Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
5.1 MEDIUM
CVE-2026-47271 — pam_usb: OOM guards removed by -DNDEBUG cause NULL dereference and authentication process…

pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, src/mem.c implemented out-of-memory guards for xmalloc(), xrealloc(), and xstrdup() using assert(dat…

| Memory Corruption
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
8.7 HIGH
CVE-2026-47161 — RELATE Vulnerable to Remote Code Execution (RCE) via Insecure Celery Pickle Deserializati…

RELATE is a web-based courseware package. Prior to commit d66ba5659b459bf1ba56b7109b5f9ecf197cbefb, RELATE LMS configures its Celery workers to accept and deserialize untrusted 'pickle' data. An atta…

Remote | Injection
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
7.1 HIGH
CVE-2026-45134 — LangSmith Client SDK: Public prompt pull deserializes untrusted manifests without trust b…

LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to LangSmith SDK Python 0.8.0 and JS/TS 0.6.0, the LangSmith SDK's prompt pull methods (pull_prompt / pull_promp…

langchain | Remote | Supply Chain
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
8.4 HIGH
CVE-2026-45108 — Himmelblau: Authentication Bypass via Cross-User Local Session Impersonation in Device Au…

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From 2.0.0 to before 3.1.5 and 2.3.11, Himmelblau contained an authentication bypass vulnerability in the Device Autho…

Remote | Authentication
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
7.5 HIGH
CVE-2026-45104 — MapServer: NULL pointer dereference in SLD `<ElseFilter>` rule parsing reachable via WMS …

MapServer is a system for developing web-based GIS applications. From 6.4.0 to before 8.6.3, msSLDParseUserStyle always calls _SLDApplyRuleValues(psRule, psLayer, 1); for any <Rule> carrying <ElseFil…

Remote | Memory Corruption
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
9.9 CRITICAL
CVE-2026-45102 — OneUptime: RCE due to Node.js' vm module escape via error objects and infinite recursion

OneUptime is an open-source monitoring and observability platform. Prior to 10.0.98, OneUptime uses the Node.js' vm module as an isolation primitive. This API was not designed for that and can be esc…

Remote | Memory Corruption
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
9.8 CRITICAL
CVE-2026-44888 — Unauthenticated RCE via Python Config File Injection in SaveConfigFile() (Interger)

Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. Prior to 2026-05-07, Pi.Alert's SaveConfigFile() endpoint writes user-supplied numeric config values (e.g., SMTP_PORT) directly…

Remote | Injection
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
9.8 CRITICAL
CVE-2026-44887 — Unauthenticated RCE via Python Config File Injection in SaveConfigFile() (Path)

Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. Prior to 2026-05-07, Pi.Alert's web-based configuration editor allows arbitrary Python code to be injected into pialert.conf. S…

Remote | Injection
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
8.7 HIGH
CVE-2026-44886 — Pi.Alert: Web Interface Vulnerable to Unauthenticated Blind SQL Injection

Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. From 2024-06-29 to before 2026-05-07, the web application endpoint is vulnerable to SQL injection. The /pialert/php/server/devi…

Remote | Injection
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
7.8 HIGH
CVE-2026-44724 — systeminformation: Linux command injection in networkInterfaces() via unsanitized Network…

systeminformation is a System and OS information library for node.js. From 4.17.0 to 5.31.5, on Linux, systeminformation is vulnerable to command injection in networkInterfaces() when an active Netwo…

systeminformation | Injection
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
6.1 MEDIUM
CVE-2026-44681 — Authlib: Open Redirect in Authlib OIDC Implicit/Hybrid Authorization

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.12 and 1.7.1, an unauthenticated open redirect in Authlib's OpenIDImplicitGrant and OpenIDHybridGrant authoriza…

authlib | Remote | Misconfiguration
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
9.3 CRITICAL
CVE-2026-44590 — Sherlock: Command Injection via pull_request_target in validate_modified_targets.yml

Sherlock hunts down social media accounts by username across social networks. Prior to 0.16.1, the GitHub Actions workflow validate_modified_targets.yml is vulnerable to command injection via the pul…

Remote | Injection
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
5.4 MEDIUM
CVE-2026-42877 — FacturaScripts: Stored XSS via product reference in sales/purchases

FacturaScripts is an open source accounting and invoicing software. In 2025.92 and earlier, a stored Cross-Site Scripting (XSS) vulnerability exists in the product search modal of sales (Core/Lib/Aja…

facturascripts | Remote | Cross-Site Scripting
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
8.7 HIGH
CVE-2026-42197 — RELATE Vulnerable to Stored XSS via Unprivileged User Profile

RELATE is a web-based courseware package. Versions prior to commit 555f0efb1c5bd7531c07cd73724d7e566a81f620 have a stored cross-site scripting vulnerability that allows any enrolled student to execut…

Remote | Cross-Site Scripting
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
0.0 NA
CVE-2026-33552 — Northern.tech Mender Enterprise Server Authentication Bypass

Northern.tech Mender Enterprise Server before 4.1.1 has Incorrect Access Control.

| Authorization
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
4.3 MEDIUM
CVE-2026-8716 — Use of Incorrectly-Resolved Name or Reference in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.7 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that under certain conditions could have allowed an authen…

gitlab | Remote | Authorization
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
5.3 MEDIUM
CVE-2026-6713 — Incorrect Authorization in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that under certain conditions could have allowed an unauth…

gitlab | Remote | Authorization
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
4.3 MEDIUM
CVE-2026-5296 — Missing Authorization in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 18.7 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that when foundational flows were enabled at the group level,…

gitlab | Remote | Authorization
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
8.2 HIGH
CVE-2026-4868 — Authorization Bypass Through User-Controlled Key in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 18.8 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that, under certain conditions, could have allowed an authent…

gitlab | Remote | Authorization
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
5.5 MEDIUM
CVE-2026-45046 — Gryph Agents Payload Filter Fails to Strip Tool Payload for Sensitive Content

Gryph provides a security layer for AI coding agents. Prior to 0.7.0, Gryph implements logging levels that determine what content is logged to a local sqlite database. The README incorrectly mentions…

| Information Disclosure
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
Showing 20 of 6580 Results