Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
11202
Total
755
Critical
3234
High
3640
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-43060 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_ct: drop pending enqueued packets on removal Packets sitting in nfqueue might hold a … | May 05, 2026 |
| CVE-2026-43059 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix list corruption and UAF in command complete handlers Commit 302a1f674c00 ("Bluetooth: MGMT: … | May 05, 2026 |
| CVE-2026-39103 | UNKNOWN | — | Buffer Overflow vulnerability in GPAC before commit v391dc7f4d234988ea0bc3cc294eb725eddf8f702 allows an attacker to cause a denial of service via the src/scenegraph/svg_attributes.c, svg_parse_strings(), gf_svg_parse_attribute() | May 05, 2026 |
| CVE-2026-35192 | UNKNOWN | — | An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. Response headers do not vary on cookies if a session is not modified, … | May 05, 2026 |
| CVE-2026-34956 | MEDIUM | 5.9 | A flaw was found in Open vSwitch. When Open vSwitch is configured with a conntrack flow using FTP helpers over the userspace datapath, a remote … | May 05, 2026 |
| CVE-2026-34002 | MEDIUM | 6.1 | A flaw was found in the X.Org X server. This vulnerability, an out-of-bounds read, affects the XKB (X Keyboard Extension) modifier map handling. An attacker … | May 05, 2026 |
| CVE-2026-34000 | MEDIUM | 6.1 | A flaw was found in the X.Org X server. This out-of-bounds read vulnerability in the XKB geometry processing, specifically within the `CheckSetGeom()` and `XkbAddGeomKeyAlias` functions, … | May 05, 2026 |
| CVE-2026-32689 | UNKNOWN | — | Allocation of Resources Without Limits or Throttling vulnerability in phoenixframework phoenix allows a denial of service via the long-poll transport's NDJSON body handling. In 'Elixir.Phoenix.Transports.LongPoll':publish/4, … | May 05, 2026 |
| CVE-2026-31196 | UNKNOWN | — | The traceroute diagnostic handler in /bin/httpd_clientside for ALTICE LABS / SFR France GR140DG and GR140IG fibre CPE/Router/Gateway, inserts unsanitized user input into a system() call, … | May 05, 2026 |
| CVE-2026-31195 | UNKNOWN | — | The ping diagnostic handler in /bin/httpd_clientside for ALTICE LABS / SFR France GR140DG and GR140IG fibre CPE/Router/Gateway, inserts unsanitized user input into a system() call, … | May 05, 2026 |
| CVE-2025-66369 | UNKNOWN | — | An issue was discovered in MM in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 2100, 1280, 2200, 1330, 1380, 1480, 2400, … | May 05, 2026 |
| CVE-2025-61669 | UNKNOWN | — | Jupyter Server is the backend for Jupyter web applications. In jupyter_server versions through 2.17.0, the next query parameter in the login flow is insufficiently validated … | May 05, 2026 |
| CVE-2025-52206 | MEDIUM | 4.7 | ISPConfig 3.3.0 is vulnerable to Cross Site Scripting (XSS) via the system status webpage. | May 05, 2026 |
| CVE-2026-7834 | CRITICAL | 9.8 | A security vulnerability has been detected in EFM ipTIME NAS1dual 1.5.24. This issue affects the function get_csrf_whites of the file /cgi/advanced/misc_main.cgi. Such manipulation leads to … | May 05, 2026 |
| CVE-2026-7778 | MEDIUM | 5.0 | An issue that could allow a dashboard configuration to be viewed from outside of the authorized organization scope has been resolved. This is an instance … | May 05, 2026 |
| CVE-2026-4304 | HIGH | 7.5 | The WeePie Cookie Allow plugin for WordPress is vulnerable to SQL Injection via the 'consent' parameter in all versions up to, and including, 3.4.11 due … | May 05, 2026 |
| CVE-2026-36356 | CRITICAL | 9.1 | The GoAhead web server on MeiG Smart FORGE_SLT711 devices (firmware MDM9607.LE.1.0-00110-STD.PROD-1) allows unauthenticated OS command injection via the /action/SetRemoteAccessCfg endpoint. | May 05, 2026 |
| CVE-2026-36355 | HIGH | 7.7 | The rtl8192cd Wi-Fi kernel driver in the Realtek rtl819x Jungle SDK (all known versions through v3.4.14B) does not perform any access control checks on the … | May 05, 2026 |
| CVE-2026-34408 | UNKNOWN | — | An issue was discovered in Gambio 4.9.2.0 (patched in 2024-02 v1.0.0 for GX4 v4.0.0.0 to v4.9.2.0). The password reset function can be bypassed to set … | May 05, 2026 |
| CVE-2026-29168 | HIGH | 7.3 | Allocation of Resources Without Limits or Throttling vulnerability in Apache HTTP Server's mod_md via OCSP response data. This issue affects Apache HTTP Server: from 2.4.30 … | May 05, 2026 |
| CVE-2026-7833 | HIGH | 7.2 | A weakness has been identified in EFM ipTIME C200 up to 1.092. This vulnerability affects the function sub_408F90 of the file /cgi/iux_set.cgi of the component … | May 05, 2026 |
| CVE-2026-7832 | HIGH | 7.0 | A security flaw has been discovered in IObit Advanced SystemCare 19. This affects an unknown part of the file ASC.exe of the component Service. The … | May 05, 2026 |
| CVE-2026-6918 | HIGH | 7.5 | In Eclipse Open9J versions 0.21 to 0.58, a pre-authentication remote attacker can crash JITServer by sending a 32-byte crafted TCP message. | May 05, 2026 |
| CVE-2026-30246 | MEDIUM | 6.5 | Fiber is a web framework for Go. In github.com/gofiber/fiber/v3 versions through 3.1.0, the default key generator in the cache middleware uses only the request path … | May 05, 2026 |
| CVE-2026-28510 | MEDIUM | 5.9 | eLabFTW is an open source electronic lab notebook. In elabftw versions through 5.4.1, the login flow did not reliably preserve the multi-factor authentication state across … | May 05, 2026 |