# HarborGuard Database > Open CVE search and triage analysis for HIGH and CRITICAL container-relevant vulnerabilities published in the current year. Data is ingested directly from the official CVE Project V5 git mirror (github.com/CVEProject/cvelistV5) every 5 minutes. Each CVE detail page carries plain-English analysis: synopsis, exploit conditions derived from the CVSS vector, blast radius, and capability framing for how HarborGuard handles detection, triage, and patching. ## Site facts - Site: https://database.harborguard.co - Coverage: HIGH and CRITICAL severity CVEs only - Source of truth: CVE Project V5 mirror (CC0-licensed, public domain) - Refresh cadence: every 5 minutes - Total entries: 10318 (CRITICAL 2196 · HIGH 8122) - Newest record: 2026-06-03 ## How to use this site programmatically - Sitemap: https://database.harborguard.co/sitemap.xml - Detail-page URL pattern: https://database.harborguard.co/cve/{CVE-ID} - Search via query string: https://database.harborguard.co/?q={term} - Filter by fix availability: https://database.harborguard.co/?fix=yes (or https://database.harborguard.co/?fix=no) - Every CVE detail page emits Schema.org JSON-LD: TechArticle + BreadcrumbList + FAQPage (when LLM-generated analysis is present) ## Detail-page content Each /cve/{ID} page contains: - Title, description, CNA assigner, publish + modify dates - CVSS base score, version, vector (4.0 or 3.x as recorded by the CNA) - Severity (HIGH or CRITICAL) - Affected vendor/product entries with version ranges and per-product fix versions when published - Aggregated fix-version list and patch-commit references when published - HarborGuard Analysis (when present): synopsis, coverage pipeline status (Detection / Triage / Patch), exploit conditions, blast radius, capability framing - Upstream references with deep links to the CNA advisory, NVD entry, GitHub commits, and vendor pages ## Latest entries - [CVE-2026-44682](https://database.harborguard.co/cve/CVE-2026-44682) — HIGH: Local privilege escalation due to DLL hijacking vulnerability - [CVE-2026-42061](https://database.harborguard.co/cve/CVE-2026-42061) — HIGH: Local privilege escalation due to excessive permissions assigned to child processes - [CVE-2026-50033](https://database.harborguard.co/cve/CVE-2026-50033) — HIGH: Local privilege escalation due to DLL hijacking vulnerability - [CVE-2026-44609](https://database.harborguard.co/cve/CVE-2026-44609) — HIGH: Local privilege escalation due to EXE hijacking vulnerability - [CVE-2026-7888](https://database.harborguard.co/cve/CVE-2026-7888) — HIGH: Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection via unserialize() calls in the Workflow, Form block, and File/Set components - [CVE-2026-40290](https://database.harborguard.co/cve/CVE-2026-40290) — HIGH: OP-TEE has a Use-After-Free race in FF-A shared-memory teardown - [CVE-2026-20230](https://database.harborguard.co/cve/CVE-2026-20230) — HIGH: A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Un - [CVE-2026-42321](https://database.harborguard.co/cve/CVE-2026-42321) — HIGH: GLPI has stored XSS in asset locks - [CVE-2026-42318](https://database.harborguard.co/cve/CVE-2026-42318) — HIGH: GLPI Vulnerable to Arbitrary Item Deletion via Planning Endpoint - [CVE-2026-42317](https://database.harborguard.co/cve/CVE-2026-42317) — HIGH: GLPI vulnerable to arbitrary files deletion by technician - [CVE-2026-44281](https://database.harborguard.co/cve/CVE-2026-44281) — HIGH: GLPI vulnerable to unauthorized reading of a specific asset object - [CVE-2026-5241](https://database.harborguard.co/cve/CVE-2026-5241) — HIGH: Policy Bypass in LightGlue Nested Config Resolution in huggingface/transformers - [CVE-2026-35085](https://database.harborguard.co/cve/CVE-2026-35085) — HIGH: Stack buffer overflow in method gdv-serverconfig - [CVE-2026-35084](https://database.harborguard.co/cve/CVE-2026-35084) — HIGH: Stack buffer overflow in method dali-devconfig - [CVE-2026-35083](https://database.harborguard.co/cve/CVE-2026-35083) — HIGH: Stack buffer overflow in method bac-deviceobject - [CVE-2026-35082](https://database.harborguard.co/cve/CVE-2026-35082) — HIGH: Local file inclusion vulnerability and deletion in ugw-logread method - [CVE-2026-35081](https://database.harborguard.co/cve/CVE-2026-35081) — HIGH: Arbitrary process termination vulnerability in method ugw-logstop - [CVE-2026-35080](https://database.harborguard.co/cve/CVE-2026-35080) — HIGH: Arbitrary file delete vulnerability in method ugw-restoreinfo - [CVE-2026-35079](https://database.harborguard.co/cve/CVE-2026-35079) — HIGH: Arbitrary file delete vulnerability in method ugw-restore - [CVE-2026-35078](https://database.harborguard.co/cve/CVE-2026-35078) — HIGH: Arbitrary file delete vulnerability in method ugw-logstop - [CVE-2026-35077](https://database.harborguard.co/cve/CVE-2026-35077) — HIGH: Arbitrary file delete vulnerability in method ugw-delete-file - [CVE-2026-35076](https://database.harborguard.co/cve/CVE-2026-35076) — HIGH: Arbitrary file delete vulnerability in method bac-scanresult - [CVE-2026-35075](https://database.harborguard.co/cve/CVE-2026-35075) — CRITICAL: Hardcoded default Password for Service Account - [CVE-2026-41032](https://database.harborguard.co/cve/CVE-2026-41032) — HIGH: Phoenix Contact: Unauthenticated log download vulnerability in the firmware of CHARX SEC-3xxx charging controllers - [CVE-2026-47065](https://database.harborguard.co/cve/CVE-2026-47065) — CRITICAL: Apache MINA: Critical Deserialization Allow-list Bypass via resolveProxyClass - ZDRES-232 ## Attribution CVE records are sourced from the CVE Program (cve.org). HarborGuard is the publisher of the analysis layer and the user interface; the underlying CVE data is the property of the CVE Numbering Authorities that assigned each ID.