Common Vulnerabilities and Exposures (CVE)

CVE-2026-40564

May 26, 2026 16:18:03 UTC

Files or Directories Accessible to External Parties, Server-Side Request Forgery (SSRF) vulnerability in Apache Flink Kubernetes Operator. The FlinkSessionJob jarURI is currently not validated so that it points to user-owned files or addre...

CVE-2026-23355

May 26, 2026 16:17:50 UTC

In the Linux kernel, the following vulnerability has been resolved: ata: libata: cancel pending work after clearing deferred_qc Syzbot reported a WARN_ON() in ata_scsi_deferred_qc_work(), caused by ap->ops->qc_defer() returning non-zero b...

CVE-2026-45249

May 26, 2026 16:17:41 UTC

A cross-site scripting (XSS) vulnerability exists in Apache ECharts in the Lines series tooltip rendering logic. This issue affects Apache ECharts: from before 6.1.0. In versions prior to 6.1.0, if both Lines series and tooltip are use...

CVE-2026-9368

May 26, 2026 16:17:36 UTC

A vulnerability was identified in NousResearch hermes-agent up to 2026.4.16. This impacts the function execute_code of the file tools/code_execution_tool.py of the component Environment Variable Handler. Such manipulation leads to sandbox i...

CVE-2026-9374

May 26, 2026 16:16:57 UTC

A vulnerability was found in yangzongzhuan RuoYi-Vue up to 3.9.2. Impacted is the function FileUploadUtils.upload of the file /common/upload of the component Common Upload Endpoint. Performing a manipulation results in unrestricted upload. ...

CVE-2018-25345

May 26, 2026 16:16:52 UTC

10-Strike Network Scanner 3.0 contains a local buffer overflow vulnerability in the host name field that allows attackers to bypass SafeSEH protections and execute arbitrary code. Attackers can craft a malicious payload in the host name or ...

CVE-2026-9302

May 26, 2026 16:15:43 UTC

A vulnerability was determined in 546669204 vps-inventory-monitoring up to 98c00b370668c96ae75e91c15548d9ea113652d9. This issue affects the function eval of the file app/index/command/VpsTest.php of the component VpsTest Console. Executing ...

CVE-2026-9296

May 26, 2026 16:14:54 UTC

A weakness has been identified in Edimax BR-6428NS 1.10. This impacts the function system of the file /goform/formWlanM of the component POST Request Handler. Executing a manipulation of the argument ateFunc/ateGain/ateTxCount/ateChan/ateRa...

CVE-2026-45836

May 26, 2026 16:14:13 UTC

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix null-ptr-deref in l2cap_sock_get_sndtimeo_cb() Add the same NULL guard already present in l2cap_sock_resume_cb() and l2cap_sock_ready_cb().

CVE-2026-45835

May 26, 2026 16:14:12 UTC

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix null-ptr-deref in l2cap_sock_new_connection_cb() Add the same NULL guard already present in l2cap_sock_resume_cb() and l2cap_sock_ready_cb().

CVE-2026-45834

May 26, 2026 16:14:11 UTC

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix null-ptr-deref in l2cap_sock_state_change_cb() Add the same NULL guard already present in l2cap_sock_resume_cb() and l2cap_sock_ready_cb().

CVE-2026-9284

May 26, 2026 16:13:40 UTC

The WooCommerce PayPal Payments plugin for WordPress is vulnerable to unauthorized order manipulation and information disclosure due to missing authorization checks on the `ppc-create-order` and `ppc-get-order` WC-AJAX endpoints in all vers...

CVE-2026-44502

May 26, 2026 16:13:32 UTC

Bugsink is a self-hosted error tracking tool. Prior to 2.1.3, Bugsink’s webhook URL validation could be (partially) bypassed because of a mismatch in URL parsing. The original validation logic parsed webhook URLs with Python’s urllib.parse....

CVE-2026-41147

May 26, 2026 16:12:34 UTC

NukeViet CMS is a multi Content Management System. Versions 4.5.07 and prior contain a Stored Cross-Site Scripting (XSS) vulnerability caused by insufficient server-side input sanitization in the Request class. The application relies primar...

CVE-2026-9393

May 26, 2026 16:11:48 UTC

A vulnerability was found in H3C Magic B0 up to 100R002. This affects the function Edit_BasicSSID_5G of the file /goform/aspForm. Performing a manipulation of the argument param results in buffer overflow. The attack may be initiated remote...