Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
11537
Total
770
Critical
3263
High
3665
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-42027 | CRITICAL | 9.8 | Arbitrary Class Instantiation via Model Manifest in Apache OpenNLP ExtensionLoader Versions Affected: before 2.5.9, before 3.0.0-M3 Description: The ExtensionLoader.instantiateExtension(Class, String) method loads a class by … | May 04, 2026 |
| CVE-2026-40682 | CRITICAL | 9.1 | XML External Entity (XXE) via Unsanitized Dictionary Parsing in Apache OpenNLP DictionaryEntryPersistor Versions Affected: before 2.5.9, before 3.0.0-M3 Description: The DictionaryEntryPersistor class initializes a static … | May 04, 2026 |
| CVE-2026-38669 | MEDIUM | 6.1 | wCMS v.1.4 is vulnerable to Cross Site Scripting (XSS) when creating a new blog. | May 04, 2026 |
| CVE-2026-37461 | HIGH | 7.5 | An out-of-bounds read in the ParseIP6Extended function (/bgp/bgp.go) of gobgp v4.3.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted BGP … | May 04, 2026 |
| CVE-2026-29514 | HIGH | 8.8 | NetBox versions 4.3.5 through 4.5.4 contain a remote code execution vulnerability in the RenderTemplateMixin.get_environment_params() method that allows authenticated users with exporttemplate or configtemplate permissions to … | May 04, 2026 |
| CVE-2026-26956 | CRITICAL | 9.8 | vm2 is an open source vm/sandbox for Node.js. In version 3.10.4, vm2 is vulnerable to full sandbox escape with arbitrary code execution. Attacker code inside … | May 04, 2026 |
| CVE-2026-26332 | CRITICAL | 9.8 | vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.0, SuppressedError allows attackers to escape the sandbox and run arbitrary code. This issue … | May 04, 2026 |
| CVE-2026-25293 | CRITICAL | 9.6 | Buffer overflow due to incorrect authorization in PLC FW | May 04, 2026 |
| CVE-2026-25266 | MEDIUM | 5.5 | Memory corruption while processing IOCTL command when device is in power-save state. | May 04, 2026 |
| CVE-2026-24781 | CRITICAL | 9.8 | vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.0, VM2 suffers from a sandbox breakout vulnerability through the inspect function. This allows … | May 04, 2026 |
| CVE-2026-24120 | CRITICAL | 9.8 | vm2 is an open source vm/sandbox for Node.js. Prior to version 3.10.5, the fix for CVE-2023-37466 is insufficient and can be circumvented allowing attackers to … | May 04, 2026 |
| CVE-2026-24118 | CRITICAL | 9.8 | vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.0, VM2 suffers from a sandbox breakout vulnerability. This allows attackers to write code … | May 04, 2026 |
| CVE-2026-24082 | HIGH | 7.8 | Memory Corruption when copying data from a freed source while executing performance counter deselect operation. | May 04, 2026 |
| CVE-2025-47408 | HIGH | 7.8 | Memory corruption when another driver calls an IOCTL with invalid input/output buffer. | May 04, 2026 |
| CVE-2025-47407 | HIGH | 7.8 | Memory corruption while creating a process on the digital signal processor due to allocation failure at the kernel level. | May 04, 2026 |
| CVE-2025-47406 | MEDIUM | 6.1 | Information Disclosure while processing IOCTL handler callbacks without verifying buffer size. | May 04, 2026 |
| CVE-2025-47405 | HIGH | 7.8 | Memory corruption when processing camera sensor input/output control codes with invalid output buffers. | May 04, 2026 |
| CVE-2025-47404 | MEDIUM | 6.5 | Memory corruption when dynamically changing the size of a previously allocated buffer while its contents are being modified. | May 04, 2026 |
| CVE-2025-47403 | MEDIUM | 6.5 | Transient DOS when processing a malformed Fast Transition response frame with an invalid header structure during wireless roaming. | May 04, 2026 |
| CVE-2025-47401 | MEDIUM | 6.5 | Transient DOS when processing target power rate tables during channel configuration. | May 04, 2026 |
| CVE-2026-40563 | HIGH | 7.1 | Description: Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Atlas Apache Atlas exposes a DSL search endpoint that accepts user-supplied query strings. … | May 04, 2026 |
| CVE-2026-37458 | UNKNOWN | — | Missing input validation in the MP_REACH_NLRI component of FRRouting (FRR) stable/10.0 to stable/10.6 allows authenticated attackers to cause a Denial of Service (DoS) via supplying … | May 04, 2026 |
| CVE-2026-36365 | UNKNOWN | — | An issue in Lymphatus caesium-image-compressor All versions up to and including commit 02da2c6 allows a local attacker to execute arbitrary code via the shutdownMachine and … | May 04, 2026 |
| CVE-2025-70071 | MEDIUM | 5.9 | An issue in Assimp v.6.0.2 allows a remote attacker to cause a denial of service via the FBXParser.cpp, ParseVectorDataArray() | May 04, 2026 |
| CVE-2026-6501 | UNKNOWN | — | Improper restriction of XML external entity reference vulnerability in ILM Informatique jOpenDocument allows Data Serialization External Entities Blowup. This issue affects jOpenDocument: 1.5. | May 04, 2026 |