CVE Vulnerabilities - 8 May 2026

The free5GC's NEF nnef-pfdmanagement API does not require a valid login token, allowing an attacker to read sensitive data and create or delete subscriptions. This is a security issue that affects the...

The free5GC's SMF (Service Management Function) has a security issue in its UPI (Unified Policy Interface) management interface. This means that an attacker can access and modify sensitive data withou...

A security issue exists in free5GC's NEF software. The OAM route group is not protected by a login check, allowing unauthorized access to sensitive operations. This issue can be exploited by an attack...

Emlog, a website building system, had a security weakness that allowed hackers to access and manipulate its database. This could lead to the theft of sensitive information or even destroy the system. ...

Data Space Portal versions 2.1.1 to 7.3.1 are at risk of unauthorized access to new user accounts. This could allow an attacker to gain access to sensitive data. Update to version 7.3.2 or later to fi...

OpenVPN servers with an OAuth2 plugin in experimental mode may let unauthorized users connect. This happens when they use a client that doesn't support single sign-on. The fix is included in version 1...

An older version of Remote Spark SparkView software on a server can be exploited by an attacker to gain full control of the server, potentially leading to data theft or system damage. This vulnerabili...

OpenLearnX's code execution environment has a critical flaw that could allow an attacker to run malicious code on the server, potentially leading to unauthorized access or data breaches. This issue ha...

Termix, a web-based server management platform, had a security issue that allowed an attacker to execute commands on managed servers. This happened when an attacker entered a special container ID. The...

The NVIDIA Garak AI Scanner has a security issue that allows attackers to inject malicious code into the browser. This could potentially allow them to take control of the system. Users should update t...

A security issue exists in pfSense CE 2.8.0 that allows administrators to execute unauthorized code through the XMLRPC API. This could potentially allow an attacker to gain control of the system if an...

FastGPT's AI Agent building platform has a security issue from version 4.14.10 to 4.14.12. This means that anyone with access to the network can potentially take control of the AI Agent without needin...

An attacker can create a malicious Docker image that executes code without needing a password. This could allow them to access sensitive information. To protect against this, ensure that you have the ...

A security issue in Snipe-IT versions 8.4.0 and earlier could allow an attacker to execute malicious code remotely. This affects users who have not updated to a fixed version. To protect your system, ...

MailEnable's Enterprise Premium version 10.55 and earlier has a security issue that lets attackers gain access to administrative tools without permission. This is because the system doesn't properly c...

Electerm's terminal client has a security issue that allows an attacker to run malicious code on a user's computer if they can trick the client into loading a malicious file. This is fixed in version ...

A vulnerability in NornicDB's Bolt server allows unauthorized remote access to the graph database on a local area network, exposing sensitive data and credentials. This occurs because the Bolt server ...

pgx is a PostgreSQL driver and toolkit for Go. Prior to version 5.9.2, SQL injection can occur when the non-default simple protocol is used, a dollar quoted string literal is used in the SQL query, th...

The pgx PostgreSQL driver for Go has a security issue that allows attackers to inject malicious SQL code. This can happen when using a non-standard PostgreSQL protocol and a specific type of SQL query...

The fohrloop dash-uploader, used to upload files, has a security flaw that lets an attacker run unauthorized code on a server. This could allow an attacker to access sensitive data or disrupt the serv...

The Go PostgreSQL driver pgx has a security issue that allows attackers to inject malicious SQL code. This can happen when using a non-standard protocol and a specific type of SQL query. To fix this, ...

A vulnerability in vm2 allows attackers to break out of a sandbox and execute arbitrary commands on the host system. This could allow attackers to run malicious code and access sensitive data. To prot...

A vulnerability in vm2 allows attackers to break out of the sandbox and execute arbitrary commands on the host system. This could happen if an attacker can manipulate the vm2 environment. To protect y...

An attacker can run malicious code on a Debian Linux server without needing a password. This is a serious security issue because an attacker could access sensitive data or take control of the server. ...

A vulnerability in the Linux kernel's mlx5 driver could cause incorrect fragment counting, potentially leading to a negative reference counting error. This issue has been resolved in a recent update. ...