ECV 2026 May

ECV 2026  January(17) February(28) March(23) April(29) May(14) June(11) July(0) August(0) September(0) October(0) November(0) December(0)

DATE

CVE

INFO

NAME

CWE

22.5.26 CVE-2026-34926  Trend Micro Apex One (On-Premise) Directory Traversal Vulnerability: Trend Micro Apex One (on-premise) contains a directory traversal vulnerability that could allow a pre-authenticated local attacker to modify a key table on the server to inject malicious code to deploy to agents on affected installations. Trend Micro | Apex One CWE-23
22.5.26 CVE-2025-34291 Langflow Origin Validation Error Vulnerability: Langflow contains an origin validation error vulnerability in which an overly permissive CORS configuration combined with a refresh token cookie configured as SameSite=None allows a malicious webpage to perform cross-origin requests that include credentials and successfully call the refresh endpoint. This could allow the attacker to execute arbitrary code and achieve full system compromise via obtained tokens that permit access to authenticated endpoints. Langflow | Langflow CWE-346
22.5.26 CVE-2026-45498 Microsoft Defender Denial of Service Vulnerability: Microsoft Defender contains an unspecified vulnerability that allows for denial of service. Microsoft | Defender
22.5.26 CVE-2026-41091 Microsoft Defender Link Following Vulnerability: Microsoft Defender contains a link following vulnerability that allows an authorized attacker to elevate privileges locally. Microsoft | Defender CWE-59
22.5.26 CVE-2010-0806 Microsoft Internet Explorer Use-After-Free Vulnerability: Microsoft Internet Explorer contains an use-after-free vulnerability that could allow remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization. Microsoft | Internet Explorer CWE-399
22.5.26 CVE-2010-0249 Microsoft Internet Explorer Use-After-Free Vulnerability: Microsoft Internet Explorer contains an use-after-free vulnerability that could allow remote attackers to execute arbitrary code by accessing a pointer associated with a deleted object. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization. Microsoft | Internet Explorer CWE-416
22.5.26 CVE-2009-3459 Adobe Acrobat and Reader Heap-Based Buffer Overflow Vulnerability: Adobe Acrobat and Reader contain a heap-based buffer overflow vulnerability which could allow remote attackers to execute arbitrary code via a crafted PDF file that triggers memory corruption. Adobe | Acrobat and Reader CWE-119
22.5.26 CVE-2009-1537 Microsoft DirectX NULL Byte Overwrite Vulnerability: Microsoft DirectX contains a NULL byte overwrite vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow which could allow remote attackers to execute arbitrary code via a crafted QuickTime media file. Microsoft | DirectX
22.5.26 CVE-2008-4250 Microsoft Windows Buffer Overflow Vulnerability: Microsoft Windows contains a buffer overflow vulnerability in the Windows Server Service that allows remote attackers to execute arbitrary code via a crafted RPC request that triggers an overflow during path canonicalization. Microsoft | Windows CWE-94
9.5.26 CVE-2026-42208 BerriAI LiteLLM SQL Injection Vulnerability: BerriAI LiteLLM contains a SQL injection vulnerability that allows an attacker to read data from the proxy's database and potentially modify it, leading to unauthorised access to the proxy and the credentials it manages. BerriAI | LiteLLM CWE-89
9.5.26 CVE-2026-6973 Ivanti Endpoint Manager Mobile (EPMM) Improper Input Validation Vulnerability: Ivanti Endpoint Manager Mobile (EPMM) contains an improper input validation vulnerability that allows a remotely authenticated user with administrative access to achieve remote code execution. Ivanti | Endpoint Manager Mobile (EPMM) CWE-20
9.5.26 CVE-2026-0300 Palo Alto Networks PAN-OS Out-of-bounds Write Vulnerability: Palo Alto Networks PAN-OS contains an out-of-bounds write vulnerability in the User-ID Authentication Portal (aka Captive Portal) service that can allow an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets. Palo Alto Networks | PAN-OS CWE-787
3.5.26 CVE-2026-31431 Linux Kernel Incorrect Resource Transfer Between Spheres Vulnerability: Linux Kernel contains an incorrect resource transfer between spheres vulnerability that could allow for privilege escalation. Linux | Kernel CWE-699
3.5.26 CVE-2026-41940 WebPros cPanel & WHM and WP2 (WordPress Squared) Missing Authentication for Critical Function Vulnerability: WebPros cPanel & WHM (WebHost Manager) and WP2 (WordPress Squared) contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel. WebPros | cPanel & WHM and WP2 (WordPress Squared) CWE-306