Total CVEs

142,027

Critical Severity

3,943

High Severity

14,108

Last 7 Days

1,747
Quick preset (or use dates below)
Clear Filters
📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →
Showing 13,361 - 13,380 of 38,432 CVEs

Incorrect default permissions for some Intel(R) NPU Driver software installers before version 32.0.100.4511 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalation o...

Product: Intel(R) NPU Driver software installers
Published: May 12, 2026
Source: NVD
CVE-2026-20717 MEDIUM - 6.6

Improper input validation for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result ...

Vendor: intel
Product: Intel(R) QAT software drivers for Windows
Published: May 12, 2026
Source: NVD
CVE-2025-65719 CRITICAL - 9.8

An issue in Open Source Kubectl MCP Server v1.1.1 allows attackers to execute arbitrary code on a victim system via user interaction with a crafted HTML page.

Published: May 12, 2026
Source: NVD

Uncontrolled search path for some AI Playground software before version 3.0.0 alpha within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This result...

Product: AI Playground software
Published: May 12, 2026
Source: NVD

Improper buffer restrictions for some Display Virtualization for Windows OS driver software within Ring 2: Device Drivers may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may pote...

Product: Display Virtualization for Windows OS driver software
Published: May 12, 2026
Source: NVD

Improper initialization in the UEFI firmware for some Intel platforms within Ring 0: Bare Metal OS may allow an information disclosure. System software adversary with a privileged user combined with a high complexity attack may enable data exposure. This result may potentially occur via local access...

Product: Intel platforms
Published: May 12, 2026
Source: NVD

Improper input validation for some Intel Endpoint Management Assistant (EMA) software before version 1.14.5 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an unauthenticated user combined with a low complexity attack may enable escalation ...

Product: Intel Endpoint Management Assistant (EMA) software
Published: May 12, 2026
Source: NVD

Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some Intel(R) Processors within VMX non-root (guest) operation may allow an information disclosure. Unprivileged software adversary with an authenticated user combined with a...

Product: Intel(R) Processors
Published: May 12, 2026
Source: NVD

Uncontrolled search path for some Intel(R) Server Firmware Update Utility Software before version 16.0.12. within Ring 3: User Applications may allow an escalation of privilege. System software adversary with an authenticated user combined with a high complexity attack may enable escalation of privi...

Product: Intel(R) Server Firmware Update Utility Software
Published: May 12, 2026
Source: NVD

Use after free for some Linux kernel driver for the Intel(R) Ethernet 800 series before version 2.3.14 within Ring 0: Kernel may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may p...

Product: Intel(R) Ethernet 800 series
Published: May 12, 2026
Source: NVD
CVE-2026-42074 CRITICAL - 9.8

OpenClaude is an open-source coding-agent command line interface for cloud and local model providers. Prior to version 0.5.1, the dangerouslyDisableSandbox parameter is exposed as part of the BashTool input schema, meaning the LLM (an untrusted principal per the project's own threat model) can ...

Vendor: npm
Product: openclaude
Published: May 12, 2026
Source: GitHub
CVE-2026-43515 CRITICAL - 9.1

Improper Authorization vulnerability when multiple method constraints define an HTTP method for the same extension in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 8.5.0 through 8.5.100, from 7.0....

Vendor: Apache Software Foundation
Product: Apache Tomcat
Published: May 12, 2026
Source: NVD

Observable Timing Discrepancy vulnerability when comparing AJP secret in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 8.5.0 through 8.5.100, from 7.0.0 through 7.0.109. Older unsupported versions...

Vendor: Apache Software Foundation
Product: Apache Tomcat
Published: May 12, 2026
Source: NVD
CVE-2026-43513 HIGH - 7.5

Improper Handling of Case Sensitivity vulnerability in LockOutRealm in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 8.5.0 through 8.5.100, from 7.0.0 through 7.0.109. Older unsupported versions m...

Vendor: Apache Software Foundation
Product: Apache Tomcat
Published: May 12, 2026
Source: NVD
CVE-2026-43512 CRITICAL - 9.8

DEPRECATED: Authentication Bypass Issues vulnerability in digest authentication in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 8.5.0 through 8.5.100, from before 7.0.0. Older unsupported version...

Vendor: Apache Software Foundation
Product: Apache Tomcat
Published: May 12, 2026
Source: NVD
CVE-2026-42498 HIGH - 7.3

Exposure of HTTP Authentication Header to unexpected hosts during WebSocket authentication vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.2 through 9.0.117, from 8.5.24 through 8.5.100, from 7.0.83 through 7...

Vendor: Apache Software Foundation
Product: Apache Tomcat
Published: May 12, 2026
Source: NVD
CVE-2026-41293 CRITICAL - 9.8

Improper Input Validation vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 10.0.0-M1 through 10.0.27. Older, end of support versions may also be affected. Users are recommended to u...

Vendor: Apache Software Foundation
Product: Apache Tomcat
Published: May 12, 2026
Source: NVD
CVE-2026-41284 HIGH - 7.5

Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117. Older, unsupported versions may also be affected. Users are recommended to upgrade t...

Vendor: Apache Software Foundation
Product: Apache Tomcat
Published: May 12, 2026
Source: NVD
CVE-2026-34187 CRITICAL - 9.8

Improper Neutralization of Special Elements used in an SQL Command vulnerability allows SQL Injection via graph container parameter. This issue affects Pandora FMS: from 777 through 800

Vendor: Pandora FMS
Product: Pandora FMS
Published: May 12, 2026
Source: NVD
CVE-2026-31228 CRITICAL - 9.8

The Adversarial Robustness Toolbox (ART) thru 1.20.1 contains a remote code execution vulnerability in its Kubeflow component. The robustness evaluation function for PyTorch models uses the unsafe eval() function to dynamically evaluate user-supplied strings for the LossFn and Optimizer parameters w...

Published: May 12, 2026
Source: NVD