Total CVEs

142,027

Critical Severity

3,943

High Severity

14,108

Last 7 Days

1,724
Quick preset (or use dates below)
Clear Filters
📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →
Showing 15,661 - 15,680 of 38,432 CVEs
CVE-2026-0073 HIGH - 8.8

In adbd_tls_verify_cert of auth.cpp, there is a possible bypass of wireless ADB mutual authentication due to a logic error in the code. This could lead to remote (proximal/adjacent) code execution as the shell user with no additional execution privileges needed. User interaction is not needed for ex...

Vendor: google
Product: android
Published: May 04, 2026
Source: NVD
CVE-2026-40197 MEDIUM - 6.5

Incus is a system container and virtual machine manager. In versions before 7.0.0, missing validation logic in the storage volume import logic allows an authenticated user with access to the storage volume feature to cause the Incus daemon to crash. The custom volume backup import subsystem contains...

Vendor: go
Product: github.com/lxc/incus/v6/cmd/incusd
Published: May 04, 2026
Source: GitHub
CVE-2026-40195 MEDIUM - 6.5

Incus is a system container and virtual machine manager. In versions before 7.0.0, missing validation logic in the storage bucket import logic allows an authenticated user with access to the storage bucket feature to cause the Incus daemon to crash. The vulnerability is present in the backup metadat...

Vendor: go
Product: github.com/lxc/incus/v6/cmd/incusd
Published: May 04, 2026
Source: GitHub
CVE-2026-40076 HIGH - 8.7

OpenMRS Core is an open source electronic medical record system platform. In versions 2.7.8 and earlier and versions 2.8.0 through 2.8.5, the module upload endpoint at POST `/openmrs/ws/rest/v1/module` is vulnerable to a Zip Slip path traversal attack. During automatic extraction of uploaded .omod a...

Vendor: maven
Product: org.openmrs.web:openmrs-web
Published: May 04, 2026
Source: GitHub
CVE-2026-39852 HIGH - 8.2

Quarkus is a Java framework for building cloud-native applications. In versions prior to 3.20.6.1, 3.27.3.1, 3.33.1.1, 3.35.1.1, 3.34.7, and 3.35.2, a path normalization inconsistency between the security layer and the routing layer allows unauthenticated or lower-privileged users to bypass HTTP pat...

Vendor: maven
Product: io.quarkus:quarkus-vertx-http
Published: May 04, 2026
Source: GitHub
CVE-2026-40075 HIGH - 7.5

OpenMRS Core is an open source electronic medical record system platform. In versions 2.7.8 and earlier and versions 2.8.0 through 2.8.5, the `/openmrs/moduleResources/{moduleid}` endpoint is vulnerable to a path traversal attack. The ModuleResourcesServlet constructs a filesystem path from user-con...

Vendor: maven
Product: org.openmrs.web:openmrs-web
Published: May 04, 2026
Source: GitHub
CVE-2026-42812 CRITICAL - 9.9

In Apache Iceberg, the table's metadata files are control files: they tell readers which data files belong to the table and which table version to read. `write.metadata.path` is an optional table property that tells Polaris where to write those metadata files. For a table already registered...

Vendor: Apache Software Foundation
Product: Apache Polaris
Published: May 04, 2026
Source: NVD
CVE-2026-42811 CRITICAL - 9.9

In plain terms, Apache Polaris is supposed to issue short-lived GCS credentials that only work for one table's files, but a crafted namespace or table name can cause those credentials to work across the configured bucket instead. Apache Polaris builds Google Cloud Storage downscoped credentia...

Vendor: Apache Software Foundation
Product: Apache Polaris
Published: May 04, 2026
Source: NVD
CVE-2026-42810 CRITICAL - 9.9

Apache Polaris accepts literal `*` characters in namespace and table names. When it later builds temporary S3 access policies for delegated table access, those same characters appear to be reused unescaped in S3 IAM resource patterns and `s3:prefix` conditions. In S3 IAM policy matching, `*` is t...

Vendor: Apache Software Foundation
Product: Apache Polaris
Published: May 04, 2026
Source: NVD
CVE-2026-42809 CRITICAL - 9.9

Apache Polaris can issue broad temporary ("vended") storage credentials during staged table creation before the effective table location has been validated or durably reserved. Those temporary credentials are meant to limit the scope of accessible table data and metadata, but this scope l...

Vendor: Apache Software Foundation
Product: Apache Polaris
Published: May 04, 2026
Source: NVD
CVE-2026-42440 HIGH - 7.5

OOM Denial of Service via Unbounded Array Allocation in Apache OpenNLP AbstractModelReader  Versions Affected:  before 2.5.9 before 3.0.0-M3  Description: The AbstractModelReader methods getOutcomes(), getOutcomePatterns(), and getPredicates() each read a 32-bit signed integer count field from...

Vendor: Apache Software Foundation
Product: Apache OpenNLP
Published: May 04, 2026
Source: NVD
CVE-2026-42376 CRITICAL - 9.8

D-Link DIR-456U Hardware Revision A1 (End-of-Life, EOL) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /etc/init0.d/S80telnetd.sh with the username "Alphanetworks" and the static password "whdrv01_dlob_dir456U" read from /etc/config/image_sign...

Vendor: D-Link
Product: DIR-456U Firmware
Published: May 04, 2026
Source: NVD
CVE-2026-42375 CRITICAL - 9.8

D-Link DIR-600L Hardware Revision A1 (End-of-Life) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the static password "wrgn35_dlwbr_dir600l" read from /etc/alpha_config/image_sign. The cust...

Vendor: D-Link
Product: DIR-600L Firmware
Published: May 04, 2026
Source: NVD
CVE-2026-42374 CRITICAL - 9.8

D-Link DIR-600L Hardware Revision B1 (End-of-Life) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the static password "wrgn61_dlwbr_dir600L" read from /etc/alpha_config/image_sign. The cust...

Vendor: D-Link
Product: DIR-600L Firmware
Published: May 04, 2026
Source: NVD
CVE-2026-42373 CRITICAL - 9.8

D-Link DIR-605L Hardware Revision B2 (End-of-Life, EOL) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the static password "wrgn76_dlwbr_dir605L" read from /etc/alpha_config/image_sign. The...

Vendor: D-Link
Product: DIR-605L Firmware
Published: May 04, 2026
Source: NVD
CVE-2026-42372 HIGH - 8.8

D-Link DIR-605L Hardware Revision A1 (End-of-Life, EOL) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the static password "wrgn35_dlwbr_dir605l" read from /etc/alpha_config/image_sign. The...

Vendor: D-Link
Product: DIR-605L Firmware
Published: May 04, 2026
Source: NVD
CVE-2026-42090 CRITICAL - 9.6

Notesnook is a note-taking app focused on user privacy & ease of use. Prior to Notesnook Web/Desktop version 3.3.15 and prior to Notesnook iOS/Android version 3.3.20, a stored XSS vulnerability in the note export flow can be escalated to remote code execution in the desktop app. The root cause i...

Vendor: streetwriters
Product: notesnook
Published: May 04, 2026
Source: NVD
CVE-2026-42080 MEDIUM - 4.6

PPTAgent is an agentic framework for reflective PowerPoint generation. Prior to commit 418491a, there is an arbitrary file write vulnerability via `save_generated_slides`. This issue has been patched via commit 418491a.

Vendor: icip-cas
Product: PPTAgent
Published: May 04, 2026
Source: NVD
CVE-2026-42079 HIGH - 8.6

PPTAgent is an agentic framework for reflective PowerPoint generation. Prior to commit 418491a, PPTAgent is vulnerable to arbitrary code execution via Python eval() of LLM-generated code with builtins in scope. This issue has been patched via commit 418491a.

Vendor: icip-cas
Product: PPTAgent
Published: May 04, 2026
Source: NVD
CVE-2026-42078 MEDIUM - 4.6

PPTAgent is an agentic framework for reflective PowerPoint generation. Prior to commit 418491a, PPTAgent is vulnerable to arbitrary file write and directory creation via markdown_table_to_image. This issue has been patched via commit 418491a.

Vendor: icip-cas
Product: PPTAgent
Published: May 04, 2026
Source: NVD