Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
0.0 NA
CVE-2026-41149 — Mermaid: Improper sanitization of `classDef` in state diagrams leads to HTML injection

Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Versions 10.9.5 and earlier, as well as 11.0.0-alpha.1 through 11.14.0, are vulnerable to HTML …

| Injection
May 22, 2026 May 22, 2026
May 22, 2026
May 22, 2026
7.5 HIGH
CVE-2026-23663 — Microsoft Global Secure Access (GSA) Information Disclosure Vulnerability

None

May 22, 2026 May 22, 2026
May 22, 2026
May 22, 2026
10.0 CRITICAL
CVE-2026-42901 — Microsoft Entra ID Elevation of Privilege Vulnerability

None

May 22, 2026 May 22, 2026
May 22, 2026
May 22, 2026
10.0 CRITICAL
CVE-2026-41104 — Microsoft Planetary Computer Pro Information Disclosure Vulnerability

None

May 22, 2026 May 22, 2026
May 22, 2026
May 22, 2026
8.8 HIGH
CVE-2026-45659 — Microsoft SharePoint Remote Code Execution Vulnerability

None

May 22, 2026 May 22, 2026
May 22, 2026
May 22, 2026
0.0 NA
CVE-2026-41148 — Mermaid: Improper sanitization of `classDefs` in diagrams leads to CSS injection

Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Versions 10.9.5 and prior, in addition to 11.0.0-alpha.1 through 11.12.0 are vulnerable to CSS …

| Injection
May 22, 2026 May 22, 2026
May 22, 2026
May 22, 2026
9.1 CRITICAL
CVE-2026-33843 — Microsoft Azure Active Directory B2C Elevation of Privilege Vulnerability

None

May 22, 2026 May 22, 2026
May 22, 2026
May 22, 2026
7.7 HIGH
CVE-2026-26147 — Azure Stack HCI Information Disclosure Vulnerability

None

May 22, 2026 May 22, 2026
May 22, 2026
May 22, 2026
9.3 CRITICAL
CVE-2026-41090 — Microsoft Copilot Tampering Vulnerability

None

May 22, 2026 May 22, 2026
May 22, 2026
May 22, 2026
6.5 MEDIUM
CVE-2026-42827 — M365 Copilot Information Disclosure Vulnerability

None

May 22, 2026 May 22, 2026
May 22, 2026
May 22, 2026
10.0 CRITICAL
CVE-2026-47280 — Azure Resource Manager Elevation of Privilege Vulnerability

None

May 22, 2026 May 22, 2026
May 22, 2026
May 22, 2026
9.9 CRITICAL
CVE-2026-40411 — Azure Virtual Network Gateway Remote Code Execution Vulnerability

None

May 22, 2026 May 22, 2026
May 22, 2026
May 22, 2026
8.8 HIGH
CVE-2026-35430 — Azure Privileged Identity Management (PIM) Elevation of Privilege Vulnerability

None

May 22, 2026 May 22, 2026
May 22, 2026
May 22, 2026
10.0 CRITICAL
CVE-2026-23652 — Microsoft Power Pages Remote Code Execution Vulnerability

None

May 22, 2026 May 22, 2026
May 22, 2026
May 22, 2026
10.0 CRITICAL
CVE-2026-40412 — Azure Orbital Spatio Remote Code Execution Vulnerability

None

May 22, 2026 May 22, 2026
May 22, 2026
May 22, 2026
0.0 NA
CVE-2026-41147 — NukeViet CMS: Stored Cross-Site Scripting (XSS) via insufficient server-side input saniti…

NukeViet CMS is a multi Content Management System. Versions 4.5.07 and prior contain a Stored Cross-Site Scripting (XSS) vulnerability caused by insufficient server-side input sanitization in the Req…

| Cross-Site Scripting
May 22, 2026 May 22, 2026
May 22, 2026
May 22, 2026
0.0 NA
CVE-2026-41076 — RT: LDAP authentication bypass via empty password

RT is an open source, enterprise-grade issue and ticket tracking system. Versions 5.0.9 and prior in addition to 6.0.0 through 6.0.2 contain an authentication bypass vulnerability in RT installations…

| Authentication
May 22, 2026 May 22, 2026
May 22, 2026
May 22, 2026
0.0 NA
CVE-2026-41075 — RT: SQL injection via entry_aggregator parameter in JSON search

RT is an open source, enterprise-grade issue and ticket tracking system. Versions 5.0.0 through 5.0.9 and 6.0.0 through 6.0.2 contain an SQL injection vulnerability. An authenticated user can craft i…

| Injection
May 22, 2026 May 22, 2026
May 22, 2026
May 22, 2026
0.0 NA
CVE-2026-41074 — RT has broken CSRF protection for authenticated users

RT is an open source, enterprise-grade issue and ticket tracking system. Versions 6.0.0 through 6.0.2 contain a Cross-Site Request Forgery (CSRF) vulnerability. An attacker who can induce a logged-in…

| Cross-Site Request Forgery
May 22, 2026 May 22, 2026
May 22, 2026
May 22, 2026
0.0 NA
CVE-2026-41073 — RT: Spreadsheet downloads vulnerable to CSV/formula injection in Microsoft Excel and simi…

RT is an open source, enterprise-grade issue and ticket tracking system. Versions prior to 5.0.10 and 6.0.0 through 6.0.2 contain a spreadsheet (CSV/formula) injection vulnerability. User-controlled …

| Injection
May 22, 2026 May 22, 2026
May 22, 2026
May 22, 2026
Showing 20 of 6082 Results