Total
4146 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-24215 | 2026-05-19 | N/A | 9.1 CRITICAL | ||
| Incorrect access control in the /uci/get/ endpoint of NOVUS AirGate 4G firmware v1.1.16 allows unauthenticated attackers to obtain administrator credentials via a crafted POST request. | |||||
| CVE-2026-8545 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-05-19 | N/A | 3.1 LOW |
| Object corruption in Compositing in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2026-32994 | 2026-05-19 | N/A | 5.3 MEDIUM | ||
| The /api/v1/autotranslate.translateMessage endpoint in versions <8.5.0, <8.4.2, <8.3.4, <8.2.4, <8.1.5, <8.0.6, <7.13.8, and <7.10.12 allows any authenticated user to retrieve the full content of any message from any room (private groups, direct messages, channels) by simply providing the target message ID. The endpoint fetches the message via Messages.findOneById(messageId) with no room access check (canAccessRoomIdAsync is never called), returning the complete IMessage object including message text, sender info, room ID, timestamps, and markdown content. | |||||
| CVE-2026-8556 | 2 Google, Microsoft | 2 Chrome, Windows | 2026-05-19 | N/A | 3.1 LOW |
| Inappropriate implementation in ANGLE in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2026-44774 | 1 Traefik | 1 Traefik | 2026-05-19 | N/A | 9.9 CRITICAL |
| Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.46, 3.6.17, and 3.7.1, Traefik's Kubernetes Gateway API provider allows a tenant with HTTPRoute creation permissions to expose the REST provider handler, bypassing the providers.rest.insecure=false setting. The Gateway provider accepts any TraefikService backend reference whose name ends with @internal, making it possible to route traffic to rest@internal in addition to the intended api@internal. In shared Gateway deployments where the REST provider is enabled, this allows a low-privileged actor to gain live dynamic configuration write access to Traefik, enabling unauthorized reconfiguration of routers and services. This vulnerability is fixed in 2.11.46, 3.6.17, and 3.7.1. | |||||
| CVE-2026-44556 | 1 Openwebui | 1 Open Webui | 2026-05-19 | N/A | 7.1 HIGH |
| Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the /responses endpoint in the OpenAI router accepts any authenticated user and forwards requests directly to upstream LLM providers without enforcing per-model access control. While the primary chat completion endpoint (generate_chat_completion) checks model ownership, group membership, and AccessGrants before allowing a request, the /responses proxy only validates that the user has a valid session via get_verified_user. This allows any authenticated user to interact with any model configured on the instance by sending a POST request to /api/openai/responses with an arbitrary model ID. This vulnerability is fixed in 0.9.0. | |||||
| CVE-2026-45301 | 1 Openwebui | 1 Open Webui | 2026-05-18 | N/A | 8.1 HIGH |
| Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.3.16, a missing permission check in all files related API endpoints allows any authenticated user to list, access and delete every file uploaded by every user to the platform. This vulnerability is fixed in 0.3.16. | |||||
| CVE-2026-8758 | 2026-05-18 | 7.5 HIGH | 7.3 HIGH | ||
| A vulnerability was determined in Metasoft 美特软件 MetaCRM up to 6.4.0 Beta06. This impacts an unknown function of the file /common/jsp/upload3.jsp. Executing a manipulation of the argument File can lead to unrestricted upload. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-67437 | 2026-05-18 | N/A | 6.5 MEDIUM | ||
| Medical Management System a81df1ce700a9662cb136b27af47f4cbde64156b is vulnerable to Insecure Permissions, which allows arbitrary user password reset. | |||||
| CVE-2026-40020 | 2 Dovecot, Open-xchange | 2 Dovecot, Dovecot | 2026-05-18 | N/A | 3.1 LOW |
| Attacker can use the IMAP SETACL command to inject the anyone permission to user's dovecot-acl file even if imap_acl_allow_anyone=no. This causes folders to be spammed to all users. The impact is limited to being able to spam folders to other users, no unexpected access is gained. Install to fixed version. No publicly available exploits are known. | |||||
| CVE-2026-37526 | 1 Linuxfoundation | 1 Automotive Grade Linux | 2026-05-18 | N/A | 7.8 HIGH |
| AGL app-framework-binder (afb-daemon) through v19.90.0 allows any local process to execute privileged supervision commands (Exit, Do, Sclose, Config, Trace, Debug, Token, slist) without authentication via the abstract Unix socket @urn:AGL:afs:supervision:socket. The on_supervision_call function in src/afb-supervision.c dispatches all 8 commands without any credential verification. The abstract socket has no DAC protection, as acknowledged in the official CAUTION comment in src/afs-supervision.h. This allows a low-privileged local process to kill the daemon (DoS via Exit command), execute arbitrary API calls (via Do command), close arbitrary user sessions (via Sclose command), or leak the entire global configuration (via Config command). The vulnerability was introduced in commit b8c9d5de384efcfa53ebdb3f0053d7b3723777e1 on 2017-06-29. | |||||
| CVE-2026-8586 | 1 Google | 1 Chrome | 2026-05-18 | N/A | 5.5 MEDIUM |
| Inappropriate implementation in Chromoting in Google Chrome prior to 148.0.7778.168 allowed a local attacker to bypass discretionary access control via a malicious file. (Chromium security severity: Medium) | |||||
| CVE-2026-40381 | 1 Microsoft | 1 Azure Connected Machine Agent | 2026-05-18 | N/A | 7.8 HIGH |
| Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2026-41101 | 1 Microsoft | 1 Word | 2026-05-16 | N/A | 7.1 HIGH |
| Improper access control in Microsoft Office Word allows an authorized attacker to perform spoofing locally. | |||||
| CVE-2026-41102 | 1 Microsoft | 1 Powerpoint | 2026-05-16 | N/A | 7.1 HIGH |
| Improper access control in Microsoft Office PowerPoint allows an authorized attacker to perform spoofing locally. | |||||
| CVE-2026-41100 | 1 Microsoft | 1 365 Copilot | 2026-05-16 | N/A | 4.4 MEDIUM |
| Improper access control in M365 Copilot allows an authorized attacker to perform spoofing locally. | |||||
| CVE-2026-44478 | 2026-05-15 | N/A | 7.5 HIGH | ||
| hoppscotch is an open source API development ecosystem. The fix for CVE-2026-28215 in version 2026.2.0 addresses the unauthenticated POST /v1/onboarding/config endpoint by checking onboardingCompleted and canReRunOnboarding before allowing config overwrites. However, GET /v1/onboarding/config still leaks all infrastructure secrets in plaintext to unauthenticated users when the ONBOARDING_RECOVERY_TOKEN stored in the database is an empty string. This vulnerability is fixed in 2026.4.0. | |||||
| CVE-2026-41086 | 1 Microsoft | 1 Windows Admin Center | 2026-05-15 | N/A | 8.8 HIGH |
| Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges over a network. | |||||
| CVE-2024-36323 | 2026-05-15 | N/A | N/A | ||
| Improper isolation of VCN-JPEG HW register space could allow a malicious Guest Virtual Machine (VM) or a process to perform unauthorized access to the register space of the JPEG cores assigned a victim VM/process, potentially gaining arbitrary read/write access to the victim VM/process data. | |||||
| CVE-2025-0040 | 2026-05-15 | N/A | N/A | ||
| Improper access control between the Joint Test Action Group (JTAG) and Advanced Extensible Interface (AXI) could allow an attacker with physical access to read or overwrite the contents of cross-chip debug (XCD) registers potentially resulting in loss of data integrity or confidentiality. | |||||