Total CVEs

143,701

Critical Severity

4,088

High Severity

14,745

Last 7 Days

1,536
Quick preset (or use dates below)
Clear Filters
📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →
Showing 841 - 860 of 40,106 CVEs
CVE-2026-39822 HIGH - 7.8

On Unix systems, opening a file in an os.Root improperly follows symlinks to locations outside of the Root when the final path component of the a path is a symbolic link and the path ends in /. For example, 'root.Open("symlink/")' will open "symlink" even when "sym...

Vendor: Go standard library
Product: os
Published: Jul 08, 2026
Source: NVD
CVE-2026-29009 HIGH - 8.2

U-Boot through 2026.04-rc3 contains a buffer overflow vulnerability in nfs_readlink_reply() (net/nfs-common.c) when CONFIG_CMD_NFS is enabled, allowing a malicious or compromised NFS server to overflow the 2048-byte nfs_path_buff buffer by returning multiple relative symlink targets that are appende...

Vendor: u-boot
Product: u-boot
Published: Jul 08, 2026
Source: NVD
CVE-2026-29008 HIGH - 7.5

U-Boot through 2026.04-rc3 contains an integer underflow vulnerability in the tcp_rx_state_machine() function (net/tcp.c) that allows a network-adjacent attacker to crash the bootloader by sending a malformed TCP SYN+ACK packet with a manipulated data offset field causing payload_len to become negat...

Vendor: u-boot
Product: u-boot
Published: Jul 08, 2026
Source: NVD
CVE-2026-29007 MEDIUM - 5.3

U-Boot through 2026.04-rc3 contains an out-of-bounds read vulnerability in tcp_rx_state_machine() (net/tcp.c) when CONFIG_PROT_TCP is enabled, allowing remote attackers to read beyond TCP segment boundaries by crafting a malicious packet with a mismatched IP total length and TCP data offset field. A...

Vendor: u-boot
Product: u-boot
Published: Jul 08, 2026
Source: NVD
CVE-2025-3110 HIGH - 7.5

OpenVPN Access Server 2.7.2 through 3.1.0 accepts bare line-feed sequences inside HTTP header values, allowing remote attackers to perform HTTP request smuggling when deployed behind a reverse proxy

Vendor: openvpn
Product: openvpn_access_server
Published: Jul 08, 2026
Source: NVD
CVE-2026-9074 CRITICAL - 9.1

IBM API Connect 10.0.8.0 through 10.0.8.9 and 12.1.0.0 through 12.1.0.3 contains an unauthenticated SQL injection vulnerability in the password reset functionality.

Vendor: ibm
Product: api_connect
Published: Jul 08, 2026
Source: NVD
CVE-2026-59880 HIGH - 7.5

Immutable.js provides many Persistent Immutable data structures. Prior to 4.3.9 and 5.1.8, Immutable.Map and Immutable.Set keep keys that share the same 32-bit hash in a HashCollisionNode collision bucket that is scanned linearly, allowing an attacker who controls keys inserted into a Map, such as t...

Vendor: immutable-js
Product: immutable-js
Published: Jul 08, 2026
Source: NVD
CVE-2026-59877 MEDIUM - 5.3

protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.6.5 and 8.6.6, protobufjs parsed option names by advancing through schema tokens until reaching an = token without checking for end of input, so a crafted .proto schema that opens an option declaration and ends prema...

Vendor: protobufjs
Product: protobuf.js
Published: Jul 08, 2026
Source: NVD
CVE-2026-59876 MEDIUM - 4.8

protobufjs compiles protobuf definitions into JavaScript (JS) functions. From 8.2.0 until 8.6.5, the protobufjs Text Format extension parsed string-keyed map entries using ordinary property assignment, allowing a map entry with key __proto__ to change the prototype of the returned map object instead...

Vendor: protobufjs
Product: protobuf.js
Published: Jul 08, 2026
Source: NVD
CVE-2026-59875 MEDIUM - 5.3

node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.17, node-tar does not strip NUL bytes from PAX path and linkpath records in src/pax.ts, allowing a crafted archive with values to reach fs.lstat or fs.open and terminate the process with an uncaught exception. This issue is fix...

Vendor: isaacs
Product: node-tar
Published: Jul 08, 2026
Source: NVD
CVE-2026-59874 HIGH - 7.5

node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.18, tar.replace accepts a checksum-valid tar header with a negative base-256 encoded entry size, causing the archive scanner to make no progress while repeatedly parsing the same header. This issue is fixed in version 7.5.18.

Vendor: isaacs
Product: node-tar
Published: Jul 08, 2026
Source: NVD
CVE-2026-59873 HIGH - 7.5

node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.19, node-tar does not enforce hard upper bounds on total decompressed data, entry counts, or decompression ratio in extraction and parsing paths such as src/extract.ts, allowing a small crafted gzip bomb to exhaust disk space a...

Vendor: isaacs
Product: node-tar
Published: Jul 08, 2026
Source: NVD
CVE-2026-59871 MEDIUM - 5.3

node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.18, node-tar coerces all-digit PAX path and linkpath values in src/pax.ts to JavaScript numbers, causing downstream path handling such as normalizeWindowsPath(entry.path).split('/') to throw an uncaught TypeError. Thi...

Vendor: isaacs
Product: node-tar
Published: Jul 08, 2026
Source: NVD
CVE-2026-59870 MEDIUM - 5.3

js-yaml is a JavaScript YAML parser and dumper. From 5.0.0 before 5.2.1, YAML11_SCHEMA support for the !!omap tag in src/tag/sequence/omap.ts uses omapTag.addItem() to perform a linear duplicate-key scan on every insertion, causing O(n^2) CPU consumption when yaml.load() parses a crafted ordered-map...

Vendor: nodeca
Product: js-yaml
Published: Jul 08, 2026
Source: NVD
CVE-2026-59869 HIGH - 7.5

js-yaml is a JavaScript YAML parser and dumper. From 3.0.0 before 3.15.0 and from 4.0.0 before 4.3.0, js-yaml can spend quadratic CPU time parsing a document whose size grows only linearly when a chain of mappings uses merge keys where each mapping merges the previous one. This issue is fixed in ver...

Vendor: nodeca
Product: js-yaml
Published: Jul 08, 2026
Source: NVD
CVE-2026-59868 MEDIUM - 5.3

js-yaml is a JavaScript YAML parser and dumper. From 5.0.0 before 5.2.0, when merge keys are enabled, js-yaml can spend quadratic CPU time parsing a document whose size grows only linearly when a chain of mappings uses merge keys where each mapping merges the previous one. This issue is fixed in ver...

Vendor: nodeca
Product: js-yaml
Published: Jul 08, 2026
Source: NVD
CVE-2026-59725 HIGH - 7.5

Socket.IO enables bidirectional and low-latency communication for every platform. From 4.1.0 before 6.6.7, Engine.IO protocol v4 polling transport does not properly close the HTTP response for invalid binary POST requests with Content-Type: application/octet-stream, allowing an unauthenticated attac...

Vendor: socketio
Product: socket.io
Published: Jul 08, 2026
Source: NVD
CVE-2026-59724 HIGH - 7.5

Socket.IO enables bidirectional and low-latency communication for every platform. From 6.5.0 before 6.6.7, Engine.IO servers with WebTransport enabled can resolve a crafted session ID such as __proto__ through an inherited property of the clients object during WebTransport upgrade handling, causing ...

Vendor: socketio
Product: socket.io
Published: Jul 08, 2026
Source: NVD
CVE-2026-59702 CRITICAL - 9.3

repomix contains a server-side request forgery vulnerability in the POST /api/pack endpoint that allows unauthenticated attackers to make arbitrary outbound requests. The endpoint fails to properly validate http://, https://, and file:// URLs before passing them to git clone, enabling attackers to a...

Vendor: repomix
Product: repomix
Published: Jul 08, 2026
Source: NVD
CVE-2026-59262 MEDIUM - 6.5

AFFiNE's histories GraphQL field fails to validate Doc.Read permission before exposing document edit history, allowing authenticated workspace members to retrieve restricted content timelines. Attackers can supply arbitrary document GUIDs to access full edit histories including user names, emai...

Vendor: affine
Product: monorepo
Published: Jul 08, 2026
Source: NVD