Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-42087 | CRITICAL | 9.6 | OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. From version 6.7.0 to before version … | May 04, 2026 |
| CVE-2026-42086 | MEDIUM | 4.6 | OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to version 7.0.0, the Command … | May 04, 2026 |
| CVE-2026-42085 | MEDIUM | 4.3 | OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to versions 6.10.5 and 7.0.0-rc3, … | May 04, 2026 |
| CVE-2026-42084 | HIGH | 8.1 | OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to versions 6.10.5 and 7.0.0-rc3, … | May 04, 2026 |
| CVE-2026-42052 | UNKNOWN | — | Beets is the media library management system. Prior to version 2.10.0, the bundled web UI uses Underscore template interpolation mode <%= ... %> for untrusted … | May 04, 2026 |
| CVE-2026-41572 | MEDIUM | 5.3 | Note Mark is an open-source note-taking application. Prior to version 0.19.3, after a note-mark owner soft-deletes a public book, its notes and uploaded assets stay … | May 04, 2026 |
| CVE-2026-41571 | CRITICAL | 9.4 | Note Mark is an open-source note-taking application. In version 0.19.2, IsPasswordMatch in backend/db/models.go falls back to a hard-coded bcrypt("null") placeholder whenever a user has no … | May 04, 2026 |
| CVE-2026-41471 | HIGH | 7.5 | Easy PayPal Events & Tickets plugin for WordPress versions 1.3 and earlier contain an information disclosure vulnerability in the QR code scanning endpoint that allows … | May 04, 2026 |
| CVE-2026-37459 | HIGH | 7.5 | An integer underflow in FRRouting (FRR) stable/10.0 to stable/10.6 allows attackers to cause a Denial of Service (DoS) via supplying a crafted BGP UPDATE message. | May 04, 2026 |
| CVE-2026-32834 | HIGH | 7.5 | Easy PayPal Events & Tickets plugin for WordPress version 1.3 and earlier contain a hardcoded authentication bypass vulnerability in the QR code scanning functionality that … | May 04, 2026 |
| CVE-2026-2828 | UNKNOWN | — | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this … | May 04, 2026 |
| CVE-2026-29004 | HIGH | 8.1 | BusyBox before commit 42202bf contains a heap buffer overflow vulnerability in the DHCPv6 client (udhcpc6) DNS_SERVERS option handler in networking/udhcp/d6_dhcpc.c that allows network-adjacent attackers to … | May 04, 2026 |
| CVE-2026-0073 | HIGH | 8.8 | In adbd_tls_verify_cert of auth.cpp, there is a possible bypass of wireless ADB mutual authentication due to a logic error in the code. This could lead … | May 04, 2026 |
| CVE-2026-42812 | CRITICAL | 9.9 | In Apache Iceberg, the table's metadata files are control files: they tell readers which data files belong to the table and which table version to … | May 04, 2026 |
| CVE-2026-42811 | CRITICAL | 9.9 | In plain terms, Apache Polaris is supposed to issue short-lived GCS credentials that only work for one table's files, but a crafted namespace or table … | May 04, 2026 |
| CVE-2026-42810 | CRITICAL | 9.9 | Apache Polaris accepts literal `*` characters in namespace and table names. When it later builds temporary S3 access policies for delegated table access, those same … | May 04, 2026 |
| CVE-2026-42809 | CRITICAL | 9.9 | Apache Polaris can issue broad temporary ("vended") storage credentials during staged table creation before the effective table location has been validated or durably reserved. Those … | May 04, 2026 |
| CVE-2026-42440 | HIGH | 7.5 | OOM Denial of Service via Unbounded Array Allocation in Apache OpenNLP AbstractModelReader Versions Affected: before 2.5.9 before 3.0.0-M3 Description: The AbstractModelReader methods getOutcomes(), getOutcomePatterns(), and … | May 04, 2026 |
| CVE-2026-42376 | CRITICAL | 9.8 | D-Link DIR-456U Hardware Revision A1 (End-of-Life, EOL) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /etc/init0.d/S80telnetd.sh with the username … | May 04, 2026 |
| CVE-2026-42375 | CRITICAL | 9.8 | D-Link DIR-600L Hardware Revision A1 (End-of-Life) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" … | May 04, 2026 |
| CVE-2026-42374 | CRITICAL | 9.8 | D-Link DIR-600L Hardware Revision B1 (End-of-Life) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" … | May 04, 2026 |
| CVE-2026-42373 | CRITICAL | 9.8 | D-Link DIR-605L Hardware Revision B2 (End-of-Life, EOL) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username … | May 04, 2026 |
| CVE-2026-42372 | HIGH | 8.8 | D-Link DIR-605L Hardware Revision A1 (End-of-Life, EOL) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username … | May 04, 2026 |
| CVE-2026-42090 | CRITICAL | 9.6 | Notesnook is a note-taking app focused on user privacy & ease of use. Prior to Notesnook Web/Desktop version 3.3.15 and prior to Notesnook iOS/Android version … | May 04, 2026 |
| CVE-2026-42080 | MEDIUM | 4.6 | PPTAgent is an agentic framework for reflective PowerPoint generation. Prior to commit 418491a, there is an arbitrary file write vulnerability via `save_generated_slides`. This issue has … | May 04, 2026 |