Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-37532 | HIGH | 7.1 | AGL agl-service-can-low-level thru 17.1.12 contains a heap buffer over-read in the isotp-c library. In isotp_continue_receive (receive.c:87-89), the payload_length for a Single Frame is extracted from … | May 01, 2026 |
| CVE-2026-37531 | CRITICAL | 9.8 | AGL app-framework-main thru 17.1.12 contains a Zip Slip path traversal vulnerability (CWE-22) combined with a TOCTOU race condition (CWE-367) in the widget installation flow. The … | May 01, 2026 |
| CVE-2026-37530 | HIGH | 7.5 | AGL agl-service-can-low-level thru 17.1.12 contains a stack buffer overflow in the uds-c library. The send_diagnostic_request function in uds.c allocates a 6-byte stack buffer (MAX_DIAGNOSTIC_PAYLOAD_SIZE=6) but … | May 01, 2026 |
| CVE-2026-37526 | HIGH | 7.8 | AGL app-framework-binder (afb-daemon) through v19.90.0 allows any local process to execute privileged supervision commands (Exit, Do, Sclose, Config, Trace, Debug, Token, slist) without authentication via … | May 01, 2026 |
| CVE-2026-37525 | HIGH | 7.8 | AGL app-framework-binder (afb-daemon) through v19.90.0 contains a privilege escalation vulnerability in the supervision Do command. The on_supervision_call function in src/afb-supervision.c explicitly nullifies the request credentials … | May 01, 2026 |
| CVE-2026-7586 | MEDIUM | 4.3 | A weakness has been identified in Open5GS up to 2.7.7. Affected is the function ogs_id_get_value of the file /src/amf/nudm-handler.c of the component AMF. This manipulation … | May 01, 2026 |
| CVE-2026-7585 | MEDIUM | 4.3 | A vulnerability was determined in Open5GS up to 2.7.7. The impacted element is the function amf_nudm_sdm_handle_provisioned of the file /src/amf/nudm-handler.c of the component AMF. Executing … | May 01, 2026 |
| CVE-2026-42481 | MEDIUM | 5.5 | Open CASCADE Technology (OCCT) V8_0_0_rc5 contains multiple vulnerabilities in its IGES and STEP file parsers that can be triggered by crafted IGES or STEP files. … | May 01, 2026 |
| CVE-2026-42480 | MEDIUM | 5.5 | A stack-based out-of-bounds read vulnerability in VrmlData_Scene::ReadLine in the VRML parser in Open CASCADE Technology (OCCT) V8_0_0_rc5 allows attackers to cause a denial of service … | May 01, 2026 |
| CVE-2026-42475 | MEDIUM | 6.5 | SQL injection vulnerability in MixPHP Framework 2.x thru 2.2.17 via crafted `on` array to the joinOn function in BuildHelper.php. | May 01, 2026 |
| CVE-2026-42474 | MEDIUM | 6.5 | SQL injection vulnerability in MixPHP Framework 2.x thru 2.2.17 via crafted `data` array to the data function in BuildHelper.php. | May 01, 2026 |
| CVE-2026-42473 | CRITICAL | 9.8 | Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The session and cache handlers use unserialize() on data from the filesystem in the FileHandler object. | May 01, 2026 |
| CVE-2026-42472 | CRITICAL | 9.8 | Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The session and cache handlers use unserialize() on data from Redis in the RedisHandler object. | May 01, 2026 |
| CVE-2026-42471 | HIGH | 8.1 | Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The sync-invoke client (Connection.php:76) calls unserialize() on data received from the server response, enabling client-side RCE … | May 01, 2026 |
| CVE-2026-37554 | HIGH | 7.5 | An issue was discovered in Vanetza V2X v26.02 allowing remote unauthorized attackers to cause a denial of service. The vulnerability exists in the GeoNetworking packet … | May 01, 2026 |
| CVE-2026-37552 | HIGH | 8.4 | Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The sync-invoke TCP server (Server.php:87) receives data from a TCP socket, passes it directly to Opis\Closure\unserialize(), … | May 01, 2026 |
| CVE-2026-37505 | MEDIUM | 4.9 | SQL Injection via ORDER BY clause in V2Board thru 1.7.4. In app/Http/Controllers/Admin/UserController.php, the sort parameter from user input is passed directly to User::orderBy($sort, $sortType) without … | May 01, 2026 |
| CVE-2026-37504 | MEDIUM | 5.3 | Sensitive server_token exposed via GET parameter in V2Board thru 1.7.4. In app/Http/Controllers/Server/UniProxyController.php, the server authentication token is accepted via GET parameter transmission. The token appears … | May 01, 2026 |
| CVE-2026-37503 | MEDIUM | 6.9 | Cross-Site Scripting (XSS) in V2Board thru 1.7.4. The custom_html field in theme configuration is rendered using Blade unescaped output in public/theme/v2board/dashboard.blade.php. An admin can inject … | May 01, 2026 |
| CVE-2026-23866 | MEDIUM | 4.3 | Incomplete validation of AI rich response messages for Instagram Reels in WhatsApp for iOS v2.25.8.0 to v2.26.15.72 and WhatsApp for Android v2.25.8.0 to v2.26.7.10 could … | May 01, 2026 |
| CVE-2026-23863 | MEDIUM | 6.5 | An attachment spoofing issue in WhatsApp for Windows prior to v2.3000.1032164386.258709 could have allowed maliciously formatted documents with embedded NUL bytes in the filename to … | May 01, 2026 |
| CVE-2026-22167 | HIGH | 7.8 | Software installed and run as a non-privileged user may conduct improper GPU system calls to force GPU to write to arbitrary physical memory pages. Under … | May 01, 2026 |
| CVE-2026-22166 | HIGH | 8.1 | A web page that contains unusual WebGPU content loaded into the GPU GLES render process and can trigger write UAF crash in the GPU GLES … | May 01, 2026 |
| CVE-2026-22165 | HIGH | 8.1 | A web page that contains unusual WebGPU content loaded into the GPU GLES render process and can trigger a write UAF crash in the GPU … | May 01, 2026 |
| CVE-2026-7583 | MEDIUM | 4.3 | A flaw has been found in Open5GS up to 2.7.7. This issue affects the function bsf_sess_find_by_ipv6prefix of the file /src/bsf/context.c of the component BSF. This … | May 01, 2026 |