ECV 2026 May
ECV 2026 January(17) February(28) March(23) April(29) May(14) June(11) July(0) August(0) September(0) October(0) November(0) December(0)
DATE |
CVE | INFO |
NAME |
CWE |
| 22.5.26 | CVE-2026-34926 | Trend Micro Apex One (On-Premise) Directory Traversal Vulnerability: Trend Micro Apex One (on-premise) contains a directory traversal vulnerability that could allow a pre-authenticated local attacker to modify a key table on the server to inject malicious code to deploy to agents on affected installations. | Trend Micro | Apex One | CWE-23 |
| 22.5.26 | CVE-2025-34291 | Langflow Origin Validation Error Vulnerability: Langflow contains an origin validation error vulnerability in which an overly permissive CORS configuration combined with a refresh token cookie configured as SameSite=None allows a malicious webpage to perform cross-origin requests that include credentials and successfully call the refresh endpoint. This could allow the attacker to execute arbitrary code and achieve full system compromise via obtained tokens that permit access to authenticated endpoints. | Langflow | Langflow | CWE-346 |
| 22.5.26 | CVE-2026-45498 | Microsoft Defender Denial of Service Vulnerability: Microsoft Defender contains an unspecified vulnerability that allows for denial of service. | Microsoft | Defender | |
| 22.5.26 | CVE-2026-41091 | Microsoft Defender Link Following Vulnerability: Microsoft Defender contains a link following vulnerability that allows an authorized attacker to elevate privileges locally. | Microsoft | Defender | CWE-59 |
| 22.5.26 | CVE-2010-0806 | Microsoft Internet Explorer Use-After-Free Vulnerability: Microsoft Internet Explorer contains an use-after-free vulnerability that could allow remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization. | Microsoft | Internet Explorer | CWE-399 |
| 22.5.26 | CVE-2010-0249 | Microsoft Internet Explorer Use-After-Free Vulnerability: Microsoft Internet Explorer contains an use-after-free vulnerability that could allow remote attackers to execute arbitrary code by accessing a pointer associated with a deleted object. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization. | Microsoft | Internet Explorer | CWE-416 |
| 22.5.26 | CVE-2009-3459 | Adobe Acrobat and Reader Heap-Based Buffer Overflow Vulnerability: Adobe Acrobat and Reader contain a heap-based buffer overflow vulnerability which could allow remote attackers to execute arbitrary code via a crafted PDF file that triggers memory corruption. | Adobe | Acrobat and Reader | CWE-119 |
| 22.5.26 | CVE-2009-1537 | Microsoft DirectX NULL Byte Overwrite Vulnerability: Microsoft DirectX contains a NULL byte overwrite vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow which could allow remote attackers to execute arbitrary code via a crafted QuickTime media file. | Microsoft | DirectX | |
| 22.5.26 | CVE-2008-4250 | Microsoft Windows Buffer Overflow Vulnerability: Microsoft Windows contains a buffer overflow vulnerability in the Windows Server Service that allows remote attackers to execute arbitrary code via a crafted RPC request that triggers an overflow during path canonicalization. | Microsoft | Windows | CWE-94 |
| 9.5.26 | CVE-2026-42208 | BerriAI LiteLLM SQL Injection Vulnerability: BerriAI LiteLLM contains a SQL injection vulnerability that allows an attacker to read data from the proxy's database and potentially modify it, leading to unauthorised access to the proxy and the credentials it manages. | BerriAI | LiteLLM | CWE-89 |
| 9.5.26 | CVE-2026-6973 | Ivanti Endpoint Manager Mobile (EPMM) Improper Input Validation Vulnerability: Ivanti Endpoint Manager Mobile (EPMM) contains an improper input validation vulnerability that allows a remotely authenticated user with administrative access to achieve remote code execution. | Ivanti | Endpoint Manager Mobile (EPMM) | CWE-20 |
| 9.5.26 | CVE-2026-0300 | Palo Alto Networks PAN-OS Out-of-bounds Write Vulnerability: Palo Alto Networks PAN-OS contains an out-of-bounds write vulnerability in the User-ID Authentication Portal (aka Captive Portal) service that can allow an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets. | Palo Alto Networks | PAN-OS | CWE-787 |
| 3.5.26 | CVE-2026-31431 | Linux Kernel Incorrect Resource Transfer Between Spheres Vulnerability: Linux Kernel contains an incorrect resource transfer between spheres vulnerability that could allow for privilege escalation. | Linux | Kernel | CWE-699 |
| 3.5.26 | CVE-2026-41940 | WebPros cPanel & WHM and WP2 (WordPress Squared) Missing Authentication for Critical Function Vulnerability: WebPros cPanel & WHM (WebHost Manager) and WP2 (WordPress Squared) contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel. | WebPros | cPanel & WHM and WP2 (WordPress Squared) | CWE-306 |