Total CVEs

142,027

Critical Severity

3,943

High Severity

14,108

Last 7 Days

1,724
Quick preset (or use dates below)
Clear Filters
📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →
Showing 15,701 - 15,720 of 38,432 CVEs
CVE-2025-47404 MEDIUM - 6.5

Memory corruption when dynamically changing the size of a previously allocated buffer while its contents are being modified.

Vendor: Qualcomm, Inc.
Product: Snapdragon
Published: May 04, 2026
Source: NVD
CVE-2025-47403 MEDIUM - 6.5

Transient DOS when processing a malformed Fast Transition response frame with an invalid header structure during wireless roaming.

Vendor: Qualcomm, Inc.
Product: Snapdragon
Published: May 04, 2026
Source: NVD
CVE-2025-47401 MEDIUM - 6.5

Transient DOS when processing target power rate tables during channel configuration.

Vendor: Qualcomm, Inc.
Product: Snapdragon
Published: May 04, 2026
Source: NVD
CVE-2026-35527 MEDIUM - 4.3

Incus is an open source container and virtual machine manager. In versions prior to 7.0.0, the image import flow issues an outbound HEAD request to a user-supplied URL before validating the request against project restrictions such as restricted.images.servers. The imgPostURLInfo function constructs...

Vendor: go
Product: github.com/lxc/incus/v6/cmd/incusd
Published: May 04, 2026
Source: GitHub
CVE-2026-40563 HIGH - 7.1

Description: Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Atlas Apache Atlas exposes a DSL search endpoint that accepts user-supplied query strings. Attacker can alter Gremlin traversal logic within grammar-allowed characters to access unintended data ...

Vendor: Apache Software Foundation
Product: Apache Atlas
Published: May 04, 2026
Source: NVD
CVE-2026-37458 MEDIUM - 6.5

Missing input validation in the MP_REACH_NLRI component of FRRouting (FRR) stable/10.0 to stable/10.6 allows authenticated attackers to cause a Denial of Service (DoS) via supplying a crafted UPDATE message.

Vendor: frrouting
Product: frrouting
Published: May 04, 2026
Source: NVD
CVE-2026-36365 HIGH - 7.8

An issue in Lymphatus caesium-image-compressor All versions up to and including commit 02da2c6 allows a local attacker to execute arbitrary code via the shutdownMachine and putMachineToSleep functions in PostCompressionActions.cpp

Published: May 04, 2026
Source: NVD
CVE-2025-70071 MEDIUM - 5.9

An issue in Assimp v.6.0.2 allows a remote attacker to cause a denial of service via the FBXParser.cpp, ParseVectorDataArray()

Published: May 04, 2026
Source: NVD

Improper restriction of XML external entity reference vulnerability in ILM Informatique jOpenDocument allows Data Serialization External Entities Blowup. This issue affects jOpenDocument: 1.5.

Published: May 04, 2026
Source: NVD

Plaintext storage of a password vulnerability in ILM Informatique OpenConcerto allows Retrieve Embedded Sensitive Data. This issue affects OpenConcerto: 1.7.5.

Published: May 04, 2026
Source: NVD
CVE-2026-33523 MEDIUM - 6.5

HTTP response splitting vulnerability in multiple Apache HTTP Server modules with untrusted or compromised backend servers. This issue affects Apache HTTP Server: from through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue.

Vendor: Apache Software Foundation
Product: Apache HTTP Server
Published: May 04, 2026
Source: NVD
CVE-2026-33007 MEDIUM - 5.3

A NULL pointer dereference in the mod_authn_socache in Apache HTTP Server 2.4.66 and earlier allows an unauthenticated remote user to crash a child process in a caching forward proxy configuration. Users are recommended to upgrade to version 2.4.67, which fixes this issue.

Vendor: Apache Software Foundation
Product: Apache HTTP Server
Published: May 04, 2026
Source: NVD
CVE-2026-33006 MEDIUM - 4.8

A timing attack against mod_auth_digest in Apache HTTP Server 2.4.66 allows a bypass of Digest authentication by a remote attacker. Users are recommended to upgrade to version 2.4.67, which fixes this issue.

Vendor: Apache Software Foundation
Product: Apache HTTP Server
Published: May 04, 2026
Source: NVD
CVE-2026-29169 HIGH - 7.5

A NULL pointer dereference in mod_dav_lock in Apache HTTP Server 2.4.66 and earlier may allow an attacker to crash the server with a malicious request.mod_dav_lock is not used internally by mod_dav or mod_dav_fs. The only known use-case for mod_dav_lock was mod_dav_svn from Apache Subversion earlie...

Vendor: Apache Software Foundation
Product: Apache HTTP Server
Published: May 04, 2026
Source: NVD
CVE-2026-23918 HIGH - 8.8

Double Free and possible RCE vulnerability in Apache HTTP Server with the HTTP/2 protocol. This issue affects Apache HTTP Server: 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue.

Vendor: Apache Software Foundation
Product: Apache HTTP Server
Published: May 04, 2026
Source: NVD
CVE-2025-70072 MEDIUM - 6.5

An issue in Assimp v.6.0.2 allows a remote attacker to cause a denial of service via the FBXConverter.cpp, FBXConverter::ConvertMeshMultiMaterial() components

Published: May 04, 2026
Source: NVD
CVE-2025-70070 MEDIUM - 6.5

An issue in Assimp v.6.0.2 allows a remote attacker to cause a denial of service via the FBXMeshGeometry.cpp, MeshGeometry::MeshGeometry()

Published: May 04, 2026
Source: NVD

3onedata modbus gateway device model GW1101-1D(RS-485)-TB-P (hardware version V2.2.0) allows authenticated users to execute arbitrary shell commands in the context of the root user by providing payload in the "IP address" field of the diagnosis test tools. This issue has been resolved in f...

Vendor: 3onedata
Product: GW1101-1D(RS-485)-TB-P
Published: May 04, 2026
Source: NVD

Incorrect Permission Assignment for Critical Resource vulnerability in ILM Informatique OpenConcerto allows Replace Binaries. This issue affects OpenConcerto: 1.7.5.

Published: May 04, 2026
Source: NVD
CVE-2026-6266 HIGH - 8.3

A flaw was found in the AAP gateway. The user auto-link strategy, introduced in AAP 2.6, automatically links an external Identity Provider (IDP) identity to an existing AAP user account based on email matching without verifying email ownership. This allows a remote attacker to potentially hijack a v...

Published: May 04, 2026
Source: NVD