Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10307
Total
705
Critical
2965
High
3260
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-44006 | CRITICAL | 10.0 | vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, It is possible to reach BaseHandler.getPrototypeOf, which can be used to get arbitrary prototypes. … | May 13, 2026 |
| CVE-2026-44005 | CRITICAL | 10.0 | vm2 is an open source vm/sandbox for Node.js. From 3.9.6 to 3.10.5, vm2's bridge exposes mutable proxies for real host-realm intrinsic prototypes and then forwards … | May 13, 2026 |
| CVE-2026-44004 | HIGH | 7.5 | vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, sandboxed code can call Buffer.alloc() with an arbitrary size to allocate memory directly on … | May 13, 2026 |
| CVE-2026-44003 | MEDIUM | 5.3 | vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, vm2's code transformer has a performance optimization that skips AST analysis when the code … | May 13, 2026 |
| CVE-2026-44002 | MEDIUM | 5.8 | vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, vm2's CallSite wrapper class (intended as a safe wrapper for V8's native CallSite) blocks … | May 13, 2026 |
| CVE-2026-44001 | HIGH | 8.6 | vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, a sandbox escape vulnerability in vm2 v3.10.5 allows any sandboxed code to crash the … | May 13, 2026 |
| CVE-2026-44000 | MEDIUM | 6.5 | vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, a sandbox boundary violation in vm2 allows host object identity to cross into the … | May 13, 2026 |
| CVE-2026-43999 | CRITICAL | 9.9 | vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, NodeVM's builtin allowlist can be bypassed when the module builtin is allowed (including via … | May 13, 2026 |
| CVE-2026-43998 | HIGH | 8.5 | vm2 is an open source vm/sandbox for Node.js. In 3.10.5, NodeVM's require.root path restriction can be bypassed using filesystem symlinks, allowing sandboxed code to load … | May 13, 2026 |
| CVE-2026-43997 | CRITICAL | 10.0 | vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, it is possible to obtain the host Object. There are various ways to use … | May 13, 2026 |
| CVE-2026-0265 | UNKNOWN | — | An authentication bypass vulnerability in Palo Alto Networks PAN-OS® software enables an unauthenticated attacker with network access to bypass authentication controls when Cloud Authentication Service … | May 13, 2026 |
| CVE-2026-0264 | UNKNOWN | — | A buffer overflow vulnerability in the DNS proxy and DNS Server features of Palo Alto Networks PAN-OS® Software allows an unauthenticated attacker with network access … | May 13, 2026 |
| CVE-2026-0263 | UNKNOWN | — | A buffer overflow vulnerability in the IKEv2 processing of Palo Alto Networks PAN-OS® software allows an unauthenticated network-based attacker to execute arbitrary code with elevated … | May 13, 2026 |
| CVE-2026-0237 | UNKNOWN | — | An improper protection of alternate path vulnerability in Palo Alto Networks Prisma® Browser on macOS fails to properly restrict access to an internal automation bridge. … | May 13, 2026 |
| CVE-2026-44577 | MEDIUM | 5.9 | Next.js is a React framework for building full-stack web applications. From 10.0.0 to before 15.5.16 and 16.2.5, when self-hosting Next.js with the default image loader, … | May 13, 2026 |
| CVE-2026-44576 | MEDIUM | 5.4 | Next.js is a React framework for building full-stack web applications. From 14.2.0 to before 15.5.16 and 16.2.5, applications using React Server Components can be vulnerable … | May 13, 2026 |
| CVE-2026-44575 | HIGH | 7.5 | Next.js is a React framework for building full-stack web applications. From 15.2.0 to before 15.5.16 and 16.2.5, App Router applications that rely on middleware or … | May 13, 2026 |
| CVE-2026-44574 | HIGH | 8.1 | Next.js is a React framework for building full-stack web applications. From 15.4.0 to before 15.5.16 and 16.2.5, applications that rely on middleware to protect dynamic … | May 13, 2026 |
| CVE-2026-44573 | HIGH | 7.5 | Next.js is a React framework for building full-stack web applications. From 12.2.0 to before 15.5.16 and 16.2.5, Applications using the Pages Router with i18n configured … | May 13, 2026 |
| CVE-2026-2695 | MEDIUM | 6.3 | A command injection vulnerability was discovered in TeamViewer DEX Platform On-Premises (former 1E DEX Platform On-Premises) prior to version 9.2. Improper input validation allows authenticated … | May 13, 2026 |
| CVE-2024-48519 | MEDIUM | 6.2 | Buffer Overflow vulnerability in Ardupilot rover commit v.c56439b045162058df0ff136afea3081fcd06d38 allows a local attacker to cause a denial of service via the AP_InertialSensor_ADIS1647x.cpp, ArduRover, ADIS1647x Sensor component. | May 13, 2026 |
| CVE-2026-8367 | MEDIUM | 4.8 | aria2c accepts a server certificate with incorrect Extended Key Usage (EKU). If the attackers compromise a certificate (with the associated private key) issued for a … | May 13, 2026 |
| CVE-2026-6282 | HIGH | 8.1 | A potential improper file path validation vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow a remote authenticated user to move … | May 13, 2026 |
| CVE-2026-6281 | HIGH | 8.8 | A potential vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow a remote authenticated user on the local network to execute … | May 13, 2026 |
| CVE-2026-45740 | MEDIUM | 5.3 | protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.5.8 and 8.2.0, protobufjs could recurse without a depth limit while expanding nested JSON descriptors … | May 13, 2026 |