Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2018-25268 | HIGH | 8.4 | LanSpy 2.0.1.159 contains a local buffer overflow vulnerability that allows attackers to overwrite the instruction pointer by supplying oversized input to the scan field. Attackers … | Apr 22, 2026 |
| CVE-2018-25267 | MEDIUM | 6.2 | UltraISO 9.7.1.3519 contains a local buffer overflow vulnerability in the Output FileName field of the Make CD/DVD Image dialog that allows attackers to overwrite SEH … | Apr 22, 2026 |
| CVE-2018-25266 | MEDIUM | 6.2 | Angry IP Scanner 3.5.3 contains a buffer overflow vulnerability in the preferences dialog that allows local attackers to crash the application by supplying an excessively … | Apr 22, 2026 |
| CVE-2018-25265 | HIGH | 8.4 | LanSpy 2.0.1.159 contains a local buffer overflow vulnerability in the scan section that allows local attackers to execute arbitrary code by exploiting structured exception handling … | Apr 22, 2026 |
| CVE-2018-25262 | MEDIUM | 6.2 | Angry IP Scanner for Linux 3.5.3 contains a denial of service vulnerability that allows local attackers to crash the application by supplying malformed input to … | Apr 22, 2026 |
| CVE-2018-25261 | HIGH | 8.4 | Iperius Backup 5.8.1 contains a local buffer overflow vulnerability in the structured exception handling (SEH) mechanism that allows local attackers to execute arbitrary code by … | Apr 22, 2026 |
| CVE-2018-25260 | HIGH | 8.4 | MAGIX Music Editor 3.1 contains a buffer overflow vulnerability in the FreeDB Proxy Options dialog that allows local attackers to execute arbitrary code by exploiting … | Apr 22, 2026 |
| CVE-2018-25259 | HIGH | 8.4 | Terminal Services Manager 3.1 contains a stack-based buffer overflow vulnerability in the computer names field that allows local attackers to execute arbitrary code by triggering … | Apr 22, 2026 |
| CVE-2026-35548 | HIGH | 8.5 | An issue was discovered in guardsix (formerly Logpoint) ODBC Enrichment Plugins before 5.2.1 (5.2.1 is used in guardsix 7.9.0.0). A logic flaw allowed stored database … | Apr 22, 2026 |
| CVE-2026-6862 | MEDIUM | 5.5 | A flaw was found in libefiboot, a component of efivar. The device path node parser in libefiboot fails to validate that each node's Length field … | Apr 22, 2026 |
| CVE-2026-6861 | MEDIUM | 6.1 | A flaw was found in GNU Emacs. This vulnerability, a memory corruption issue, occurs when Emacs processes specially crafted SVG (Scalable Vector Graphics) CSS (Cascading … | Apr 22, 2026 |
| CVE-2026-6859 | HIGH | 8.8 | A flaw was found in InstructLab. The `linux_train.py` script hardcodes `trust_remote_code=True` when loading models from HuggingFace. This allows a remote attacker to achieve arbitrary Python … | Apr 22, 2026 |
| CVE-2026-6356 | CRITICAL | 9.6 | A vulnerability in the web application allows standard users to escalate their privileges to those of a super administrator through parameter manipulation, enabling them to … | Apr 22, 2026 |
| CVE-2026-6355 | MEDIUM | 6.5 | A vulnerability in the web application allows unauthorized users to access and manipulate sensitive data across different tenants by exploiting insecure direct object references. This … | Apr 22, 2026 |
| CVE-2026-5750 | UNKNOWN | — | An insecure direct object reference (IDOR) vulnerability in the Fullstep V5 registration process allows authenticated users to access data belonging to other registered users through … | Apr 22, 2026 |
| CVE-2026-5749 | UNKNOWN | — | Inadequate access control in the registration process in Fullstep V5, which could allow unauthenticated users to obtain a valid JWT token with which to interact … | Apr 22, 2026 |
| CVE-2026-41651 | HIGH | 8.8 | PackageKit is a a D-Bus abstraction layer that allows the user to manage packages in a secure way using a cross-distro, cross-architecture API. PackageKit between … | Apr 22, 2026 |
| CVE-2026-33611 | MEDIUM | 6.5 | An operator allowed to use the REST API can cause the Authoritative server to produce invalid HTTPS or SVCB record data, which can in turn … | Apr 22, 2026 |
| CVE-2026-33610 | MEDIUM | 5.9 | A rogue primary server may cause file descriptor exhaustion and eventually a denial of service, when a PowerDNS secondary server forwards a DNS update request … | Apr 22, 2026 |
| CVE-2026-33609 | MEDIUM | 5.3 | Incomplete escaping of LDAP queries when running with 8bit-dns enabled allows users to perform queries of internal domain subtrees. | Apr 22, 2026 |
| CVE-2026-33608 | HIGH | 7.4 | An attacker can send a notify request that causes a new secondary domain to be added to the bind backend, but causes said backend to … | Apr 22, 2026 |
| CVE-2026-33602 | MEDIUM | 6.5 | A rogue backend can send a crafted UDP response with a query ID off by one related to the maximum configured value, triggering an out-of-bounds … | Apr 22, 2026 |
| CVE-2026-33599 | LOW | 3.1 | A rogue backend can send a crafted SVCB response to a Discovery of Designated Resolvers request, when requested via either the autoUpgrade (Lua) option to … | Apr 22, 2026 |
| CVE-2026-33598 | MEDIUM | 4.8 | A cached crafted response can cause an out-of-bounds read if custom Lua code calls getDomainListByAddress() or getAddressListByDomain() on a packet cache. | Apr 22, 2026 |
| CVE-2026-33597 | LOW | 3.7 | PRSD detection denial of service | Apr 22, 2026 |