CVE Vulnerabilities - 21 May 2026

BoxLite's protection against unauthorized file modifications is weakened, allowing malicious code to alter sensitive data. This can lead to code execution on the host, compromising user credentials an...

A security issue exists in Altium 365's SearchService, allowing an attacker to access and modify search results without needing a login. This could reveal sensitive information and affect search resul...

The Windows-MCP server exposes PowerShell to unauthenticated users via HTTP. This allows an attacker to execute commands as the Windows user running Windows-MCP. To fix this, update to the latest vers...

Mattermost versions 11.6.x, 11.5.x, and 10.11.x are vulnerable to a security issue that allows an authenticated user to access sensitive information. This issue affects users who have system admin pri...

The CNID daemon in Netatalk versions 2.0.0 through 4.4.2 has a security flaw that allows a remote attacker to gain elevated access to the system or crash it. This affects users who run Netatalk, a fil...

A vulnerability in Debian Linux allows an attacker with normal user privileges to gain full control over the system. This could be exploited by a malicious user to install malware, delete or modify fi...

The BookingPress Pro plugin for WordPress is vulnerable to malicious file uploads, which could allow an attacker to potentially execute code remotely. This issue affects all versions up to 5.6. To pro...

The Fission router has a security issue that allows anyone who can reach it to call any function, even if it's not meant to be accessed publicly. This could allow unauthorized access to sensitive func...

Apache Fory is a tool that can deserialize data, which is the process of taking data and converting it back into its original form. If an attacker can control the data being deserialized, they may be ...

Cockpit, a web-based server administration tool, allows attackers to run malicious code on a server without a password. This can happen if a user with malicious intentions visits a specially crafted w...

Cockpit, a web-based server administration tool, allows unauthorized users to execute malicious code on a server via the web browser. This could lead to server compromise and data loss. Update Cockpit...

A vulnerability in the Trend Micro Apex One management console could allow a malicious attacker to upload and run code on affected installations. This is a concern for customers who expose their conso...

A security weakness in the Trend Micro Apex One management console lets hackers upload and run malicious code on affected systems. If your console's IP address is exposed to the internet, consider lim...

The Divi Form Builder plugin for WordPress has a security issue that allows unauthenticated attackers to create administrator accounts. This is a concern because an attacker with an admin account can ...

A security issue in the Linux kernel's IPv6 packet handling code could allow an attacker to write outside the intended memory area, potentially leading to a system crash or data corruption. This issue...

Apache HTTP Server versions 2.4.52 and earlier have a vulnerability that could allow an attacker to execute arbitrary code on a server. This is a serious risk because an attacker could take control of...

Adobe Flash Player has a vulnerability that can allow hackers to run malicious code on your computer. This could lead to your system being compromised, and your data being stolen or altered. Update Ad...

A vulnerability in the Apache HTTP Server software for Windows allows attackers to execute malicious code on affected servers. This could happen if a user visits a specially crafted website or clicks ...

Adobe Acrobat users may be at risk of having malicious code executed on their computers if they open a specially crafted PDF file. This could allow an attacker to take control of the user's system. Ad...

The Avada Builder plugin for WordPress allows attackers to run code on a website without needing a password. This is a serious security risk because attackers can do anything they want with the websit...

A vulnerability in Boxlite allows attackers to create malicious images that can write arbitrary content to any path on the host. This could lead to further attacks, such as remote code execution on th...

A security flaw in Twig allows attackers to inject malicious PHP code into templates. This can lead to unauthorized access to sensitive data and potentially allow attackers to execute code on the serv...

Versions of Hulumi Policies before 1.3.2 did not properly check some AWS IAM condition operators, which could allow an attacker to bypass security checks. This vulnerability has been fixed in version ...

WP Directory Kit versions 1.5.0 and earlier are vulnerable to a SQL injection attack, which could allow an attacker to access sensitive data. This is a serious issue because it could lead to unauthori...

Versions of Hulumi Policies before 1.3.2 may allow attackers to bypass security checks. This affects users who rely on Hulumi Policies for GitHub Actions security. To fix this, update Hulumi Policies ...