Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10671
Total
727
Critical
3077
High
3393
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-41509 | UNKNOWN | — | CROSS implementation contains reference and optimized implementations of the CROSS post-quantum signature algorithm. Prior to commit fc6b7e7, there is a buffer overflow in crypto_sign_open() caused … | May 08, 2026 |
| CVE-2026-41507 | CRITICAL | 9.8 | math-codegen generates code from mathematical expressions. Prior to version 0.4.3, string literal content passed to cg.parse() is injected verbatim into a new Function() body without … | May 08, 2026 |
| CVE-2026-41506 | MEDIUM | 4.7 | go-git is an extensible git implementation library written in pure Go. Prior to versions 5.18.0 and 6.0.0-alpha.2, go-git may leak HTTP authentication credentials when following … | May 08, 2026 |
| CVE-2026-41497 | CRITICAL | 9.8 | PraisonAI is a multi-agent teams system. Prior to version 4.6.9, the fix for PraisonAI's MCP command handling does not add a command allowlist or argument … | May 08, 2026 |
| CVE-2026-41496 | HIGH | 8.1 | PraisonAI is a multi-agent teams system. Prior to praisonai version 4.6.9 and praisonaiagents version 1.6.9, the fix for CVE-2026-40315 added input validation to SQLiteConversationStore only. … | May 08, 2026 |
| CVE-2026-41493 | UNKNOWN | — | YARD is a Ruby Documentation tool. Prior to version 0.9.42, a path traversal vulnerability was discovered in YARD when using yard server to serve documentation. … | May 08, 2026 |
| CVE-2026-41491 | HIGH | 8.1 | Dapr is a portable, event-driven, runtime for building distributed applications across cloud and edge. From versions 1.3.0 to before 1.15.14, 1.16.0-rc.1 to before 1.16.14, and … | May 08, 2026 |
| CVE-2026-41423 | UNKNOWN | — | Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.21, 20.3.19, 21.2.9, and 22.0.0-next.8, … | May 08, 2026 |
| CVE-2026-41161 | UNKNOWN | — | Sync-in Server is a secure, open-source platform for file storage, sharing, collaboration, and syncing. Prior to version 2.2.0, the /api/auth/login endpoint contains a logic flaw … | May 08, 2026 |
| CVE-2026-39816 | UNKNOWN | — | The optional extension component TinkerpopClientService is missing the Restricted annotation with the Execute Code Required Permission in Apache NiFi 2.0.0-M1 through 2.8.0. The TinkerpopClientService supports … | May 08, 2026 |
| CVE-2026-32803 | LOW | 3.3 | Dell PowerScale OneFS versions 9.5.0.0 through 9.5.1.6, 9.6.0.0 through 9.7.1.13, 9.8.0.0 through 9.10.1.5 and 9.11.0.0 through 9.12.0.1 contains an Insufficient Logging vulnerability. A low privileged … | May 08, 2026 |
| CVE-2025-71302 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: drm/panthor: fix for dma-fence safe access rules Commit 506aa8b02a8d6 ("dma-fence: Add safe access helpers and … | May 08, 2026 |
| CVE-2025-71301 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: drm/tests: shmem: Hold reservation lock around vmap/vunmap Acquire and release the GEM object's reservation lock … | May 08, 2026 |
| CVE-2025-71300 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: Revert "arm64: zynqmp: Add an OP-TEE node to the device tree" This reverts commit 06d22ed6b6635b17551f386b50bb5aaff9b75fbe. … | May 08, 2026 |
| CVE-2025-71299 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: spi: cadence-quadspi: Parse DT for flashes with the rest of the DT parsing The recent … | May 08, 2026 |
| CVE-2025-71298 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: drm/tests: shmem: Hold reservation lock around madvise Acquire and release the GEM object's reservation lock … | May 08, 2026 |
| CVE-2025-71297 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: 8822b: Avoid WARNING in rtw8822b_config_trx_mode() rtw8822b_set_antenna() can be called from userspace when the … | May 08, 2026 |
| CVE-2025-71296 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: drm/tests: shmem: Hold reservation lock around purge Acquire and release the GEM object's reservation lock … | May 08, 2026 |
| CVE-2026-8077 | UNKNOWN | — | Lack of proper authorization implementation in the CashDro 3 web administration panel, version 24.01.00.26. The backend lacks authorization controls, leaving security entirely to the frontend. … | May 08, 2026 |
| CVE-2026-25199 | UNKNOWN | — | Instances deployed via the Proxmox extension allow unauthorized access to instances belonging to other tenants. This issue affects Apache CloudStack: from 4.21.0.0 through 4.22.0.0. The … | May 08, 2026 |
| CVE-2026-25077 | UNKNOWN | — | Account users are allowed by default to register templates to be downloaded directly to the primary storage for deploying instances using the KVM hypervisor. Due … | May 08, 2026 |
| CVE-2025-69233 | MEDIUM | 6.5 | Due to multiple time-of-check time-of-use race conditions in the resource count check and increment logic, as well as missing validations, users of the platform are … | May 08, 2026 |
| CVE-2025-66467 | HIGH | 8.0 | Missing MinIO policy cleanup on bucket deletion via Apache CloudStack allows users to retain access to buckets which they previously owned. If another user creates … | May 08, 2026 |
| CVE-2025-66172 | UNKNOWN | — | The CloudStack Backup plugin has an improper access logic in versions 4.21.0.0 and 4.22.0.0. Anyone with authenticated user-account access in CloudStack 4.21.0.0+ environments, where this … | May 08, 2026 |
| CVE-2025-66171 | UNKNOWN | — | The CloudStack Backup plugin has an improper access logic in versions 4.21.0.0 and 4.22.0.0. Anyone with authenticated user-account access in CloudStack 4.21.0.0+ environments, where this … | May 08, 2026 |