Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-42079 | HIGH | 8.6 | PPTAgent is an agentic framework for reflective PowerPoint generation. Prior to commit 418491a, PPTAgent is vulnerable to arbitrary code execution via Python eval() of LLM-generated … | May 04, 2026 |
| CVE-2026-42078 | MEDIUM | 4.6 | PPTAgent is an agentic framework for reflective PowerPoint generation. Prior to commit 418491a, PPTAgent is vulnerable to arbitrary file write and directory creation via markdown_table_to_image. … | May 04, 2026 |
| CVE-2026-42077 | MEDIUM | 5.2 | Evolver is a GEP-powered self-evolving engine for AI agents. Prior to version 1.69.3, a prototype pollution vulnerability in the mailbox store module allows attackers to … | May 04, 2026 |
| CVE-2026-42076 | CRITICAL | 9.8 | Evolver is a GEP-powered self-evolving engine for AI agents. Prior to version 1.69.3, a command injection vulnerability in the _extractLLM() function allows attackers to execute … | May 04, 2026 |
| CVE-2026-42075 | HIGH | 8.1 | Evolver is a GEP-powered self-evolving engine for AI agents. Prior to version 1.69.3, a path traversal vulnerability in the skill download (fetch) command allows attackers … | May 04, 2026 |
| CVE-2026-42027 | CRITICAL | 9.8 | Arbitrary Class Instantiation via Model Manifest in Apache OpenNLP ExtensionLoader Versions Affected: before 2.5.9, before 3.0.0-M3 Description: The ExtensionLoader.instantiateExtension(Class, String) method loads a class by … | May 04, 2026 |
| CVE-2026-40682 | CRITICAL | 9.1 | XML External Entity (XXE) via Unsanitized Dictionary Parsing in Apache OpenNLP DictionaryEntryPersistor Versions Affected: before 2.5.9, before 3.0.0-M3 Description: The DictionaryEntryPersistor class initializes a static … | May 04, 2026 |
| CVE-2026-38669 | MEDIUM | 6.1 | wCMS v.1.4 is vulnerable to Cross Site Scripting (XSS) when creating a new blog. | May 04, 2026 |
| CVE-2026-37461 | HIGH | 7.5 | An out-of-bounds read in the ParseIP6Extended function (/bgp/bgp.go) of gobgp v4.3.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted BGP … | May 04, 2026 |
| CVE-2026-29514 | HIGH | 8.8 | NetBox versions 4.3.5 through 4.5.4 contain a remote code execution vulnerability in the RenderTemplateMixin.get_environment_params() method that allows authenticated users with exporttemplate or configtemplate permissions to … | May 04, 2026 |
| CVE-2026-26956 | CRITICAL | 9.8 | vm2 is an open source vm/sandbox for Node.js. In version 3.10.4, vm2 is vulnerable to full sandbox escape with arbitrary code execution. Attacker code inside … | May 04, 2026 |
| CVE-2026-26332 | CRITICAL | 9.8 | vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.0, SuppressedError allows attackers to escape the sandbox and run arbitrary code. This issue … | May 04, 2026 |
| CVE-2026-25293 | CRITICAL | 9.6 | Buffer overflow due to incorrect authorization in PLC FW | May 04, 2026 |
| CVE-2026-25266 | MEDIUM | 5.5 | Memory corruption while processing IOCTL command when device is in power-save state. | May 04, 2026 |
| CVE-2026-24781 | CRITICAL | 9.8 | vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.0, VM2 suffers from a sandbox breakout vulnerability through the inspect function. This allows … | May 04, 2026 |
| CVE-2026-24120 | CRITICAL | 9.8 | vm2 is an open source vm/sandbox for Node.js. Prior to version 3.10.5, the fix for CVE-2023-37466 is insufficient and can be circumvented allowing attackers to … | May 04, 2026 |
| CVE-2026-24118 | CRITICAL | 9.8 | vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.0, VM2 suffers from a sandbox breakout vulnerability. This allows attackers to write code … | May 04, 2026 |
| CVE-2026-24082 | HIGH | 7.8 | Memory Corruption when copying data from a freed source while executing performance counter deselect operation. | May 04, 2026 |
| CVE-2025-47408 | HIGH | 7.8 | Memory corruption when another driver calls an IOCTL with invalid input/output buffer. | May 04, 2026 |
| CVE-2025-47407 | HIGH | 7.8 | Memory corruption while creating a process on the digital signal processor due to allocation failure at the kernel level. | May 04, 2026 |
| CVE-2025-47406 | MEDIUM | 6.1 | Information Disclosure while processing IOCTL handler callbacks without verifying buffer size. | May 04, 2026 |
| CVE-2025-47405 | HIGH | 7.8 | Memory corruption when processing camera sensor input/output control codes with invalid output buffers. | May 04, 2026 |
| CVE-2025-47404 | MEDIUM | 6.5 | Memory corruption when dynamically changing the size of a previously allocated buffer while its contents are being modified. | May 04, 2026 |
| CVE-2025-47403 | MEDIUM | 6.5 | Transient DOS when processing a malformed Fast Transition response frame with an invalid header structure during wireless roaming. | May 04, 2026 |
| CVE-2025-47401 | MEDIUM | 6.5 | Transient DOS when processing target power rate tables during channel configuration. | May 04, 2026 |