Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-41418 | MEDIUM | 5.3 | 4ga Boards is a boards system for realtime project management. Prior to 3.3.5, 4ga Boards is vulnerable to user enumeration via a timing side-channel in … | Apr 24, 2026 |
| CVE-2026-41416 | UNKNOWN | — | PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, there is an integer overflow in media stream … | Apr 24, 2026 |
| CVE-2026-41415 | UNKNOWN | — | PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, there is an out-of-bounds read when parsing a … | Apr 24, 2026 |
| CVE-2026-41414 | HIGH | 7.4 | Skim is a fuzzy finder designed to through files, lines, and commands. The generate-files job in .github/workflows/pr.yml checks out attacker-controlled fork code and executes it … | Apr 24, 2026 |
| CVE-2026-41328 | CRITICAL | 9.1 | Dgraph is an open source distributed GraphQL database. Prior to 25.3.3, a vulnerability has been found in Dgraph that gives an unauthenticated attacker full read … | Apr 24, 2026 |
| CVE-2026-41327 | CRITICAL | 9.1 | Dgraph is an open source distributed GraphQL database. Prior to 25.3.3, a vulnerability has been found in Dgraph that gives an unauthenticated attacker full read … | Apr 24, 2026 |
| CVE-2026-41326 | UNKNOWN | — | Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines (VMs) that perform like containers. From v3.4.0 to v3.28.0, … | Apr 24, 2026 |
| CVE-2026-33666 | HIGH | 7.5 | Zserio is a framework for serializing structured data with a compact and efficient way with low overhead. Prior to 2.18.1, in BitStreamReader.h readBytes() / readString(), … | Apr 24, 2026 |
| CVE-2026-33662 | HIGH | 7.5 | OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. From … | Apr 24, 2026 |
| CVE-2026-33524 | HIGH | 7.5 | Zserio is a framework for serializing structured data with a compact and efficient way with low overhead. Prior to 2.18.1, a crafted payload as small … | Apr 24, 2026 |
| CVE-2026-42044 | MEDIUM | 6.5 | Axios is a promise based HTTP client for the browser and Node.js. From 1.0.0 to before 1.15.2, he Axios library is vulnerable to a Prototype … | Apr 24, 2026 |
| CVE-2026-42043 | HIGH | 7.2 | Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, an attacker who can influence the target URL … | Apr 24, 2026 |
| CVE-2026-42042 | MEDIUM | 5.4 | Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, the Axios library's XSRF token protection logic uses … | Apr 24, 2026 |
| CVE-2026-42041 | MEDIUM | 4.8 | Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, the Axios library is vulnerable to a Prototype … | Apr 24, 2026 |
| CVE-2026-42040 | LOW | 3.7 | Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, the encode() function in lib/helpers/AxiosURLSearchParams.js contains a character … | Apr 24, 2026 |
| CVE-2026-42039 | UNKNOWN | — | Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, toFormData recursively walks nested objects with no depth … | Apr 24, 2026 |
| CVE-2026-42038 | MEDIUM | 6.8 | Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, he fix for no_proxy hostname normalization bypass is … | Apr 24, 2026 |
| CVE-2026-42037 | MEDIUM | 5.3 | Axios is a promise based HTTP client for the browser and Node.js. From 1.0.0 to before 1.15.1, the FormDataPart constructor in lib/helpers/formDataToStream.js interpolates value.type directly … | Apr 24, 2026 |
| CVE-2026-42036 | MEDIUM | 5.3 | Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, when responseType: 'stream' is used, Axios returns the … | Apr 24, 2026 |
| CVE-2026-42035 | HIGH | 7.4 | Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, a prototype pollution gadget exists in the Axios … | Apr 24, 2026 |
| CVE-2026-42034 | MEDIUM | 5.3 | Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, for stream request bodies, maxBodyLength is bypassed when … | Apr 24, 2026 |
| CVE-2026-42033 | HIGH | 7.4 | Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, when Object.prototype has been polluted by any co-dependency … | Apr 24, 2026 |
| CVE-2026-41898 | UNKNOWN | — | rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.24 to before 0.10.78, the FFI trampolines behind SslContextBuilder::set_psk_client_callback, set_psk_server_callback, set_cookie_generate_cb, and set_stateless_cookie_generate_cb forwarded the … | Apr 24, 2026 |
| CVE-2026-41681 | UNKNOWN | — | rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.10.39 to before 0.10.78, EVP_DigestFinal() always writes EVP_MD_CTX_size(ctx) to the out buffer. If out is … | Apr 24, 2026 |
| CVE-2026-41680 | UNKNOWN | — | Marked is a markdown parser and compiler. From 18.0.0 to 18.0.1, a critical Denial of Service (DoS) vulnerability exists in marked. By providing a specific … | Apr 24, 2026 |