Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
11202
Total
755
Critical
3234
High
3640
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-25588 | UNKNOWN | — | RedisTimeSeries is a time-series module for Redis. In all versions before 1.12.14 of RedisTimeSeries, the module does not properly validate serialized values processed through the … | May 05, 2026 |
| CVE-2026-25243 | HIGH | 8.8 | Redis is an in-memory data structure store. In versions of redis-server up to 8.6.3, the RESTORE command does not properly validate serialized values. An authenticated … | May 05, 2026 |
| CVE-2026-23631 | HIGH | 8.1 | Redis is an in-memory data structure store. In all versions of redis-server with Lua scripting, an authenticated attacker can exploit the master-replica synchronization mechanism to … | May 05, 2026 |
| CVE-2026-23479 | HIGH | 8.8 | Redis is an in-memory data structure store. In redis-server from 7.2.0 until 8.6.3, the unblock client flow does not handle an error return from `processCommandAndResetClient` … | May 05, 2026 |
| CVE-2026-7865 | UNKNOWN | — | A hidden console command is vulnerable to command injection flaw when control characters are passed to its second argument. A third party researcher Eugene Lim … | May 05, 2026 |
| CVE-2026-7846 | LOW | 2.6 | A vulnerability has been found in chatchat-space Langchain-Chatchat up to 0.3.1.3. Impacted is the function files of the file libs/chatchat-server/chatchat/server/api_server/openai_routes.py of the component OpenAI-Compatible File … | May 05, 2026 |
| CVE-2026-7845 | LOW | 2.6 | A flaw has been found in chatchat-space Langchain-Chatchat up to 0.3.1.3. This issue affects the function PIL.Image.tobytes of the file libs/chatchat-server/chatchat/webui_pages/dialogue/dialogue.py of the component Vision … | May 05, 2026 |
| CVE-2026-7844 | MEDIUM | 6.3 | A vulnerability was detected in chatchat-space Langchain-Chatchat up to 0.3.1.3. This vulnerability affects the function files/list_files/retrieve_file/retrieve_file_content/delete_file of the file libs/chatchat-server/chatchat/server/api_server/openai_routes.py of the component Compatible File … | May 05, 2026 |
| CVE-2026-7412 | HIGH | 8.6 | In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, the Operation Delegation feature fails to validate the destination URI of delegated requests. An unauthenticated … | May 05, 2026 |
| CVE-2026-7411 | CRITICAL | 10.0 | In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, inadequate path normalization in the Submodel HTTP API allows an unauthenticated remote attacker to perform … | May 05, 2026 |
| CVE-2026-6907 | MEDIUM | 4.3 | An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. `django.middleware.cache.UpdateCacheMiddleware` erroneously caches requests where the `Vary` header contained an asterisk (`'*'`). This … | May 05, 2026 |
| CVE-2026-5766 | MEDIUM | 5.3 | An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. ASGI requests with a missing or understated `Content-Length` header can bypass the `FILE_UPLOAD_MAX_MEMORY_SIZE` … | May 05, 2026 |
| CVE-2026-43073 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: x86-64: rename misleadingly named '__copy_user_nocache()' function This function was a masterclass in bad naming, for … | May 05, 2026 |
| CVE-2026-43072 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: drm/vc4: platform_get_irq_byname() returns an int platform_get_irq_byname() will return a negative value if an error happens, … | May 05, 2026 |
| CVE-2026-43071 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: dcache: Limit the minimal number of bucket to two There is an OOB read problem … | May 05, 2026 |
| CVE-2026-43070 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: bpf: Reset register ID for BPF_END value tracking When a register undergoes a BPF_END (byte … | May 05, 2026 |
| CVE-2026-43069 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_ll: Fix firmware leak on error path Smatch reports: drivers/bluetooth/hci_ll.c:587 download_firmware() warn: 'fw' from … | May 05, 2026 |
| CVE-2026-43068 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: ext4: avoid allocate block from corrupted group in ext4_mb_find_by_goal() There's issue as follows: ... EXT4-fs … | May 05, 2026 |
| CVE-2026-43067 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: ext4: handle wraparound when searching for blocks for indirect mapped blocks Commit 4865c768b563 ("ext4: always … | May 05, 2026 |
| CVE-2026-43066 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: ext4: fix iloc.bh leak in ext4_fc_replay_inode() error paths During code review, Joseph found that ext4_fc_replay_inode() … | May 05, 2026 |
| CVE-2026-43065 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: ext4: always drain queued discard work in ext4_mb_release() While reviewing recent ext4 patch[1], Sashiko raised … | May 05, 2026 |
| CVE-2026-43064 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix not releasing workqueue on .release() The workqueue associated with an DSA/IAA device … | May 05, 2026 |
| CVE-2026-43063 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: xfs: don't irele after failing to iget in xfs_attri_recover_work xlog_recovery_iget* never set @ip to a … | May 05, 2026 |
| CVE-2026-43062 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix type confusion in l2cap_ecred_reconf_rsp() l2cap_ecred_reconf_rsp() casts the incoming data to struct l2cap_ecred_conn_rsp … | May 05, 2026 |
| CVE-2026-43061 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: serial: 8250: Fix TX deadlock when using DMA `dmaengine_terminate_async` does not guarantee that the `__dma_tx_complete` … | May 05, 2026 |