Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
0.0 NA
CVE-2026-41512 — Remote code execution via JavaScript injection in `BrowserAutomation::PlaywrightService`

ai-scanner is an AI model safety scanner built on NVIDIA garak. From version 1.0.0 to before version 1.4.1, there is a remote code execution vulnerability via JavaScript injection in `BrowserAutomati…

| Injection
May 08, 2026 May 08, 2026
May 08, 2026
May 08, 2026
3.3 LOW
CVE-2026-32803 — Dell PowerScale OneFS Insufficient Logging Vulnerability

Dell PowerScale OneFS versions 9.5.0.0 through 9.5.1.6, 9.6.0.0 through 9.7.1.13, 9.8.0.0 through 9.10.1.5 and 9.11.0.0 through 9.12.0.1 contains an Insufficient Logging vulnerability. A low privileg…

| Information Disclosure
May 08, 2026 May 08, 2026
May 08, 2026
May 08, 2026
0.0 NA
CVE-2026-41507 — Remote Code Execution (RCE) via String Literal Injection into math-codegen

math-codegen generates code from mathematical expressions. Prior to version 0.4.3, string literal content passed to cg.parse() is injected verbatim into a new Function() body without sanitization. Th…

| Injection
May 08, 2026 May 08, 2026
May 08, 2026
May 08, 2026
0.0 NA
CVE-2026-41509 — Integer underflow in crypto_sign_open() leads to buffer overflow

CROSS implementation contains reference and optimized implementations of the CROSS post-quantum signature algorithm. Prior to commit fc6b7e7, there is a buffer overflow in crypto_sign_open() caused b…

| Memory Corruption
May 08, 2026 May 08, 2026
May 08, 2026
May 08, 2026
0.0 NA
CVE-2026-41506 — go-git Credential leak via cross-host redirect in smart HTTP transport

go-git is an extensible git implementation library written in pure Go. Prior to versions 5.18.0 and 6.0.0-alpha.2, go-git may leak HTTP authentication credentials when following redirects during smar…

| Information Disclosure
May 08, 2026 May 08, 2026
May 08, 2026
May 08, 2026
0.0 NA
CVE-2026-43350 — smb: client: require a full NFS mode SID before reading mode bits

In the Linux kernel, the following vulnerability has been resolved: smb: client: require a full NFS mode SID before reading mode bits parse_dacl() treats an ACE SID matching sid_unix_NFS_mode as an…

| Misconfiguration
May 08, 2026 May 08, 2026
May 08, 2026
May 08, 2026
0.0 NA
CVE-2026-43349 — f2fs: fix to avoid uninit-value access in f2fs_sanity_check_node_footer

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid uninit-value access in f2fs_sanity_check_node_footer syzbot reported a f2fs bug as below: BUG: KMSAN: uninit-…

| Memory Corruption
May 08, 2026 May 08, 2026
May 08, 2026
May 08, 2026
0.0 NA
CVE-2026-43348 — mshv_vtl: Fix vmemmap_shift exceeding MAX_FOLIO_ORDER

In the Linux kernel, the following vulnerability has been resolved: mshv_vtl: Fix vmemmap_shift exceeding MAX_FOLIO_ORDER When registering VTL0 memory via MSHV_ADD_VTL0_MEMORY, the kernel computes …

| Misconfiguration
May 08, 2026 May 08, 2026
May 08, 2026
May 08, 2026
0.0 NA
CVE-2026-43347 — arm64: dts: qcom: monaco: Reserve full Gunyah metadata region

In the Linux kernel, the following vulnerability has been resolved: arm64: dts: qcom: monaco: Reserve full Gunyah metadata region We observe spurious "Synchronous External Abort" exceptions (ESR=0x…

| Misconfiguration
May 08, 2026 May 08, 2026
May 08, 2026
May 08, 2026
0.0 NA
CVE-2026-43346 — ice: ptp: don't WARN when controlling PF is unavailable

In the Linux kernel, the following vulnerability has been resolved: ice: ptp: don't WARN when controlling PF is unavailable In VFIO passthrough setups, it is possible to pass through only a PF whic…

| Misconfiguration
May 08, 2026 May 08, 2026
May 08, 2026
May 08, 2026
0.0 NA
CVE-2026-43345 — net: ipa: fix event ring index not programmed for IPA v5.0+

In the Linux kernel, the following vulnerability has been resolved: net: ipa: fix event ring index not programmed for IPA v5.0+ For IPA v5.0+, the event ring index field moved from CH_C_CNTXT_0 to …

| Misconfiguration
May 08, 2026 May 08, 2026
May 08, 2026
May 08, 2026
0.0 NA
CVE-2026-43344 — perf/x86/intel/uncore: Fix die ID init and look up bugs

In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel/uncore: Fix die ID init and look up bugs In snbep_pci2phy_map_init(), in the nr_node_ids > 8 path, uncore_device_t…

| Misconfiguration
May 08, 2026 May 08, 2026
May 08, 2026
May 08, 2026
0.0 NA
CVE-2026-44340 — PraisonAI: Symlink-extraction bypass of `_safe_extractall` writes outside `dest_dir`

PraisonAI is a multi-agent teams system. Prior to version 4.6.37, the _safe_extractall helper that all recipe pull, recipe publish, and recipe unpack flows route through validates each archive member…

| Path Traversal
May 08, 2026 May 08, 2026
May 08, 2026
May 08, 2026
7.5 HIGH
CVE-2026-39816 — Apache NiFi: Missing Execute Code Required Permission on TinkerpopClientService

The optional extension component TinkerpopClientService is missing the Restricted annotation with the Execute Code Required Permission in Apache NiFi 2.0.0-M1 through 2.8.0. The TinkerpopClientServic…

Remote | Authentication
May 08, 2026 May 08, 2026
May 08, 2026
May 08, 2026
0.0 NA
CVE-2026-43343 — usb: gadget: f_subset: Fix unbalanced refcnt in geth_free

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_subset: Fix unbalanced refcnt in geth_free geth_alloc() increments the reference count, but geth_free() fails to d…

| Memory Corruption
May 08, 2026 May 08, 2026
May 08, 2026
May 08, 2026
0.0 NA
CVE-2026-43342 — usb: gadget: f_rndis: Protect RNDIS options with mutex

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_rndis: Protect RNDIS options with mutex The class/subclass/protocol options are suspectible to race conditions as …

| Race Condition
May 08, 2026 May 08, 2026
May 08, 2026
May 08, 2026
0.0 NA
CVE-2026-43341 — net/ipv6: ioam6: prevent schema length wraparound in trace fill

In the Linux kernel, the following vulnerability has been resolved: net/ipv6: ioam6: prevent schema length wraparound in trace fill ioam6_fill_trace_data() stores the schema contribution to the tra…

| Memory Corruption
May 08, 2026 May 08, 2026
May 08, 2026
May 08, 2026
0.0 NA
CVE-2026-43340 — comedi: Reinit dev->spinlock between attachments to low-level drivers

In the Linux kernel, the following vulnerability has been resolved: comedi: Reinit dev->spinlock between attachments to low-level drivers `struct comedi_device` is the main controlling structure fo…

| Race Condition
May 08, 2026 May 08, 2026
May 08, 2026
May 08, 2026
0.0 NA
CVE-2026-44339 — PraisonAI has unsafe tool resolution in `ToolExecutionMixin.execute_tool`: undeclared `__…

PraisonAI is a multi-agent teams system. Prior to praisonai version 4.6.37 and praisonaiagents version 1.6.37, praisonaiagents resolves unresolved tool names against module globals and __main__ after…

| Misconfiguration
May 08, 2026 May 08, 2026
May 08, 2026
May 08, 2026
0.0 NA
CVE-2026-44338 — PraisonAI ships and generates a legacy API server with authentication disabled by default…

PraisonAI is a multi-agent teams system. From version 2.5.6 to before version 4.6.34, PraisonAI ships a legacy Flask API server with authentication disabled by default. When that server is used, any …

| Authentication
May 08, 2026 May 08, 2026
May 08, 2026
May 08, 2026
Showing 20 of 5794 Results