Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-7573 | MEDIUM | 5.0 | An authorization bypass (CWE-639) in the GetUserRoles gRPC API endpoint in Velocidex Velociraptor below version 0.76.5 allows any authenticated low-privilege user to retrieve the complete … | May 06, 2026 |
| CVE-2026-7572 | MEDIUM | 4.4 | An off-by-one error (CWE-193) in the ConsumeUnit16Array and ConsumeUnit64Array functions in Velocidex Velociraptor before version 0.76.5 on Windows and Linux allows a local attacker to … | May 06, 2026 |
| CVE-2025-71256 | HIGH | 7.5 | In nr modem, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed. | May 06, 2026 |
| CVE-2025-71255 | HIGH | 7.5 | In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed. | May 06, 2026 |
| CVE-2025-71254 | HIGH | 7.5 | In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed. | May 06, 2026 |
| CVE-2025-71253 | HIGH | 7.5 | In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed. | May 06, 2026 |
| CVE-2025-71252 | HIGH | 7.5 | In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed. | May 06, 2026 |
| CVE-2025-71251 | HIGH | 7.5 | In IMS, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution … | May 06, 2026 |
| CVE-2026-44405 | LOW | 3.4 | In Paramiko through 4.0.0 before a448945, rsakey.py allows the SHA-1 algorithm. | May 06, 2026 |
| CVE-2026-40934 | UNKNOWN | — | Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, the secret used to sign authentication cookies is persisted to a … | May 05, 2026 |
| CVE-2026-40110 | UNKNOWN | — | Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, the Origin header validation uses Python's re.match() to check incoming origins … | May 05, 2026 |
| CVE-2026-40075 | UNKNOWN | — | OpenMRS Core is an open source electronic medical record system platform. In versions 2.7.8 and earlier and versions 2.8.0 through 2.8.5, the `/openmrs/moduleResources/{moduleid}` endpoint is … | May 05, 2026 |
| CVE-2026-28780 | CRITICAL | 9.8 | Heap-based Buffer Overflow vulnerability in mod_proxy_ajp of Apache HTTP Server. If mod_proxy_ajp connects to a malicious AJP server this AJP server can send a malicious … | May 05, 2026 |
| CVE-2026-41950 | MEDIUM | 6.5 | Dify before version 1.14.0 contains an authorization bypass vulnerability that allows authenticated users to read the full contents of files uploaded by other users within … | May 05, 2026 |
| CVE-2026-40068 | UNKNOWN | — | In versions 2.1.63 through 2.1.83 of Claude Code, the folder trust determination logic used the git worktree commondir file without validating its contents. An attacker … | May 05, 2026 |
| CVE-2026-39852 | UNKNOWN | — | Quarkus is a Java framework for building cloud-native applications. In versions prior to 3.20.6.1, 3.27.3.1, 3.33.1.1, 3.35.1.1, 3.34.7, and 3.35.2, a path normalization inconsistency between … | May 05, 2026 |
| CVE-2026-39849 | UNKNOWN | — | Pi-hole FTL is the core engine of the Pi-hole network-level advertisement and tracker blocker. In versions before 6.6.1, the `dns.interface` configuration field in Pi-hole FTL … | May 05, 2026 |
| CVE-2026-39402 | UNKNOWN | — | lxc is a Linux container runtime. In the setuid helper lxc-user-nic, the delete path contains a logic flaw in the find_line() function that allows an … | May 05, 2026 |
| CVE-2026-39383 | UNKNOWN | — | Gotenberg is an API-based document conversion tool. In version 8.29.1, an unauthenticated attacker with network access can force the server to make outbound HTTP POST … | May 05, 2026 |
| CVE-2026-35579 | UNKNOWN | — | CoreDNS is a DNS server written in Go. In versions prior to 1.14.3, the gRPC, QUIC, DoH, and DoH3 transport implementations incorrectly handle TSIG authentication. … | May 05, 2026 |
| CVE-2026-35527 | UNKNOWN | — | Incus is an open source container and virtual machine manager. In versions prior to 7.0.0, the image import flow issues an outbound HEAD request to … | May 05, 2026 |
| CVE-2026-7857 | HIGH | 7.2 | A vulnerability has been found in D-Link DI-8100 16.07.26A1. This vulnerability affects the function sprintf of the file /user_group.asp of the component CGI Handler. The … | May 05, 2026 |
| CVE-2026-7856 | HIGH | 7.2 | A flaw has been found in D-Link DI-8100 16.07.26A1. This affects an unknown part of the file /url_member.asp of the component Web Management Interface. Executing … | May 05, 2026 |
| CVE-2026-44331 | HIGH | 8.1 | In ProFTPD through 1.3.9a before 7666224, a SQL injection vulnerability in sqltab_fetch_clients_cb() in contrib/mod_wrap2_sql.c allows a remote attacker to inject arbitrary SQL commands via a … | May 05, 2026 |
| CVE-2026-40331 | UNKNOWN | — | Masa CMS is an open source content management system. In versions 7.2.0 through 7.2.9, 7.3.0 through 7.3.14, 7.4.0 through 7.4.9, and 7.5.0 through 7.5.2, the … | May 05, 2026 |