Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2025-46311 | HIGH | 7.5 | An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS … | May 12, 2026 |
| CVE-2025-43524 | HIGH | 8.8 | An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.2. An app … | May 12, 2026 |
| CVE-2026-8407 | MEDIUM | 4.3 | Missing authorization in the PAM module in Devolutions Server allows an authenticated user with a PAM license but no additional permissions to obtain OTP secret … | May 12, 2026 |
| CVE-2026-8278 | UNKNOWN | — | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error and is not a valid vulnerability. Notes: … | May 12, 2026 |
| CVE-2026-5089 | UNKNOWN | — | YAML::Syck versions before 1.38 for Perl has an out-of-bounds read. The base60 (sexagesimal) parsing code in perl_syck.h has a buffer underflow bug in both int#base60 … | May 12, 2026 |
| CVE-2026-43993 | HIGH | 8.2 | JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, the WAVS bridge's computeDataVerify called fetch() on agent-supplied URLs without validating scheme, … | May 12, 2026 |
| CVE-2026-43992 | CRITICAL | 9.8 | JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, every MCP write tool (send_tokens, execute_contract, instantiate_contract, upload_wasm, ibc_transfer, etc.) accepted 'mnemonic: … | May 12, 2026 |
| CVE-2026-43991 | HIGH | 8.4 | JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, substring-based blocklist in plugin-shell's command-safety check could be bypassed by adversarial argument … | May 12, 2026 |
| CVE-2026-43990 | HIGH | 8.4 | JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, plugin-shell's run_command wrapped every agent-supplied command in 'sh -c' / 'cmd /C' … | May 12, 2026 |
| CVE-2026-43989 | HIGH | 8.5 | JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, the upload_wasm MCP tool accepted a filesystem path from the agent and … | May 12, 2026 |
| CVE-2026-40300 | UNKNOWN | — | Zulip is an open-source team collaboration tool. Prior to 12.0, With message_edit_history_visibility_policy set to "moves", /api/v1/messages/{id}/history still returns historical content values, allowing low-privilege users to … | May 12, 2026 |
| CVE-2026-25431 | MEDIUM | 5.3 | Missing Authorization vulnerability in WPMU DEV Hustle allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Hustle: through 7.8.10.1. | May 12, 2026 |
| CVE-2026-20914 | UNKNOWN | — | Null pointer dereference for some Intel(R) QAT software drivers for Windows before version 2.6.0 within Ring 3: User Applications may allow a denial of service. … | May 12, 2026 |
| CVE-2026-20905 | UNKNOWN | — | Improper input validation for some Intel(R) QAT software drivers for Windows before version 2.6 within Ring 3: User Applications may allow a denial of service. … | May 12, 2026 |
| CVE-2026-20887 | UNKNOWN | — | Improper access control for some Intel Vision software for all versions within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary … | May 12, 2026 |
| CVE-2026-20881 | UNKNOWN | — | Divide by zero for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. … | May 12, 2026 |
| CVE-2026-20879 | UNKNOWN | — | Out-of-bounds write for the Intel(R) Data Center Graphics Driver for VMware ESXi software before version 2.0.2 within Ring 1: Device Drivers may allow a denial … | May 12, 2026 |
| CVE-2026-20794 | UNKNOWN | — | Buffer overflow for the Intel(R) Data Center Graphics Driver for VMware ESXi software before version 2.0.2 within Ring 1: Device Drivers may allow an escalation … | May 12, 2026 |
| CVE-2026-20793 | UNKNOWN | — | Unchecked return value for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. … | May 12, 2026 |
| CVE-2026-20782 | UNKNOWN | — | Buffer overflow for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged … | May 12, 2026 |
| CVE-2026-20772 | UNKNOWN | — | Uncontrolled search path for some Intel(R) Connectivity Performance Suite software installers before version 50.25.1121.193 within Ring 3: User Applications may allow an escalation of privilege. … | May 12, 2026 |
| CVE-2026-20771 | UNKNOWN | — | Null pointer dereference for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. … | May 12, 2026 |
| CVE-2026-20754 | UNKNOWN | — | Improper conditions check in some firmware for some Intel(R) NPU Drivers within Ring 1: Device Drivers may allow a denial of service. Unprivileged software adversary … | May 12, 2026 |
| CVE-2026-20753 | UNKNOWN | — | Integer overflow in the UEFI firmware for the Slim Bootloader may allow an escalation of privilege. System software adversary with a privileged user combined with … | May 12, 2026 |
| CVE-2026-20751 | UNKNOWN | — | Out-of-bounds read for the Intel(R) Data Center Graphics Driver for VMware ESXi software before version 2.0.2 within Ring 1: Device Drivers may allow a denial … | May 12, 2026 |