Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10671
Total
727
Critical
3077
High
3393
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-6795 | CRITICAL | 9.6 | URL redirection to untrusted site ('open redirect') vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Parameter Injection. This issue affects DivvyDrive: from 4.8.2.9 before 4.8.3.2. | May 07, 2026 |
| CVE-2026-41685 | MEDIUM | 4.3 | Incus is a system container and virtual machine manager. Prior to version 7.0.0, uploads of large amount of data by authenticated users can run the … | May 07, 2026 |
| CVE-2026-41684 | MEDIUM | 6.5 | Incus is a system container and virtual machine manager. Prior to version 7.0.0, backup.GetInfo() trusts the inline backup/index.yaml config when present and only falls back … | May 07, 2026 |
| CVE-2026-41648 | MEDIUM | 5.0 | Incus is a system container and virtual machine manager. Prior to version 7.0.0, user provided image and backup tarballs would be unpacked and YAML files … | May 07, 2026 |
| CVE-2026-41647 | MEDIUM | 6.5 | Incus is a system container and virtual machine manager. Prior to version 7.0.0, a missing error handling could lead an authenticated Incus user to cause … | May 07, 2026 |
| CVE-2026-41589 | CRITICAL | 9.6 | Wish is an SSH server with defaults and a collection of middlewares. From version 2.0.0 to before version 2.0.1, the SCP middleware in charm.land/wish/v2 is … | May 07, 2026 |
| CVE-2026-41554 | HIGH | 7.1 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bricks Builder allows Reflected XSS. This issue affects Bricks Builder: from n/a through … | May 07, 2026 |
| CVE-2026-41490 | HIGH | 8.3 | Dagster is an orchestration platform for the development, production, and observation of data assets. Prior to Dagster Core version 1.13.1 and prior to Dagster libraries … | May 07, 2026 |
| CVE-2026-30496 | UNKNOWN | — | The Optoma CinemaX P2 projector (firmware TVOS-04.24.010.04.01, Android 8.0.0) exposes an HTTP API on TCP port 2345 that allows full unauthenticated remote control of the … | May 07, 2026 |
| CVE-2026-30495 | UNKNOWN | — | The Optoma CinemaX P2 projector (firmware TVOS-04.24.010.04.01, Android 8.0.0) exposes Android Debug Bridge (ADB) on TCP port 5555 over the network without requiring authentication. The … | May 07, 2026 |
| CVE-2025-14341 | HIGH | 8.3 | Improperly controlled modification of Dynamically-Determined object attributes, Allocation of resources without limits or throttling vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Excessive Allocation, Flooding. … | May 07, 2026 |
| CVE-2026-8094 | UNKNOWN | — | Other issue in the WebRTC component. This vulnerability was fixed in Firefox ESR 140.10.2. | May 07, 2026 |
| CVE-2026-8093 | HIGH | 7.5 | Memory safety bugs present in Firefox 150.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of … | May 07, 2026 |
| CVE-2026-8092 | UNKNOWN | — | Memory safety bugs present in Firefox ESR 115.35.1, Firefox ESR 140.10.1 and Firefox 150.0.1. Some of these bugs showed evidence of memory corruption and we … | May 07, 2026 |
| CVE-2026-8091 | UNKNOWN | — | Incorrect boundary conditions in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150, Thunderbird 150, Firefox ESR 140.10.1, Thunderbird 140.10.1, and Firefox ESR … | May 07, 2026 |
| CVE-2026-8090 | HIGH | 7.3 | Use-after-free in the DOM: Networking component. This vulnerability was fixed in Firefox 150.0.2, Firefox ESR 140.10.2, and Firefox ESR 115.35.2. | May 07, 2026 |
| CVE-2026-6002 | HIGH | 8.8 | Improper neutralization of Script-Related HTML tags in a web page (basic XSS) vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Cross-Site Scripting (XSS). This issue … | May 07, 2026 |
| CVE-2026-5791 | CRITICAL | 9.6 | Cross-Site request forgery (CSRF) vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Cross Site Request Forgery. This issue affects DivvyDrive: from 4.8.2.9 before 4.8.3.2. | May 07, 2026 |
| CVE-2026-5784 | HIGH | 8.8 | Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Stored XSS. This issue affects DivvyDrive: from … | May 07, 2026 |
| CVE-2026-8080 | UNKNOWN | — | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in misp allows Stored XSS. This issue affects MISP before 2.5.37. A … | May 07, 2026 |
| CVE-2026-6508 | CRITICAL | 9.8 | Origin Validation Error vulnerability in TUBITAK BILGEM Software Technologies Research Institute Liderahenk allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Liderahenk: from … | May 07, 2026 |
| CVE-2026-42285 | HIGH | 7.5 | GoBGP is an open source Border Gateway Protocol (BGP) implementation in the Go Programming Language. In version 4.4.0, an unauthenticated remote BGP peer can trigger … | May 07, 2026 |
| CVE-2026-42010 | HIGH | 7.1 | A flaw was found in gnutls. Servers configured with RSA-PSK (Rivest–Shamir–Adleman – Pre-Shared Key) wrongfully matched usernames containing a NUL character with truncated usernames. A … | May 07, 2026 |
| CVE-2026-41644 | UNKNOWN | — | monetr is a budgeting application for recurring expenses. Prior to version 1.12.5, a server-side request forgery (SSRF) vulnerability in monetr's Lunch Flow integration allowed any … | May 07, 2026 |
| CVE-2026-41643 | HIGH | 7.5 | GoBGP is an open source Border Gateway Protocol (BGP) implementation in the Go Programming Language. Prior to version 4.3.0, a remote Denial of Service (DoS) … | May 07, 2026 |