Search
6,868 CVEs
CVEs (6,868, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 1–25 of 6,868 (capped at 500)
| CVE ID | Severity | Patch | CVSS | Published ↑ | Description |
|---|---|---|---|---|---|
| CVE-2026-42455 | NONE | — | 2026-05-09 | Linkwarden is a self-hosted, open-source collaborative bookmark manager to collect, organize and archive webpages. In versions 2.14.0 and prior, the archive upload endpoint… | |
| CVE-2026-44313 | CRITICAL | Patched | 9.1 | 2026-05-09 | Linkwarden is a self-hosted, open-source collaborative bookmark manager to collect, organize and archive webpages. Prior to version 2.13.0, a Server-Side Request Forgery (S… |
| CVE-2026-41705 | HIGH | Patched | 8.6 | 2026-05-09 | Spring AI's MilvusVectorStore#doDelete(List) implementation is vulnerable to filter-expression injection via unsanitized document IDs. Spring AI 1.0.x: affected from 1.0.0 … |
| CVE-2026-6664 | HIGH | Patched | 7.5 | 2026-05-09 | An integer overflow in network packet parsing code in PgBouncer before 1.25.2 bypasses a boundary check and can lead to a crash. An unauthenticated remote attacker can cras… |
| CVE-2026-6665 | HIGH | Patched | 8.1 | 2026-05-09 | The SCRAM code in PgBouncer before 1.25.2 did not check the return value of strlcat() correctly when building the contents of the SCRAM client-final-message. A malicious ba… |
| CVE-2026-6666 | MEDIUM | Patched | 5.9 | 2026-05-09 | A possible null pointer reference in PgBouncer before 1.25.2 could lead to a crash, if a server sends an error response without SQLSTATE field. |
| CVE-2026-6667 | MEDIUM | Patched | 4.3 | 2026-05-09 | PgBouncer before 1.25.2 did not perform an appropriate authorization check for the KILL_CLIENT admin command. All users with access to the administration console (which its… |
| CVE-2026-7652 | MEDIUM | 5.3 | 2026-05-09 | The LatePoint plugin for WordPress is vulnerable to Account Takeover via Weak Password Recovery Mechanism in the unauthenticated guest booking flow in versions up to, and i… | |
| CVE-2026-8207 | NONE | — | 2026-05-09 | Gibbon versions before v30.0.01 are affected by an authenticated SQL Injection vulnerability by abusing the Tracking/graphing https://github.com/GibbonEdu/core/blob/c431e2… | |
| CVE-2026-41163 | NONE | Patched | — | 2026-05-09 | bubblewrap is a low-level unprivileged sandboxing tool. From version 0.11.0 to before version 0.11.2, if bubblewrap is installed in setuid mode then the user can use ptrace… |
| CVE-2026-41311 | HIGH | Patched | 7.5 | 2026-05-09 | LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to version 10.25.7, a circular block reference in {% layout %} / {% block %} cause… |
| CVE-2026-42051 | MEDIUM | Patched | 4.3 | 2026-05-09 | Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, the system API endpoint leaks license data and installed version to authenticated user… |
| CVE-2026-42069 | MEDIUM | Patched | 6.5 | 2026-05-09 | Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, read access to site, user and role information is not gated by permissions. This issue… |
| CVE-2026-42137 | MEDIUM | Patched | 6.5 | 2026-05-09 | Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, `pages.access/list` and `files.access/list` permissions are not consistently checked i… |
| CVE-2026-42174 | MEDIUM | Patched | 4.3 | 2026-05-09 | Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, user avatar creation, replacement and deletion are not gated by user update permission… |
| CVE-2026-42183 | MEDIUM | Patched | 6.5 | 2026-05-09 | Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From version 4.0.0 to before version 4.0.5, a nil pointer d… |
| CVE-2026-42294 | HIGH | Patched | 7.5 | 2026-05-09 | Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to versions 3.7.14 and 4.0.5, the Webhook Interceptor… |
| CVE-2026-42295 | MEDIUM | Patched | 4.9 | 2026-05-09 | Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From version 4.0.0 to before version 4.0.5, the workflow ex… |
| CVE-2026-42296 | HIGH | Patched | 8.1 | 2026-05-09 | Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to versions 3.7.14 and 4.0.5, a user with create Work… |
| CVE-2026-42297 | HIGH | Patched | 8.3 | 2026-05-09 | Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From version 4.0.0 to before version 4.0.5, the Sync Servic… |
| CVE-2026-42301 | HIGH | Patched | 7.8 | 2026-05-09 | pyp2spec generates working Fedora RPM spec file for Python projects. Prior to version 0.14.1, pyp2spec was writing PyPI package metadata (e.g. the summary field) into the g… |
| CVE-2026-42461 | HIGH | Patched | 7.5 | 2026-05-09 | Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to version 1.18.0, four GET endpoints under /api/templates* in Arcane's Huma bac… |
| CVE-2026-8208 | NONE | — | 2026-05-09 | Gibbon versions before v30.0.01 are affected by a local file inclusion vulnerability resulting in RCE by changing the report archive directory and forcing interpretation of… | |
| CVE-2026-8209 | NONE | — | 2026-05-09 | Gibbon versions before v30.0.01 are affected by a path traversal vulnerability resulting in DOS by attempting extraction of web application PHP files, failed .zip extractio… | |
| CVE-2025-15633 | MEDIUM | Patched | 6.5 | 2026-05-09 | An improper authorization vulnerability in HCL BigFix WebUI allows an authenticated user without Master Operator privileges to access internal data (site names, versions, a… |