CVE ID :CVE-2026-42288 Published : May 12, 2026, 11:16 p.m. | 1 hour, 9 minutes ago Description :ChurchCRM is an open-source church management system. Prior to 7.3.2, The fix for CVE-2026-39337 is incomplete. The…
CVE-2026-41901 – Thymeleaf: Improper recognition of unauthorized syntax patterns in sandboxed Thymeleaf expressions
CVE ID :CVE-2026-41901 Published : May 12, 2026, 11:16 p.m. | 1 hour, 9 minutes ago Description :Thymeleaf is a server-side Java template engine for web and standalone environments. Prior to 3.1.5.RELEASE, a security…
CVE-2026-43913 – Vaultwarden: Unconfirmed Owner Can Purge Entire Organization Vault
CVE ID :CVE-2026-43913 Published : May 11, 2026, 11:20 p.m. | 1 hour, 5 minutes ago Description :Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.35.5, Vaultwarden allows an unconfirmed organization owner…
CVE-2026-43912 – Vaultwarden: Cross-Org Group Binding Enables Unauthorized Read And Write Access Into Another Organization
CVE ID :CVE-2026-43912 Published : May 11, 2026, 11:20 p.m. | 1 hour, 5 minutes ago Description :Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.35.5, Vaultwarden does not enforce that a…
CVE-2026-43900 – DeepChat: Persistent DOM XSS via HTML Entity Encoding in “ SVG Rendering (Bypass of `svgSanitizer.ts`)
CVE ID :CVE-2026-43900 Published : May 11, 2026, 11:20 p.m. | 1 hour, 5 minutes ago Description :DeepChat is an open-source artificial intelligence agent platform that unifies models, tools, and agents. Prior to v1.0.4-beta.1,…
CVE-2026-43899 – DeepChat: Incomplete Fix for CVE-2025-55733 leads to Remote Code Execution via Markdown Links bypassing `isValidExternalUrl`
CVE ID :CVE-2026-43899 Published : May 11, 2026, 11:20 p.m. | 1 hour, 5 minutes ago Description :DeepChat is an open-source artificial intelligence agent platform that unifies models, tools, and agents. Prior to v1.0.4-beta.1,…
CVE-2026-34963 – barebox EFI PE Loader Memory Safety Vulnerabilities
CVE ID :CVE-2026-34963 Published : May 11, 2026, 11:19 p.m. | 1 hour, 5 minutes ago Description :barebox version prior to 2026.04.0 contains multiple memory-safety vulnerabilities in the EFI PE loader in efi/loader/pe.c where…
CVE-2022-50944 – Aero CMS 0.0.1 PHP Code Injection via posts.php
CVE ID :CVE-2022-50944 Published : May 10, 2026, 1:16 p.m. | 11 hours, 9 minutes ago Description :Aero CMS 0.0.1 contains a PHP code injection vulnerability that allows authenticated attackers to execute arbitrary PHP…
CVE-2021-47949 – CyberPanel 2.1 Authenticated Remote Code Execution via Symlink Attack
CVE ID :CVE-2021-47949 Published : May 10, 2026, 1:16 p.m. | 11 hours, 9 minutes ago Description :CyberPanel 2.1 contains a command execution vulnerability that allows authenticated attackers to read arbitrary files and execute…
CVE-2021-47945 – Argus Surveillance DVR 4.0 Unquoted Service Path Privilege Escalation
CVE ID :CVE-2021-47945 Published : May 10, 2026, 1:16 p.m. | 11 hours, 9 minutes ago Description :Argus Surveillance DVR 4.0 contains an unquoted service path vulnerability in the DVRWatchdog service that allows local…