Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
13161
Total
872
Critical
3825
High
4173
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-34734 | HIGH | 7.8 | HDF5 is software for managing data. In 1.14.1-2 and earlier, a heap-use-after-free was found in the h5dump helper utility. An attacker who can supply a … | Apr 09, 2026 |
| CVE-2026-34500 | MEDIUM | 6.5 | CLIENT_CERT authentication does not fail as expected for some scenarios when soft fail is disabled and FFM is used in Apache Tomcat. This issue affects … | Apr 09, 2026 |
| CVE-2026-34487 | UNKNOWN | — | Insertion of Sensitive Information into Log File vulnerability in the cloud membership for clustering component of Apache Tomcat exposed the Kubernetes bearer token. This issue … | Apr 09, 2026 |
| CVE-2026-34486 | UNKNOWN | — | Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the fix for CVE-2026-29146 allowing the bypass of the EncryptInterceptor. This issue affects Apache … | Apr 09, 2026 |
| CVE-2026-34483 | UNKNOWN | — | Improper Encoding or Escaping of Output vulnerability in the JsonAccessLogValve component of Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.20, from 10.1.0-M1 … | Apr 09, 2026 |
| CVE-2026-32990 | UNKNOWN | — | Improper Input Validation vulnerability in Apache Tomcat due to an incomplete fix of CVE-2025-66614. This issue affects Apache Tomcat: from 11.0.15 through 11.0.19, from 10.1.50 … | Apr 09, 2026 |
| CVE-2026-29923 | UNKNOWN | — | The pstrip64.sys driver in EnTech Taiwan PowerStrip <=3.90.736 allows local users to escalate privileges to SYSTEM via a crafted IOCTL request enabling unprivileged users to … | Apr 09, 2026 |
| CVE-2026-29146 | UNKNOWN | — | Padding Oracle vulnerability in Apache Tomcat's EncryptInterceptor with default configuration. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.0.0-M1 through 10.1.52, from 9.0.13 … | Apr 09, 2026 |
| CVE-2026-29145 | UNKNOWN | — | CLIENT_CERT authentication does not fail as expected for some scenarios when soft fail is disabled vulnerability in Apache Tomcat, Apache Tomcat Native. This issue affects … | Apr 09, 2026 |
| CVE-2026-29129 | UNKNOWN | — | Configured cipher preference order not preserved vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.16 through 11.0.18, from 10.1.51 through 10.1.52, from 9.0.114 … | Apr 09, 2026 |
| CVE-2026-25854 | UNKNOWN | — | Occasional URL redirection to untrusted Site ('Open Redirect') vulnerability in Apache Tomcat via the LoadBalancerDrainingValve. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from … | Apr 09, 2026 |
| CVE-2026-24880 | UNKNOWN | — | Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in Apache Tomcat via invalid chunk extension. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, … | Apr 09, 2026 |
| CVE-2025-13926 | CRITICAL | 9.8 | An attacker could use data obtained by sniffing the network traffic to forge packets in order to make arbitrary requests to Contemporary Controls BASC 20T. | Apr 09, 2026 |
| CVE-2026-39912 | CRITICAL | 9.1 | V2Board 1.6.1 through 1.7.4 and Xboard through 0.1.9 expose authentication tokens in HTTP response bodies of the loginWithMailLink endpoint when the login_with_mail_link_enable feature is active. … | Apr 09, 2026 |
| CVE-2026-35556 | UNKNOWN | — | OpenPLC_V3 is vulnerable to a Plaintext Storage of a Password vulnerability that could allow an attacker to retrieve credentials and access sensitive information. | Apr 09, 2026 |
| CVE-2026-35195 | UNKNOWN | — | Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1, Wasmtime's implementation of transcoding strings between components contains a bug where the … | Apr 09, 2026 |
| CVE-2026-35186 | UNKNOWN | — | Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's Winch compiler backend contains a bug where translating the table.grow … | Apr 09, 2026 |
| CVE-2026-34988 | UNKNOWN | — | Wasmtime is a runtime for WebAssembly. From 28.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's implementation of its pooling allocator contains a bug where in … | Apr 09, 2026 |
| CVE-2026-34987 | UNKNOWN | — | Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime with its Winch (baseline) non-default compiler backend may allow properly … | Apr 09, 2026 |
| CVE-2026-34983 | UNKNOWN | — | Wasmtime is a runtime for WebAssembly. In 43.0.0, cloning a wasmtime::Linker is unsound and can result in use-after-free bugs. This bug is not controllable by … | Apr 09, 2026 |
| CVE-2026-34971 | UNKNOWN | — | Wasmtime is a runtime for WebAssembly. From 32.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's Cranelift compilation backend contains a bug on aarch64 when performing … | Apr 09, 2026 |
| CVE-2026-34946 | UNKNOWN | — | Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's Winch compiler contains a vulnerability where the compilation of the … | Apr 09, 2026 |
| CVE-2026-34945 | UNKNOWN | — | Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's Winch compiler contains a bug where a 64-bit table, part … | Apr 09, 2026 |
| CVE-2026-34944 | UNKNOWN | — | Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1, On x86-64 platforms with SSE3 disabled Wasmtime's compilation of the f64x2.splat WebAssembly … | Apr 09, 2026 |
| CVE-2026-34943 | UNKNOWN | — | Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1, Wasmtime contains a possible panic which can happen when a flags-typed component … | Apr 09, 2026 |