Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10238
Total
701
Critical
2952
High
3222
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-2695 | MEDIUM | 6.3 | A command injection vulnerability was discovered in TeamViewer DEX Platform On-Premises (former 1E DEX Platform On-Premises) prior to version 9.2. Improper input validation allows authenticated … | May 13, 2026 |
| CVE-2024-48519 | MEDIUM | 6.2 | Buffer Overflow vulnerability in Ardupilot rover commit v.c56439b045162058df0ff136afea3081fcd06d38 allows a local attacker to cause a denial of service via the AP_InertialSensor_ADIS1647x.cpp, ArduRover, ADIS1647x Sensor component. | May 13, 2026 |
| CVE-2026-8367 | MEDIUM | 4.8 | aria2c accepts a server certificate with incorrect Extended Key Usage (EKU). If the attackers compromise a certificate (with the associated private key) issued for a … | May 13, 2026 |
| CVE-2026-6282 | HIGH | 8.1 | A potential improper file path validation vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow a remote authenticated user to move … | May 13, 2026 |
| CVE-2026-6281 | HIGH | 8.8 | A potential vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow a remote authenticated user on the local network to execute … | May 13, 2026 |
| CVE-2026-45740 | MEDIUM | 5.3 | protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.5.8 and 8.2.0, protobufjs could recurse without a depth limit while expanding nested JSON descriptors … | May 13, 2026 |
| CVE-2026-45033 | UNKNOWN | — | GitHub Copilot CLI brings AI-powered coding assistance directly to your command line. Prior to 1.0.43, a security vulnerability has been identified in GitHub Copilot CLI … | May 13, 2026 |
| CVE-2026-45028 | UNKNOWN | — | Astro is a web framework. Astro versions prior to 6.1.10 used AES-GCM encryption to protect the confidentiality and integrity of server island props and slots … | May 13, 2026 |
| CVE-2026-44665 | MEDIUM | 6.1 | fast-xml-builder builds XML from JSON. Prior to 1.1.7, when an input data has quotes in attribute values but process entities is not enabled, it breaks … | May 13, 2026 |
| CVE-2026-44664 | MEDIUM | 6.1 | fast-xml-builder builds XML from JSON. In 1.1.5, the fix for CVE-2026-41650 in fast-xml-parser sanitizes -- sequences in XML comment content using .replace(/--/g, '- -'). This … | May 13, 2026 |
| CVE-2026-44572 | LOW | 3.7 | Next.js is a React framework for building full-stack web applications. From 12.2.0 to before 15.5.16 and 16.2.5, an external client could send a x-nextjs-data header … | May 13, 2026 |
| CVE-2026-44479 | MEDIUM | 5.5 | Vercel’s AI Cloud is a unified platform for building modern applications. From 50.16.0 to 52.0.0, hen the Vercel CLI runs in non-interactive mode (--non-interactive or … | May 13, 2026 |
| CVE-2026-44470 | UNKNOWN | — | The Claude Desktop app gives you Claude Code with a graphical interface built for running multiple sessions side by side. Prior to 1.3834.0, the CoworkVMService … | May 13, 2026 |
| CVE-2026-44467 | UNKNOWN | — | The Claude Desktop app gives you Claude Code with a graphical interface built for running multiple sessions side by side. From 1.2581.0 to before 1.4304.0, … | May 13, 2026 |
| CVE-2026-44459 | LOW | 3.8 | Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.18, improper validation of the JWT NumericDate claims exp, nbf, … | May 13, 2026 |
| CVE-2026-44458 | MEDIUM | 4.3 | Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.18, the JSX renderer escapes style attribute object values for … | May 13, 2026 |
| CVE-2026-44457 | MEDIUM | 5.3 | Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.18, Cache Middleware does not skip caching for responses that … | May 13, 2026 |
| CVE-2026-44456 | MEDIUM | 6.5 | Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.16, bodyLimit() does not reliably enforce maxSize for requests without … | May 13, 2026 |
| CVE-2026-44455 | MEDIUM | 4.7 | Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.16, Improper handling of JSX element tag names in hono/jsx … | May 13, 2026 |
| CVE-2026-44432 | UNKNOWN | — | urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress the whole response instead of the requested portion (1) … | May 13, 2026 |
| CVE-2026-44431 | UNKNOWN | — | urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via ProxyManager.connection_from_url().urlopen(..., assert_same_host=False) still forward … | May 13, 2026 |
| CVE-2026-44295 | HIGH | 8.7 | protobufjs-cli is the command line add-on for protobuf.js. Prior to 1.2.1 and 2.0.2, pbjs static code generation could emit unsafe JavaScript identifiers derived from schema-controlled … | May 13, 2026 |
| CVE-2026-44294 | MEDIUM | 5.3 | protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.5.6 and 8.0.2, protobufjs generated JavaScript property accessors from schema-controlled field and oneof names. Certain … | May 13, 2026 |
| CVE-2026-44293 | HIGH | 8.8 | protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.5.6 and 8.0.2, protobufjs generated JavaScript for toObject conversion could include an unsafe expression derived … | May 13, 2026 |
| CVE-2026-44292 | MEDIUM | 5.3 | protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.5.6 and 8.0.2, protobufjs generated message constructors copied enumerable properties from a provided properties object … | May 13, 2026 |