Total CVEs

142,027

Critical Severity

3,943

High Severity

14,108

Last 7 Days

1,791
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 14,441 - 14,460 of 38,432 CVEs
CVE-2026-41491 HIGH - 8.1

Dapr is a portable, event-driven, runtime for building distributed applications across cloud and edge. From versions 1.3.0 to before 1.15.14, 1.16.0-rc.1 to before 1.16.14, and 1.17.0-rc.1 to before 1.17.5, a vulnerability has been found in Dapr that allows bypassing access control policies for serv...

Vendor: dapr
Product: dapr
Published: May 08, 2026
Source: NVD
CVE-2026-41423 MEDIUM - 5.3

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.21, 20.3.19, 21.2.9, and 22.0.0-next.8, a Server-Side Request Forgery (SSRF) vulnerability exists in @angular/platform-server due to improper han...

Vendor: angular
Product: angular
Published: May 08, 2026
Source: NVD
CVE-2026-41161 MEDIUM - 5.3

Sync-in Server is a secure, open-source platform for file storage, sharing, collaboration, and syncing. Prior to version 2.2.0, the /api/auth/login endpoint contains a logic flaw that allows unauthenticated remote attackers to enumerate valid usernames by measuring the application's response ti...

Vendor: Sync-in
Product: server
Published: May 08, 2026
Source: NVD
CVE-2026-39816 HIGH - 8.8

The optional extension component TinkerpopClientService is missing the Restricted annotation with the Execute Code Required Permission in Apache NiFi 2.0.0-M1 through 2.8.0. The TinkerpopClientService supports configuration of ByteCode Submission for the Script Submission Type, enabling Groovy Scrip...

Vendor: Apache Software Foundation
Product: Apache NiFi
Published: May 08, 2026
Source: NVD

Dell PowerScale OneFS versions 9.5.0.0 through 9.5.1.6, 9.6.0.0 through 9.7.1.13, 9.8.0.0 through 9.10.1.5 and 9.11.0.0 through 9.12.0.1 contains an Insufficient Logging vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information ta...

Vendor: Dell
Product: PowerScale OneFS
Published: May 08, 2026
Source: NVD
CVE-2025-71302 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: drm/panthor: fix for dma-fence safe access rules Commit 506aa8b02a8d6 ("dma-fence: Add safe access helpers and document the rules") details the dma-fence safe access rules. The most common culprit is that drm_sched_fence...

Vendor: Linux
Product: Linux
Published: May 08, 2026
Source: NVD
CVE-2025-71301 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: drm/tests: shmem: Hold reservation lock around vmap/vunmap Acquire and release the GEM object's reservation lock around vmap and vunmap operations. The tests use vmap_locked, which led to errors such as show below. [ 122.29...

Vendor: Linux
Product: Linux
Published: May 08, 2026
Source: NVD
CVE-2025-71300 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: Revert "arm64: zynqmp: Add an OP-TEE node to the device tree" This reverts commit 06d22ed6b6635b17551f386b50bb5aaff9b75fbe. OP-TEE logic in U-Boot automatically injects a reserved-memory node along with optee firmware n...

Vendor: Linux
Product: Linux
Published: May 08, 2026
Source: NVD
CVE-2025-71299 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: spi: cadence-quadspi: Parse DT for flashes with the rest of the DT parsing The recent refactoring of where runtime PM is enabled done in commit f1eb4e792bb1 ("spi: spi-cadence-quadspi: Enable pm runtime earlier to avoid imbal...

Vendor: Linux
Product: Linux
Published: May 08, 2026
Source: NVD
CVE-2025-71298 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: drm/tests: shmem: Hold reservation lock around madvise Acquire and release the GEM object's reservation lock around calls to the object's madvide operation. The tests use drm_gem_shmem_madvise_locked(), which led to erro...

Vendor: Linux
Product: Linux
Published: May 08, 2026
Source: NVD
CVE-2025-71297 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: 8822b: Avoid WARNING in rtw8822b_config_trx_mode() rtw8822b_set_antenna() can be called from userspace when the chip is powered off. In that case a WARNING is triggered in rtw8822b_config_trx_mode() because trying to ...

Vendor: Linux
Product: Linux
Published: May 08, 2026
Source: NVD
CVE-2025-71296 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: drm/tests: shmem: Hold reservation lock around purge Acquire and release the GEM object's reservation lock around calls to the object's purge operation. The tests use drm_gem_shmem_purge_locked(), which led to errors suc...

Vendor: Linux
Product: Linux
Published: May 08, 2026
Source: NVD

Lack of proper authorization implementation in the CashDro 3 web administration panel, version 24.01.00.26. The backend lacks authorization controls, leaving security entirely to the frontend. By modifying the binary string in the โ€˜Permissionsโ€™ field of the JSON response, an attacker could escalate ...

Published: May 08, 2026
Source: NVD
CVE-2026-25199 CRITICAL - 9.1

Instances deployed via the Proxmox extension allow unauthorized access to instances belonging to other tenants. This issue affects Apache CloudStack: from 4.21.0.0 through 4.22.0.0. The Proxmox extension for CloudStack improperly uses a user-editable instance setting, proxmox_vmid, to associ...

Vendor: Apache Software Foundation
Product: Apache CloudStack
Published: May 08, 2026
Source: NVD
CVE-2026-25077 MEDIUM - 6.3

Account users are allowed by default to register templates to be downloaded directly to the primary storage for deploying instances using the KVM hypervisor. Due to missing file name sanitization, an attacker can register malicious templates to execute arbitrary code on the KVM hosts. This can resul...

Vendor: Apache Software Foundation
Product: Apache CloudStack
Published: May 08, 2026
Source: NVD
CVE-2025-69233 MEDIUM - 6.5

Due to multiple time-of-check time-of-use race conditions in the resource count check and increment logic, as well as missing validations, users of the platform are able to exceed the allocation limits configured for their accounts/domains. This can be used by an attacker to degrade the infrastructu...

Vendor: Apache Software Foundation
Product: Apache CloudStack
Published: May 08, 2026
Source: NVD
CVE-2025-66467 HIGH - 8.0

Missing MinIO policy cleanup on bucket deletion via Apache CloudStack allows users to retain access to buckets which they previously owned. If another user creates a new bucket with the same name, the previous owners can gain unauthorized read and write access to it by using the previously generated...

Vendor: Apache Software Foundation
Product: Apache CloudStack
Published: May 08, 2026
Source: NVD
CVE-2025-66172 MEDIUM - 6.5

The CloudStack Backup plugin has an improper access logic in versions 4.21.0.0 and 4.22.0.0. Anyone with authenticated user-account access in CloudStack 4.21.0.0+ environments, where this plugin is enabled and have access to specific APIs can restore a volume from any other user's backups and a...

Vendor: Apache Software Foundation
Product: Apache CloudStack
Published: May 08, 2026
Source: NVD
CVE-2025-66171 MEDIUM - 6.5

The CloudStack Backup plugin has an improper access logic in versions 4.21.0.0 and 4.22.0.0. Anyone with authenticated user-account access in CloudStack 4.21.0.0+ environments, where this plugin is enabled and have access to specific APIs can create new VMs using backups of any other user of the env...

Vendor: Apache Software Foundation
Product: Apache CloudStack
Published: May 08, 2026
Source: NVD
CVE-2025-66170 MEDIUM - 6.5

The CloudStack Backup plugin has an improper authorization logic in versions 4.21.0.0 and 4.22.0.0. Anyone with authenticated user-account access in CloudStack 4.21.0.0+ environments, where this plugin is enabled and has access to specific APIs can list backups from any account in the environment. T...

Vendor: Apache Software Foundation
Product: Apache CloudStack
Published: May 08, 2026
Source: NVD