CVE Vulnerabilities - 7 May 2026

Unauthorized access to Azure AI Foundry M365 agents could allow attackers to gain elevated network privileges. This affects the security of your network and data. Update your agents to the latest vers...

A weak secret in Note Mark makes it possible for attackers to steal user accounts. This happens when they crack the secret using a computer and then create fake login tokens for any user. To fix this,...

Open Notebook v1.8.3 does not properly check user input, which can lead to malicious code being executed on the server. This can result in unauthorized access to system resources. To fix this issue, u...

The vm2 software allows attackers to modify fundamental JavaScript objects like Object.prototype, Array.prototype, and Function.prototype. This could allow attackers to gain control of a system or ste...

The vm2 JavaScript engine has a vulnerability that allows an attacker to escape the sandbox and execute malicious code on the host system. This could lead to unauthorized access and control of the sys...

The vm2 library has a security flaw that could allow an attacker to execute malicious code on a server. This could happen if a developer uses vm2 to run untrusted code. To protect against this, update...

An authorized user with access to Azure Managed Instance for Apache Cassandra can potentially execute malicious code over a network. This could allow the attacker to access sensitive data or disrupt t...

A vulnerability in vm2 allows malicious code to escape the sandbox and load excluded builtins, potentially leading to remote code execution on the host system. This affects users who use vm2 to sandbo...

A vulnerability in Fleet's Helm deployer allows a tenant with access to a monitored repository to read secrets from any namespace on downstream clusters. This is a confidentiality risk, as leaked cred...

A security weakness in the GitHub Enterprise Server notebook viewer allows attackers to access internal services on the same network. This could lead to unauthorized access to sensitive data or system...

GitPython, a Python library used to interact with Git repositories, had a security issue prior to version 3.1.47. An attacker could use a specially crafted command to apply malicious Git configuration...

Apache Log4j, a logging library used in many software applications, has a flaw that allows attackers to execute malicious code on a server without needing a password. This could lead to unauthorized a...

The query-parser-string package for NPM doesn't properly check user input, which can cause unexpected behavior in your application. This can happen if you use user-supplied data in your application wi...

The parse-ini npm package has a security issue that allows attackers to manipulate JavaScript objects, potentially leading to unexpected behavior in applications that use this package. This could allo...

A security flaw in Yarbo firmware v2.3.9 allows anyone with the correct credentials to access device management interfaces. This is a concern because the credentials are the same for all devices and c...

A hidden backdoor was discovered in Yarbo firmware version 2.3.9, allowing unauthorized access to sensitive features. This poses a risk to security and data integrity. Update to a fixed version of the...

A security issue in older Ivanti EPMM versions lets an attacker access sensitive features without permission. This could allow them to manipulate the system in unintended ways. Update to version 12.6....

The Next NPM Version package is used in some projects to update NPM packages. If an attacker can inject malicious input, they may be able to execute arbitrary system commands, potentially allowing the...

An attacker can inject malicious SQL code into the ChestnutCMS admin backend, potentially allowing them to access or modify sensitive data. This vulnerability affects the admin backend of ChestnutCMS ...

The Optoma CinemaX P2 projector has a remote control system that can be accessed by any device on the same network without a password. This means that anyone with a device connected to the same networ...

Older versions of Firefox ESR may be at risk of a security issue in the WebRTC component. This means that an attacker could potentially exploit a weakness in the software to gain unauthorized access. ...

A security issue in Debian's package manager could allow an attacker to execute any file on a system. This could happen if a user installs a malicious package or if an attacker gains access to the pac...

A flaw in Debian's OpenSSL package allows attackers to intercept sensitive information, such as encrypted data and login credentials. This can happen when Debian systems generate or use OpenSSL keys. ...

A bug in Firefox's audio and video playback component can cause the browser to crash or be exploited by attackers. This issue affects users who have not updated to the latest Firefox ESR versions. To ...

A security flaw in Liderahenk 2.0.1 allows users to access features that should be restricted. This could lead to unauthorized actions within the system. To fix this, update to version 2.0.2 or later.