Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10238
Total
701
Critical
2952
High
3222
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-44580 | MEDIUM | 6.1 | Next.js is a React framework for building full-stack web applications. From 13.0.0 to before 15.5.16 and 16.2.5, applications that use beforeInteractive scripts together with untrusted … | May 13, 2026 |
| CVE-2026-44579 | HIGH | 7.5 | Next.js is a React framework for building full-stack web applications. From to before 15.5.16 and 16.2.5, applications using Partial Prerendering through the Cache Components feature … | May 13, 2026 |
| CVE-2026-44578 | HIGH | 8.6 | Next.js is a React framework for building full-stack web applications. From 13.4.13 to before 15.5.16 and 16.2.5, self-hosted applications using the built-in Node.js server can … | May 13, 2026 |
| CVE-2026-44009 | CRITICAL | 9.8 | vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.2, This vulnerability is fixed in 3.11.2. | May 13, 2026 |
| CVE-2026-44008 | CRITICAL | 9.8 | vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.2, the new method neutralizeArraySpeciesBatch works with objects from the other side but can call … | May 13, 2026 |
| CVE-2026-44007 | CRITICAL | 9.1 | vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.1, when a NodeVM is created with nesting: true, sandbox code can unconditionally require('vm2') regardless … | May 13, 2026 |
| CVE-2026-44006 | CRITICAL | 10.0 | vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, It is possible to reach BaseHandler.getPrototypeOf, which can be used to get arbitrary prototypes. … | May 13, 2026 |
| CVE-2026-44005 | CRITICAL | 10.0 | vm2 is an open source vm/sandbox for Node.js. From 3.9.6 to 3.10.5, vm2's bridge exposes mutable proxies for real host-realm intrinsic prototypes and then forwards … | May 13, 2026 |
| CVE-2026-44004 | HIGH | 7.5 | vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, sandboxed code can call Buffer.alloc() with an arbitrary size to allocate memory directly on … | May 13, 2026 |
| CVE-2026-44003 | MEDIUM | 5.3 | vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, vm2's code transformer has a performance optimization that skips AST analysis when the code … | May 13, 2026 |
| CVE-2026-44002 | MEDIUM | 5.8 | vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, vm2's CallSite wrapper class (intended as a safe wrapper for V8's native CallSite) blocks … | May 13, 2026 |
| CVE-2026-44001 | HIGH | 8.6 | vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, a sandbox escape vulnerability in vm2 v3.10.5 allows any sandboxed code to crash the … | May 13, 2026 |
| CVE-2026-44000 | MEDIUM | 6.5 | vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, a sandbox boundary violation in vm2 allows host object identity to cross into the … | May 13, 2026 |
| CVE-2026-43999 | CRITICAL | 9.9 | vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, NodeVM's builtin allowlist can be bypassed when the module builtin is allowed (including via … | May 13, 2026 |
| CVE-2026-43998 | HIGH | 8.5 | vm2 is an open source vm/sandbox for Node.js. In 3.10.5, NodeVM's require.root path restriction can be bypassed using filesystem symlinks, allowing sandboxed code to load … | May 13, 2026 |
| CVE-2026-43997 | CRITICAL | 10.0 | vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, it is possible to obtain the host Object. There are various ways to use … | May 13, 2026 |
| CVE-2026-0265 | UNKNOWN | — | An authentication bypass vulnerability in Palo Alto Networks PAN-OS® software enables an unauthenticated attacker with network access to bypass authentication controls when Cloud Authentication Service … | May 13, 2026 |
| CVE-2026-0264 | UNKNOWN | — | A buffer overflow vulnerability in the DNS proxy and DNS Server features of Palo Alto Networks PAN-OS® Software allows an unauthenticated attacker with network access … | May 13, 2026 |
| CVE-2026-0263 | UNKNOWN | — | A buffer overflow vulnerability in the IKEv2 processing of Palo Alto Networks PAN-OS® software allows an unauthenticated network-based attacker to execute arbitrary code with elevated … | May 13, 2026 |
| CVE-2026-0237 | UNKNOWN | — | An improper protection of alternate path vulnerability in Palo Alto Networks Prisma® Browser on macOS fails to properly restrict access to an internal automation bridge. … | May 13, 2026 |
| CVE-2026-44577 | MEDIUM | 5.9 | Next.js is a React framework for building full-stack web applications. From 10.0.0 to before 15.5.16 and 16.2.5, when self-hosting Next.js with the default image loader, … | May 13, 2026 |
| CVE-2026-44576 | MEDIUM | 5.4 | Next.js is a React framework for building full-stack web applications. From 14.2.0 to before 15.5.16 and 16.2.5, applications using React Server Components can be vulnerable … | May 13, 2026 |
| CVE-2026-44575 | HIGH | 7.5 | Next.js is a React framework for building full-stack web applications. From 15.2.0 to before 15.5.16 and 16.2.5, App Router applications that rely on middleware or … | May 13, 2026 |
| CVE-2026-44574 | HIGH | 8.1 | Next.js is a React framework for building full-stack web applications. From 15.4.0 to before 15.5.16 and 16.2.5, applications that rely on middleware to protect dynamic … | May 13, 2026 |
| CVE-2026-44573 | HIGH | 7.5 | Next.js is a React framework for building full-stack web applications. From 12.2.0 to before 15.5.16 and 16.2.5, Applications using the Pages Router with i18n configured … | May 13, 2026 |