Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10238
Total
701
Critical
2952
High
3222
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-44248 | MEDIUM | 5.3 | Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, the MQTT 5 header Properties section is parsed and buffered before any … | May 13, 2026 |
| CVE-2026-43970 | UNKNOWN | — | Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in ninenines cowlib allows unauthenticated remote denial of service via memory exhaustion. cow_spdy:inflate/2 in cowlib passes … | May 13, 2026 |
| CVE-2026-42587 | HIGH | 7.5 | Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, HttpContentDecompressor accepts a maxAllocation parameter to limit decompression buffer size and prevent … | May 13, 2026 |
| CVE-2026-42586 | MEDIUM | 6.8 | Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, the Netty Redis codec encoder (RedisEncoder) writes user-controlled string content directly to … | May 13, 2026 |
| CVE-2026-42585 | MEDIUM | 6.5 | Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty incorrectly parses malformed Transfer-Encoding, enabling request smuggling attacks. This vulnerability is … | May 13, 2026 |
| CVE-2026-42584 | HIGH | 7.3 | Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, HttpClientCodec pairs each inbound response with an outbound request by queue.poll() once … | May 13, 2026 |
| CVE-2026-42583 | HIGH | 7.5 | Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Lz4FrameDecoder allocates a ByteBuf of size decompressedLength (up to 32 MB per … | May 13, 2026 |
| CVE-2026-42582 | HIGH | 7.5 | Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final, when decoding header blocks, the non-Huffman branch of io.netty.handler.codec.http3.QpackDecoder#decodeHuffmanEncodedLiteral may execute new byte[length] for … | May 13, 2026 |
| CVE-2026-42581 | MEDIUM | 5.8 | Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, HttpObjectDecoder strips a conflicting Content-Length header when a request carries both Transfer-Encoding: … | May 13, 2026 |
| CVE-2026-42580 | MEDIUM | 6.5 | Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty's chunk size parser silently overflows int, enabling request smuggling attacks. This … | May 13, 2026 |
| CVE-2026-42579 | HIGH | 7.5 | Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty's DNS codec does not enforce RFC 1035 domain name constraints during … | May 13, 2026 |
| CVE-2026-42578 | UNKNOWN | — | Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty's HttpProxyHandler constructs HTTP CONNECT requests with header validation explicitly disabled. The … | May 13, 2026 |
| CVE-2026-42577 | HIGH | 7.5 | Netty is an asynchronous, event-driven network application framework. From 4.2.0.Final to 4.2.13.Final , Netty's epoll transport fails to detect and close TCP connections that receive … | May 13, 2026 |
| CVE-2026-42032 | UNKNOWN | — | CKAN is an open-source DMS (data management system) for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, a vulnerability in datastore_search_sql allowed … | May 13, 2026 |
| CVE-2026-42031 | UNKNOWN | — | CKAN is an open-source DMS (data management system) for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, a vulnerability in datastore_search_sql allowed … | May 13, 2026 |
| CVE-2026-41410 | UNKNOWN | — | Rejected reason: REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-40520. Reason: This candidate is a duplicate of CVE-2026-40520. Notes: All CVE users should … | May 13, 2026 |
| CVE-2026-41255 | MEDIUM | 6.1 | CKAN is an open-source DMS (data management system) for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, Access to the views via … | May 13, 2026 |
| CVE-2026-41132 | UNKNOWN | — | CKAN is an open-source DMS (data management system) for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, the configured SMTP server may … | May 13, 2026 |
| CVE-2026-33585 | LOW | 3.8 | Improper management of the idle timeout parameter in the Keycloak interface of the Arqit SKA-Platform enables an attacker to impersonate an authenticated tenant user via … | May 13, 2026 |
| CVE-2026-33584 | MEDIUM | 5.3 | Exposed Keycloak management service in the Arqit Symmetric Key Agreement Platform enables unauthorized access to sensitive debug information such as metrics and health data. This … | May 13, 2026 |
| CVE-2026-33583 | HIGH | 8.7 | Exposure of the QKEY (used as input into the ‘OTA-Quantum’ device registration process) and internal system keys via an unauthenticated and unencrypted HTTP GET method … | May 13, 2026 |
| CVE-2026-30906 | HIGH | 7.8 | Untrusted search path in the installer for Zoom Rooms for Windows before version 7.0.0 may allow an authenticated user to enable an escalation of privilege … | May 13, 2026 |
| CVE-2026-30905 | HIGH | 7.8 | External Control of File Name or Path in the Zoom Workplace VDI Plugin Windows Universal Installer before version 6.6.11 may allow an authenticated user to … | May 13, 2026 |
| CVE-2026-30904 | LOW | 1.8 | Protection Mechanism Failure in Zoom Workplace for iOS before version 7.0.0 may allow an authenticated user to conduct a disclosure of information via physical access. | May 13, 2026 |
| CVE-2026-22677 | MEDIUM | 6.5 | Hermes WebUI prior to 0.51.44 - Release T contains a path traversal vulnerability in the session import endpoint that allows authenticated attackers to read arbitrary … | May 13, 2026 |