Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
11537
Total
770
Critical
3263
High
3665
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-41572 | MEDIUM | 5.3 | Note Mark is an open-source note-taking application. Prior to version 0.19.3, after a note-mark owner soft-deletes a public book, its notes and uploaded assets stay … | May 04, 2026 |
| CVE-2026-41571 | CRITICAL | 9.4 | Note Mark is an open-source note-taking application. In version 0.19.2, IsPasswordMatch in backend/db/models.go falls back to a hard-coded bcrypt("null") placeholder whenever a user has no … | May 04, 2026 |
| CVE-2026-41471 | HIGH | 7.5 | Easy PayPal Events & Tickets plugin for WordPress versions 1.3 and earlier contain an information disclosure vulnerability in the QR code scanning endpoint that allows … | May 04, 2026 |
| CVE-2026-37459 | HIGH | 7.5 | An integer underflow in FRRouting (FRR) stable/10.0 to stable/10.6 allows attackers to cause a Denial of Service (DoS) via supplying a crafted BGP UPDATE message. | May 04, 2026 |
| CVE-2026-32834 | HIGH | 7.5 | Easy PayPal Events & Tickets plugin for WordPress version 1.3 and earlier contain a hardcoded authentication bypass vulnerability in the QR code scanning functionality that … | May 04, 2026 |
| CVE-2026-2828 | UNKNOWN | — | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this … | May 04, 2026 |
| CVE-2026-29004 | HIGH | 8.1 | BusyBox before commit 42202bf contains a heap buffer overflow vulnerability in the DHCPv6 client (udhcpc6) DNS_SERVERS option handler in networking/udhcp/d6_dhcpc.c that allows network-adjacent attackers to … | May 04, 2026 |
| CVE-2026-0073 | HIGH | 8.8 | In adbd_tls_verify_cert of auth.cpp, there is a possible bypass of wireless ADB mutual authentication due to a logic error in the code. This could lead … | May 04, 2026 |
| CVE-2026-42812 | CRITICAL | 9.9 | In Apache Iceberg, the table's metadata files are control files: they tell readers which data files belong to the table and which table version to … | May 04, 2026 |
| CVE-2026-42811 | CRITICAL | 9.9 | In plain terms, Apache Polaris is supposed to issue short-lived GCS credentials that only work for one table's files, but a crafted namespace or table … | May 04, 2026 |
| CVE-2026-42810 | CRITICAL | 9.9 | Apache Polaris accepts literal `*` characters in namespace and table names. When it later builds temporary S3 access policies for delegated table access, those same … | May 04, 2026 |
| CVE-2026-42809 | CRITICAL | 9.9 | Apache Polaris can issue broad temporary ("vended") storage credentials during staged table creation before the effective table location has been validated or durably reserved. Those … | May 04, 2026 |
| CVE-2026-42440 | HIGH | 7.5 | OOM Denial of Service via Unbounded Array Allocation in Apache OpenNLP AbstractModelReader Versions Affected: before 2.5.9 before 3.0.0-M3 Description: The AbstractModelReader methods getOutcomes(), getOutcomePatterns(), and … | May 04, 2026 |
| CVE-2026-42376 | CRITICAL | 9.8 | D-Link DIR-456U Hardware Revision A1 (End-of-Life, EOL) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /etc/init0.d/S80telnetd.sh with the username … | May 04, 2026 |
| CVE-2026-42375 | CRITICAL | 9.8 | D-Link DIR-600L Hardware Revision A1 (End-of-Life) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" … | May 04, 2026 |
| CVE-2026-42374 | CRITICAL | 9.8 | D-Link DIR-600L Hardware Revision B1 (End-of-Life) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" … | May 04, 2026 |
| CVE-2026-42373 | CRITICAL | 9.8 | D-Link DIR-605L Hardware Revision B2 (End-of-Life, EOL) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username … | May 04, 2026 |
| CVE-2026-42372 | HIGH | 8.8 | D-Link DIR-605L Hardware Revision A1 (End-of-Life, EOL) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username … | May 04, 2026 |
| CVE-2026-42090 | CRITICAL | 9.6 | Notesnook is a note-taking app focused on user privacy & ease of use. Prior to Notesnook Web/Desktop version 3.3.15 and prior to Notesnook iOS/Android version … | May 04, 2026 |
| CVE-2026-42080 | MEDIUM | 4.6 | PPTAgent is an agentic framework for reflective PowerPoint generation. Prior to commit 418491a, there is an arbitrary file write vulnerability via `save_generated_slides`. This issue has … | May 04, 2026 |
| CVE-2026-42079 | HIGH | 8.6 | PPTAgent is an agentic framework for reflective PowerPoint generation. Prior to commit 418491a, PPTAgent is vulnerable to arbitrary code execution via Python eval() of LLM-generated … | May 04, 2026 |
| CVE-2026-42078 | MEDIUM | 4.6 | PPTAgent is an agentic framework for reflective PowerPoint generation. Prior to commit 418491a, PPTAgent is vulnerable to arbitrary file write and directory creation via markdown_table_to_image. … | May 04, 2026 |
| CVE-2026-42077 | MEDIUM | 5.2 | Evolver is a GEP-powered self-evolving engine for AI agents. Prior to version 1.69.3, a prototype pollution vulnerability in the mailbox store module allows attackers to … | May 04, 2026 |
| CVE-2026-42076 | CRITICAL | 9.8 | Evolver is a GEP-powered self-evolving engine for AI agents. Prior to version 1.69.3, a command injection vulnerability in the _extractLLM() function allows attackers to execute … | May 04, 2026 |
| CVE-2026-42075 | HIGH | 8.1 | Evolver is a GEP-powered self-evolving engine for AI agents. Prior to version 1.69.3, a path traversal vulnerability in the skill download (fetch) command allows attackers … | May 04, 2026 |