Total CVEs

141,492

Critical Severity

3,867

High Severity

13,899

Last 7 Days

1,641
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 12,801 - 12,820 of 37,897 CVEs
CVE-2025-43524 HIGH - 8.8

An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.2. An app may be able to break out of its sandbox.

Vendor: Apple
Product: macOS Sequoia, macOS Sonoma, macOS Tahoe
Published: May 12, 2026
Source: NVD
CVE-2026-8407 MEDIUM - 4.3

Missing authorization in the PAM module in Devolutions Server allows an authenticated user with a PAM license but no additional permissions to obtain OTP secret keys and recovery codes via crafted requests to PAM API endpoints. This issue affects the following versions : * Devolutions Serve...

Published: May 12, 2026
Source: NVD

Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error and is not a valid vulnerability. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.

Published: May 12, 2026
Source: NVD
CVE-2026-5089 HIGH - 7.3

YAML::Syck versions before 1.38 for Perl has an out-of-bounds read. The base60 (sexagesimal) parsing code in perl_syck.h has a buffer underflow bug in both int#base60 and float#base60 handlers. When processing the leftmost segment of a colon-separated value (e.g., the 1 in 1:30:45), the inner whil...

Published: May 12, 2026
Source: NVD
CVE-2026-43993 HIGH - 8.2

JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, the WAVS bridge's computeDataVerify called fetch() on agent-supplied URLs without validating scheme, port, or resolved IP, resulting in an SSRF vulnerability. This vulnerability is fixed in 0.x.y-security-1.

Vendor: Dragonmonk111
Product: junoclaw
Published: May 12, 2026
Source: NVD
CVE-2026-43992 CRITICAL - 9.8

JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, every MCP write tool (send_tokens, execute_contract, instantiate_contract, upload_wasm, ibc_transfer, etc.) accepted 'mnemonic: string' as an explicit tool-call parameter. The BIP-39 seed was consequently ...

Vendor: Dragonmonk111
Product: junoclaw
Published: May 12, 2026
Source: NVD
CVE-2026-43991 HIGH - 8.4

JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, substring-based blocklist in plugin-shell's command-safety check could be bypassed by adversarial argument constructions, allowing unauthorized command execution on the host when combined with the companion adv...

Vendor: Dragonmonk111
Product: junoclaw
Published: May 12, 2026
Source: NVD
CVE-2026-43990 HIGH - 8.4

JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, plugin-shell's run_command wrapped every agent-supplied command in 'sh -c' / 'cmd /C' and passed the full argument string to the shell's parser, allowing shell metacharacters in agent-s...

Vendor: Dragonmonk111
Product: junoclaw
Published: May 12, 2026
Source: NVD
CVE-2026-43989 HIGH - 8.5

JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, the upload_wasm MCP tool accepted a filesystem path from the agent and uploaded whatever bytes the path resolved to, with no validation of location, symlink target, file size, or file format. This vulnerability is f...

Vendor: Dragonmonk111
Product: junoclaw
Published: May 12, 2026
Source: NVD
CVE-2026-40300 MEDIUM - 6.5

Zulip is an open-source team collaboration tool. Prior to 12.0, With message_edit_history_visibility_policy set to "moves", /api/v1/messages/{id}/history still returns historical content values, allowing low-privilege users to recover text that was edited away from other users' messag...

Vendor: zulip
Product: zulip
Published: May 12, 2026
Source: NVD
CVE-2026-25431 MEDIUM - 5.3

Missing Authorization vulnerability in WPMU DEV Hustle allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Hustle: through 7.8.10.1.

Vendor: WPMU DEV
Product: Hustle
Published: May 12, 2026
Source: NVD
CVE-2026-20914 MEDIUM - 5.5

Null pointer dereference for some Intel(R) QAT software drivers for Windows before version 2.6.0 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result ...

Vendor: intel
Product: Intel(R) QAT software drivers for Windows
Published: May 12, 2026
Source: NVD
CVE-2026-20905 MEDIUM - 6.6

Improper input validation for some Intel(R) QAT software drivers for Windows before version 2.6 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result m...

Vendor: intel
Product: Intel(R) QAT software drivers for Windows
Published: May 12, 2026
Source: NVD

Improper access control for some Intel Vision software for all versions within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an unauthenticated user combined with a low complexity attack may enable remote code execution. This result may potentially occ...

Product: Intel Vision software
Published: May 12, 2026
Source: NVD
CVE-2026-20881 MEDIUM - 5.5

Divide by zero for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potenti...

Vendor: intel
Product: Intel(R) QAT software drivers for Windows
Published: May 12, 2026
Source: NVD

Out-of-bounds write for the Intel(R) Data Center Graphics Driver for VMware ESXi software before version 2.0.2 within Ring 1: Device Drivers may allow a denial of service. System software adversary with a privileged user combined with a low complexity attack may enable data corruption. This result m...

Product: Intel(R) Data Center Graphics Driver for VMware ESXi software
Published: May 12, 2026
Source: NVD

Buffer overflow for the Intel(R) Data Center Graphics Driver for VMware ESXi software before version 2.0.2 within Ring 1: Device Drivers may allow an escalation of privilege. System software adversary with a privileged user combined with a low complexity attack may enable local code execution. This ...

Product: Intel(R) Data Center Graphics Driver for VMware ESXi software
Published: May 12, 2026
Source: NVD

Unchecked return value for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may...

Vendor: intel
Product: Intel(R) QAT software drivers for Windows
Published: May 12, 2026
Source: NVD
CVE-2026-20782 MEDIUM - 6.6

Buffer overflow for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potent...

Vendor: intel
Product: Intel(R) QAT software drivers for Windows
Published: May 12, 2026
Source: NVD

Uncontrolled search path for some Intel(R) Connectivity Performance Suite software installers before version 50.25.1121.193 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may ena...

Product: Intel(R) Connectivity Performance Suite software installers
Published: May 12, 2026
Source: NVD