Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-42889 | CRITICAL | 9.1 | Relay adds real-time collaboration to Obsidian. Relay Server versions 0.9.0 through 0.9.6 contain an authentication bypass in the multi-document WebSocket endpoints. When authentication is configured, … | May 12, 2026 |
| CVE-2026-42446 | MEDIUM | 4.4 | NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a stack-based out-of-bounds read exists in the ZealFS filesystem image parser in NanaZip. … | May 12, 2026 |
| CVE-2026-42445 | LOW | 3.3 | NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an uncontrolled recursion vulnerability exists in the UFS/UFS2 filesystem image parser in NanaZip. … | May 12, 2026 |
| CVE-2026-42444 | LOW | 3.3 | NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a denial-of-service vulnerability exists in the littlefs filesystem image parser in NanaZip. The … | May 12, 2026 |
| CVE-2026-42443 | LOW | 3.3 | NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an integer divide-by-zero exists in the UFS/UFS2 filesystem image parser in NanaZip. The … | May 12, 2026 |
| CVE-2026-42442 | LOW | 3.3 | NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a null-pointer dereference exists in the UFS/UFS2 filesystem image parser in NanaZip. The … | May 12, 2026 |
| CVE-2026-42355 | LOW | 3.3 | NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an uncontrolled recursion vulnerability exists in the Electron Archive (ASAR) parser in NanaZip. … | May 12, 2026 |
| CVE-2026-42338 | UNKNOWN | — | ip-address is a library for parsing and manipulating IPv4 and IPv6 addresses in JavaScript. Prior to 10.1.1, Address6.group() and Address6.link() do not HTML-escape attacker-controlled content … | May 12, 2026 |
| CVE-2026-42191 | MEDIUM | 6.5 | OpenTelemetry.Exporter.OpenTelemetryProtocol is the OTLP (OpenTelemetry Protocol) exporter implementation. From 1.8.0 to 1.15.2, the OTLP disk retry feature in OpenTelemetry.Exporter.OpenTelemetryProtocol silently fell back to Path.GetTempPath() when … | May 12, 2026 |
| CVE-2026-34690 | HIGH | 7.8 | After Effects versions 26.0, 25.6.4 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context … | May 12, 2026 |
| CVE-2026-34688 | MEDIUM | 6.2 | CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker … | May 12, 2026 |
| CVE-2026-34686 | HIGH | 8.7 | Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by … | May 12, 2026 |
| CVE-2026-34685 | LOW | 3.4 | Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier [NEEDS REVIEW: impact mismatch — ticket says 'Arbitrary file system write', CIA triad derives … | May 12, 2026 |
| CVE-2026-34680 | MEDIUM | 6.2 | CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in an application denial-of-service. An … | May 12, 2026 |
| CVE-2026-34679 | MEDIUM | 6.2 | CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker … | May 12, 2026 |
| CVE-2026-34678 | MEDIUM | 6.2 | CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could … | May 12, 2026 |
| CVE-2026-34677 | MEDIUM | 6.2 | CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could … | May 12, 2026 |
| CVE-2026-34673 | MEDIUM | 6.2 | CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could … | May 12, 2026 |
| CVE-2026-34672 | MEDIUM | 6.2 | CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in an application denial-of-service. … | May 12, 2026 |
| CVE-2026-34671 | MEDIUM | 6.2 | CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in an application denial-of-service. An … | May 12, 2026 |
| CVE-2026-34670 | MEDIUM | 6.2 | CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker … | May 12, 2026 |
| CVE-2026-34669 | MEDIUM | 6.2 | CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker … | May 12, 2026 |
| CVE-2026-34668 | MEDIUM | 6.2 | CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker … | May 12, 2026 |
| CVE-2026-34667 | MEDIUM | 6.2 | CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in an application denial-of-service. … | May 12, 2026 |
| CVE-2026-34666 | MEDIUM | 6.2 | CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker … | May 12, 2026 |