Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-40563 | HIGH | 7.1 | Description: Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Atlas Apache Atlas exposes a DSL search endpoint that accepts user-supplied query strings. … | May 04, 2026 |
| CVE-2026-37458 | UNKNOWN | — | Missing input validation in the MP_REACH_NLRI component of FRRouting (FRR) stable/10.0 to stable/10.6 allows authenticated attackers to cause a Denial of Service (DoS) via supplying … | May 04, 2026 |
| CVE-2026-36365 | UNKNOWN | — | An issue in Lymphatus caesium-image-compressor All versions up to and including commit 02da2c6 allows a local attacker to execute arbitrary code via the shutdownMachine and … | May 04, 2026 |
| CVE-2025-70071 | MEDIUM | 5.9 | An issue in Assimp v.6.0.2 allows a remote attacker to cause a denial of service via the FBXParser.cpp, ParseVectorDataArray() | May 04, 2026 |
| CVE-2026-6501 | UNKNOWN | — | Improper restriction of XML external entity reference vulnerability in ILM Informatique jOpenDocument allows Data Serialization External Entities Blowup. This issue affects jOpenDocument: 1.5. | May 04, 2026 |
| CVE-2026-6500 | UNKNOWN | — | Plaintext storage of a password vulnerability in ILM Informatique OpenConcerto allows Retrieve Embedded Sensitive Data. This issue affects OpenConcerto: 1.7.5. | May 04, 2026 |
| CVE-2026-33523 | MEDIUM | 6.5 | HTTP response splitting vulnerability in multiple Apache HTTP Server modules with untrusted or compromised backend servers. This issue affects Apache HTTP Server: from through 2.4.66. … | May 04, 2026 |
| CVE-2026-33007 | MEDIUM | 5.3 | A NULL pointer dereference in the mod_authn_socache in Apache HTTP Server 2.4.66 and earlier allows an unauthenticated remote user to crash a child process in … | May 04, 2026 |
| CVE-2026-33006 | MEDIUM | 4.8 | A timing attack against mod_auth_digest in Apache HTTP Server 2.4.66 allows a bypass of Digest authentication by a remote attacker. Users are recommended to upgrade … | May 04, 2026 |
| CVE-2026-29169 | HIGH | 7.5 | A NULL pointer dereference in mod_dav_lock in Apache HTTP Server 2.4.66 and earlier may allow an attacker to crash the server with a malicious request.mod_dav_lock … | May 04, 2026 |
| CVE-2026-23918 | HIGH | 8.8 | Double Free and possible RCE vulnerability in Apache HTTP Server with the HTTP/2 protocol. This issue affects Apache HTTP Server: 2.4.66. Users are recommended to … | May 04, 2026 |
| CVE-2025-70072 | MEDIUM | 6.5 | An issue in Assimp v.6.0.2 allows a remote attacker to cause a denial of service via the FBXConverter.cpp, FBXConverter::ConvertMeshMultiMaterial() components | May 04, 2026 |
| CVE-2025-70070 | MEDIUM | 6.5 | An issue in Assimp v.6.0.2 allows a remote attacker to cause a denial of service via the FBXMeshGeometry.cpp, MeshGeometry::MeshGeometry() | May 04, 2026 |
| CVE-2025-13605 | UNKNOWN | — | 3onedata modbus gateway device model GW1101-1D(RS-485)-TB-P (hardware version V2.2.0) allows authenticated users to execute arbitrary shell commands in the context of the root user by … | May 04, 2026 |
| CVE-2026-6499 | UNKNOWN | — | Incorrect Permission Assignment for Critical Resource vulnerability in ILM Informatique OpenConcerto allows Replace Binaries. This issue affects OpenConcerto: 1.7.5. | May 04, 2026 |
| CVE-2026-6266 | HIGH | 8.3 | A flaw was found in the AAP gateway. The user auto-link strategy, introduced in AAP 2.6, automatically links an external Identity Provider (IDP) identity to … | May 04, 2026 |
| CVE-2026-4928 | UNKNOWN | — | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this … | May 04, 2026 |
| CVE-2026-34032 | MEDIUM | 5.3 | Improper Null Termination, Out-of-bounds Read vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version … | May 04, 2026 |
| CVE-2026-33857 | MEDIUM | 5.3 | Out-of-bounds Read vulnerability in mod_proxy_ajp of Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, … | May 04, 2026 |
| CVE-2026-31205 | MEDIUM | 5.7 | Cross Site Scripting vulnerability in Pluck CMS before v.4.7.21dev allows a remote attacker to escalate privileges via the editpage.php and the sanitizePageContent function | May 04, 2026 |
| CVE-2025-70069 | HIGH | 7.5 | An issue in Assimp v.6.0.2 allows a remote attacker to cause a denial of service via the FBXConverter.cpp and ConvertMeshMultiMaterial() method | May 04, 2026 |
| CVE-2025-70067 | UNKNOWN | — | Buffer Overflow vulnerability exists in Assimp versions up to 6.0.2 in the FBX Importer. The vulnerability occurs in aiMaterial::AddBinaryProperty, where a property key string from … | May 04, 2026 |
| CVE-2025-58074 | HIGH | 8.8 | A privilege escalation vulnerability exists during the installation of Norton Secure VPN via the Microsoft Store. A low-privilege user can replace files during the installation … | May 04, 2026 |
| CVE-2026-7482 | CRITICAL | 9.1 | Ollama before 0.17.1 contains a heap out-of-bounds read vulnerability in the GGUF model loader. The /api/create endpoint accepts an attacker-supplied GGUF file in which the … | May 04, 2026 |
| CVE-2026-34059 | HIGH | 7.5 | Buffer Over-read vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes … | May 04, 2026 |