ECV 2026 May
ECV 2026 January(17) February(28) March(23) April(29) May(5) June(0) July(0) August(0) September(0) October(0) November(0) December(0)
DATE |
CVE |
NAME |
INFO |
CWE |
| 9.5.26 | CVE-2026-42208 | BerriAI | LiteLLM | BerriAI LiteLLM SQL Injection Vulnerability: BerriAI LiteLLM contains a SQL injection vulnerability that allows an attacker to read data from the proxy's database and potentially modify it, leading to unauthorised access to the proxy and the credentials it manages. | CWE-89 |
| 9.5.26 | CVE-2026-6973 | Ivanti | Endpoint Manager Mobile (EPMM) | Ivanti Endpoint Manager Mobile (EPMM) Improper Input Validation Vulnerability: Ivanti Endpoint Manager Mobile (EPMM) contains an improper input validation vulnerability that allows a remotely authenticated user with administrative access to achieve remote code execution. | CWE-20 |
| 9.5.26 | CVE-2026-0300 | Palo Alto Networks | PAN-OS | Palo Alto Networks PAN-OS Out-of-bounds Write Vulnerability: Palo Alto Networks PAN-OS contains an out-of-bounds write vulnerability in the User-ID Authentication Portal (aka Captive Portal) service that can allow an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets. | CWE-787 |
| 3.5.26 | CVE-2026-31431 | Linux | Kernel | Linux Kernel Incorrect Resource Transfer Between Spheres Vulnerability: Linux Kernel contains an incorrect resource transfer between spheres vulnerability that could allow for privilege escalation. | CWE-699 |
| 3.5.26 | CVE-2026-41940 | WebPros | cPanel & WHM and WP2 (WordPress Squared) | WebPros cPanel & WHM and WP2 (WordPress Squared) Missing Authentication for Critical Function Vulnerability: WebPros cPanel & WHM (WebHost Manager) and WP2 (WordPress Squared) contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel. | CWE-306 |