Total CVEs

142,265

Critical Severity

3,947

High Severity

14,217

Last 7 Days

1,913
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 14,941 - 14,960 of 38,670 CVEs
CVE-2026-41413 MEDIUM - 5.0

Istio is an open platform to connect, manage, and secure microservices. Prior to versions 1.28.6 and 1.29.2, when a RequestAuthentication resource is created with a jwksUri pointing to an internal service, istiod makes an unauthenticated HTTP GET request to that URL without filtering out localhost o...

Vendor: istio
Product: istio
Published: May 07, 2026
Source: NVD
CVE-2026-41143 HIGH - 8.8

YesWiki is a wiki system written in PHP. Prior to version 4.6.1, YesWiki bazar module contains a SQL injection vulnerability in tools/bazar/services/EntryManager.php at line 704. The $data['id_fiche'] value (sourced from $_POST['id_fiche']) is concatenated directly into a raw SQL...

Vendor: YesWiki
Product: yeswiki
Published: May 07, 2026
Source: NVD
CVE-2026-41139 HIGH - 8.8

Math.js is an extensive math library for JavaScript and Node.js. From version 13.1.0 to before version 15.2.0, arbitrary JavaScript can be executed via the expression parser of mathjs. This issue has been patched in version 15.2.0.

Vendor: josdejong
Product: mathjs
Published: May 07, 2026
Source: NVD
CVE-2026-44513 HIGH - 8.8

Diffusers is the a library for pretrained diffusion models. Prior to 0.38.0, a trust_remote_code bypass in DiffusionPipeline.from_pretrained allows arbitrary remote code execution despite the user passing trust_remote_code=False (or omitting it, which is the default). The vulnerability has three va...

Vendor: pip
Product: diffusers
Published: May 07, 2026
Source: GitHub
CVE-2026-44248 MEDIUM - 5.3

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, the MQTT 5 header Properties section is parsed and buffered before any message size limit is applied. Specifically, in MqttDecoder, the decodeVariableHeader() method is called before the by...

Vendor: maven
Product: io.netty:netty-codec-mqtt
Published: May 07, 2026
Source: GitHub
CVE-2026-44007 CRITICAL - 9.1

vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.1, when a NodeVM is created with nesting: true, sandbox code can unconditionally require('vm2') regardless of the outer VM's require configuration โ€” including require: false. With access to vm2, the sandbox constructs a new i...

Vendor: npm
Product: vm2
Published: May 07, 2026
Source: GitHub
CVE-2026-43998 HIGH - 8.5

vm2 is an open source vm/sandbox for Node.js. In 3.10.5, NodeVM's require.root path restriction can be bypassed using filesystem symlinks, allowing sandboxed code to load modules from outside the allowed root directory in host context. Because path validation uses path.resolve() (which does not...

Vendor: npm
Product: vm2
Published: May 07, 2026
Source: GitHub
CVE-2026-44003 MEDIUM - 5.3

vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, vm2's code transformer has a performance optimization that skips AST analysis when the code does not contain catch, import, or async keywords. This fast-path bypass allows sandboxed code to directly access the internal VM2_INTERNAL_...

Vendor: npm
Product: vm2
Published: May 07, 2026
Source: GitHub
CVE-2026-44002 MEDIUM - 5.8

vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, vm2's CallSite wrapper class (intended as a safe wrapper for V8's native CallSite) blocks getThis() and getFunction() to prevent host object leakage, but allows getFileName() to return unsanitized host absolute paths. Any sandb...

Vendor: npm
Product: vm2
Published: May 07, 2026
Source: GitHub
CVE-2026-44000 MEDIUM - 6.5

vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, a sandbox boundary violation in vm2 allows host object identity to cross into the sandbox through host Promise resolution. When a host-side Promise that resolves to a host object is exposed to the sandbox, the value delivered to the sand...

Vendor: npm
Product: vm2
Published: May 07, 2026
Source: GitHub
CVE-2026-44004 HIGH - 7.5

vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, sandboxed code can call Buffer.alloc() with an arbitrary size to allocate memory directly on the host heap. Because Buffer.alloc is a synchronous C++ native call, vm2's timeout option cannot interrupt it. A single request can exhaus...

Vendor: npm
Product: vm2
Published: May 07, 2026
Source: GitHub
CVE-2026-6214 MEDIUM - 6.5

The Forminator Forms plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.53.0. This is due to the listen_for_saving_export_schedule() function in library/class-export.php failing to perform a capability check before saving the scheduled export configuration,...

Published: May 07, 2026
Source: NVD

Tor before 0.4.9.7 has an out-of-bounds read by one byte via a malformed BEGIN cell, aka TROVE-2026-007.

Vendor: torproject
Product: Tor
Published: May 07, 2026
Source: NVD

Tor before 0.4.9.7 has a NULL pointer dereference when a CERT cell is received out of order, aka TROVE-2026-006.

Vendor: torproject
Product: Tor
Published: May 07, 2026
Source: NVD

Tor before 0.4.9.7, when circuit queue memory pressure exists, can experience a client crash because of a double close of a circuit, aka TROVE-2026-009.

Vendor: torproject
Product: Tor
Published: May 07, 2026
Source: NVD
CVE-2026-42217 CRITICAL - 9.8

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From versions 3.0.0 to before 3.2.9, 3.3.0 to before 3.3.11, and 3.4.0 to before 3.4.11, readVariableLengthInteger() decodes a variable-length integer from...

Vendor: AcademySoftwareFoundation
Product: openexr
Published: May 07, 2026
Source: NVD
CVE-2026-42216 CRITICAL - 9.1

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From versions 3.0.0 to before 3.2.9, 3.3.0 to before 3.3.11, and 3.4.0 to before 3.4.11, IDManifest::init() reconstructs strings from a prefix-compressed r...

Vendor: AcademySoftwareFoundation
Product: openexr
Published: May 07, 2026
Source: NVD
CVE-2026-41142 HIGH - 8.8

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From versions 3.0.0 to before 3.2.9, 3.3.0 to before 3.3.11, and 3.4.0 to before 3.4.11, there is an integer overflow in ImageChannel::resize that leads to...

Vendor: AcademySoftwareFoundation
Product: openexr
Published: May 07, 2026
Source: NVD
CVE-2026-41004 MEDIUM - 4.4

When enabling trace logging in Spring Cloud Config Server sensitive information was placed in plain text in the logs. Spring Cloud Config 3.1.x: affected from 3.1.0 through 3.1.13 (inclusive); upgrade to 3.1.14 or greater (Enterprise Support Only). Spring Cloud Config 4.1.x: affected from 4.1.0 thro...

Vendor: Spring
Product: Spring Cloud Config
Published: May 07, 2026
Source: NVD
CVE-2026-41002 HIGH - 7.2

The base directory (`spring.cloud.config.server.git.basedir`) used by the Spring Cloud Config Server to clone Git repositories to is susceptible to time-of-check-time-of-use (TOCTOU) attacks. Spring Cloud Config 3.1.x: affected from 3.1.0 through 3.1.13 (inclusive); upgrade to 3.1.14 or greater (Ent...

Vendor: Spring
Product: Spring Cloud Config
Published: May 07, 2026
Source: NVD