Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10110
Total
681
Critical
2907
High
3176
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-2031 | UNKNOWN | — | An Improper Access Control vulnerability in several internal API endpoints for Google Cloud Application Integration prior to 2026-01-23 allows a remote, unauthenticated attacker to disclose … | May 15, 2026 |
| CVE-2026-8669 | MEDIUM | 6.5 | Imager versions through 1.030 for Perl allow a heap out of bounds (OOB) write on crafted multi-frame GIF files. Imager::File::GIF's i_readgif_multi_low allocates a single per-row … | May 15, 2026 |
| CVE-2026-46483 | LOW | 3.6 | Vim is an open source, command line text editor. Prior to 9.2.0479, a command injection vulnerability exists in tar#Vimuntar() in runtime/autoload/tar.vim when decompressing .tgz archives … | May 15, 2026 |
| CVE-2026-45736 | MEDIUM | 4.4 | ws is an open source WebSocket client and server for Node.js. Prior to 8.20.1, the websocket.close() implementation is vulnerable to uninitialized memory disclosure when a … | May 15, 2026 |
| CVE-2026-39054 | HIGH | 7.3 | Oinone Pamirs 7.0.0 contains a command injection vulnerability in CommandHelper.executeCommands. The method starts a shell process and writes attacker-controlled command strings directly to the process … | May 15, 2026 |
| CVE-2026-39053 | MEDIUM | 6.5 | Oinone Pamirs 7.0.0 contains an XML External Entity (XXE) issue in its XStream-based XML parsing logic. When attacker-controlled XML is passed to framework parsing entry … | May 15, 2026 |
| CVE-2026-39052 | MEDIUM | 6.5 | Oinone Pamirs 7.0.0 contains a code execution vulnerability via ScriptRunner. The method ScriptRunner.run(String expression, String type, Map<String, Object> context) evaluates attacker-controlled script expressions through the … | May 15, 2026 |
| CVE-2026-38728 | HIGH | 7.5 | An issue in Nodemailer smtp_server before v.3.18.3 allows a remote attacker to cause a denial of service via the SMTPStream._write, lib/smtp-stream.js components | May 15, 2026 |
| CVE-2026-34253 | HIGH | 8.2 | A buffer underflow vulnerability has been identified in the ogg123 utility from the vorbis-tools 1.4.3 package in function remotethread in remote.c. This vulnerability occurs in … | May 15, 2026 |
| CVE-2025-67437 | MEDIUM | 6.5 | Medical Management System a81df1ce700a9662cb136b27af47f4cbde64156b is vulnerable to Insecure Permissions, which allows arbitrary user password reset. | May 15, 2026 |
| CVE-2025-14972 | UNKNOWN | — | * Countermeasures for DPA within SYMCRYPTO engine on SixG301xxx devices are not sufficiently random and will eventually repeat. * KSU keys using SYMCRYPTO will be … | May 15, 2026 |
| CVE-2026-46333 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: ptrace: slightly saner 'get_dumpable()' logic The 'dumpability' of a task is fundamentally about the memory … | May 15, 2026 |
| CVE-2026-7182 | UNKNOWN | — | Diagram's export module is vulnerable to Path Traversal in src attribute due to lack of HTML sanitization. An unauthenticated user could craft the html payload … | May 15, 2026 |
| CVE-2026-41553 | UNKNOWN | — | PDF Export Module used in DHTMLX's products Gantt and Scheduler is vulnerable to Remote Code Execution due to lack of "data" parameter sanitization. An unauthenticated … | May 15, 2026 |
| CVE-2026-41552 | UNKNOWN | — | PDF Export Module used in DHTMLX's products Gantt and Scheduler is vulnerable to Path Traversal due to lack of HTML sanitization. An unauthenticated user could … | May 15, 2026 |
| CVE-2026-8503 | MEDIUM | 6.5 | Apache::Session::Generate::SHA256 versions before 1.3.19 for Perl create insecure session ids. Apache::Session::Generate::SHA256 generated session ids insecurely. The default session id generator returns a SHA-256 hash of … | May 15, 2026 |
| CVE-2026-8454 | MEDIUM | 5.3 | Imager::File::GIF versions through 1.002 for Perl allow a heap out of bounds (OOB) write on crafted multi-frame GIF files. Imager::File::GIF's i_readgif_multi_low allocates a single per-row … | May 15, 2026 |
| CVE-2026-41971 | MEDIUM | 5.5 | Permission control vulnerability in the security control module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | May 15, 2026 |
| CVE-2026-41970 | MEDIUM | 6.8 | Out-of-bounds write vulnerability in the distributed file system module. Impact: Successful exploitation of this vulnerability may affect availability. | May 15, 2026 |
| CVE-2026-41969 | MEDIUM | 6.2 | Permission control vulnerability in the projection module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | May 15, 2026 |
| CVE-2026-41968 | MEDIUM | 5.9 | Permission control vulnerability in the manufacturability design module. Impact: Successful exploitation of this vulnerability may affect availability. | May 15, 2026 |
| CVE-2026-41967 | MEDIUM | 5.9 | Permission control vulnerability in the manufacturability design module. Impact: Successful exploitation of this vulnerability may affect availability. | May 15, 2026 |
| CVE-2026-41966 | MEDIUM | 5.6 | Permission control vulnerability in the smart sensing service. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | May 15, 2026 |
| CVE-2026-41965 | MEDIUM | 5.6 | Use-After-Free (UAF) vulnerability in the web. Impact: Successful exploitation of this vulnerability may affect availability. | May 15, 2026 |
| CVE-2026-41964 | HIGH | 8.4 | Permission control vulnerability in the web. Impact: Successful exploitation of this vulnerability may affect availability. | May 15, 2026 |