CVE Vulnerabilities - 22 May 2026

An error in Microsoft Entra ID's origin validation allows an unauthorized attacker to gain elevated network access. This means that an attacker could potentially access sensitive information or take c...

A security check is bypassed in Go SSH servers when using an incorrect authentication method. This allows unauthorized access to the server. To fix this, update your Go SSH server to the latest versio...

Unifi OS devices can be compromised if an attacker is on the same network. This could allow the attacker to execute unauthorized system commands. To protect your network, ensure you keep UniFi OS soft...

UniFi OS devices have a security weakness that allows an attacker with network access to access sensitive files on the system. This could potentially be used to gain further access to the system. To p...

This vulnerability affects UniFi OS devices. If left unpatched, a malicious actor with access to the network could make unauthorized changes to the system, potentially disrupting network operations. T...

A security issue affects Debian Linux systems, allowing an attacker to run unauthorized code on a vulnerable system without needing a password. This could potentially allow an attacker to take control...

Azure Resource Manager's authentication system is flawed, allowing unauthorized users to gain higher levels of access to Azure resources over the network. This is a significant risk because it could a...

An attacker can upload malicious files to Azure Orbital Spatio, potentially allowing them to execute code remotely. This can lead to unauthorized access and control of the system. To mitigate this ris...

An attacker can bypass authentication in Azure Active Directory B2C, allowing them to access sensitive information or perform unauthorized actions. This is a serious issue because it can lead to data ...

An unauthorized attacker can execute code over a network if they exploit a weakness in Microsoft Power Pages. This could lead to unauthorized access to sensitive information or system takeover. It's r...

YesWiki installations are vulnerable to SQL injection attacks, allowing attackers to access the entire database, including usernames, emails, and hashed passwords. This is a serious security risk that...

Apache HTTP Server versions 2.4.52 and earlier have a vulnerability that allows attackers to execute arbitrary code on a server without needing a password. This could allow hackers to take control of ...

A security issue in NGINX's rewrite module can be exploited by sending specially crafted HTTP requests. This may cause the system to crash or allow an attacker to execute malicious code. If you're usi...

An attacker can inject malicious commands into Microsoft Copilot, potentially allowing them to access or modify sensitive data over a network. This vulnerability puts users' data at risk. To protect y...

A public share link can be used to move, copy, or rename files outside the intended shared directory. This can happen if the share owner allows others to modify the shared files. To fix this, update t...

Apache HTTP Server may crash if it receives certain types of network packets. This can cause the server to become unresponsive, leading to downtime and potential data loss. To protect against this, en...

A public share link allows an attacker to move, copy, or rename files outside the intended shared directory. This can happen if the share link has 'AllowModify' enabled. To fix this, update FileBrowse...

A security issue in the Golang SSH known hosts package allows attackers to bypass authentication by exploiting a flaw in how revoked keys are checked. This could allow unauthorized access to systems t...

The Go SSH library can hang if you write large amounts of data at once. This happens because of a math error when checking the data size. To fix this, the library now uses a larger number type to avoi...

The golang.org/x/crypto/ssh/agent library in Go did not enforce a security setting for signing keys. This meant that keys could be used to sign without requiring a confirmation prompt. The issue has b...

The Go SSH agent key forwarding feature had a security issue that could allow a key to be used on a remote host without restrictions. This has been fixed to ensure that key restrictions are properly e...

High-privilege network access could allow an attacker to inject malicious commands on UniFi OS devices, potentially leading to unauthorized system modifications or data exposure. This vulnerability af...

When writing large amounts of data over an SSH connection, it can cause the server to crash or become unresponsive. This is a concern for businesses that rely on remote access to their servers. To mit...

Apache Kafka's remote agent extension allows attackers to execute arbitrary code when adding a key to a constraint. This vulnerability affects systems using the remote agent extension, potentially lea...

FIDO/U2F security keys used in some applications may be vulnerable to verification bypass attacks. This means an attacker could potentially access the key without needing to know the correct PIN or ot...