Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
11202
Total
755
Critical
3234
High
3640
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-24120 | CRITICAL | 9.8 | vm2 is an open source vm/sandbox for Node.js. Prior to version 3.10.5, the fix for CVE-2023-37466 is insufficient and can be circumvented allowing attackers to … | May 04, 2026 |
| CVE-2026-24118 | CRITICAL | 9.8 | vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.0, VM2 suffers from a sandbox breakout vulnerability. This allows attackers to write code … | May 04, 2026 |
| CVE-2026-24082 | HIGH | 7.8 | Memory Corruption when copying data from a freed source while executing performance counter deselect operation. | May 04, 2026 |
| CVE-2025-47408 | HIGH | 7.8 | Memory corruption when another driver calls an IOCTL with invalid input/output buffer. | May 04, 2026 |
| CVE-2025-47407 | HIGH | 7.8 | Memory corruption while creating a process on the digital signal processor due to allocation failure at the kernel level. | May 04, 2026 |
| CVE-2025-47406 | MEDIUM | 6.1 | Information Disclosure while processing IOCTL handler callbacks without verifying buffer size. | May 04, 2026 |
| CVE-2025-47405 | HIGH | 7.8 | Memory corruption when processing camera sensor input/output control codes with invalid output buffers. | May 04, 2026 |
| CVE-2025-47404 | MEDIUM | 6.5 | Memory corruption when dynamically changing the size of a previously allocated buffer while its contents are being modified. | May 04, 2026 |
| CVE-2025-47403 | MEDIUM | 6.5 | Transient DOS when processing a malformed Fast Transition response frame with an invalid header structure during wireless roaming. | May 04, 2026 |
| CVE-2025-47401 | MEDIUM | 6.5 | Transient DOS when processing target power rate tables during channel configuration. | May 04, 2026 |
| CVE-2026-40563 | HIGH | 7.1 | Description: Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Atlas Apache Atlas exposes a DSL search endpoint that accepts user-supplied query strings. … | May 04, 2026 |
| CVE-2026-37458 | UNKNOWN | — | Missing input validation in the MP_REACH_NLRI component of FRRouting (FRR) stable/10.0 to stable/10.6 allows authenticated attackers to cause a Denial of Service (DoS) via supplying … | May 04, 2026 |
| CVE-2026-36365 | UNKNOWN | — | An issue in Lymphatus caesium-image-compressor All versions up to and including commit 02da2c6 allows a local attacker to execute arbitrary code via the shutdownMachine and … | May 04, 2026 |
| CVE-2025-70071 | MEDIUM | 5.9 | An issue in Assimp v.6.0.2 allows a remote attacker to cause a denial of service via the FBXParser.cpp, ParseVectorDataArray() | May 04, 2026 |
| CVE-2026-6501 | UNKNOWN | — | Improper restriction of XML external entity reference vulnerability in ILM Informatique jOpenDocument allows Data Serialization External Entities Blowup. This issue affects jOpenDocument: 1.5. | May 04, 2026 |
| CVE-2026-6500 | UNKNOWN | — | Plaintext storage of a password vulnerability in ILM Informatique OpenConcerto allows Retrieve Embedded Sensitive Data. This issue affects OpenConcerto: 1.7.5. | May 04, 2026 |
| CVE-2026-33523 | MEDIUM | 6.5 | HTTP response splitting vulnerability in multiple Apache HTTP Server modules with untrusted or compromised backend servers. This issue affects Apache HTTP Server: from through 2.4.66. … | May 04, 2026 |
| CVE-2026-33007 | MEDIUM | 5.3 | A NULL pointer dereference in the mod_authn_socache in Apache HTTP Server 2.4.66 and earlier allows an unauthenticated remote user to crash a child process in … | May 04, 2026 |
| CVE-2026-33006 | MEDIUM | 4.8 | A timing attack against mod_auth_digest in Apache HTTP Server 2.4.66 allows a bypass of Digest authentication by a remote attacker. Users are recommended to upgrade … | May 04, 2026 |
| CVE-2026-29169 | HIGH | 7.5 | A NULL pointer dereference in mod_dav_lock in Apache HTTP Server 2.4.66 and earlier may allow an attacker to crash the server with a malicious request.mod_dav_lock … | May 04, 2026 |
| CVE-2026-23918 | HIGH | 8.8 | Double Free and possible RCE vulnerability in Apache HTTP Server with the HTTP/2 protocol. This issue affects Apache HTTP Server: 2.4.66. Users are recommended to … | May 04, 2026 |
| CVE-2025-70072 | MEDIUM | 6.5 | An issue in Assimp v.6.0.2 allows a remote attacker to cause a denial of service via the FBXConverter.cpp, FBXConverter::ConvertMeshMultiMaterial() components | May 04, 2026 |
| CVE-2025-70070 | MEDIUM | 6.5 | An issue in Assimp v.6.0.2 allows a remote attacker to cause a denial of service via the FBXMeshGeometry.cpp, MeshGeometry::MeshGeometry() | May 04, 2026 |
| CVE-2025-13605 | UNKNOWN | — | 3onedata modbus gateway device model GW1101-1D(RS-485)-TB-P (hardware version V2.2.0) allows authenticated users to execute arbitrary shell commands in the context of the root user by … | May 04, 2026 |
| CVE-2026-6499 | UNKNOWN | — | Incorrect Permission Assignment for Critical Resource vulnerability in ILM Informatique OpenConcerto allows Replace Binaries. This issue affects OpenConcerto: 1.7.5. | May 04, 2026 |