Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-7399 | HIGH | 8.1 | Authorization bypass through User-Controlled key vulnerability in MeWare Software Development Inc. PDKS allows Privilege Abuse. This issue affects PDKS: from V16.20200313 before VMYR_3.5.2025117. | Apr 30, 2026 |
| CVE-2026-7382 | MEDIUM | 6.5 | Exposure of Sensitive Information to an Unauthorized Actor, Exposure of private personal information to an unauthorized actor vulnerability in MeWare Software Development Inc. PDKS allows … | Apr 30, 2026 |
| CVE-2025-14576 | UNKNOWN | — | Insufficient validation of node IDs in Qt SVG module allows arbitrary QML/JavaScript code injection when loading malicious SVG files through the VectorImage component in Qt … | Apr 30, 2026 |
| CVE-2024-13971 | UNKNOWN | — | Unauthenticated attackers can exploit a weakness in the XML parser functionality of Lobster_pro prior to version 4.12.6-GA. This allows them to obtain read access to … | Apr 30, 2026 |
| CVE-2026-5080 | MEDIUM | 5.9 | Dancer::Session::Abstract versions through 1.3522 for Perl generates session ids insecurely. The session id is generated from summing the character codepoints of the absolute pathname with … | Apr 30, 2026 |
| CVE-2026-41882 | HIGH | 7.4 | In JetBrains IntelliJ IDEA before 2024.3.7.1, 2025.1.7.1, 2025.2.6.2, 2025.3.4.1, 2026.1.1 reading arbitrary local files was possible via built-in web server | Apr 30, 2026 |
| CVE-2026-31693 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: cifs: some missing initializations on replay In several places in the code, we have a … | Apr 30, 2026 |
| CVE-2026-1493 | UNKNOWN | — | LEX Baza Dokumentów is vulnerable to DOM-based XSS in "em" cookie parameter. The application unsafely processes the parameter on the client side, allowing an attacker … | Apr 30, 2026 |
| CVE-2026-31787 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: xen/privcmd: fix double free via VMA splitting privcmd_vm_ops defines .close (privcmd_close), but neither .may_split nor … | Apr 30, 2026 |
| CVE-2026-31786 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: Buffer overflow in drivers/xen/sys-hypervisor.c The build id returned by HYPERVISOR_xen_version(XENVER_build_id) is neither NUL terminated nor … | Apr 30, 2026 |
| CVE-2026-31692 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: rtnetlink: add missing netlink_ns_capable() check for peer netns rtnl_newlink() lacks a CAP_NET_ADMIN capability check on … | Apr 30, 2026 |
| CVE-2026-6498 | MEDIUM | 5.3 | The Five Star Restaurant Reservations plugin for WordPress is vulnerable to a payment bypass via PHP type juggling in versions up to, and including, 2.7.16 … | Apr 30, 2026 |
| CVE-2026-42800 | HIGH | 7.4 | NULL pointer dereference vulnerability in ASR1903 in ASR Lapwing_Linux on Linux (ims_client modules) allows Pointer Manipulation. This vulnerability is associated with program files sip/utils/src/sipuri.c. | Apr 30, 2026 |
| CVE-2026-41016 | MEDIUM | 5.9 | Apache Airflow's SMTP provider `SmtpHook` called Python's `smtplib.SMTP.starttls()` without an SSL context, so no certificate validation was performed on the TLS upgrade. A man-in-the-middle between … | Apr 30, 2026 |
| CVE-2026-42799 | HIGH | 7.4 | Out-of-bounds read vulnerability in ASR Kestrel (nr_fw modules) allows Overflow Buffers. This vulnerability is associated with program files Code/Nr/nr_fw/RA/src/NrPwrCtrl.C. This issue affects Kestrel: before 2026/02/10. | Apr 30, 2026 |
| CVE-2026-42512 | HIGH | 7.3 | As dhclient is building an environment to pass to dhclient-script, it may need to resize the array of string pointers. The code which expands the … | Apr 30, 2026 |
| CVE-2026-39457 | HIGH | 7.8 | When exchanging data over a socket, libnv uses select(2) to wait for data to arrive. However, it does not verify whether the provided socket descriptor … | Apr 30, 2026 |
| CVE-2026-35547 | CRITICAL | 9.1 | When processing the header of an incoming message, libnv failed to properly validate the message size. The lack of validation allows a malicious program to … | Apr 30, 2026 |
| CVE-2026-22070 | HIGH | 7.1 | ColorOS Assistant has an unauthenticated start-download channel, leading to file path traversal. | Apr 30, 2026 |
| CVE-2026-7164 | HIGH | 7.5 | Incorrect packet validation allowed unbounded recursion parsing SCTP chunk parameters. This can eventually result in a stack overflow and panic. Remote attackers can craft packets … | Apr 30, 2026 |
| CVE-2026-7270 | HIGH | 7.8 | An operator precedence bug in the kernel results in a scenario where a buffer overflow causes attacker-controlled data to overwrite adjacent execve(2) argument buffers. The … | Apr 30, 2026 |
| CVE-2026-6870 | MEDIUM | 5.5 | GSM RP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service | Apr 30, 2026 |
| CVE-2026-6869 | MEDIUM | 5.5 | WebSocket protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service | Apr 30, 2026 |
| CVE-2026-6867 | MEDIUM | 5.5 | SMB2 protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service | Apr 30, 2026 |
| CVE-2026-6538 | MEDIUM | 5.5 | BEEP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service | Apr 30, 2026 |