CVE Vulnerabilities - 20 May 2026

An attacker can upload malicious files to a WooCommerce store using the WP Swings Gift Cards For WooCommerce Pro plugin. This could allow them to compromise the store's security or disrupt its operati...

A vulnerability in Cisco Secure Workload's internal APIs could allow an unauthorized attacker to access sensitive resources and make changes with administrator privileges. This could happen if an atta...

The Unbound DNS Server, up to version 1.25.0, can be tricked into caching fake DNS information by an attacker. This could lead to incorrect DNS results for users. To fix this, update to version 1.25.1...

A security issue in Debian Linux allows unprivileged users to gain elevated privileges, potentially allowing them to access sensitive areas of the system or execute malicious code. This affects all De...

Certain versions of Twig, a templating engine, allow attackers to bypass security restrictions and execute arbitrary code when rendering templates. This affects websites that use affected versions of ...

Twig templates, used in web applications, can be exploited by attackers to execute arbitrary code if a custom source policy is used. This can happen if an attacker can manipulate the template renderin...

The HP Linux Printing Software has a potential weakness that could allow unauthorized users to gain extra permissions or run malicious code. This could happen if the software is sent a specially desig...

The HP Linux Imaging and Printing Software may be vulnerable to attacks that allow unauthorized access to sensitive data or system functions. This could happen if an attacker sends specially crafted p...

An attacker can access sensitive settings and disrupt the Taiko AG1000-01A SMS Alert Gateway's monitoring and control functions without a password. This is a concern because it could lead to unauthori...

The Taiko AG1000-01A SMS Gateway versions 7.3 and 8 contain a security flaw where sensitive login information is hardcoded into the device's web interface. This makes it possible for unauthorized user...

A bug in NornicDB's Bolt server causes it to listen on all network interfaces instead of the specified address. This allows unauthorized access to the graph database on local networks. To fix, update ...

If you're using Nornicdb version 1.0.42 or earlier, your graph database is accessible to other devices on the same network. This is because the database is set to accept connections from any device, u...

A vulnerability in the Apache HTTP Server for Windows allows an attacker to upload malicious files, potentially leading to arbitrary code execution. This affects Apache HTTP Server installations on Wi...

A security issue in BIND 9's DNS-over-HTTPS feature can cause the software to crash or leak memory, potentially leading to a denial-of-service attack. This affects BIND 9 versions 9.20.0 through 9.20....

The HCL BigFix Service Management application uses outdated or insecure base images, which can introduce known vulnerabilities. This makes the application environment more susceptible to exploitation....

A bug in the DNSSEC validator of Unbound can cause the program to crash or run malicious code. This can happen if an attacker controls a signed DNS zone and sends a specially crafted query to a vulner...

Unbound DNSSEC validation software has a vulnerability that could allow hackers to crash the system or execute malicious code. This is a serious issue because it could be exploited by anyone who contr...

Apache HTTP Server versions 2.4.52 and earlier contain a vulnerability that allows attackers to inject malicious code into error pages, potentially allowing them to steal sensitive information or take...

The Boost plugin for WordPress has a security flaw that could allow hackers to inject malicious code into your website if they can trick a user into accepting a certain cookie. This only happens if yo...

The NVIDIA Triton Inference Server's DALI backend has a vulnerability that could allow an attacker to execute malicious code, manipulate data, or make the system unavailable. This affects systems usin...

An attacker could read sensitive data or execute malicious code on your server if they find this vulnerability. This affects the NVIDIA Triton Inference Server, which is used for machine learning task...

An attacker can bypass authentication in NVIDIA Triton Inference Server, potentially allowing them to execute malicious code, access sensitive data, or disrupt the system. This affects any organizatio...

The NVIDIA Triton Inference Server has a security weakness that could allow an attacker to bypass its normal security checks. This could lead to an attacker gaining more access or control than they sh...

NVIDIA's TRT-LLM software has a security issue in its RPC testing feature. An attacker could potentially take control of the system, disrupt its normal operation, or access sensitive data. NVIDIA shou...

NVIDIA's TRT-LLM software contains a vulnerability that could allow attackers to execute malicious code, tamper with data, and potentially access sensitive information. This could happen if a user ope...