Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-1681 | MEDIUM | 6.1 | Issuing an ICMP ping via the `net ping` shell command to a device's own IPv4 address causes the network stack to recursively re-enter the input … | May 12, 2026 |
| CVE-2026-1185 | MEDIUM | 5.4 | A configuration file on the local file system had improper input validation which could allow code execution and potentially lead to privilege escalation. This vulnerability … | May 12, 2026 |
| CVE-2026-0804 | MEDIUM | 6.7 | An ACAP configuration file lacked sufficient input validation, which could allow a path traversal attack leading to potential privilege escalation. This vulnerability can only be … | May 12, 2026 |
| CVE-2026-0802 | MEDIUM | 6.0 | An ACAP configuration file lacked sufficient input validation, which could allow command injection and potentially lead to privilege escalation. This vulnerability can only be exploited … | May 12, 2026 |
| CVE-2026-0541 | MEDIUM | 6.7 | ACAP applications can gain elevated privileges due to improper input validation during the installation process, potentially leading to privilege escalation. This vulnerability can only be … | May 12, 2026 |
| CVE-2026-41872 | HIGH | 7.4 | "Kura Sushi Official App" provided by EPG, Inc. is vulnerable to improper certificate validation. A man-in-the-middle attack may allow eavesdropping on, or altering, the communication … | May 12, 2026 |
| CVE-2026-41530 | LOW | 3.3 | The automatic folder creation feature of Lhaz and Lhaz+ provided by Chitora soft contains a path traversal vulnerability. When the affected product is configured with … | May 12, 2026 |
| CVE-2026-44499 | UNKNOWN | — | ZEBRA is a Zcash node written entirely in Rust. Prior to version 4.4.0, a composite denial-of-service vulnerability in Zebra's block discovery pipeline allows an unauthenticated … | May 08, 2026 |
| CVE-2026-43967 | UNKNOWN | — | Inefficient Algorithmic Complexity vulnerability in absinthe-graphql absinthe allows unauthenticated denial of service via quadratic fragment-name uniqueness validation. 'Elixir.Absinthe.Phase.Document.Validation.UniqueFragmentNames':run/2 iterates over all fragments and for each … | May 08, 2026 |
| CVE-2026-42794 | UNKNOWN | — | Improper Neutralization of Input During Web Page Generation (XSS) vulnerability in absinthe-graphql absinthe_plug allows reflected cross-site scripting via the GraphiQL interface. 'Elixir.Absinthe.Plug.GraphiQL':js_escape/1 in lib/absinthe/plug/graphiql.ex escapes … | May 08, 2026 |
| CVE-2026-42793 | UNKNOWN | — | Allocation of Resources Without Limits or Throttling vulnerability in absinthe-graphql absinthe allows unauthenticated denial of service via atom table exhaustion when parsing attacker-controlled GraphQL SDL. … | May 08, 2026 |
| CVE-2026-42353 | HIGH | 8.2 | i18next-http-middleware is a middleware to be used with Node.js web frameworks like express or Fastify and also for Deno. Prior to version 3.9.3, i18next-http-middleware passes … | May 08, 2026 |
| CVE-2026-41886 | HIGH | 7.5 | locize is a localization platform that connects code and i18n setup. Prior to version 4.0.21, the locize client SDK registers a window.addEventListener("message", …) handler that … | May 08, 2026 |
| CVE-2026-41885 | MEDIUM | 6.5 | i18next-locize-backend is a simple i18next backend for locize.com which can be used in Node.js, in the browser and for Deno. Prior to version 9.0.2, i18next-locize-backend … | May 08, 2026 |
| CVE-2026-41883 | HIGH | 8.1 | OmniFaces is a utility library for Faces. Prior to versions 1.14.2, 2.7.32, 3.14.16, 4.7.5, and 5.2.3, there is a server-side EL injection leading to Remote … | May 08, 2026 |
| CVE-2026-41693 | HIGH | 8.2 | i18next-fs-backend is a backend layer for i18next using in Node.js and for Deno to load translations from the filesystem. Prior to version 2.6.4, i18next-fs-backend substitutes … | May 08, 2026 |
| CVE-2026-41690 | HIGH | 8.6 | 18next-http-middleware is a middleware to be used with Node.js web frameworks like express or Fastify and also for Deno. Versions prior to 3.9.3 allow an … | May 08, 2026 |
| CVE-2026-41683 | HIGH | 8.6 | i18next-http-middleware is a middleware to be used with Node.js web frameworks like express or Fastify and also for Deno. Prior to version 3.9.3, i18next-http-middleware wrote … | May 08, 2026 |
| CVE-2026-41591 | MEDIUM | 6.4 | Marko is a declarative, HTML-based language for building web apps. Prior to marko version 5.38.36 and prior to @marko/runtime-tags 6.0.164, when dynamic text is interpolated … | May 08, 2026 |
| CVE-2026-41070 | CRITICAL | 10.0 | openvpn-auth-oauth2 is a plugin/management interface client for OpenVPN server to handle an OIDC based single sign-on (SSO) auth flows. From version 1.26.3 to before version … | May 08, 2026 |
| CVE-2026-34354 | HIGH | 7.4 | Akamai Guardicore Platform Agent (GPA) and Zero Trust Client on Linux and macOS allow TOCTOU-based local privilege escalation. The GPA service creates an IPC socket … | May 08, 2026 |
| CVE-2026-29975 | UNKNOWN | — | lwjson 1.8.1 contains an improper input validation vulnerability in the streaming JSON parser (lwjson_stream.c). The end-of-string detection logic incorrectly identifies escaped quote characters by only … | May 08, 2026 |
| CVE-2026-29974 | UNKNOWN | — | An issue was discovered in kosma minmea 0.3.0. The minmea_scan functions format specifier copies NMEA field data to a caller-provided buffer without a size parameter. … | May 08, 2026 |
| CVE-2026-29972 | UNKNOWN | — | nanoMODBUS through v1.22.0 has a stack-based buffer overflow in recv_read_registers_res() in nanomodbus.c. When a client calls nmbs_read_holding_registers() or nmbs_read_input_registers(), the library writes register data from … | May 08, 2026 |
| CVE-2026-44500 | MEDIUM | 5.3 | ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.4.0, prior to zebra-chain version 7.0.0, and prior to zebra-network version 6.0.0, … | May 08, 2026 |