2026-05-13T17:03:32.490", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42873", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 10.0}, {"id": "CVE-2026-42875", "description": "External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. Prior to 2.4.0, Namespaced SecretStore resources that used CAProvider with type ConfigMap could resolve CA material from another namespace when caProvider.namespace was ...", "score": 0.0, "severity": "PENDING", "published": "2026-05-11T20:25:44.143Z", "lastModified": "2026-05-13T16:11:39.190", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42875", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 10.0}, {"id": "CVE-2026-42888", "description": "Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the podcast creation endpoint at server/controllers/PodcastController.js accepts a user-controlled file path without sufficient boundary validation to ensure it remains within the intended library directory. This vulnerab...", "score": 0.0, "severity": "PENDING", "published": "2026-05-11T21:19:00.840Z", "lastModified": "2026-05-12T15:13:21.560", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42888", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 10.0}, {"id": "CVE-2026-42600", "description": "MinIO is a high-performance object storage system. From RELEASE.2022-07-24T01-54-52Z to before RELEASE.2026-04-14T21-32-45Z, A path traversal vulnerability in MinIO's ReadMultiple internode storage-REST endpoint allows a caller holding the cluster root JWT to read files from outside the configured d...", "score": 0.0, "severity": "PENDING", "published": "2026-05-11T22:22:11.567Z", "lastModified": "2026-05-13T18:26:47.613", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42600", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 10.0}, {"id": "CVE-2026-43885", "description": "WWBN AVideo is an open source video platform. In versions up to and including 29.0, an unauthenticated user can read APISecret from objects/plugins.json.php and use it to call protected API endpoints (e.g. users_list) without logging in. Commit 1c36f229d0a103528fb9f64d0a1cc0e1e8f5999b contains an up...", "score": 0.0, "severity": "PENDING", "published": "2026-05-11T22:22:13.213Z", "lastModified": "2026-05-12T15:13:21.560", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43885", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 10.0}, {"id": "CVE-2026-43897", "description": "Link Preview JS extracts web links information. Prior to 4.0.1, the library did not check for IPv6 loopback attacks. There was also a DNS attack, where an address could be resolved into an internal IP. This could cause internal data leaks. This vulnerability is fixed in 4.0.1.", "score": 0.0, "severity": "PENDING", "published": "2026-05-11T22:22:14.207Z", "lastModified": "2026-05-13T18:27:58.823", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43897", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 10.0}, {"id": "CVE-2026-42554", "description": "Fiber is a web framework for Go. Prior to 2.52.12 and 3.1.0, Cross-Site Scripting vulnerability in Go Fiber allows a remote attacker to inject arbitrary HTML/JavaScript by supplying Accept: text/html on any request whose handler passes attacker-influenced data to the AutoFormat() feature. The develo...", "score": 0.0, "severity": "PENDING", "published": "2026-05-11T23:19:48.083Z", "lastModified": "2026-05-13T18:26:47.613", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42554", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 10.0}, {"id": "CVE-2026-45391", "description": "Reserved. Details will be published at disclosure.", "score": 0.0, "severity": "PENDING", "published": "2026-05-12T02:16:13.107Z", "lastModified": "2026-05-12T14:16:49.657", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45391", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 10.0}, {"id": "CVE-2026-45392", "description": "Reserved. Details will be published at disclosure.", "score": 0.0, "severity": "PENDING", "published": "2026-05-12T02:16:13.220Z", "lastModified": "2026-05-12T14:16:49.657", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45392", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 10.0}, {"id": "CVE-2026-45393", "description": "Reserved. Details will be published at disclosure.", "score": 0.0, "severity": "PENDING", "published": "2026-05-12T02:16:13.310Z", "lastModified": "2026-05-12T14:16:49.657", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45393", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 10.0}, {"id": "CVE-2026-35227", "description": "An unauthenticated remote attacker may exhaust all available TCP connections in the CODESYS Modbus TCP Server stack if a race condition in connection handling is successfully exploited, preventing legitimate clients from establishing new connections.", "score": 0.0, "severity": "PENDING", "published": "2026-05-12T08:16:08.193Z", "lastModified": "2026-05-12T14:15:46.747", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35227", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 10.0}, {"id": "CVE-2026-5029", "description": "A remote code execution vulnerability exists in\u00a0Code Runner MCP Server when run with the --transport http option, which exposes the /mcp JSON-RPC endpoint without authentication on port 3088. An unauthenticated remote attacker can invoke the run-code MCP tool to supply arbitrary source code and exec...", "score": 0.0, "severity": "PENDING", "published": "2026-05-12T10:16:47.310Z", "lastModified": "2026-05-12T14:15:46.747", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5029", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 10.0}, {"id": "CVE-2026-7428", "description": "Prior to 2025-11-03,\u00a0well-intended users of Terraform or REST API for Google Cloud AlloyDB for PostgreSQL could have created clusters\u00a0with an insecure default password which could have been exploited by a\u00a0remote\u00a0attacker\u00a0to\u00a0gain full administrative access to the database.\n\n\n\n\nExploitation required n...", "score": 0.0, "severity": "PENDING", "published": "2026-05-12T10:16:48.490Z", "lastModified": "2026-05-12T15:09:58.693", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7428", "is_exploited": false, "epss": 0, "vendor": "GOOGLE", "mts_score": 10.0}, {"id": "CVE-2026-8072", "description": "Insecure generation of credentials in the local SAT (Technical Support) access functionality of the Ingecon Sun EMS Board. The vulnerability arose because the secret access credentials were not based on a secure cryptographic scheme, but rather on a weak hashing algorithm, which could allow an attac...", "score": 0.0, "severity": "PENDING", "published": "2026-05-12T10:16:48.670Z", "lastModified": "2026-05-13T15:36:46.970", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8072", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 10.0}, {"id": "CVE-2026-4827", "description": "CWE\u2011331: Insufficient Entropy vulnerability exists that could lead to unauthorized access when an attacker on the network can exploit weaknesses in session\u2011management protections.", "score": 0.0, "severity": "PENDING", "published": "2026-05-12T13:17:35.510Z", "lastModified": "2026-05-14T18:16:50.920", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4827", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 10.0}, {"id": "CVE-2026-43916", "description": "pam_authnft is a PAM session module binding nftables firewall rules to authenticated sessions via cgroupv2 inodes. Prior to 0.2.0-alpha, a heap buffer over-read in peer_lookup_tcp (src/peer_lookup.c:134, prior to the fix) allowed a crafted NETLINK_SOCK_DIAG reply to slip past the message-size check,...", "score": 0.0, "severity": "PENDING", "published": "2026-05-12T14:17:08.080Z", "lastModified": "2026-05-13T18:27:58.823", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43916", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 10.0}, {"id": "CVE-2026-43930", "description": "Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 8.6.76 and 9.9.0-alpha.2, a race condition in the MFA SMS one-time password (OTP) login path allows two concurrent /login requests carrying the same OTP to both succeed and both receive v...", "score": 0.0, "severity": "PENDING", "published": "2026-05-12T14:17:08.217Z", "lastModified": "2026-05-13T18:26:47.613", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43930", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 10.0}, {"id": "CVE-2026-6865", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u201cPath Traversal\u201d) vulnerability that could cause unauthorized access to sensitive files when user-supplied input is improperly handled during server-side file path processing.", "score": 0.0, "severity": "PENDING", "published": "2026-05-12T14:17:10.567Z", "lastModified": "2026-05-12T14:19:41.400", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6865", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 10.0}, {"id": "CVE-2026-32687", "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in elixir-ecto postgrex ('Elixir.Postgrex.Notifications' module) allows SQL Injection.\n\nThe channel argument passed to 'Elixir.Postgrex.Notifications':listen/3 and 'Elixir.Postgrex.Notifications':unlis...", "score": 0.0, "severity": "PENDING", "published": "2026-05-12T15:16:12.810Z", "lastModified": "2026-05-13T15:57:03.607", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32687", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 10.0}, {"id": "CVE-2026-6866", "description": "CWE-1188 Initialization of a Resource with an Insecure Default vulnerability exists that could cause unauthorized disclosure of sensitive information when credentials revert to initial settings in rare circumstances, enabling unauthorized authentication using known credentials.", "score": 0.0, "severity": "PENDING", "published": "2026-05-12T15:16:16.570Z", "lastModified": "2026-05-12T16:38:24.040", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6866", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 10.0}, {"id": "CVE-2026-8368", "description": "LWP::UserAgent versions before 6.83 for Perl leak Authorization and Proxy-Authorization headers on cross-origin redirects.\n\nOn a 3xx response, the redirect handler strips only Host and Cookie before issuing the follow-up request. Caller-supplied Authorization and Proxy-Authorization headers are sent...", "score": 0.0, "severity": "PENDING", "published": "2026-05-12T15:16:19.690Z", "lastModified": "2026-05-12T18:17:33.157", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8368", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 10.0}, {"id": "CVE-2026-31218", "description": "The _load_model() function in the neural_magic_training.py script of the optimate project in commit a6d302f912b481c94370811af6b11402f51d377f (2024-07-21) is vulnerable to insecure deserialization (CWE-502). When loading a model state dictionary from a state_dict.pt file via torch.load(), the functio...", "score": 0.0, "severity": "PENDING", "published": "2026-05-12T16:16:13.710Z", "lastModified": "2026-05-13T15:45:21.627", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31218", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 10.0}, {"id": "CVE-2026-31219", "description": "The _load_model() function in the neural_magic_training.py script of the optimate project in commit a6d302f912b481c94370811af6b11402f51d377f (2024-07-21) is vulnerable to insecure deserialization (CWE-502). When a user provides a single model file path (e.g., .pt or .pth) via the --model command-lin...", "score": 0.0, "severity": "PENDING", "published": "2026-05-12T16:16:13.813Z", "lastModified": "2026-05-13T15:45:21.627", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31219", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 10.0}, {"id": "CVE-2026-31220", "description": "PySyft (Syft Datasite/Server) versions 0.9.5 and earlier are vulnerable to remote code execution due to insufficient validation and sandboxing of user-submitted code. The system allows low-privileged users to submit Python functions (via @sy.syft_function()) for remote execution on the server. While...", "score": 0.0, "severity": "PENDING", "published": "2026-05-12T16:16:13.913Z", "lastModified": "2026-05-13T15:45:21.627", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31220", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 10.0}, {"id": "CVE-2025-27723", "description": "Use after free for some Linux kernel driver for the Intel(R) Ethernet 800 series before version 2.3.14 within Ring 0: Kernel may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may p...", "score": 0.0, "severity": "PENDING", "published": "2026-05-12T17:16:11.900Z", "lastModified": "2026-05-13T15:52:56.850", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27723", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 10.0}, {"id": "CVE-2025-35969", "description": "Uncontrolled search path for some Intel(R) Server Firmware Update Utility Software before version 16.0.12. within Ring 3: User Applications may allow an escalation of privilege. System software adversary with an authenticated user combined with a high complexity attack may enable escalation of privi...", "score": 0.0, "severity": "PENDING", "published": "2026-05-12T17:16:13.210Z", "lastModified": "2026-05-13T15:52:56.850", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-35969", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 10.0}, {"id": "CVE-2025-35979", "description": "Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some Intel(R) Processors within VMX non-root (guest) operation may allow an information disclosure. Unprivileged software adversary with an authenticated user combined with a...", "score": 0.0, "severity": "PENDING", "published": "2026-05-12T17:16:13.347Z", "lastModified": "2026-05-13T15:52:56.850", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-35979", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 10.0}, {"id": "CVE-2025-35990", "description": "Improper input validation for some Intel Endpoint Management Assistant (EMA) software before version 1.14.5 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an unauthenticated user combined with a low complexity attack may enable escalation ...", "score": 0.0, "severity": "PENDING", "published": "2026-05-12T17:16:13.467Z", "lastModified": "2026-05-13T15:52:56.850", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-35990", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 10.0}, {"id": "CVE-2025-35991", "description": "Improper initialization in the UEFI firmware for some Intel platforms within Ring 0: Bare Metal OS may allow an information disclosure. System software adversary with a privileged user combined with a high complexity attack may enable data exposure. This result may potentially occur via local access...", "score": 0.0, "severity": "PENDING", "published": "2026-05-12T17:16:13.587Z", "lastModified": "2026-05-13T15:52:56.850", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-35991", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 10.0}, {"id": "CVE-2025-36510", "description": "Improper buffer restrictions for some Display Virtualization for Windows OS driver software within Ring 2: Device Drivers may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may pote...", "score": 0.0, "severity": "PENDING", "published": "2026-05-12T17:16:13.717Z", "lastModified": "2026-05-13T15:52:56.850", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-36510", "is_exploited": false, "epss": 0, "vendor": "WINDOWS", "mts_score": 10.0}, {"id": "CVE-2025-36515", "description": "Uncontrolled search path for some AI Playground software before version 3.0.0 alpha within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This result...", "score": 0.0, "severity": "PENDING", "published": "2026-05-12T17:16:14.993Z", "lastModified": "2026-05-13T15:52:56.850", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-36515", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 10.0}, {"id": "CVE-2026-20717", "description": "Improper input validation for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result ...", "score": 0.0, "severity": "PENDING", "published": "2026-05-12T17:16:15.387Z", "lastModified": "2026-05-13T15:52:56.850", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20717", "is_exploited": false, "epss": 0, "vendor": "WINDOWS", "mts_score": 10.0}, {"id": "CVE-2026-20718", "description": "Incorrect default permissions for some Intel(R) NPU Driver software installers before version 32.0.100.4511 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalation o...", "score": 0.0, "severity": "PENDING", "published": "2026-05-12T17:16:16.623Z", "lastModified": "2026-05-13T15:52:56.850", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20718", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 10.0}, {"id": "CVE-2026-20738", "description": "Untrusted pointer dereference for some Intel(R) QuickAssist Adapter 8960 software before version 1.13 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable escalation of privi...", "score": 0.0, "severity": "PENDING", "published": "2026-05-12T17:16:16.883Z", "lastModified": "2026-05-13T15:52:56.850", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20738", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 10.0}, {"id": "CVE-2026-20751", "description": "Out-of-bounds read for the Intel(R) Data Center Graphics Driver for VMware ESXi software before version 2.0.2 within Ring 1: Device Drivers may allow a denial of service. System software adversary with a privileged user combined with a low complexity attack may enable data exposure. This result may ...", "score": 0.0, "severity": "PENDING", "published": "2026-05-12T17:16:17.220Z", "lastModified": "2026-05-13T15:52:56.850", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20751", "is_exploited": false, "epss": 0, "vendor": "VMWARE", "mts_score": 10.0}, {"id": "CVE-2026-20753", "description": "Integer overflow in the UEFI firmware for the Slim Bootloader may allow an escalation of privilege. System software adversary with a privileged user combined with a low complexity attack may enable local code execution. This result may potentially occur via local access when attack requirements are ...", "score": 0.0, "severity": "PENDING", "published": "2026-05-12T17:16:17.523Z", "lastModified": "2026-05-13T15:52:56.850", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20753", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 10.0}, {"id": "CVE-2026-20754", "description": "Improper conditions check in some firmware for some Intel(R) NPU Drivers within Ring 1: Device Drivers may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via l...", "score": 0.0, "severity": "PENDING", "published": "2026-05-12T17:16:17.763Z", "lastModified": "2026-05-13T15:52:56.850", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20754", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 10.0}, {"id": "CVE-2026-20771", "description": "Null pointer dereference for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result m...", "score": 0.0, "severity": "PENDING", "published": "2026-05-12T17:16:18.060Z", "lastModified": "2026-05-13T15:52:56.850", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20771", "is_exploited": false, "epss": 0, "vendor": "WINDOWS", "mts_score": 10.0}, {"id": "CVE-2026-20772", "description": "Uncontrolled search path for some Intel(R) Connectivity Performance Suite software installers before version 50.25.1121.193 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may ena...", "score": 0.0, "severity": "PENDING", "published": "2026-05-12T17:16:18.263Z", "lastModified": "2026-05-13T15:52:56.850", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20772", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 10.0}, {"id": "CVE-2026-20782", "description": "Buffer overflow for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potent...", "score": 0.0, "severity": "PENDING", "published": "2026-05-12T17:16:18.540Z", "lastModified": "2026-05-13T15:52:56.850", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20782", "is_exploited": false, "epss": 0, "vendor": "WINDOWS", "mts_score": 10.0}, {"id": "CVE-2026-20793", "description": "Unchecked return value for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may...", "score": 0.0, "severity": "PENDING", "published": "2026-05-12T17:16:18.943Z", "lastModified": "2026-05-13T15:52:56.850", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20793", "is_exploited": false, "epss": 0, "vendor": "WINDOWS", "mts_score": 10.0}, {"id": "CVE-2026-20794", "description": "Buffer overflow for the Intel(R) Data Center Graphics Driver for VMware ESXi software before version 2.0.2 within Ring 1: Device Drivers may allow an escalation of privilege. System software adversary with a privileged user combined with a low complexity attack may enable local code execution. This ...", "score": 0.0, "severity": "PENDING", "published": "2026-05-12T17:16:19.240Z", "lastModified": "2026-05-13T15:52:56.850", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20794", "is_exploited": false, "epss": 0, "vendor": "VMWARE", "mts_score": 10.0}, {"id": "CVE-2026-20879", "description": "Out-of-bounds write for the Intel(R) Data Center Graphics Driver for VMware ESXi software before version 2.0.2 within Ring 1: Device Drivers may allow a denial of service. System software adversary with a privileged user combined with a low complexity attack may enable data corruption. This result m...", "score": 0.0, "severity": "PENDING", "published": "2026-05-12T17:16:19.363Z", "lastModified": "2026-05-13T15:52:56.850", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20879", "is_exploited": false, "epss": 0, "vendor": "VMWARE", "mts_score": 10.0}, {"id": "CVE-2026-20881", "description": "Divide by zero for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potenti...", "score": 0.0, "severity": "PENDING", "published": "2026-05-12T17:16:19.487Z", "lastModified": "2026-05-13T15:52:56.850", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20881", "is_exploited": false, "epss": 0, "vendor": "WINDOWS", "mts_score": 10.0}, {"id": "CVE-2026-20887", "description": "Improper access control for some Intel Vision software for all versions within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an unauthenticated user combined with a low complexity attack may enable remote code execution. This result may potentially occ...", "score": 0.0, "severity": "PENDING", "published": "2026-05-12T17:16:19.617Z", "lastModified": "2026-05-13T15:52:56.850", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20887", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 10.0}, {"id": "CVE-2026-20905", "description": "Improper input validation for some Intel(R) QAT software drivers for Windows before version 2.6 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result m...", "score": 0.0, "severity": "PENDING", "published": "2026-05-12T17:16:19.767Z", "lastModified": "2026-05-13T15:52:56.850", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20905", "is_exploited": false, "epss": 0, "vendor": "WINDOWS", "mts_score": 10.0}, {"id": "CVE-2026-20914", "description": "Null pointer dereference for some Intel(R) QAT software drivers for Windows before version 2.6.0 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result ...", "score": 0.0, "severity": "PENDING", "published": "2026-05-12T17:16:19.887Z", "lastModified": "2026-05-13T15:52:56.850", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20914", "is_exploited": false, "epss": 0, "vendor": "WINDOWS", "mts_score": 10.0}, {"id": "CVE-2026-8278", "description": "Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error and is not a valid vulnerability. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.", "score": 0.0, "severity": "PENDING", "published": "2026-05-12T17:16:21.823Z", "lastModified": "2026-05-12T17:16:21.823", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8278", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 10.0}, {"id": "CVE-2026-20714", "description": "Out-of-bounds write for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a escalation of privilege. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable escalation of privilege. This r...", "score": 0.0, "severity": "PENDING", "published": "2026-05-12T18:16:36.900Z", "lastModified": "2026-05-13T15:52:56.850", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20714", "is_exploited": false, "epss": 0, "vendor": "WINDOWS", "mts_score": 10.0}, {"id": "CVE-2026-20767", "description": "Improper input validation for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable escalation of privilege....", "score": 0.0, "severity": "PENDING", "published": "2026-05-12T18:16:37.433Z", "lastModified": "2026-05-13T15:52:56.850", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20767", "is_exploited": false, "epss": 0, "vendor": "WINDOWS", "mts_score": 10.0}, {"id": "CVE-2026-31231", "description": "Cognee thru v0.4.0 contains a critical remote code execution vulnerability in its notebook cell execution API endpoint. The endpoint is designed to execute arbitrary Python code provided by the user, but it does so using the unsafe exec() function without any sandboxing, validation, or security cont...", "score": 0.0, "severity": "PENDING", "published": "2026-05-12T18:16:51.387Z", "lastModified": "2026-05-13T15:46:19.993", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31231", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 10.0}, {"id": "CVE-2026-41513", "description": "Horilla is an HR and CRM software. In 1.5.0, the notification endpoints trust the unvalidated next parameter and redirect users to arbitrary external URLs. This allows an attacker to turn trusted application links into phishing or social-engineering redirects.", "score": 0.0, "severity": "PENDING", "published": "2026-05-12T18:17:22.697Z", "lastModified": "2026-05-13T16:10:57.817", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41513", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 10.0}, {"id": "CVE-2026-42300", "description": "DevGuard provides vulnerability management for the full software supply chain. Prior to 1.2.2, the SessionMiddleware accepts a client-supplied X-Admin-Token HTTP request header and uses its raw string value as the authenticated userID when no Kratos session cookie is present. An unauthenticated atta...", "score": 0.0, "severity": "PENDING", "published": "2026-05-12T18:17:24.390Z", "lastModified": "2026-05-13T18:24:31.310", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42300", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 10.0}, {"id": "CVE-2026-42303", "description": "Fides is an open-source privacy engineering platform. From 2.75.0 to before 2.83.2, Fides deployments that enable both subject identity verification and duplicate privacy request detection are affected by a vulnerability in which an administrator can approve a privacy request whose identity was neve...", "score": 0.0, "severity": "PENDING", "published": "2026-05-12T18:17:24.540Z", "lastModified": "2026-05-13T18:24:31.310", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42303", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 10.0}, {"id": "CVE-2026-44166", "description": "Pocketbase is an open source web backend written in go. Prior to 0.22.42 and 0.37.4, in some situations, if an attacker knows the email address of the victim they can create and link an unverified PocketBase user in advance by authenticating with one of the OAuth2 app providers, e.g. \"A\". When the v...", "score": 0.0, "severity": "PENDING", "published": "2026-05-12T18:17:29.123Z", "lastModified": "2026-05-13T18:23:27.920", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44166", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 10.0}, {"id": "CVE-2026-44343", "description": "WGDashboard is a dashboard for WireGuard VPN. Prior to 4.3.2, there are critical vulnerabilities affecting WGDashboard that, if exploited, could allow unauthorized parties to access the host file system without authentication. This vulnerability is fixed in 4.3.2.", "score": 0.0, "severity": "PENDING", "published": "2026-05-12T18:17:30.483Z", "lastModified": "2026-05-13T18:20:16.720", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44343", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 10.0}, {"id": "CVE-2026-42338", "description": "ip-address is a library for parsing and manipulating IPv4 and IPv6 addresses in JavaScript. Prior to 10.1.1, Address6.group() and Address6.link() do not HTML-escape attacker-controlled content before embedding it in the HTML strings they return, and AddressError.parseMessage (emitted by the Address6...", "score": 0.0, "severity": "PENDING", "published": "2026-05-12T20:16:41.130Z", "lastModified": "2026-05-13T16:32:31.457", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42338", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 10.0}, {"id": "CVE-2026-44217", "description": "sse-channel is an SSE-implementation which can be used to any node.js http request/response stream. Prior to 4.0.1, implementations that allow user-provided values to be passed to event, retry or id fields are susceptible to event spoofing, where an attacker could inject arbitrary messages into the ...", "score": 0.0, "severity": "PENDING", "published": "2026-05-12T20:16:42.513Z", "lastModified": "2026-05-13T18:21:10.270", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44217", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 10.0}, {"id": "CVE-2026-44010", "description": "Craft CMS is a content management system (CMS). From 4.0.0 to before 4.17.12 and 5.9.18, the GraphQL Address element resolver (src/gql/resolvers/elements/Address.php) performs no schema scope filtering on top-level queries. A GraphQL API token scoped to a single low-privilege user group can read eve...", "score": 0.0, "severity": "PENDING", "published": "2026-05-12T21:16:15.720Z", "lastModified": "2026-05-13T16:16:53.720", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44010", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 10.0}, {"id": "CVE-2026-44011", "description": "Craft CMS is a content management system (CMS). From 4.0.0 to before 4.17.12 and 5.9.18, Craft CMS which contains an input-handling flaw in a Yii object creation path that let any authenticated user inject malicious configuration and execute arbitrary commands on the server. The request-controlled c...", "score": 0.0, "severity": "PENDING", "published": "2026-05-12T21:16:15.870Z", "lastModified": "2026-05-13T16:16:53.997", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44011", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 10.0}, {"id": "CVE-2026-44012", "description": "Craft CMS is a content management system (CMS). From 5.0.0-RC1 to before 5.9.18, AssetsController::actionShowInFolder() fetches an asset by ID and returns its filename and complete folder hierarchy (including volume handle, volume UID, folder names, folder UIDs, and folder URI paths) without checkin...", "score": 0.0, "severity": "PENDING", "published": "2026-05-12T21:16:16.003Z", "lastModified": "2026-05-13T14:54:50.290", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44012", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 10.0}, {"id": "CVE-2026-44232", "description": "DSSRF is a Node.js library that provides a wide range of utilities and advanced SSRF defense checks. Prior to 1.3.0, every IPv6 category bypasses is_url_safe. This vulnerability is fixed in 1.3.0.", "score": 0.0, "severity": "PENDING", "published": "2026-05-12T21:16:16.270Z", "lastModified": "2026-05-13T18:21:10.270", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44232", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 10.0}, {"id": "CVE-2026-42196", "description": "django-s3file is a lightweight file upload input for Django and Amazon S3. Prior to 7.0.2, S3FileMiddleware is vulnerable to relative path traversal attacks, where an attacker can use a modified request to escape pre-signed upload locations and have the Django application load files from random loca...", "score": 0.0, "severity": "PENDING", "published": "2026-05-12T22:16:34.193Z", "lastModified": "2026-05-13T18:15:26.870", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42196", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 10.0}, {"id": "CVE-2026-42844", "description": "Grav is a file-based Web platform. In Grav 2.0.0-beta.2, a low-privileged authenticated API user with api.media.write can abuse /api/v1/blueprint-upload to write an arbitrary YAML file into user/accounts/, then log in as the newly created account with api.super privileges. This results in full admin...", "score": 0.0, "severity": "PENDING", "published": "2026-05-12T22:16:34.793Z", "lastModified": "2026-05-13T16:16:48.580", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42844", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 10.0}, {"id": "CVE-2026-44257", "description": "efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, efw.file.FileManager.unZip writes zip entries to disk using new File(baseDir, zipEntry.getName()) with no canonical-path check. An entry name such as ../../../pwned.jsp escapes the intended extraction directory and lands anywhere the Tomc...", "score": 0.0, "severity": "PENDING", "published": "2026-05-12T22:16:35.840Z", "lastModified": "2026-05-13T16:10:57.817", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44257", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 10.0}, {"id": "CVE-2026-44258", "description": "efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, the elfinder_checkRisk function validates target and targets for path traversal and home containment, but does not validate the dst (destination) parameter used by elfinder_paste. An attacker can copy or move files from within the home di...", "score": 0.0, "severity": "PENDING", "published": "2026-05-12T22:16:36.127Z", "lastModified": "2026-05-14T13:16:19.357", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44258", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 10.0}, {"id": "CVE-2026-44301", "description": "Hugo is a static site generator. From 0.43 to before 0.161.0, when building a Hugo site that uses Node-based asset pipelines (PostCSS, Babel, TailwindCSS), Hugo invoked the configured Node tools without restrictions on file system access. As a result, executing hugo against an untrusted site could a...", "score": 0.0, "severity": "PENDING", "published": "2026-05-12T22:16:36.843Z", "lastModified": "2026-05-13T18:14:48.583", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44301", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 10.0}, {"id": "CVE-2026-44307", "description": "Mako is a template library written in Python. Prior to 1.3.12, on Windows, a URI using backslash traversal (e.g. \\..\\..\\ secret.txt) bypasses the directory traversal check in Template.__init__ and the posixpath-based normalization in TemplateLookup.get_template(), allowing reads of files outside the...", "score": 0.0, "severity": "PENDING", "published": "2026-05-12T22:16:37.567Z", "lastModified": "2026-05-13T18:15:26.870", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44307", "is_exploited": false, "epss": 0, "vendor": "WINDOWS", "mts_score": 10.0}, {"id": "CVE-2026-8449", "description": "Rejected reason: This CVE ID has been rejected or withdrawn.", "score": 0.0, "severity": "PENDING", "published": "2026-05-12T22:16:38.730Z", "lastModified": "2026-05-13T16:17:05.807", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8449", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 10.0}, {"id": "CVE-2026-42156", "description": "Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Prior to 1.2.3, a remote attacker can create a node with a malicious type that can escape an existing Cypher query and an adversary can execute an arbitrary Cypher query....", "score": 0.0, "severity": "PENDING", "published": "2026-05-12T23:16:17.203Z", "lastModified": "2026-05-13T16:10:57.817", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42156", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 10.0}, {"id": "CVE-2026-42157", "description": "Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Prior to 1.2.3, a remote attacker can create a map node with a malicious label that contains arbitrary HTML. When the map tab is selected and a map node marker is selecte...", "score": 0.0, "severity": "PENDING", "published": "2026-05-12T23:16:17.343Z", "lastModified": "2026-05-13T16:10:57.817", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42157", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 10.0}, {"id": "CVE-2026-42158", "description": "Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Prior to 1.2.3, an adversary with knowledge of an investigation ID, could update the metadata of an investigation of another user. This vulnerability is fixed in 1.2.3.", "score": 0.0, "severity": "PENDING", "published": "2026-05-12T23:16:17.470Z", "lastModified": "2026-05-14T13:16:17.903", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42158", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 10.0}, {"id": "CVE-2026-44352", "description": "Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Prior to 1.2.3, Broken Access Control allows reading of sketch logs from any user. This vulnerability is fixed in 1.2.3.", "score": 0.0, "severity": "PENDING", "published": "2026-05-12T23:16:18.480Z", "lastModified": "2026-05-13T16:16:57.047", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44352", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 10.0}, {"id": "CVE-2026-41202", "description": "CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.5.0, ci4ms Backup::restore extracts user uploaded ZIP archives without validating entry names, allowing an authenticated backend user wi...", "score": 0.0, "severity": "PENDING", "published": "2026-05-07T04:16:27.453Z", "lastModified": "2026-05-07T14:57:13.077", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41202", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 7.0}, {"id": "CVE-2026-41203", "description": "CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.5.0, ci4ms Theme::upload extracts user uploaded ZIP archives without validating entry names, allowing an authenticated backend user with...", "score": 0.0, "severity": "PENDING", "published": "2026-05-07T04:16:27.670Z", "lastModified": "2026-05-07T15:16:06.593", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41203", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 7.0}, {"id": "CVE-2026-41587", "description": "CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. From version 0.26.0.0 to before version 0.31.7.0, a theme upload feature allows any authenticated backend user with theme-upload permission to achieve remote ...", "score": 0.0, "severity": "PENDING", "published": "2026-05-07T04:16:27.860Z", "lastModified": "2026-05-07T15:16:07.307", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41587", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 7.0}, {"id": "CVE-2026-41672", "description": "xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) `DOMParser` and `XMLSerializer` module. In @xmldom/xmldom prior to versions 0.9.10 and 0.8.13 and xmldom version 0.6.0 and prior, the package allows attacker-controlled comment content to be serialized into XML without validating ...", "score": 0.0, "severity": "PENDING", "published": "2026-05-07T04:16:33.087Z", "lastModified": "2026-05-07T16:16:20.370", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41672", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 7.0}, {"id": "CVE-2026-41673", "description": "xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) `DOMParser` and `XMLSerializer` module. In @xmldom/xmldom prior to versions 0.9.10 and 0.8.13 and xmldom version 0.6.0 and prior, seven recursive traversals in lib/dom.js operate without a depth limit. A sufficiently deeply nested...", "score": 0.0, "severity": "PENDING", "published": "2026-05-07T04:16:33.257Z", "lastModified": "2026-05-07T15:16:08.670", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41673", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 7.0}, {"id": "CVE-2026-41674", "description": "xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) `DOMParser` and `XMLSerializer` module. In @xmldom/xmldom prior to versions 0.9.10 and 0.8.13 and xmldom version 0.6.0 and prior, the package serializes DocumentType node fields (internalSubset, publicId, systemId) verbatim withou...", "score": 0.0, "severity": "PENDING", "published": "2026-05-07T04:16:33.433Z", "lastModified": "2026-05-07T15:02:46.607", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41674", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 7.0}, {"id": "CVE-2026-41675", "description": "xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) `DOMParser` and `XMLSerializer` module. In @xmldom/xmldom prior to versions 0.9.10 and 0.8.13 and xmldom version 0.6.0 and prior, the package allows attacker-controlled processing instruction data to be serialized into XML without...", "score": 0.0, "severity": "PENDING", "published": "2026-05-07T04:16:33.580Z", "lastModified": "2026-05-07T15:16:08.817", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41675", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 7.0}, {"id": "CVE-2026-41890", "description": "CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. From version 0.31.1.0 to before version 0.31.8.0, the deleteProcess() action accepts a POST parameter tables[] containing arbitrary table names. These are pas...", "score": 0.0, "severity": "PENDING", "published": "2026-05-07T04:16:33.740Z", "lastModified": "2026-05-07T15:16:09.530", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41890", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 7.0}, {"id": "CVE-2026-41891", "description": "CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. From version 0.26.0 to before version 0.31.8.0, the auth filter has the deactivated/banned user check commented out. This issue has been patched in version 0....", "score": 0.0, "severity": "PENDING", "published": "2026-05-07T04:16:33.903Z", "lastModified": "2026-05-07T14:57:13.077", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41891", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 7.0}, {"id": "CVE-2026-41586", "description": "Hyperledger Fabric is an enterprise-grade permissioned distributed ledger framework for developing solutions and applications. From versions 1.0.0 to 2.2.26, Channel.java implements readObject() and exposes deSerializeChannel() which call ObjectInputStream.readObject() on untrusted byte arrays witho...", "score": 0.0, "severity": "PENDING", "published": "2026-05-07T06:16:04.910Z", "lastModified": "2026-05-07T16:16:19.727", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41586", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 7.0}, {"id": "CVE-2026-32686", "description": "Uncontrolled Resource Consumption vulnerability in ericmj decimal allows unauthenticated remote Denial of Service.\n\nThe decimal library does not bound the exponent on parsed input. Storing a decimal with a very large exponent (e.g. Decimal.new(\"1e1000000000\")) is accepted without error. Subsequent c...", "score": 0.0, "severity": "PENDING", "published": "2026-05-07T15:16:05.370Z", "lastModified": "2026-05-08T23:16:35.113", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32686", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 7.0}, {"id": "CVE-2026-44349", "description": "Daptin is a GraphQL/JSON-API headless CMS. Prior to version 0.11.5, processFuzzySearch in server/resource/resource_findallpaginated.go:1484 splits the user-supplied column parameter by comma and interpolates each segment directly into goqu.L(fmt.Sprintf(\"LOWER(%s) LIKE ?\", prefix+col)) raw SQL with ...", "score": 0.0, "severity": "PENDING", "published": "2026-05-07T15:16:10.903Z", "lastModified": "2026-05-08T15:17:01.387", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44349", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 7.0}, {"id": "CVE-2026-41653", "description": "BentoPDF is a client-side PDF toolkit that is self hostable. Prior to version 2.8.3, a cross-site scripting vulnerability was identified in BentoPD. An attacker may be able to execute arbitrary JavaScript in certain circumstances in Markdown to PDF Tool. This issue has been patched in version 2.8.3.", "score": 0.0, "severity": "PENDING", "published": "2026-05-07T19:16:00.670Z", "lastModified": "2026-05-07T19:51:36.220", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41653", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 7.0}, {"id": "CVE-2026-42259", "description": "Saltcorn is an extensible, open source, no-code database application builder. Prior to versions 1.4.6, 1.5.6, and 1.6.0-beta.5, Saltcorn validates the post-login dest parameter with a string check that only blocks :/ and //. Because all WHATWG-compliant browsers normalise backslashes (\\) to forward ...", "score": 0.0, "severity": "PENDING", "published": "2026-05-07T20:16:44.400Z", "lastModified": "2026-05-08T23:16:36.133", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42259", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 7.0}, {"id": "CVE-2026-44365", "description": "Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-34429. Reason: This candidate is a duplicate of CVE-2026-34429. Notes: All CVE users should reference CVE-2026-34429 instead of this candidate.", "score": 0.0, "severity": "PENDING", "published": "2026-05-07T21:16:30.433Z", "lastModified": "2026-05-07T21:16:30.433", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44365", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 7.0}, {"id": "CVE-2026-7891", "description": "The VerySecureApp made by DIVD using Mendix Studio Pro 11.8.0 Beta allows unintended data exposure due to authorization misconfiguration. The VerySecureApp allows anonymous users of the MyFirstModule with the anonymous user role to gain access to all stored records, even though no access rights are ...", "score": 0.0, "severity": "PENDING", "published": "2026-05-07T22:16:37.070Z", "lastModified": "2026-05-08T15:37:58.510", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7891", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 7.0}, {"id": "CVE-2026-2710", "description": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.", "score": 0.0, "severity": "PENDING", "published": "2026-05-07T23:16:31.877Z", "lastModified": "2026-05-07T23:16:31.877", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2710", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 7.0}, {"id": "CVE-2026-3508", "description": "An Out-of-bounds Read vulnerability in the IOCTL handler in ASUS System Control Interface allows a local user to cause system crash (BSOD) via a read size that exceeds the buffer size.Refer to the '\nSecurity Update for MyASUS\u00a0' section on the ASUS Security Advisory for more information.", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T03:16:24.820Z", "lastModified": "2026-05-08T15:34:56.710", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3508", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 7.0}, {"id": "CVE-2026-6737", "description": "An Exposed IOCTL with Insufficient Access Control vulnerability in AsusPTPFilter allows a local user to bypass driver security mechanisms and obtain restricted touchpad information or render the touchpad unusable\u00a0via crafted IOCTL requests.Refer to the '\nSecurity Update for ASUS Precision Touchpad\u00a0'...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T03:16:24.990Z", "lastModified": "2026-05-08T15:34:56.710", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6737", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 7.0}, {"id": "CVE-2026-42272", "description": "Heimdall is a cloud native Identity Aware Proxy and Access Control Decision service. Prior to version 0.17.14, Heimdall handles URL-encoded slashes (%2F) in a case-sensitive manner, while percent-encoding is defined to be case-insensitive. As a result, the lowercase equivalent (%2f) is not recognize...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T04:16:22.013Z", "lastModified": "2026-05-08T16:03:26.693", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42272", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 7.0}, {"id": "CVE-2026-42273", "description": "Heimdall is a cloud native Identity Aware Proxy and Access Control Decision service. Prior to version 0.17.14, Heimdall performs host matching in a case-sensitive manner, while HTTP hostnames are case-insensitive. This discrepancy can result in heimdall failing to match a rule for a request host tha...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T04:16:22.457Z", "lastModified": "2026-05-08T16:03:26.693", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42273", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 7.0}, {"id": "CVE-2026-42274", "description": "Heimdall is a cloud native Identity Aware Proxy and Access Control Decision service. Prior to version 0.17.14, Heimdall performs rule matching on the raw (non-normalized) request path, while downstream components may normalize dot-segments according to RFC 3986, Section 6.2.2.3. This discrepancy can...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T04:16:22.643Z", "lastModified": "2026-05-08T16:03:26.693", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42274", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 7.0}, {"id": "CVE-2026-42278", "description": "UltraDAG is a minimal DAG-BFT blockchain in Rust. Prior to commit fb6ef59, the UltraDAG StateEngine implementation of SmartTransferTx contains a critical logic flaw in its policy enforcement pipeline. When a transaction originates from a \"Pocket\" (a derived sub-address documented in the protocol as ...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T05:16:10.900Z", "lastModified": "2026-05-09T00:16:29.017", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42278", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 7.0}, {"id": "CVE-2026-8069", "description": "PredatorSense version 3.00.3136 to 3.00.3196 contain Local Privilege Escalation (LPE) vulnerability.The program exposes a Windows Named Pipe that uses a custom protocol to invoke internal functions. However, this Named Pipe is misconfigured, allowing any authenticated local user to execute arbitrary...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T07:16:29.443Z", "lastModified": "2026-05-08T15:34:56.710", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8069", "is_exploited": false, "epss": 0, "vendor": "WINDOWS", "mts_score": 7.0}, {"id": "CVE-2026-8149", "description": "A vulnerability in Legion of the Bouncy Castle Inc. BC-FJA BC-FIPS on Linux, X86_64, AVX, AVX-512f.\n\n This vulnerability is associated with program files gcm128w, gcm512w.\n\n\n\nThis issue affects BC-FJA: from 2.1.0 through 2.1.2.", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T07:16:29.603Z", "lastModified": "2026-05-08T15:38:02.517", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8149", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-6213", "description": "A vulnerability in Remote Spark\u00a0SparkView before\u00a0build 1122 allows an attacker to bypasses the local connection check and achieve arbitrary code execution as root\u00a0on the server side.\u00a0Depending on implementation the vulnerability can be exploited by an unauthenticated attacker.", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T10:16:29.270Z", "lastModified": "2026-05-08T15:51:08.590", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6213", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 7.0}, {"id": "CVE-2026-3318", "description": "Open redirection vulnerability in the latest demo version of the Cradle eCommerce platform. The vulnerability occurs in the login form endpoint, where the \u2018returnUrl\u2019 parameter allows redirection because the web application accepts a URL as a parameter without properly validating it. As a result, it...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T12:16:29.323Z", "lastModified": "2026-05-08T15:51:08.590", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3318", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 7.0}, {"id": "CVE-2026-8076", "description": "Weak credentials in the CashDro 3 web administration panel, version 24.01.00.26, where the platform allows the use of numeric PINs for user authentication. The system supports the use of PIN-based credentials, maintaining compatibility with POS software integrations deployed since 2012. This could a...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T12:16:29.560Z", "lastModified": "2026-05-08T15:51:08.590", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8076", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 7.0}, {"id": "CVE-2026-8077", "description": "Lack of proper authorization implementation in the CashDro 3 web administration panel, version 24.01.00.26. The backend lacks authorization controls, leaving security entirely to the frontend. By modifying the binary string in the \u2018Permissions\u2019 field of the JSON response, an attacker could escalate ...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T13:16:49.530Z", "lastModified": "2026-05-08T15:51:08.590", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8077", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 7.0}, {"id": "CVE-2026-43286", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/hugetlb: restore failed global reservations to subpool\n\nCommit a833a693a490 (\"mm: hugetlb: fix incorrect fallback for subpool\")\nfixed an underflow error for hstate->resv_huge_pages caused by incorrectly\nattributing globally requ...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T14:16:35.473Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43286", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43287", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm: Account property blob allocations to memcg\n\nDRM_IOCTL_MODE_CREATEPROPBLOB allows userspace to allocate arbitrary-sized\nproperty blobs backed by kernel memory.\n\nCurrently, the blob data allocation is not accounted to the alloca...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T14:16:35.600Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43287", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43288", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: move ext4_percpu_param_init() before ext4_mb_init()\n\nWhen running `kvm-xfstests -c ext4/1k -C 1 generic/383` with the\n`DOUBLE_CHECK` macro defined, the following panic is triggered:\n\n==========================================...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T14:16:35.737Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43288", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43289", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nkexec: derive purgatory entry from symbol\n\nkexec_load_purgatory() derives image->start by locating e_entry inside an\nSHF_EXECINSTR section.  If the purgatory object contains multiple\nexecutable sections with overlapping sh_addr, th...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T14:16:35.867Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43289", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43297", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: rockchip: rga: Fix possible ERR_PTR dereference in rga_buf_init()\n\nrga_get_frame() can return ERR_PTR(-EINVAL) when buffer type is\nunsupported or invalid. rga_buf_init() does not check the return value\nand unconditionally de...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T14:16:36.863Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43297", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43298", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Skip vcn poison irq release on VF\n\nVF doesn't enable VCN poison irq in VCNv2.5. Skip releasing it and avoid\ncall trace during deinitialization.\n\n[   71.913601] [drm] clean up the vf2pf work item\n[   71.915088] ---------...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T14:16:36.970Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43298", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43299", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: do not ASSERT() when the fs flips RO inside btrfs_repair_io_failure()\n\n[BUG]\nThere is a bug report that when btrfs hits ENOSPC error in a critical\npath, btrfs flips RO (this part is expected, although the ENOSPC bug\nstill ne...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T14:16:37.100Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43299", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43300", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/panel: Fix a possible null-pointer dereference in jdi_panel_dsi_remove()\n\nIn jdi_panel_dsi_remove(), jdi is explicitly checked, indicating that it\nmay be NULL:\n\n  if (!jdi)\n    mipi_dsi_detach(dsi);\n\nHowever, when jdi is NULL, ...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T14:16:37.223Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43300", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43301", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: chips-media: wave5: Fix PM runtime usage count underflow\n\nReplace pm_runtime_put_sync() with pm_runtime_dont_use_autosuspend() in\nthe remove path to properly pair with pm_runtime_use_autosuspend() from\nprobe. This allows pm_...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T14:16:37.340Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43301", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43302", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Set DMA segment size to avoid debug warnings\n\nWhen using V3D rendering with CONFIG_DMA_API_DEBUG enabled, the\nkernel occasionally reports a segment size mismatch. This is because\n'max_seg_size' is not set. The kernel defau...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T14:16:37.447Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43302", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43305", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix mismatched unlock for DMUB HW lock in HWSS fast path\n\n[Why]\nThe evaluation for whether we need to use the DMUB HW lock isn't the\nsame as whether we need to unlock which results in a hang when the\nfast path is u...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T14:16:37.813Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43305", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43306", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: crypto: Use the correct destructor kfunc type\n\nWith CONFIG_CFI enabled, the kernel strictly enforces that indirect\nfunction calls use a function pointer type that matches the target\nfunction. I ran into the following type mism...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T14:16:37.913Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43306", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43308", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: don't BUG() on unexpected delayed ref type in run_one_delayed_ref()\n\nThere is no need to BUG(), we can just return an error and log an error\nmessage.", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T14:16:38.137Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43308", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43309", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd raid: fix hang when stopping arrays with metadata through dm-raid\n\nWhen using device-mapper's dm-raid target, stopping a RAID array can cause\nthe system to hang under specific conditions.\n\nThis occurs when:\n\n- A dm-raid managed ...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T14:16:38.250Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43309", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43310", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: verisilicon: Avoid G2 bus error while decoding H.264 and HEVC\n\nFor the i.MX8MQ platform, there is a hardware limitation: the g1 VPU and\ng2 VPU cannot decode simultaneously; otherwise, it will cause below bus\nerror and produc...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T14:16:38.370Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43310", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43311", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc/tegra: pmc: Fix unsafe generic_handle_irq() call\n\nCurrently, when resuming from system suspend on Tegra platforms,\nthe following warning is observed:\n\nWARNING: CPU: 0 PID: 14459 at kernel/irq/irqdesc.c:666\nCall trace:\n handle_i...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T14:16:39.480Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43311", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43312", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: i2c: ov5647: Initialize subdev before controls\n\nIn ov5647_init_controls() we call v4l2_get_subdevdata, but it is\ninitialized by v4l2_i2c_subdev_init() in the probe, which currently\nhappens after init_controls(). This can res...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T14:16:39.587Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43312", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43313", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: processor: Fix NULL-pointer dereference in acpi_processor_errata_piix4()\n\nIn acpi_processor_errata_piix4(), the pointer dev is first assigned an IDE\ndevice and then reassigned an ISA device:\n\n  dev = pci_get_subsys(..., PCI_D...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T14:16:39.710Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43313", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43314", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm: remove fake timeout to avoid leak request\n\nSince commit 15f73f5b3e59 (\"blk-mq: move failure injection out of\nblk_mq_complete_request\"), drivers are responsible for calling\nblk_should_fake_timeout() at appropriate code paths and...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T14:16:39.830Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43314", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43315", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: nSVM: Remove a user-triggerable WARN on nested_svm_load_cr3() succeeding\n\nDrop the WARN in svm_set_nested_state() on nested_svm_load_cr3() failing\nas it is trivially easy to trigger from userspace by modifying CPUID after\nload...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T14:16:39.977Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43315", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43316", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: solo6x10: Check for out of bounds chip_id\n\nClang with CONFIG_UBSAN_SHIFT=y noticed a condition where a signed type\n(literal \"1\" is an \"int\") could end up being shifted beyond 32 bits,\nso instrumentation was added (and due to...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T14:16:40.117Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43316", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43317", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmost: core: fix leak on early registration failure\n\nA recent commit fixed a resource leak on early registration failures but\nfor some reason left out the first error path which still leaks the\nresources associated with the interfac...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T14:16:40.243Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43317", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43318", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix sync handling in amdgpu_dma_buf_move_notify\n\nInvalidating a dmabuf will impact other users of the shared BO.\nIn the scenario where process A moves the BO, it needs to inform\nprocess B about the move and process B wi...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T14:16:40.363Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43318", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43319", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: spidev: fix lock inversion between spi_lock and buf_lock\n\nThe spidev driver previously used two mutexes, spi_lock and buf_lock,\nbut acquired them in different orders depending on the code path:\n\n  write()/read(): buf_lock -> s...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T14:16:40.480Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43319", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43320", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix dsc eDP issue\n\n[why]\nNeed to add function hook check before use", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T14:16:40.593Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43320", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43323", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched/fair: Fix zero_vruntime tracking fix\n\nJohn reported that stress-ng-yield could make his machine unhappy and\nmanaged to bisect it to commit b3d99f43c72b (\"sched/fair: Fix\nzero_vruntime tracking\").\n\nThe combination of yield and...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T14:16:40.947Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43323", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43325", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: don't send a 6E related command when not supported\n\nMCC_ALLOWED_AP_TYPE_CMD is related to 6E support. Do not send it if the\ndevice doesn't support 6E.\nApparently, the firmware is mistakenly advertising support f...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T14:16:41.207Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43325", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43326", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched_ext: Fix SCX_KICK_WAIT deadlock by deferring wait to balance callback\n\nSCX_KICK_WAIT busy-waits in kick_cpus_irq_workfn() using\nsmp_cond_load_acquire() until the target CPU's kick_sync advances. Because\nthe irq_work runs in h...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T14:16:42.133Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43326", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43327", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: dummy-hcd: Fix locking/synchronization error\n\nSyzbot testing was able to provoke an addressing exception and crash\nin the usb_gadget_udc_reset() routine in\ndrivers/usb/gadgets/udc/core.c, resulting from the fact that the\nrouti...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T14:16:42.243Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43327", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43328", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncpufreq: governor: fix double free in cpufreq_dbs_governor_init() error path\n\nWhen kobject_init_and_add() fails, cpufreq_dbs_governor_init() calls\nkobject_put(&dbs_data->attr_set.kobj).\n\nThe kobject release callback cpufreq_dbs_dat...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T14:16:42.397Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43328", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43331", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/kexec: Disable KCOV instrumentation after load_segments()\n\nThe load_segments() function changes segment registers, invalidating GS base\n(which KCOV relies on for per-cpu data). When CONFIG_KCOV is enabled, any\nsubsequent instru...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T14:16:42.763Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43331", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43333", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: reject direct access to nullable PTR_TO_BUF pointers\n\ncheck_mem_access() matches PTR_TO_BUF via base_type() which strips\nPTR_MAYBE_NULL, allowing direct dereference without a null check.\n\nMap iterator ctx->key and ctx->value a...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T14:16:43.003Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43333", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43335", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ninterconnect: qcom: sm8450: Fix NULL pointer dereference in icc_link_nodes()\n\nThe change to dynamic IDs for SM8450 platform interconnects left two links\nunconverted, fix it to avoid the NULL pointer dereference in runtime,\nwhen a p...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T14:16:43.263Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43335", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43337", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix NULL pointer dereference in dcn401_init_hw()\n\ndcn401_init_hw() assumes that update_bw_bounding_box() is valid when\nentering the update path. However, the existing condition:\n\n  ((!fams2_enable && update_bw_boun...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T14:16:43.517Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43337", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43338", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: reserve enough transaction items for qgroup ioctls\n\nCurrently our qgroup ioctls don't reserve any space, they just do a\ntransaction join, which does not reserve any space, neither for the quota\ntree updates nor for the delay...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T14:16:43.630Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43338", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43340", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncomedi: Reinit dev->spinlock between attachments to low-level drivers\n\n`struct comedi_device` is the main controlling structure for a COMEDI\ndevice created by the COMEDI subsystem.  It contains a member `spinlock`\ncontaining a spin...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T14:16:43.910Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43340", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43342", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: f_rndis: Protect RNDIS options with mutex\n\nThe class/subclass/protocol options are suspectible to race conditions\nas they can be accessed concurrently through configfs.\n\nUse existing mutex to protect these options. Thi...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T14:16:44.170Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43342", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43343", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: f_subset: Fix unbalanced refcnt in geth_free\n\ngeth_alloc() increments the reference count, but geth_free() fails to\ndecrement it. This prevents the configuration of attributes via configfs\nafter unlinking the function....", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T14:16:44.300Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43343", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43344", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf/x86/intel/uncore: Fix die ID init and look up bugs\n\nIn snbep_pci2phy_map_init(), in the nr_node_ids > 8 path,\nuncore_device_to_die() may return -1 when all CPUs associated\nwith the UBOX device are offline.\n\nRemove the WARN_ON_...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T14:16:44.433Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43344", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43346", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: ptp: don't WARN when controlling PF is unavailable\n\nIn VFIO passthrough setups, it is possible to pass through only a PF\nwhich doesn't own the source timer. In that case the PTP controlling PF\n(adapter->ctrl_pf) is never initi...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T14:16:44.663Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43346", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43348", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmshv_vtl: Fix vmemmap_shift exceeding MAX_FOLIO_ORDER\n\nWhen registering VTL0 memory via MSHV_ADD_VTL0_MEMORY, the kernel\ncomputes pgmap->vmemmap_shift as the number of trailing zeros in the\nOR of start_pfn and last_pfn, intending t...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T14:16:44.890Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43348", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43349", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to avoid uninit-value access in f2fs_sanity_check_node_footer\n\nsyzbot reported a f2fs bug as below:\n\nBUG: KMSAN: uninit-value in f2fs_sanity_check_node_footer+0x374/0xa20 fs/f2fs/node.c:1520\n f2fs_sanity_check_node_footer...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T14:16:44.997Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43349", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-44125", "description": "SEPPmail Secure Email Gateway before version 15.0.4 fails to enforce authorization checks for multiple endpoints in the new GINA UI, allowing unauthenticated remote attackers to access functionality that should require a valid session.", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T14:16:45.383Z", "lastModified": "2026-05-08T15:51:08.590", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44125", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 7.0}, {"id": "CVE-2026-44126", "description": "SEPPmail Secure Email Gateway before version 15.0.4 insecurely deserializes untrusted data, which can be reached from the new GINA UI and may allow unauthenticated remote attackers to execute code via a crafted serialized object.", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T14:16:45.560Z", "lastModified": "2026-05-08T15:51:08.590", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44126", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 7.0}, {"id": "CVE-2026-44127", "description": "SEPPmail Secure Email Gateway before version 15.0.4 contains an unauthenticated path traversal vulnerability in the identifier parameter of /api.app/attachment/preview that allows remote attackers to read arbitrary local files and trigger deletion of files in the targeted directory with the privileg...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T14:16:45.730Z", "lastModified": "2026-05-08T15:51:08.590", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44127", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 7.0}, {"id": "CVE-2026-44128", "description": "SEPPmail Secure Email Gateway before version 15.0.2.1 allows unauthenticated remote code execution in the new GINA UI because an\u00a0endpoint passes attacker-controlled input from a\u00a0parameter to Perl's\u00a0eval.", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T14:16:45.870Z", "lastModified": "2026-05-08T15:51:08.590", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44128", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 7.0}, {"id": "CVE-2026-44129", "description": "SEPPmail Secure Email Gateway before version 15.0.4 contains a server-side template injection vulnerability in the new GINA UI because an endpoint\u00a0accepts attacker-controlled template, allowing remote attackers to execute arbitrary template expressions and potentially achieve remote code execution d...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T14:16:46.007Z", "lastModified": "2026-05-08T15:51:08.590", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44129", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 7.0}, {"id": "CVE-2026-7864", "description": "SEPPmail Secure Email Gateway before version 15.0.4 exposes server environment variables through an unauthenticated endpoint in the new GINA UI, allowing remote attackers to obtain sensitive system information.", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T14:16:47.880Z", "lastModified": "2026-05-08T15:51:08.590", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7864", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 7.0}, {"id": "CVE-2026-43351", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: arm64: Eagerly init vgic dist/redist on vgic creation\n\nIf vgic_allocate_private_irqs_locked() fails for any odd reason,\nwe exit kvm_vgic_create() early, leaving dist->rd_regions uninitialised.\n\nkvm_vgic_dist_destroy() then com...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T15:16:45.830Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43351", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43354", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: proximity: hx9023s: Protect against division by zero in set_samp_freq\n\nAvoid division by zero when sampling frequency is unspecified.", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T15:16:46.147Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43354", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43355", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: light: bh1780: fix PM runtime leak on error path\n\nMove pm_runtime_put_autosuspend() before the error check to ensure\nthe PM runtime reference count is always decremented after\npm_runtime_get_sync(), regardless of whether the r...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T15:16:46.250Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43355", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43356", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: imu: adis: Fix NULL pointer dereference in adis_init\n\nThe adis_init() function dereferences adis->ops to check if the\nindividual function pointers (write, read, reset) are NULL, but does\nnot first check if adis->ops itself is ...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T15:16:46.367Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43356", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43357", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: gyro: mpu3050-core: fix pm_runtime error handling\n\nThe return value of pm_runtime_get_sync() is not checked, allowing\nthe driver to access hardware that may fail to resume. The device\nusage count is also unconditionally increm...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T15:16:46.477Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43357", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43358", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: add missing RCU unlock in error path in try_release_subpage_extent_buffer()\n\nCall rcu_read_lock() before exiting the loop in\ntry_release_subpage_extent_buffer() because there is a rcu_read_unlock()\ncall past the loop.\n\nThis ...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T15:16:46.607Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43358", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43359", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix transaction abort on set received ioctl due to item overflow\n\nIf the set received ioctl fails due to an item overflow when attempting to\nadd the BTRFS_UUID_KEY_RECEIVED_SUBVOL we have to abort the transaction\nsince we di...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T15:16:46.717Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43359", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43360", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix transaction abort on file creation due to name hash collision\n\nIf we attempt to create several files with names that result in the same\nhash, we have to pack them in same dir item and that has a limit inherent\nto the lea...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T15:16:46.833Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43360", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43361", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix transaction abort when snapshotting received subvolumes\n\nCurrently a user can trigger a transaction abort by snapshotting a\npreviously received snapshot a bunch of times until we reach a\nBTRFS_UUID_KEY_RECEIVED_SUBVOL it...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T15:16:46.980Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43361", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43363", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/apic: Disable x2apic on resume if the kernel expects so\n\nWhen resuming from s2ram, firmware may re-enable x2apic mode, which may have\nbeen disabled by the kernel during boot either because it doesn't support IRQ\nremapping or fo...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T15:16:47.247Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43363", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43364", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nublk: fix NULL pointer dereference in ublk_ctrl_set_size()\n\nublk_ctrl_set_size() unconditionally dereferences ub->ub_disk via\nset_capacity_and_notify() without checking if it is NULL.\n\nub->ub_disk is NULL before UBLK_CMD_START_DEV ...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T15:16:47.383Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43364", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43367", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd: Fix a few more NULL pointer dereference in device cleanup\n\nI found a few more paths that cleanup fails due to a NULL version pointer\non unsupported hardware.\n\nAdd NULL checks as applicable.\n\n(cherry picked from commit f5a0...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T15:16:47.737Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43367", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43369", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd: Fix NULL pointer dereference in device cleanup\n\nWhen GPU initialization fails due to an unsupported HW block\nIP blocks may have a NULL version pointer. During cleanup in\namdgpu_device_fini_hw, the code calls amdgpu_device_...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T15:16:47.960Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43369", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43371", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: macb: Shuffle the tx ring before enabling tx\n\nQuanyang observed that when using an NFS rootfs on an AMD ZynqMp board,\nthe rootfs may take an extended time to recover after a suspend.\nUpon investigation, it was determined that ...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T15:16:48.187Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43371", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43372", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: microchip: Fix error path in PTP IRQ setup\n\nIf request_threaded_irq() fails during the PTP message IRQ setup, the\nnewly created IRQ mapping is never disposed. Indeed, the\nksz_ptp_irq_setup()'s error path only frees the ma...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T15:16:48.313Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43372", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43375", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mctp: fix device leak on probe failure\n\nDriver core holds a reference to the USB interface and its parent USB\ndevice while the interface is bound to a driver and there is no need to\ntake additional references unless the struct...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T15:16:48.650Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43375", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43378", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: server: fix use-after-free in smb2_open()\n\nThe opinfo pointer obtained via rcu_dereference(fp->f_opinfo) is\ndereferenced after rcu_read_unlock(), creating a use-after-free\nwindow.", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T15:16:48.990Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43378", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43380", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (pmbus/q54sj108a2) fix stack overflow in debugfs read\n\nThe q54sj108a2_debugfs_read function suffers from a stack buffer overflow\ndue to incorrect arguments passed to bin2hex(). The function currently\npasses 'data' as the des...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T15:16:49.207Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43380", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43381", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnouveau/dpcd: return EBUSY for aux xfer if the device is asleep\n\nIf we have runtime suspended, and userspace wants to use /dev/drm_dp_*\nthen just tell it the device is busy instead of crashing in the GSP\ncode.\n\nWARNING: CPU: 2 PID:...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T15:16:49.333Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43381", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43382", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbatman-adv: Avoid double-rtnl_lock ELP metric worker\n\nbatadv_v_elp_get_throughput() might be called when the RTNL lock is already\nheld. This could be problematic when the work queue item is cancelled via\ncancel_delayed_work_sync() ...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T15:16:49.463Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43382", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43386", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: rtl8723bs: fix potential out-of-bounds read in rtw_restruct_wmm_ie\n\nThe current code checks 'i + 5 < in_len' at the end of the if statement.\nHowever, it accesses 'in_ie[i + 5]' before that check, which can lead\nto an out-o...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T15:16:49.933Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43386", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43387", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: rtl8723bs: properly validate the data in rtw_get_ie_ex()\n\nJust like in commit 154828bf9559 (\"staging: rtl8723bs: fix out-of-bounds\nread in rtw_get_ie() parser\"), we don't trust the data in the frame so\nwe should check the ...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T15:16:50.060Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43387", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43388", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/damon/core: clear walk_control on inactive context in damos_walk()\n\ndamos_walk() sets ctx->walk_control to the caller-provided control\nstructure before checking whether the context is running.  If the context\nis inactive (damon_...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T15:16:50.180Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43388", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43389", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: memfd_luo: always dirty all folios\n\nA dirty folio is one which has been written to.  A clean folio is its\nopposite.  Since a clean folio has no user data, it can be freed under\nmemory pressure.\n\nmemfd preservation with LUO save...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T15:16:50.290Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43389", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43390", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnstree: tighten permission checks for listing\n\nEven privileged services should not necessarily be able to see other\nprivileged service's namespaces so they can't leak information to each\nother. Use may_see_all_namespaces() helper t...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T15:16:50.387Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43390", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43392", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched_ext: Fix starvation of scx_enable() under fair-class saturation\n\nDuring scx_enable(), the READY -> ENABLED task switching loop changes the\ncalling thread's sched_class from fair to ext. Since fair has higher\npriority than ext...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T15:16:50.583Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43392", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43393", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix chunk map leak in btrfs_map_block() after btrfs_chunk_map_num_copies()\n\nFix a chunk map leak in btrfs_map_block(): if we return early with -EINVAL,\nwe're not freeing the chunk map that we've just looked up.", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T15:16:50.693Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43393", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43394", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: Fix cred ref leak in nfsd_nl_listener_set_doit().\n\nnfsd_nl_listener_set_doit() uses get_current_cred() without\nput_cred().\n\nAs we can see from other callers, svc_xprt_create_from_sa()\ndoes not require the extra refcount.\n\nnfs...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T15:16:50.800Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43394", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43395", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe/sync: Cleanup partially initialized sync on parse failure\n\nxe_sync_entry_parse() can allocate references (syncobj, fence, chain fence,\nor user fence) before hitting a later failure path. Several of those paths\nreturned direc...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T15:16:50.907Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43395", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43396", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe/sync: Fix user fence leak on alloc failure\n\nWhen dma_fence_chain_alloc() fails, properly release the user fence\nreference to prevent a memory leak.\n\n(cherry picked from commit a5d5634cde48a9fcd68c8504aa07f89f175074a0)", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T15:16:51.010Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43396", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43397", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/bridge: samsung-dsim: Fix memory leak in error path\n\nIn samsung_dsim_host_attach(), drm_bridge_add() is called to add the\nbridge. However, if samsung_dsim_register_te_irq() or\npdata->host_ops->attach() fails afterwards, the fun...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T15:16:51.117Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43397", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43398", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: add upper bound check on user inputs in wait ioctl\n\nHuge input values in amdgpu_userq_wait_ioctl can lead to a OOM and\ncould be exploited.\n\nSo check these input value against AMDGPU_USERQ_MAX_HANDLES\nwhich is big enough...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T15:16:51.230Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43398", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43399", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu/userq: Fix reference leak in amdgpu_userq_wait_ioctl\n\nDrop reference to syncobj and timeline fence when aborting the ioctl due\noutput array being too small.\n\n(cherry picked from commit 68951e9c3e6bb22396bc42ef2359751c831...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T15:16:51.327Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43399", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43400", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: add upper bound check on user inputs in signal ioctl\n\nHuge input values in amdgpu_userq_signal_ioctl can lead to a OOM and\ncould be exploited.\n\nSo check these input value against AMDGPU_USERQ_MAX_HANDLES\nwhich is big en...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T15:16:51.430Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43400", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43401", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncpufreq: intel_pstate: Fix NULL pointer dereference in update_cpu_qos_request()\n\nThe update_cpu_qos_request() function attempts to initialize the 'freq'\nvariable by dereferencing 'cpudata' before verifying if the 'policy'\nis valid....", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T15:16:51.543Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43401", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43404", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: Fix a hmm_range_fault() livelock / starvation problem\n\nIf hmm_range_fault() fails a folio_trylock() in do_swap_page,\ntrying to acquire the lock of a device-private folio for migration,\nto ram, the function will spin until it su...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T15:16:51.887Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43404", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43409", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nkprobes: avoid crash when rmmod/insmod after ftrace killed\n\nAfter we hit ftrace is killed by some errors, the kernel crash if\nwe remove modules in which kprobe probes.\n\nBUG: unable to handle page fault for address: fffffbfff805000d...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T15:16:52.513Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43409", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43410", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: stratix10-rsu: Fix NULL pointer dereference when RSU is disabled\n\nWhen the Remote System Update (RSU) isn't enabled in the First Stage\nBoot Loader (FSBL), the driver encounters a NULL pointer dereference when\nexcute svc_n...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T15:16:52.633Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43410", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43411", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: fix divide-by-zero in tipc_sk_filter_connect()\n\nA user can set conn_timeout to any value via\nsetsockopt(TIPC_CONN_TIMEOUT), including values less than 4.  When a\nSYN is rejected with TIPC_ERR_OVERLOAD and the retry path in\nti...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T15:16:52.880Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43411", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43412", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: qcom: qdsp6: Fix q6apm remove ordering during ADSP stop and start\n\nDuring ADSP stop and start, the kernel crashes due to the order in which\nASoC components are removed.\n\nOn ADSP stop, the q6apm-audio .remove callback unloads ...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T15:16:53.043Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43412", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43413", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: hisi_sas: Fix NULL pointer exception during user_scan()\n\nuser_scan() invokes updated sas_user_scan() for channel 0, and if\nsuccessful, iteratively scans remaining channels (1 to shost->max_channel)\nvia scsi_scan_host_selected...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T15:16:53.193Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43413", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43415", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: core: Fix SError in ufshcd_rtc_work() during UFS suspend\n\nIn __ufshcd_wl_suspend(), cancel_delayed_work_sync() is called to cancel\nthe UFS RTC work, but it is placed after ufshcd_vops_suspend(hba, pm_op,\nPOST_CHANGE). Th...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T15:16:53.477Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43415", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43416", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc, perf: Check that current->mm is alive before getting user callchain\n\nIt may happen that mm is already released, which leads to kernel panic.\nThis adds the NULL check for current->mm, similarly to\ncommit 20afc60f892d (\"x86,...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T15:16:53.597Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43416", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43417", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched/mmcid: Handle vfork()/CLONE_VM correctly\n\nMatthieu and Jiri reported stalls where a task endlessly loops in\nmm_get_cid() when scheduling in.\n\nIt turned out that the logic which handles vfork()'ed tasks is broken. It\nis invoke...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T15:16:53.700Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43417", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43418", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched/mmcid: Prevent CID stalls due to concurrent forks\n\nA newly forked task is accounted as MMCID user before the task is visible\nin the process' thread list and the global task list. This creates the\nfollowing problem:\n\n CPU1\t\t\tC...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T15:16:53.803Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43418", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43419", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nceph: fix memory leaks in ceph_mdsc_build_path()\n\nAdd __putname() calls to error code paths that did not free the \"path\"\npointer obtained by __getname().  If ownership of this pointer is not\npassed to the caller via path_info.path,...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T15:16:53.910Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43419", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43420", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nceph: fix i_nlink underrun during async unlink\n\nDuring async unlink, we drop the `i_nlink` counter before we receive\nthe completion (that will eventually update the `i_nlink`) because \"we\nassume that the unlink will succeed\".  That...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T15:16:54.023Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43420", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43421", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: f_ncm: Fix net_device lifecycle with device_move\n\nThe network device outlived its parent gadget device during\ndisconnection, resulting in dangling sysfs links and null pointer\ndereference problems.\n\nA prior attempt to ...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T15:16:54.173Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43421", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43422", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: legacy: ncm: Fix NPE in gncm_bind\n\nCommit 56a512a9b410 (\"usb: gadget: f_ncm: align net_device lifecycle\nwith bind/unbind\") deferred the allocation of the net_device. This\nchange leads to a NULL pointer dereference in the legac...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T15:16:54.290Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43422", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43423", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: f_ncm: Fix atomic context locking issue\n\nThe ncm_set_alt function was holding a mutex to protect against races\nwith configfs, which invokes the might-sleep function inside an atomic\ncontext.\n\nRemove the struct net_devi...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T15:16:54.390Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43423", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43424", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: f_tcm: Fix NULL pointer dereferences in nexus handling\n\nThe `tpg->tpg_nexus` pointer in the USB Target driver is dynamically\nmanaged and tied to userspace configuration via ConfigFS. It can be\nNULL if the USB host send...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T15:16:54.497Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43424", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43425", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: image: mdc800: kill download URB on timeout\n\nmdc800_device_read() submits download_urb and waits for completion.\nIf the timeout fires and the device has not responded, the function\nreturns without killing the URB, leaving it a...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T15:16:54.620Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43425", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43426", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: renesas_usbhs: fix use-after-free in ISR during device removal\n\nIn usbhs_remove(), the driver frees resources (including the pipe array)\nwhile the interrupt handler (usbhs_interrupt) is still registered. If an\ninterrupt fires ...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T15:16:54.740Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43426", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43427", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: class: cdc-wdm: fix reordering issue in read code path\n\nQuoting the bug report:\n\nDue to compiler optimization or CPU out-of-order execution, the\ndesc->length update can be reordered before the memmove. If this\nhappens, wdm_rea...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T15:16:54.867Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43427", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43428", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: core: Limit the length of unkillable synchronous timeouts\n\nThe usb_control_msg(), usb_bulk_msg(), and usb_interrupt_msg() APIs in\nusbcore allow unlimited timeout durations.  And since they use\nuninterruptible waits, this leave...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T15:16:54.990Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43428", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43429", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: usbtmc: Use usb_bulk_msg_killable() with user-specified timeouts\n\nThe usbtmc driver accepts timeout values specified by the user in an\nioctl command, and uses these timeouts for some usb_bulk_msg() calls.\nSince the user can sp...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T15:16:55.117Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43429", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43430", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: yurex: fix race in probe\n\nThe bbu member of the descriptor must be set to the value\nstanding for uninitialized values before the URB whose\ncompletion handler sets bbu is submitted. Otherwise there is\na window during which prob...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T15:16:55.243Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43430", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43431", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nxhci: Fix NULL pointer dereference when reading portli debugfs files\n\nMichal reported and debgged a NULL pointer dereference bug in the\nrecently added portli debugfs files\n\nOops is caused when there are more port registers counted ...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T15:16:55.367Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43431", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43432", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: xhci: Fix memory leak in xhci_disable_slot()\n\nxhci_alloc_command() allocates a command structure and, when the\nsecond argument is true, also allocates a completion structure.\nCurrently, the error handling path in xhci_disable_...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T15:16:55.470Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43432", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43435", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nrust_binder: fix oneway spam detection\n\nThe spam detection logic in TreeRange was executed before the current\nrequest was inserted into the tree. So the new request was not being\nfactored in the spam calculation. Fix this by moving...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T15:16:55.827Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43435", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43436", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: Check endpoint numbers at parsing Scarlett2 mixer interfaces\n\nThe Scarlett2 mixer quirk in USB-audio driver may hit a NULL\ndereference when a malformed USB descriptor is passed, since it\nassumes the presence of an ...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T15:16:55.930Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43436", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43439", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncgroup: fix race between task migration and iteration\n\nWhen a task is migrated out of a css_set, cgroup_migrate_add_task()\nfirst moves it from cset->tasks to cset->mg_tasks via:\n\n    list_move_tail(&task->cg_list, &cset->mg_tasks);...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T15:16:56.263Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43439", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43440", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mana: Null service_wq on setup error to prevent double destroy\n\nIn mana_gd_setup() error path, set gc->service_wq to NULL after\ndestroy_workqueue() to match the cleanup in mana_gd_cleanup().\nThis prevents a use-after-free if th...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T15:16:56.420Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43440", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43443", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: amd: acp-mach-common: Add missing error check for clock acquisition\n\nThe acp_card_rt5682_init() and acp_card_rt5682s_init() functions did not\ncheck the return values of clk_get(). This could lead to a kernel crash\nwhen the in...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T15:16:56.780Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43443", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43444", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: Unreserve bo if queue update failed\n\nError handling path should unreserve bo then return failed.\n\n(cherry picked from commit c24afed7de9ecce341825d8ab55a43a254348b33)", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T15:16:56.883Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43444", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43445", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ne1000/e1000e: Fix leak in DMA error cleanup\n\nIf an error is encountered while mapping TX buffers, the driver should\nunmap any buffers already mapped for that skb.\n\nBecause count is incremented after a successful mapping, it will al...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T15:16:56.983Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43445", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43446", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\naccel/amdxdna: Fix runtime suspend deadlock when there is pending job\n\nThe runtime suspend callback drains the running job workqueue before\nsuspending the device. If a job is still executing and calls\npm_runtime_resume_and_get(), i...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T15:16:57.113Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43446", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43448", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-pci: Fix race bug in nvme_poll_irqdisable()\n\nIn the following scenario, pdev can be disabled between (1) and (3) by\n(2). This sets pdev->msix_enabled = 0. Then, pci_irq_vector() will\nreturn MSI-X IRQ(>15) for (1) whereas retur...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T15:16:57.323Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43448", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43449", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-pci: Fix slab-out-of-bounds in nvme_dbbuf_set\n\ndev->online_queues is a count incremented in nvme_init_queue. Thus,\nvalid indices are 0 through dev->online_queues \u2212 1.\n\nThis patch fixes the loop condition to ensure the index st...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T15:16:57.477Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43449", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43450", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nfnetlink_cthelper: fix OOB read in nfnl_cthelper_dump_table()\n\nnfnl_cthelper_dump_table() has a 'goto restart' that jumps to a label\ninside the for loop body.  When the \"last\" helper saved in cb->args[1]\nis deleted betw...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T15:16:57.643Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43450", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43451", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nfnetlink_queue: fix entry leak in bridge verdict error path\n\nnfqnl_recv_verdict() calls find_dequeue_entry() to remove the queue\nentry from the queue data structures, taking ownership of the entry.\nFor PF_BRIDGE packets...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T15:16:57.773Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43451", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43453", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_set_pipapo: fix stack out-of-bounds read in pipapo_drop()\n\npipapo_drop() passes rulemap[i + 1].n to pipapo_unmap() as the\nto_offset argument on every iteration, including the last one where\ni == m->field_count - 1. T...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T15:16:58.027Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43453", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43455", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmctp: route: hold key->lock in mctp_flow_prepare_output()\n\nmctp_flow_prepare_output() checks key->dev and may call\nmctp_dev_set_key(), but it does not hold key->lock while doing so.\n\nmctp_dev_set_key() and mctp_dev_release_key() ar...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T15:16:58.263Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43455", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43457", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmctp: i2c: fix skb memory leak in receive path\n\nWhen 'midev->allow_rx' is false, the newly allocated skb isn't consumed\nby netif_rx(), it needs to free the skb directly.", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T15:16:58.517Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43457", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43458", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial: caif: hold tty->link reference in ldisc_open and ser_release\n\nA reproducer triggers a KASAN slab-use-after-free in pty_write_room()\nwhen caif_serial's TX path calls tty_write_room(). The faulting access\nis on tty->link->por...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T15:16:58.630Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43458", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43460", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: rockchip-sfc: Fix double-free in remove() callback\n\nThe driver uses devm_spi_register_controller() for registration, which\nautomatically unregisters the controller via devm cleanup when the\ndevice is removed. The manual call t...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T15:16:58.880Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43460", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43463", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nrxrpc, afs: Fix missing error pointer check after rxrpc_kernel_lookup_peer()\n\nrxrpc_kernel_lookup_peer() can also return error pointers in addition to\nNULL, so just checking for NULL is not sufficient.\n\nFix this by:\n\n (1) Changing ...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T15:16:59.183Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43463", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43467", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Fix crash when moving to switchdev mode\n\nWhen moving to switchdev mode when the device doesn't support IPsec,\nwe try to clean up the IPsec resources anyway which causes the crash\nbelow, fix that by correctly checking for ...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T15:16:59.690Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43467", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43468", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Fix deadlock between devlink lock and esw->wq\n\nesw->work_queue executes esw_functions_changed_event_handler ->\nesw_vfs_changed_event_handler and acquires the devlink lock.\n\n.eswitch_mode_set (acquires devlink lock in devl...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T15:16:59.830Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43468", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43470", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfs: return EISDIR on nfs3_proc_create if d_alias is a dir\n\nIf we found an alias through nfs3_do_create/nfs_add_or_obtain\n/d_splice_alias which happens to be a dir dentry, we don't return\nany error, and simply forget about this ali...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T15:17:00.090Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43470", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43471", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: core: Fix possible NULL pointer dereference in ufshcd_add_command_trace()\n\nThe kernel log indicates a crash in ufshcd_add_command_trace, due to a NULL\npointer dereference when accessing hwq->id.  This can happen if\nufshc...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T15:17:00.193Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43471", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43472", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nunshare: fix unshare_fs() handling\n\nThere's an unpleasant corner case in unshare(2), when we have a\nCLONE_NEWNS in flags and current->fs hadn't been shared at all; in that\ncase copy_mnt_ns() gets passed current->fs instead of a pri...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T15:17:00.313Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43472", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43473", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: mpi3mr: Add NULL checks when resetting request and reply queues\n\nThe driver encountered a crash during resource cleanup when the reply and\nrequest queues were NULL due to freed memory.  This issue occurred when the\ncreation o...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T15:17:00.453Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43473", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43474", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: init flags_valid before calling vfs_fileattr_get\n\nsyzbot reported a uninit-value bug in [1].\n\nSimilar to the \"*get\" context where the kernel's internal file_kattr\nstructure is initialized before calling vfs_fileattr_get(), we s...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T15:17:00.577Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43474", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-43475", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: storvsc: Fix scheduling while atomic on PREEMPT_RT\n\nThis resolves the follow splat and lock-up when running with PREEMPT_RT\nenabled on Hyper-V:\n\n[  415.140818] BUG: scheduling while atomic: stress-ng-iomix/1048/0x00000002\n[  ...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T15:17:00.687Z", "lastModified": "2026-05-12T14:10:27.343", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43475", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 7.0}, {"id": "CVE-2026-42793", "description": "Allocation of Resources Without Limits or Throttling vulnerability in absinthe-graphql absinthe allows unauthenticated denial of service via atom table exhaustion when parsing attacker-controlled GraphQL SDL.\n\nMultiple Blueprint.Draft.convert/2 implementations in Absinthe's SDL language modules call...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T16:16:12.550Z", "lastModified": "2026-05-13T15:57:03.607", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42793", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 7.0}, {"id": "CVE-2026-42794", "description": "Improper Neutralization of Input During Web Page Generation (XSS) vulnerability in absinthe-graphql absinthe_plug allows reflected cross-site scripting via the GraphiQL interface.\n\n'Elixir.Absinthe.Plug.GraphiQL':js_escape/1 in lib/absinthe/plug/graphiql.ex escapes single quotes and newlines in the ...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T16:16:12.750Z", "lastModified": "2026-05-13T15:57:03.607", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42794", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 7.0}, {"id": "CVE-2026-43967", "description": "Inefficient Algorithmic Complexity vulnerability in absinthe-graphql absinthe allows unauthenticated denial of service via quadratic fragment-name uniqueness validation.\n\n'Elixir.Absinthe.Phase.Document.Validation.UniqueFragmentNames':run/2 iterates over all fragments and for each one calls duplicat...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T16:16:12.910Z", "lastModified": "2026-05-13T15:57:03.607", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43967", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 7.0}, {"id": "CVE-2026-44499", "description": "ZEBRA is a Zcash node written entirely in Rust. Prior to version 4.4.0, a composite denial-of-service vulnerability in Zebra's block discovery pipeline allows an unauthenticated remote attacker to permanently halt all new block discovery on a targeted node. The attack exploits three independent weak...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T16:16:13.117Z", "lastModified": "2026-05-12T16:45:18.893", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44499", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 7.0}, {"id": "CVE-2026-41889", "description": "pgx is a PostgreSQL driver and toolkit for Go. Prior to version 5.9.2, SQL injection can occur when the non-default simple protocol is used, a dollar quoted string literal is used in the SQL query, that string literal contains text that would be would be interpreted as a placeholder outside of a str...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T17:16:31.040Z", "lastModified": "2026-05-13T16:34:56.063", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41889", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 7.0}, {"id": "CVE-2026-42160", "description": "Data Space Portal is an open-source Software as a Service (SaaS) solution designed to streamline Dataspace management. From version 2.1.1 to before version 7.3.2, there is insufficient authorization in the dataspace-portal backend regarding self-registered \"PENDING\" organization / user accounts. Thi...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T20:16:30.743Z", "lastModified": "2026-05-13T17:24:36.160", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42160", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 7.0}, {"id": "CVE-2026-41486", "description": "Ray is an AI compute engine. From version 2.54.0 to before version 2.55.0, Ray Data registers custom Arrow extension types (ray.data.arrow_tensor, ray.data.arrow_tensor_v2, ray.data.arrow_variable_shaped_tensor) globally in PyArrow. When PyArrow reads a Parquet file containing one of these extension...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T22:16:29.903Z", "lastModified": "2026-05-13T16:34:56.063", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41486", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 7.0}, {"id": "CVE-2026-41517", "description": "Emlog is an open source website building system. Prior to version 2.6.11, insecure plugin upload functionality allows attackers to upload and execute arbitrary PHP code, leading to complete server compromise and persistent backdoor installation. This issue has been patched in version 2.6.11.", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T22:16:30.340Z", "lastModified": "2026-05-12T16:45:18.893", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41517", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 7.0}, {"id": "CVE-2026-42206", "description": "Roadiz is a polymorphic content management system based on a node system. Prior to versions 2.3.43, 2.5.45, 2.6.31, and 2.7.18, the roadiz/openid package generates an OIDC nonce in OAuth2LinkGenerator::generate() and includes it in the authorization request sent to the identity provider, but never s...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T22:16:31.963Z", "lastModified": "2026-05-13T16:49:32.233", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42206", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 7.0}, {"id": "CVE-2026-42212", "description": "SolidCAM-GPPL-IDE is an unofficial, independently developed extension, Postprocessor IDE for SolidCAM. From version 1.0.0 to before version 1.0.2, Opening a .gpp file in the SolidCAM Postprocessor IDE extension causes the language server to parse a companion .vmid file from the same directory (namin...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T22:16:32.243Z", "lastModified": "2026-05-12T16:43:27.870", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42212", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 7.0}, {"id": "CVE-2026-42213", "description": "SolidCAM-GPPL-IDE is an unofficial, independently developed extension, Postprocessor IDE for SolidCAM. From version 1.0.0 to before version 1.0.2, the inc \"filename\" directive in GPPL postprocessor files is resolved by GpplDocumentLinkHandler into a clickable link (VS Code textDocument/documentLink)...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T22:16:32.390Z", "lastModified": "2026-05-12T19:16:32.560", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42213", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 7.0}, {"id": "CVE-2026-42286", "description": "Emlog is an open source website building system. Prior to version 2.6.11, missing CSRF protection in critical admin functions allows attackers to trick authenticated administrators into performing unauthorized actions like system registration, plugin management, and configuration changes. This issue...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T22:16:32.910Z", "lastModified": "2026-05-12T16:45:18.893", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42286", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 7.0}, {"id": "CVE-2026-42287", "description": "Emlog is an open source website building system. Prior to version 2.6.11, direct SQL injection in article creation and update functions allows attackers to execute arbitrary SQL commands, potentially leading to complete database compromise, data theft, or system destruction. This issue has been patc...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T22:16:33.057Z", "lastModified": "2026-05-12T16:45:18.893", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42287", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 7.0}, {"id": "CVE-2026-41682", "description": "pupnp is an SDK for development of UPnP device and control point applications. Prior to version 1.18.5, pupnp is vulnerable to SRRF port confusion due to port truncation via atoi() cast in parse_uri(). This issue has been patched in version 1.18.5.", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T23:16:35.737Z", "lastModified": "2026-05-13T16:01:30.177", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41682", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 7.0}, {"id": "CVE-2026-42339", "description": "New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system. In versions 0.11.9-alpha.1 and prior, the SSRF protection introduced in v0.9.0.5 (CVE-2025-59146) and hardened in v0.9.6 (CVE-2025-62155) does not block the unspecified address 0.0.0.0. A regular...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T23:16:36.917Z", "lastModified": "2026-05-13T16:53:58.437", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42339", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 7.0}, {"id": "CVE-2026-42343", "description": "FastGPT is an AI Agent building platform. In versions 4.14.13 and prior, the code-sandbox component suffers from insufficient resource isolation and uncontrolled resource consumption. The service relies solely on an application-level soft limit (a 500ms polling interval) for memory management and la...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T23:16:37.050Z", "lastModified": "2026-05-12T16:41:36.477", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42343", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 7.0}, {"id": "CVE-2026-42350", "description": "Kargo manages and automates the promotion of software artifacts. Prior to versions 1.7.10, 1.8.13, 1.9.8, and 1.10.2, Kargo is vulnerable to open redirect in UI OIDC login flow via the redirectTo query parameter. This issue has been patched in versions 1.7.10, 1.8.13, 1.9.8, and 1.10.2.", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T23:16:38.040Z", "lastModified": "2026-05-13T16:49:32.233", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42350", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 7.0}, {"id": "CVE-2026-42453", "description": "Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.1.0, the extractArchive and compressFiles endpoints in file-manager.ts use double-quoted strings for shell command construction, unlike all other file manager operations w...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T23:16:38.967Z", "lastModified": "2026-05-12T16:40:53.150", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42453", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 7.0}, {"id": "CVE-2026-44286", "description": "FastGPT is an AI Agent building platform. Prior to version 4.14.17, an unauthenticated Server-Side Request Forgery (SSRF) vulnerability allows attackers (or authenticated users with App editing privileges) to send arbitrary HTTP requests to internal/private network addresses. The fetchData function ...", "score": 0.0, "severity": "PENDING", "published": "2026-05-08T23:16:39.647Z", "lastModified": "2026-05-12T16:40:21.437", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44286", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 7.0}, {"id": "CVE-2026-42455", "description": "Linkwarden is a self-hosted, open-source collaborative bookmark manager to collect, organize and archive webpages. In versions 2.14.0 and prior, the archive upload endpoint (POST /api/v1/archives/[linkId]?format=4) accepts HTML files (text/html) without sanitizing JavaScript content. When the archiv...", "score": 0.0, "severity": "PENDING", "published": "2026-05-09T00:16:29.180Z", "lastModified": "2026-05-12T16:39:33.760", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42455", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 7.0}, {"id": "CVE-2026-8207", "description": "Gibbon versions before\u00a0v30.0.01 are affected by an authenticated SQL Injection vulnerability by abusing the  Tracking/graphing https://github.com/GibbonEdu/core/blob/c431e25fdc874adece5d2dc7e408e9aa2d1abadb/modules/Tracking/graphing.php#L145  feature. Successful exploitation requires Teacher or high...", "score": 0.0, "severity": "PENDING", "published": "2026-05-09T03:16:16.227Z", "lastModified": "2026-05-12T15:37:48.357", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8207", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 7.0}, {"id": "CVE-2026-41163", "description": "bubblewrap is a low-level unprivileged sandboxing tool. From version 0.11.0 to before version 0.11.2, if bubblewrap is installed in setuid mode then the user can use ptrace to attach to bubblewrap and control the unprivileged part of the sandbox setup phase. This allows the attacker to arbitrarily u...", "score": 0.0, "severity": "PENDING", "published": "2026-05-09T04:16:21.167Z", "lastModified": "2026-05-13T16:49:32.233", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41163", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 7.0}, {"id": "CVE-2026-42051", "description": "Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, the system API endpoint leaks license data and installed version to authenticated users. This issue has been patched in versions 4.9.0 and 5.4.0.", "score": 0.0, "severity": "PENDING", "published": "2026-05-09T04:16:22.110Z", "lastModified": "2026-05-12T15:37:14.030", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42051", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 7.0}, {"id": "CVE-2026-42069", "description": "Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, read access to site, user and role information is not gated by permissions. This issue has been patched in versions 4.9.0 and 5.4.0.", "score": 0.0, "severity": "PENDING", "published": "2026-05-09T04:16:22.297Z", "lastModified": "2026-05-12T15:37:14.030", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42069", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 7.0}, {"id": "CVE-2026-42137", "description": "Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, `pages.access/list` and `files.access/list` permissions are not consistently checked in the Panel and REST API. This issue has been patched in versions 4.9.0 and 5.4.0.", "score": 0.0, "severity": "PENDING", "published": "2026-05-09T04:16:22.653Z", "lastModified": "2026-05-12T15:37:14.030", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42137", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 7.0}, {"id": "CVE-2026-42174", "description": "Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, user avatar creation, replacement and deletion are not gated by user update permissions. This issue has been patched in versions 4.9.0 and 5.4.0.", "score": 0.0, "severity": "PENDING", "published": "2026-05-09T04:16:23.600Z", "lastModified": "2026-05-12T15:37:14.030", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42174", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 7.0}, {"id": "CVE-2026-42295", "description": "Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From version 4.0.0 to before version 4.0.5, the workflow executor logs all artifact repository credentials (S3 access keys, secret keys, GCS service account keys, Azure account keys, Git ...", "score": 0.0, "severity": "PENDING", "published": "2026-05-09T04:16:25.367Z", "lastModified": "2026-05-12T15:37:14.030", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42295", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 7.0}, {"id": "CVE-2026-42297", "description": "Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From version 4.0.0 to before version 4.0.5, the Sync Service's ConfigMap-backed provider (server/sync/sync_cm.go) performs zero authorization checks on all CRUD operations (create, read, ...", "score": 0.0, "severity": "PENDING", "published": "2026-05-09T04:16:25.727Z", "lastModified": "2026-05-12T15:37:14.030", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42297", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 7.0}, {"id": "CVE-2026-42461", "description": "Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to version 1.18.0, four GET endpoints under /api/templates* in Arcane's Huma backend are registered without any Security requirement, allowing any unauthenticated network client to list and read the full Comp...", "score": 0.0, "severity": "PENDING", "published": "2026-05-09T04:16:26.103Z", "lastModified": "2026-05-13T16:49:52.277", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42461", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 7.0}, {"id": "CVE-2026-8208", "description": "Gibbon versions before v30.0.01 are affected by a local file inclusion vulnerability resulting in RCE by changing the report archive directory and forcing interpretation of a user provided .zip as PHP. Successful exploitation requires Teacher or higher privileges. Exploitation could result in compro...", "score": 0.0, "severity": "PENDING", "published": "2026-05-09T04:16:27.287Z", "lastModified": "2026-05-12T15:37:48.357", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8208", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 7.0}, {"id": "CVE-2026-8209", "description": "Gibbon versions before v30.0.01 are affected by a path traversal vulnerability resulting in DOS by attempting extraction of web application PHP files, failed .zip extraction results in deletion of the file and a DOS condition. Successful exploitation requires Teacher or higher privileges. Exploitati...", "score": 0.0, "severity": "PENDING", "published": "2026-05-09T04:16:28.983Z", "lastModified": "2026-05-12T15:37:48.357", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8209", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 7.0}, {"id": "CVE-2026-41893", "description": "Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.25.0, the HTTP login endpoints (POST /login and POST /signalk/v1/auth/login) are protected by express-rate-limit (default: 100 attempts per 10-minute window, configurable via HTTP_RATE_LIMITS). The WebSo...", "score": 0.0, "severity": "PENDING", "published": "2026-05-09T20:16:27.273Z", "lastModified": "2026-05-14T18:16:47.523", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41893", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 7.0}, {"id": "CVE-2026-42245", "description": "Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, Net::IMAP::ResponseReader has quadratic time complexity when reading large responses containing many string literals. A hostile server can send responses which are ...", "score": 0.0, "severity": "PENDING", "published": "2026-05-09T20:16:28.017Z", "lastModified": "2026-05-13T15:39:39.350", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42245", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 7.0}, {"id": "CVE-2026-42246", "description": "Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.3.10, 0.4.24, 0.5.14, and 0.6.4, a man-in-the-middle attacker can cause Net::IMAP#starttls to return \"successfully\", without starting TLS. This issue has been patched in versions 0.3.10, 0....", "score": 0.0, "severity": "PENDING", "published": "2026-05-09T20:16:28.163Z", "lastModified": "2026-05-13T15:39:39.350", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42246", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 7.0}, {"id": "CVE-2026-42256", "description": "Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. From versions 0.4.0 to before 0.4.24, 0.5.0 to before 0.5.14, and 0.6.0 to before 0.6.4, when authenticating a connection with SCRAM-SHA1 or SCRAM-SHA256, a hostile server can perform a computational denial-of...", "score": 0.0, "severity": "PENDING", "published": "2026-05-09T20:16:28.313Z", "lastModified": "2026-05-13T15:39:39.350", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42256", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 7.0}, {"id": "CVE-2026-42257", "description": "Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, several Net::IMAP commands accept a raw string argument that is sent to the server without validation or escaping. If this string is derived from user-controlled in...", "score": 0.0, "severity": "PENDING", "published": "2026-05-09T20:16:28.463Z", "lastModified": "2026-05-13T15:39:39.350", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42257", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 7.0}, {"id": "CVE-2026-42258", "description": "Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, symbol arguments to commands are vulnerable to a CRLF Injection / IMAP Command injection via Symbol arguments passed to IMAP commands. This issue has been patched i...", "score": 0.0, "severity": "PENDING", "published": "2026-05-09T20:16:28.623Z", "lastModified": "2026-05-13T15:39:39.350", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42258", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 7.0}, {"id": "CVE-2026-42333", "description": "Quarkus OpenAPI Generator is Quarkus' extensions for generation of Rest Clients and server stubs generation. Prior to versions 2.11.1-lts, 2.16.0-lts, and 2.17.0, the generated authentication filter matches OpenAPI path templates too broadly when deciding whether to attach credentials. A security sc...", "score": 0.0, "severity": "PENDING", "published": "2026-05-09T20:16:28.780Z", "lastModified": "2026-05-13T16:52:48.773", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42333", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 7.0}, {"id": "CVE-2026-42571", "description": "Pelican is a platform for creating data federations. From versions 7.21.0 to before 7.21.5, 7.22.0 to before 7.22.3, 7.23.0 to before 7.23.3, and 7.24.0 to before 7.24.2, there is a a privilege escalation vulnerability affecting Pelican's Web User Interface (WebUI). This attack allows any user authe...", "score": 0.0, "severity": "PENDING", "published": "2026-05-09T20:16:29.277Z", "lastModified": "2026-05-13T15:23:57.230", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42571", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 7.0}, {"id": "CVE-2025-13890", "description": "Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2025-12494. Reason: This candidate is a reservation duplicate of CVE-2025-12494. Notes: All CVE users should reference CVE-2025-12494 instead of this candidate. All references and descriptions in this candidate have been...", "score": 0.0, "severity": "PENDING", "published": "2026-04-30T16:16:39.817Z", "lastModified": "2026-04-30T16:16:39.817", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13890", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 1.0}, {"id": "CVE-2025-51847", "description": "Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.", "score": 0.0, "severity": "PENDING", "published": "2026-04-30T16:16:40.630Z", "lastModified": "2026-04-30T16:16:40.630", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-51847", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 1.0}, {"id": "CVE-2025-51849", "description": "Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.", "score": 0.0, "severity": "PENDING", "published": "2026-04-30T16:16:40.703Z", "lastModified": "2026-04-30T16:16:40.703", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-51849", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 1.0}, {"id": "CVE-2025-51850", "description": "Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.", "score": 0.0, "severity": "PENDING", "published": "2026-04-30T16:16:40.773Z", "lastModified": "2026-04-30T16:16:40.773", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-51850", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 1.0}, {"id": "CVE-2026-34994", "description": "Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.", "score": 0.0, "severity": "PENDING", "published": "2026-04-30T16:16:41.820Z", "lastModified": "2026-04-30T16:16:41.820", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34994", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 1.0}, {"id": "CVE-2026-34995", "description": "Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.", "score": 0.0, "severity": "PENDING", "published": "2026-04-30T16:16:41.890Z", "lastModified": "2026-04-30T16:16:41.890", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34995", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 1.0}, {"id": "CVE-2026-34996", "description": "Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.", "score": 0.0, "severity": "PENDING", "published": "2026-04-30T16:16:41.960Z", "lastModified": "2026-04-30T16:16:41.960", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34996", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 1.0}, {"id": "CVE-2026-34997", "description": "Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.", "score": 0.0, "severity": "PENDING", "published": "2026-04-30T16:16:42.027Z", "lastModified": "2026-04-30T16:16:42.027", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34997", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 1.0}, {"id": "CVE-2026-34998", "description": "Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.", "score": 0.0, "severity": "PENDING", "published": "2026-04-30T16:16:42.093Z", "lastModified": "2026-04-30T16:16:42.093", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34998", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 1.0}, {"id": "CVE-2026-4178", "description": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.", "score": 0.0, "severity": "PENDING", "published": "2026-04-30T23:16:20.657Z", "lastModified": "2026-04-30T23:16:20.657", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4178", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 1.0}, {"id": "CVE-2026-42996", "description": "JS8Call through 2.3.1 and JS8Call-improved before 3.0 have a stack-based buffer overflow via a radio transmission of @APRSIS GRID followed by a long Maidenhead locator. This occurs in grid2deg in APRSISClient.cpp.", "score": 0.0, "severity": "PENDING", "published": "2026-05-01T07:15:59.787Z", "lastModified": "2026-05-01T23:16:18.233", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42996", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 1.0}, {"id": "CVE-2025-8903", "description": "Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-2052. Reason: This candidate is a reservation duplicate of CVE-2026-2052 Notes: All CVE users should reference CVE-2026-2052 instead of this candidate. All references and descriptions in this candidate have been rem...", "score": 0.0, "severity": "PENDING", "published": "2026-05-01T20:16:20.720Z", "lastModified": "2026-05-01T20:16:20.720", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8903", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 1.0}, {"id": "CVE-2025-12993", "description": "Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2025-67968. Reason: This candidate is a reservation duplicate of CVE-2025-67968. Notes: All CVE users should reference CVE-2025-67968 instead of this candidate. All references and descriptions in this candidate have been...", "score": 0.0, "severity": "PENDING", "published": "2026-05-01T21:16:16.313Z", "lastModified": "2026-05-01T21:16:16.313", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12993", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 1.0}, {"id": "CVE-2026-39804", "description": "Allocation of Resources Without Limits or Throttling vulnerability in mtrudel bandit allows unauthenticated remote denial of service via memory exhaustion when WebSocket permessage-deflate compression is enabled.\n\n'Elixir.Bandit.WebSocket.PerMessageDeflate':inflate/2 in lib/bandit/websocket/permessa...", "score": 0.0, "severity": "PENDING", "published": "2026-05-01T21:16:16.853Z", "lastModified": "2026-05-05T19:37:28.367", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39804", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 1.0}, {"id": "CVE-2026-39805", "description": "Inconsistent Interpretation of HTTP Requests vulnerability in mtrudel bandit allows HTTP request smuggling via duplicate Content-Length headers.\n\n'Elixir.Bandit.Headers':get_content_length/1 in lib/bandit/headers.ex uses List.keyfind/3, which returns only the first matching header. When a request co...", "score": 0.0, "severity": "PENDING", "published": "2026-05-01T21:16:17.037Z", "lastModified": "2026-05-05T19:37:28.367", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39805", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 1.0}, {"id": "CVE-2026-39807", "description": "Reliance on Untrusted Inputs in a Security Decision vulnerability in mtrudel bandit allows unauthenticated transport-state spoofing on plaintext HTTP connections.\n\n'Elixir.Bandit.Pipeline':determine_scheme/2 in lib/bandit/pipeline.ex returns the client-supplied URI scheme verbatim, ignoring the tran...", "score": 0.0, "severity": "PENDING", "published": "2026-05-01T21:16:17.180Z", "lastModified": "2026-05-05T19:37:28.367", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39807", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 1.0}, {"id": "CVE-2026-42786", "description": "Allocation of Resources Without Limits or Throttling vulnerability in mtrudel bandit allows unauthenticated remote denial of service via memory exhaustion.\n\nThe fragment reassembly path in 'Elixir.Bandit.WebSocket.Connection':handle_frame/3 in lib/bandit/websocket/connection.ex appends every incomin...", "score": 0.0, "severity": "PENDING", "published": "2026-05-01T21:16:17.347Z", "lastModified": "2026-05-05T19:37:28.367", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42786", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 1.0}, {"id": "CVE-2026-42788", "description": "Allocation of Resources Without Limits or Throttling vulnerability in mtrudel bandit allows unauthenticated memory exhaustion via oversized HTTP/2 frames.\n\n'Elixir.Bandit.HTTP2.Frame':deserialize/2 in lib/bandit/http2/frame.ex checks the SETTINGS_MAX_FRAME_SIZE limit only after pattern-matching payl...", "score": 0.0, "severity": "PENDING", "published": "2026-05-01T21:16:17.500Z", "lastModified": "2026-05-05T19:37:28.367", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42788", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 1.0}, {"id": "CVE-2026-43058", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: vidtv: fix pass-by-value structs causing MSAN warnings\n\nvidtv_ts_null_write_into() and vidtv_ts_pcr_write_into() take their\nargument structs by value, causing MSAN to report uninit-value warnings.\nWhile only vidtv_ts_null_wr...", "score": 0.0, "severity": "PENDING", "published": "2026-05-02T07:16:20.830Z", "lastModified": "2026-05-06T13:08:07.970", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43058", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 1.0}, {"id": "CVE-2026-6481", "description": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.", "score": 0.0, "severity": "PENDING", "published": "2026-05-02T23:16:16.783Z", "lastModified": "2026-05-02T23:16:16.783", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6481", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 1.0}, {"id": "CVE-2026-29200", "description": "A critical IDOR vulnerability has been discovered in Comet Backup affecting all versions from 20.11.0 to 26.1.1 and 26.2.1. The vulnerability allows a tenant administrator to impersonate any end-user account of other tenants on the same server via a vulnerable API call.", "score": 0.0, "severity": "PENDING", "published": "2026-05-04T07:16:00.100Z", "lastModified": "2026-05-06T19:05:56.337", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29200", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 1.0}, {"id": "CVE-2026-4928", "description": "Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.", "score": 0.0, "severity": "PENDING", "published": "2026-05-04T14:16:35.040Z", "lastModified": "2026-05-04T14:16:35.040", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4928", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 1.0}, {"id": "CVE-2026-6499", "description": "Incorrect Permission Assignment for Critical Resource vulnerability in ILM Informatique OpenConcerto allows Replace Binaries.\n\nThis issue affects OpenConcerto: 1.7.5.", "score": 0.0, "severity": "PENDING", "published": "2026-05-04T14:16:36.133Z", "lastModified": "2026-05-05T20:14:04.557", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6499", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 1.0}, {"id": "CVE-2025-13605", "description": "3onedata modbus gateway device model\u00a0GW1101-1D(RS-485)-TB-P (hardware version V2.2.0)\u00a0allows authenticated users to execute arbitrary shell commands in the context of the root user by providing payload in the \"IP address\" field of the diagnosis test tools.\nThis issue has been resolved in firmware ve...", "score": 0.0, "severity": "PENDING", "published": "2026-05-04T15:16:02.630Z", "lastModified": "2026-05-05T19:35:14.033", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13605", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 1.0}, {"id": "CVE-2026-6500", "description": "Plaintext storage of a password vulnerability in ILM Informatique OpenConcerto allows Retrieve Embedded Sensitive Data.\n\nThis issue affects OpenConcerto: 1.7.5.", "score": 0.0, "severity": "PENDING", "published": "2026-05-04T15:16:05.033Z", "lastModified": "2026-05-05T20:14:04.557", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6500", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 1.0}, {"id": "CVE-2026-6501", "description": "Improper restriction of XML external entity reference vulnerability in ILM Informatique jOpenDocument allows Data Serialization External Entities Blowup.\n\nThis issue affects jOpenDocument: 1.5.", "score": 0.0, "severity": "PENDING", "published": "2026-05-04T15:16:05.177Z", "lastModified": "2026-05-05T20:14:04.557", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6501", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 1.0}, {"id": "CVE-2026-2828", "description": "Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.", "score": 0.0, "severity": "PENDING", "published": "2026-05-04T18:16:26.893Z", "lastModified": "2026-05-04T18:16:26.893", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2828", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 1.0}, {"id": "CVE-2026-42052", "description": "Beets is the media library management system. Prior to version 2.10.0, the bundled web UI uses Underscore template interpolation mode <%= ... %> for untrusted metadata fields. In this runtime, <%= ... %> is raw insertion and HTML escaping is only performed by <%- ... %>. Rendered output is then inse...", "score": 0.0, "severity": "PENDING", "published": "2026-05-04T18:16:30.063Z", "lastModified": "2026-05-05T20:24:04.853", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42052", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 1.0}, {"id": "CVE-2026-34882", "description": "Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2026-6074. Reason: This record is a reservation duplicate of CVE-2026-6074. Notes: All CVE users should reference CVE-2026-6074 instead of this record. All references and descriptions in this record have been removed to prevent accidental ...", "score": 0.0, "severity": "PENDING", "published": "2026-05-04T20:16:18.320Z", "lastModified": "2026-05-04T20:16:18.320", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34882", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 1.0}, {"id": "CVE-2026-41922", "description": "WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) contains an OS command injection vulnerability in the wireless.cgi binary that allow unauthenticated remote attackers to execute arbitrary shell commands by injecting malicious input into the sz11gChannel or PIN POST parameters. Attackers can ex...", "score": 0.0, "severity": "PENDING", "published": "2026-05-04T20:16:18.860Z", "lastModified": "2026-05-05T19:47:31.297", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41922", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 1.0}, {"id": "CVE-2026-41923", "description": "WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) contains an OS command injection vulnerability in the internet.cgi binary that allows unauthenticated remote attackers to execute arbitrary shell commands by injecting malicious input into the gateway POST parameter. Attackers can exploit unsani...", "score": 0.0, "severity": "PENDING", "published": "2026-05-04T20:16:19.017Z", "lastModified": "2026-05-05T19:47:31.297", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41923", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 1.0}, {"id": "CVE-2026-41924", "description": "WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) contains an OS command injection vulnerability in the makeRequest.cgi binary that allows unauthenticated remote attackers to execute arbitrary shell commands by injecting malicious input into the set_time or StartSniffer functions. Attackers can...", "score": 0.0, "severity": "PENDING", "published": "2026-05-04T20:16:19.153Z", "lastModified": "2026-05-05T19:47:31.297", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41924", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 1.0}, {"id": "CVE-2026-41925", "description": "WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) contains an OS command injection vulnerability in the adm.cgi binary's reboot_time function that allows unauthenticated remote attackers to execute arbitrary shell commands by injecting malicious input into the reboot_time POST parameter. Attack...", "score": 0.0, "severity": "PENDING", "published": "2026-05-04T20:16:19.300Z", "lastModified": "2026-05-05T19:47:31.297", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41925", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 1.0}, {"id": "CVE-2026-41926", "description": "WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) contains an OS command injection vulnerability in the firewall.cgi binary across five request handlers that apply insufficient input validation. Attackers can inject arbitrary shell commands through vulnerable parameters like websURLFilter, webs...", "score": 0.0, "severity": "PENDING", "published": "2026-05-04T20:16:19.450Z", "lastModified": "2026-05-05T19:47:31.297", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41926", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 1.0}, {"id": "CVE-2026-41927", "description": "WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) contains a stack-based buffer overflow vulnerability in the firewall.cgi and makeRequest.cgi binaries that allows unauthenticated attackers to overwrite the saved return address by sending a POST request with a Content-Length header exceeding 51...", "score": 0.0, "severity": "PENDING", "published": "2026-05-04T20:16:19.587Z", "lastModified": "2026-05-05T19:47:31.297", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41927", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 1.0}, {"id": "CVE-2026-7824", "description": "An issue was discovered in the PaperCut Hive Ricoh embedded application. When the \"Deep Logging\" (diagnostic) mode is enabled, the application inadvertently records administrative credentials in plain text within the log files.\n\n\n\nAn attacker with administrative access to the PaperCut Hive managemen...", "score": 0.0, "severity": "PENDING", "published": "2026-05-05T07:16:01.100Z", "lastModified": "2026-05-07T15:10:53.070", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7824", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 1.0}, {"id": "CVE-2026-32689", "description": "Allocation of Resources Without Limits or Throttling vulnerability in phoenixframework phoenix allows a denial of service via the long-poll transport's NDJSON body handling.\n\nIn 'Elixir.Phoenix.Transports.LongPoll':publish/4, when a POST request is received with Content-Type: application/x-ndjson, t...", "score": 0.0, "severity": "PENDING", "published": "2026-05-05T16:16:11.397Z", "lastModified": "2026-05-05T19:37:28.367", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32689", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 1.0}, {"id": "CVE-2026-43059", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: MGMT: Fix list corruption and UAF in command complete handlers\n\nCommit 302a1f674c00 (\"Bluetooth: MGMT: Fix possible UAFs\") introduced\nmgmt_pending_valid(), which not only validates the pending command but\nalso unlinks it...", "score": 0.0, "severity": "PENDING", "published": "2026-05-05T16:16:14.927Z", "lastModified": "2026-05-06T13:08:07.970", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43059", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 1.0}, {"id": "CVE-2026-43061", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial: 8250: Fix TX deadlock when using DMA\n\n`dmaengine_terminate_async` does not guarantee that the\n`__dma_tx_complete` callback will run. The callback is currently the\nonly place where `dma->tx_running` gets cleared. If the tran...", "score": 0.0, "severity": "PENDING", "published": "2026-05-05T16:16:15.210Z", "lastModified": "2026-05-06T13:08:07.970", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43061", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 1.0}, {"id": "CVE-2026-43064", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: idxd: Fix not releasing workqueue on .release()\n\nThe workqueue associated with an DSA/IAA device is not released when\nthe object is freed.", "score": 0.0, "severity": "PENDING", "published": "2026-05-05T16:16:15.567Z", "lastModified": "2026-05-06T13:08:07.970", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43064", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 1.0}, {"id": "CVE-2026-43065", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: always drain queued discard work in ext4_mb_release()\n\nWhile reviewing recent ext4 patch[1], Sashiko raised the following\nconcern[2]:\n\n> If the filesystem is initially mounted with the discard option,\n> deleting files will po...", "score": 0.0, "severity": "PENDING", "published": "2026-05-05T16:16:15.683Z", "lastModified": "2026-05-06T13:08:07.970", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43065", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 1.0}, {"id": "CVE-2026-43066", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix iloc.bh leak in ext4_fc_replay_inode() error paths\n\nDuring code review, Joseph found that ext4_fc_replay_inode() calls\next4_get_fc_inode_loc() to get the inode location, which holds a\nreference to iloc.bh that must be rel...", "score": 0.0, "severity": "PENDING", "published": "2026-05-05T16:16:15.810Z", "lastModified": "2026-05-06T13:08:07.970", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43066", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 1.0}, {"id": "CVE-2026-43068", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: avoid allocate block from corrupted group in ext4_mb_find_by_goal()\n\nThere's issue as follows:\n...\nEXT4-fs (mmcblk0p1): Delayed block allocation failed for inode 206 at logical offset 0 with max blocks 1 with error 117\nEXT4-f...", "score": 0.0, "severity": "PENDING", "published": "2026-05-05T16:16:16.053Z", "lastModified": "2026-05-06T13:08:07.970", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43068", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 1.0}, {"id": "CVE-2026-43069", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_ll: Fix firmware leak on error path\n\nSmatch reports:\n\ndrivers/bluetooth/hci_ll.c:587 download_firmware() warn:\n'fw' from request_firmware() not released on lines: 544.\n\nIn download_firmware(), if request_firmware() s...", "score": 0.0, "severity": "PENDING", "published": "2026-05-05T16:16:16.197Z", "lastModified": "2026-05-06T13:08:07.970", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43069", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 1.0}, {"id": "CVE-2026-43072", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vc4: platform_get_irq_byname() returns an int\n\nplatform_get_irq_byname() will return a negative value if an error\nhappens, so it should be checked and not just passed directly into\ndevm_request_threaded_irq() hoping all will be...", "score": 0.0, "severity": "PENDING", "published": "2026-05-05T16:16:16.540Z", "lastModified": "2026-05-06T13:08:07.970", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43072", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 1.0}, {"id": "CVE-2026-43073", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86-64: rename misleadingly named '__copy_user_nocache()' function\n\nThis function was a masterclass in bad naming, for various historical\nreasons.\n\nIt claimed to be a non-cached user copy.  It is literally _neither_ of\nthose things...", "score": 0.0, "severity": "PENDING", "published": "2026-05-05T16:16:16.650Z", "lastModified": "2026-05-06T13:08:07.970", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43073", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 1.0}, {"id": "CVE-2026-7865", "description": "A hidden console command is vulnerable to command injection\nflaw when control characters are passed to its second argument.\u00a0\n\nA third party researcher Eugene Lim had discovered vulnerability\nin the way console command passes to a popen function call. Attackers with\nauthenticated access to SSH consol...", "score": 0.0, "severity": "PENDING", "published": "2026-05-05T16:16:19.730Z", "lastModified": "2026-05-07T14:53:48.473", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7865", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 1.0}, {"id": "CVE-2026-31893", "description": "Tunnelblick is an open source graphic user interface for OpenVPN on macOS. In versions 3.3beta26 through 9.0beta01, any local user can read arbitrary root-owned files by exploiting a symlink following vulnerability in tunnelblick-helper, reachable through the world-accessible tunnelblickd Unix socke...", "score": 0.0, "severity": "PENDING", "published": "2026-05-05T20:16:35.373Z", "lastModified": "2026-05-07T15:15:06.770", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31893", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 1.0}, {"id": "CVE-2026-32699", "description": "FacturaScripts is an open source accounting and invoicing software. In versions 2025.92 and earlier, the application fails to validate the nick parameter during a POST request to the EditUser controller. Although the user interface prevents editing this field, a user can bypass this restriction by i...", "score": 0.0, "severity": "PENDING", "published": "2026-05-05T20:16:35.693Z", "lastModified": "2026-05-06T21:25:30.910", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32699", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 1.0}, {"id": "CVE-2026-33975", "description": "Twenty is an open source CRM built with NestJS (Node.js). In versions 1.18.0 and earlier, the SSRF protection in twenty-server's SecureHttpClientService can be bypassed using IPv4-mapped IPv6 addresses in URL IP literals. Node.js's URL parser normalizes IPv4-mapped IPv6 addresses to compressed hex f...", "score": 0.0, "severity": "PENDING", "published": "2026-05-05T20:16:36.777Z", "lastModified": "2026-05-06T16:16:06.697", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33975", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 1.0}, {"id": "CVE-2026-40329", "description": "Masa CMS is an open source content management system. In versions 7.5.2 and earlier, a SQL injection vulnerability exists in the beanFeed.cfc component within the getQuery function's processing of the sortBy parameter. The application fails to properly sanitize or parameterize this input before inco...", "score": 0.0, "severity": "PENDING", "published": "2026-05-05T20:16:38.790Z", "lastModified": "2026-05-05T20:24:04.853", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40329", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 1.0}, {"id": "CVE-2026-40330", "description": "Masa CMS is an open source content management system. In versions 7.2.0 through 7.2.9, 7.3.0 through 7.3.14, 7.4.0 through 7.4.9, and 7.5.0 through 7.5.2, a SQL injection vulnerability exists in the beanFeed.cfc component within the getQuery function's handling of the sortDirection parameter. The pa...", "score": 0.0, "severity": "PENDING", "published": "2026-05-05T20:16:38.970Z", "lastModified": "2026-05-05T20:24:04.853", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40330", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 1.0}, {"id": "CVE-2026-40331", "description": "Masa CMS is an open source content management system. In versions 7.2.0 through 7.2.9, 7.3.0 through 7.3.14, 7.4.0 through 7.4.9, and 7.5.0 through 7.5.2, the unauthenticated JSON API accepts an altTable parameter that is stored via the setAltTable() method without validation or sanitization. This v...", "score": 0.0, "severity": "PENDING", "published": "2026-05-05T20:16:39.113Z", "lastModified": "2026-05-05T20:24:04.853", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40331", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 1.0}, {"id": "CVE-2026-23926", "description": "An authenticated (non-super) administrator can create a maintenance period with a JavaScript payload that is executed by any user that opens tooltip for that maintenance period in the Host navigator widget. This can allow the attacker to perform unauthorized actions depending on which user opens the...", "score": 0.0, "severity": "PENDING", "published": "2026-05-06T08:16:01.837Z", "lastModified": "2026-05-07T14:56:04.523", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23926", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 1.0}, {"id": "CVE-2026-23927", "description": "A user able to connect to Agent 2 can inject an Oracle TNS connection string via the 'service' parameter. This can lead to Agent 2 connecting to an attacker-controlled server and leaking Oracle database credentials if they are saved in a named session.", "score": 0.0, "severity": "PENDING", "published": "2026-05-06T08:16:02.940Z", "lastModified": "2026-05-07T14:56:04.523", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23927", "is_exploited": false, "epss": 0, "vendor": "ORACLE", "mts_score": 1.0}, {"id": "CVE-2026-23928", "description": "The Item history widget (in Zabbix 7.0+) or the Plain text widget (in Zabbix 6.0) can execute injected JavaScript when HTML display is enabled. This can allow an attacker to perform unauthorized actions depending on which user opens a dashboard containing these widgets. The malicious JavaScript woul...", "score": 0.0, "severity": "PENDING", "published": "2026-05-06T08:16:03.100Z", "lastModified": "2026-05-07T14:56:04.523", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23928", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 1.0}, {"id": "CVE-2026-7448", "description": "Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.", "score": 0.0, "severity": "PENDING", "published": "2026-05-06T08:16:04.230Z", "lastModified": "2026-05-08T13:16:48.907", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7448", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 1.0}, {"id": "CVE-2026-43077", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: algif_aead - Fix minimum RX size check for decryption\n\nThe check for the minimum receive buffer size did not take the\ntag size into account during decryption.  Fix this by adding the\nrequired extra length.", "score": 0.0, "severity": "PENDING", "published": "2026-05-06T10:16:20.707Z", "lastModified": "2026-05-06T13:08:07.970", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43077", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 1.0}, {"id": "CVE-2026-43079", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf/x86/intel/uncore: Skip discovery table for offline dies\n\nThis warning can be triggered if NUMA is disabled and the system\nboots with fewer CPUs than the number of CPUs in die 0.\n\nWARNING: CPU: 9 PID: 7257 at uncore.c:1157 unco...", "score": 0.0, "severity": "PENDING", "published": "2026-05-06T10:16:20.990Z", "lastModified": "2026-05-06T13:08:07.970", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43079", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 1.0}, {"id": "CVE-2026-43080", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nl2tp: Drop large packets with UDP encap\n\nsyzbot reported a WARN on my patch series [1]. The actual issue is an\noverflow of 16-bit UDP length field, and it exists in the upstream code.\nMy series added a debug WARN with an overflow c...", "score": 0.0, "severity": "PENDING", "published": "2026-05-06T10:16:21.110Z", "lastModified": "2026-05-06T13:08:07.970", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43080", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 1.0}, {"id": "CVE-2026-43081", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ipa: fix GENERIC_CMD register field masks for IPA v5.0+\n\nFix the field masks to match the hardware layout documented in\ndownstream GSI (GSI_V3_0_EE_n_GSI_EE_GENERIC_CMD_*).\n\nNotably this fixes a WARN I was seeing when I tried ...", "score": 0.0, "severity": "PENDING", "published": "2026-05-06T10:16:21.260Z", "lastModified": "2026-05-06T13:08:07.970", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43081", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 1.0}, {"id": "CVE-2026-43082", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: txgbe: leave space for null terminators on property_entry\n\nLists of struct property_entry are supposed to be terminated with an\nempty property, this driver currently seems to be allocating exactly the\namount of entry used.\n\nCh...", "score": 0.0, "severity": "PENDING", "published": "2026-05-06T10:16:21.377Z", "lastModified": "2026-05-06T13:08:07.970", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43082", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 1.0}, {"id": "CVE-2026-43085", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nfnetlink_log: initialize nfgenmsg in NLMSG_DONE terminator\n\nWhen batching multiple NFLOG messages (inst->qlen > 1), __nfulnl_send()\nappends an NLMSG_DONE terminator with sizeof(struct nfgenmsg) payload via\nnlmsg_put(), ...", "score": 0.0, "severity": "PENDING", "published": "2026-05-06T10:16:21.720Z", "lastModified": "2026-05-06T13:08:07.970", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43085", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 1.0}, {"id": "CVE-2026-43086", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nipvs: fix NULL deref in ip_vs_add_service error path\n\nWhen ip_vs_bind_scheduler() succeeds in ip_vs_add_service(), the local\nvariable sched is set to NULL.  If ip_vs_start_estimator() subsequently\nfails, the out_err cleanup calls i...", "score": 0.0, "severity": "PENDING", "published": "2026-05-06T10:16:21.837Z", "lastModified": "2026-05-06T13:08:07.970", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43086", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 1.0}, {"id": "CVE-2026-43087", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: mcp23s08: Disable all pin interrupts during probe\n\nA chip being probed may have the interrupt-on-change feature enabled on\nsome of its pins, for example after a reboot. This can cause the chip to\ngenerate interrupts for pi...", "score": 0.0, "severity": "PENDING", "published": "2026-05-06T10:16:21.963Z", "lastModified": "2026-05-06T13:08:07.970", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43087", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 1.0}, {"id": "CVE-2026-43088", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: af_key: zero aligned sockaddr tail in PF_KEY exports\n\nPF_KEY export paths use `pfkey_sockaddr_size()` when reserving sockaddr\npayload space, so IPv6 addresses occupy 32 bytes on the wire. However,\n`pfkey_sockaddr_fill()` initi...", "score": 0.0, "severity": "PENDING", "published": "2026-05-06T10:16:22.090Z", "lastModified": "2026-05-14T15:16:47.020", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43088", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 1.0}, {"id": "CVE-2026-43089", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm_user: fix info leak in build_mapping()\n\nstruct xfrm_usersa_id has a one-byte padding hole after the proto\nfield, which ends up never getting set to zero before copying out to\nuserspace.  Fix that up by zeroing out the whole st...", "score": 0.0, "severity": "PENDING", "published": "2026-05-06T10:16:22.200Z", "lastModified": "2026-05-06T13:08:07.970", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43089", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 1.0}, {"id": "CVE-2026-43090", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: fix refcount leak in xfrm_migrate_policy_find\n\nsyzkaller reported a memory leak in xfrm_policy_alloc:\n\n  BUG: memory leak\n  unreferenced object 0xffff888114d79000 (size 1024):\n    comm \"syz.1.17\", pid 931\n    ...\n    xfrm_pol...", "score": 0.0, "severity": "PENDING", "published": "2026-05-06T10:16:22.313Z", "lastModified": "2026-05-06T13:08:07.970", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43090", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 1.0}, {"id": "CVE-2026-43092", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nxsk: validate MTU against usable frame size on bind\n\nAF_XDP bind currently accepts zero-copy pool configurations without\nverifying that the device MTU fits into the usable frame space provided\nby the UMEM chunk.\n\nThis becomes a pro...", "score": 0.0, "severity": "PENDING", "published": "2026-05-06T10:16:22.550Z", "lastModified": "2026-05-06T13:08:07.970", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43092", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 1.0}, {"id": "CVE-2026-43094", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nixgbevf: add missing negotiate_features op to Hyper-V ops table\n\nCommit a7075f501bd3 (\"ixgbevf: fix mailbox API compatibility by\nnegotiating supported features\") added the .negotiate_features callback\nto ixgbe_mac_operations and po...", "score": 0.0, "severity": "PENDING", "published": "2026-05-06T10:16:22.790Z", "lastModified": "2026-05-06T13:08:07.970", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43094", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 1.0}, {"id": "CVE-2026-43095", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: SDCA: Fix errors in IRQ cleanup\n\nIRQs are enabled through sdca_irq_populate() from component probe\nusing devm_request_threaded_irq(), this however means the IRQs can\npersist if the sound card is torn down. Some of the IRQ han...", "score": 0.0, "severity": "PENDING", "published": "2026-05-06T10:16:22.913Z", "lastModified": "2026-05-06T13:08:07.970", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43095", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 1.0}, {"id": "CVE-2026-43096", "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmshv: Fix infinite fault loop on permission-denied GPA intercepts\n\nPrevent infinite fault loops when guests access memory regions without\nproper permissions. Currently, mshv_handle_gpa_intercept() attempts to\nremap pages for all fa...", "score": 0.0, "severity": "PENDING", "published": "2026-05-06T10:16:23.027Z", "lastModified": "2026-05-06T13:08:07.970", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43096", "is_exploited": false, "epss": 0, "vendor": "LINUX", "mts_score": 1.0}, {"id": "CVE-2026-6210", "description": "A type confusion vulnerability in Qt SVG allows an attacker to cause an application crash via a crafted SVG image.\n\n\n\nWhen processing SVG marker references, the renderer retrieves a node by its id attribute and casts it to QSvgMarker* without verifying the node type. A non-marker element (such as a ...", "score": 0.0, "severity": "PENDING", "published": "2026-05-06T12:16:49.957Z", "lastModified": "2026-05-07T15:10:53.070", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6210", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 1.0}, {"id": "CVE-2026-20188", "description": "Following the initial publication of the Security Advisory about a denial of service (DoS) condition in Cisco Crosswork Network Controller and Cisco Network Services Orchestrator (NSO), additional information has been made available to the Cisco Product Security Incident Response Team (PSIRT).\r\n\r\nUp...", "score": 0.0, "severity": "PENDING", "published": "2026-05-06T17:16:21.190Z", "lastModified": "2026-05-14T17:16:19.573", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20188", "is_exploited": false, "epss": 0, "vendor": "CISCO", "mts_score": 1.0}, {"id": "CVE-2026-21661", "description": "Uncontrolled Search Path Element vulnerability in JohnsonControls AC2000 on Windows allows Leveraging/Manipulating Configuration File Search Paths.\n\nThis issue affects AC2000: from 10.6 before release 10, from 11.0 before release 9, from 12 before release 3.", "score": 0.0, "severity": "PENDING", "published": "2026-05-06T17:16:21.890Z", "lastModified": "2026-05-06T19:05:56.337", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21661", "is_exploited": false, "epss": 0, "vendor": "WINDOWS", "mts_score": 1.0}, {"id": "CVE-2026-33079", "description": "In versions 3.0.0a1 through 3.2.0 of Mistune, there is a ReDoS (Regular Expression Denial of Service) vulnerability in `LINK_TITLE_RE` that allows an attacker who can supply Markdown for parsing to cause denial of service. The regular expression used for parsing link titles contains overlapping alte...", "score": 0.0, "severity": "PENDING", "published": "2026-05-06T18:16:03.097Z", "lastModified": "2026-05-07T15:43:39.827", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33079", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 1.0}, {"id": "CVE-2026-33441", "description": "Rejected reason: This CVE is a duplicate of another CVE: CVE-2026-33079.", "score": 0.0, "severity": "PENDING", "published": "2026-05-06T20:16:31.473Z", "lastModified": "2026-05-06T20:16:31.473", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33441", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 1.0}, {"id": "CVE-2026-40171", "description": "In Jupyter Notebook versions 7.0.0 through 7.5.5, JupyterLab versions 4.5.6 and earlier, and the corresponding @jupyter-notebook/help-extension and @jupyterlab/help-extension packages before 7.5.6 and 4.5.7, a stored cross-site scripting issue in the help command linker can be chained with attacker-...", "score": 0.0, "severity": "PENDING", "published": "2026-05-06T20:16:31.857Z", "lastModified": "2026-05-07T15:07:32.390", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40171", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 1.0}, {"id": "CVE-2026-40174", "description": "Masa CMS is a content management system forked from Mura CMS. In versions 7.5.2 and earlier, the cUsers.updateAddress function does not properly validate anti-CSRF tokens for user address management operations.\n\nAn attacker can induce a logged-in administrator to submit a forged request that adds, m...", "score": 0.0, "severity": "PENDING", "published": "2026-05-06T20:16:31.997Z", "lastModified": "2026-05-06T21:22:50.760", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40174", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 1.0}, {"id": "CVE-2026-40309", "description": "Masa CMS is a content management system forked from Mura CMS. In versions 7.5.2 and earlier, the cTrash.empty function does not validate anti-CSRF tokens for trash management requests. An attacker can induce a logged-in administrator to submit a forged request that empties the trash and permanently ...", "score": 0.0, "severity": "PENDING", "published": "2026-05-06T20:16:32.137Z", "lastModified": "2026-05-06T21:22:50.760", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40309", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 1.0}, {"id": "CVE-2026-40325", "description": "Masa CMS is a content management system forked from Mura CMS. In versions 7.5.2 and earlier, the `cTrash.restore` function does not properly validate anti-CSRF tokens for content restoration requests. An attacker can trick a logged-in administrator to submit a forged request that restores deleted it...", "score": 0.0, "severity": "PENDING", "published": "2026-05-06T20:16:32.273Z", "lastModified": "2026-05-06T21:22:50.760", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40325", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 1.0}, {"id": "CVE-2026-40326", "description": "Masa CMS is a content management system forked from Mura CMS. In versions 7.5.2 and earlier, the createBundle method in `csettings.cfc` does not properly validate anti-CSRF tokens for site bundle creation requests. An attacker can craft a malicious webpage or link that, when visited by a logged-in a...", "score": 0.0, "severity": "PENDING", "published": "2026-05-06T20:16:32.403Z", "lastModified": "2026-05-06T21:22:50.760", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40326", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 1.0}, {"id": "CVE-2026-40332", "description": "Masa CMS is affected by an Open Redirect vulnerability due to improper handling of scheme-relative URLs. The application incorrectly interprets paths beginning with double slashes (//) as internal paths, failing to validate the redirect target before processing. The application treats these values a...", "score": 0.0, "severity": "PENDING", "published": "2026-05-06T21:16:01.503Z", "lastModified": "2026-05-06T21:22:50.760", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40332", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 1.0}, {"id": "CVE-2026-6278", "description": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.", "score": 0.0, "severity": "PENDING", "published": "2026-05-06T23:16:22.163Z", "lastModified": "2026-05-06T23:16:22.163", "source": "NVD", "source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6278", "is_exploited": false, "epss": 0, "vendor": "Other", "mts_score": 1.0}]}