Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
11067
Total
752
Critical
3202
High
3546
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-34983 | UNKNOWN | — | Wasmtime is a runtime for WebAssembly. In 43.0.0, cloning a wasmtime::Linker is unsound and can result in use-after-free bugs. This bug is not controllable by … | Apr 09, 2026 |
| CVE-2026-34971 | UNKNOWN | — | Wasmtime is a runtime for WebAssembly. From 32.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's Cranelift compilation backend contains a bug on aarch64 when performing … | Apr 09, 2026 |
| CVE-2026-34946 | UNKNOWN | — | Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's Winch compiler contains a vulnerability where the compilation of the … | Apr 09, 2026 |
| CVE-2026-34945 | UNKNOWN | — | Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's Winch compiler contains a bug where a 64-bit table, part … | Apr 09, 2026 |
| CVE-2026-34944 | UNKNOWN | — | Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1, On x86-64 platforms with SSE3 disabled Wasmtime's compilation of the f64x2.splat WebAssembly … | Apr 09, 2026 |
| CVE-2026-34943 | UNKNOWN | — | Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1, Wasmtime contains a possible panic which can happen when a flags-typed component … | Apr 09, 2026 |
| CVE-2026-34942 | UNKNOWN | — | Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1, Wasmtime's implementation of transcoding strings into the Component Model's utf16 or latin1+utf16 … | Apr 09, 2026 |
| CVE-2026-34941 | UNKNOWN | — | Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1, Wasmtime contains a vulnerability where when transcoding a UTF-16 string to the … | Apr 09, 2026 |
| CVE-2026-31170 | UNKNOWN | — | An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stun-pass parameter to /cgi-bin/cstecgi.cgi. | Apr 09, 2026 |
| CVE-2026-28205 | UNKNOWN | — | OpenPLC_V3 is vulnerable to an Initialization of a Resource with an Insecure Default vulnerability which could allow an attacker to gain access to the system … | Apr 09, 2026 |
| CVE-2026-5971 | HIGH | 7.3 | A flaw has been found in FoundationAgents MetaGPT up to 0.8.1. This vulnerability affects the function ActionNode.xml_fill of the file metagpt/actions/action_node.py of the component XML … | Apr 09, 2026 |
| CVE-2026-5970 | HIGH | 7.3 | A vulnerability was detected in FoundationAgents MetaGPT up to 0.8.1. This affects the function check_solution of the component HumanEvalBenchmark/MBPPBenchmark. Performing a manipulation results in code … | Apr 09, 2026 |
| CVE-2026-5329 | HIGH | 8.5 | Rapid7 Velociraptor versions prior to 0.76.2 contain an improper input validation vulnerability in the client monitoring message handler on the Velociraptor server (primarily Linux) that … | Apr 09, 2026 |
| CVE-2026-40072 | UNKNOWN | — | web3.py allows you to interact with the Ethereum blockchain using Python. From 6.0.0b3 to before 7.15.0 and 8.0.0b2, web3.py implements CCIP Read / OffchainLookup (EIP-3668) … | Apr 09, 2026 |
| CVE-2026-40071 | MEDIUM | 5.4 | pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev97, the /json/package_order, /json/link_order, and /json/abort_link WebUI JSON endpoints enforce weaker permissions … | Apr 09, 2026 |
| CVE-2026-40070 | HIGH | 8.1 | BSV Ruby SDK is the Ruby SDK for the BSV blockchain. From 0.3.1 to before 0.8.2, BSV::Wallet::WalletClient#acquire_certificate persists certificate records to storage without verifying the … | Apr 09, 2026 |
| CVE-2026-40069 | HIGH | 7.5 | BSV Ruby SDK is the Ruby SDK for the BSV blockchain. From 0.1.0 to before 0.8.2, BSV::Network::ARC's failure detection only recognises REJECTED and DOUBLE_SPEND_ATTEMPTED. ARC … | Apr 09, 2026 |
| CVE-2026-39987 | UNKNOWN | — | marimo is a reactive Python notebook. Prior to 0.23.0, Marimo has a Pre-Auth RCE vulnerability. The terminal WebSocket endpoint /terminal/ws lacks authentication validation, allowing an … | Apr 09, 2026 |
| CVE-2026-39985 | MEDIUM | 4.3 | LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provides data- and project-management for neuroimaging research. Prior to 27.0.3 and 28.0.1, … | Apr 09, 2026 |
| CVE-2026-39983 | HIGH | 8.6 | basic-ftp is an FTP client for Node.js. Prior to 5.2.1, basic-ftp allows FTP command injection via CRLF sequences (\r\n) in file path parameters passed to … | Apr 09, 2026 |
| CVE-2026-39981 | HIGH | 8.8 | AGiXT is a dynamic AI Agent Automation Platform. Prior to 1.9.2, the safe_join() function in the essential_abilities extension fails to validate that resolved file paths … | Apr 09, 2026 |
| CVE-2026-39980 | CRITICAL | 9.1 | OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 6.9.5, the safeEjs.ts file does not properly sanitize EJS … | Apr 09, 2026 |
| CVE-2026-39961 | MEDIUM | 6.8 | Aiven Operator allows you to provision and manage Aiven Services from your Kubernetes cluster. From 0.31.0 to before 0.37.0, a developer with create permission on … | Apr 09, 2026 |
| CVE-2026-39911 | HIGH | 8.8 | Hashgraph Guardian through version 3.5.0 contains an unsandboxed JavaScript execution vulnerability in the Custom Logic policy block worker that allows authenticated Standard Registry users to … | Apr 09, 2026 |
| CVE-2026-39315 | MEDIUM | 6.1 | Unhead is a document head and template manager. Prior to 2.1.13, useHeadSafe() is the composable that Nuxt's own documentation explicitly recommends for rendering user-supplied content … | Apr 09, 2026 |