Total CVEs

142,518

Critical Severity

3,992

High Severity

14,327

Last 7 Days

1,906
Quick preset (or use dates below)
Clear Filters
📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →
Showing 16,161 - 16,180 of 38,923 CVEs
CVE-2026-42809 CRITICAL - 9.9

Apache Polaris can issue broad temporary ("vended") storage credentials during staged table creation before the effective table location has been validated or durably reserved. Those temporary credentials are meant to limit the scope of accessible table data and metadata, but this scope l...

Vendor: Apache Software Foundation
Product: Apache Polaris
Published: May 04, 2026
Source: NVD
CVE-2026-42440 HIGH - 7.5

OOM Denial of Service via Unbounded Array Allocation in Apache OpenNLP AbstractModelReader  Versions Affected:  before 2.5.9 before 3.0.0-M3  Description: The AbstractModelReader methods getOutcomes(), getOutcomePatterns(), and getPredicates() each read a 32-bit signed integer count field from...

Vendor: Apache Software Foundation
Product: Apache OpenNLP
Published: May 04, 2026
Source: NVD
CVE-2026-42376 CRITICAL - 9.8

D-Link DIR-456U Hardware Revision A1 (End-of-Life, EOL) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /etc/init0.d/S80telnetd.sh with the username "Alphanetworks" and the static password "whdrv01_dlob_dir456U" read from /etc/config/image_sign...

Vendor: D-Link
Product: DIR-456U Firmware
Published: May 04, 2026
Source: NVD
CVE-2026-42375 CRITICAL - 9.8

D-Link DIR-600L Hardware Revision A1 (End-of-Life) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the static password "wrgn35_dlwbr_dir600l" read from /etc/alpha_config/image_sign. The cust...

Vendor: D-Link
Product: DIR-600L Firmware
Published: May 04, 2026
Source: NVD
CVE-2026-42374 CRITICAL - 9.8

D-Link DIR-600L Hardware Revision B1 (End-of-Life) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the static password "wrgn61_dlwbr_dir600L" read from /etc/alpha_config/image_sign. The cust...

Vendor: D-Link
Product: DIR-600L Firmware
Published: May 04, 2026
Source: NVD
CVE-2026-42373 CRITICAL - 9.8

D-Link DIR-605L Hardware Revision B2 (End-of-Life, EOL) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the static password "wrgn76_dlwbr_dir605L" read from /etc/alpha_config/image_sign. The...

Vendor: D-Link
Product: DIR-605L Firmware
Published: May 04, 2026
Source: NVD
CVE-2026-42372 HIGH - 8.8

D-Link DIR-605L Hardware Revision A1 (End-of-Life, EOL) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the static password "wrgn35_dlwbr_dir605l" read from /etc/alpha_config/image_sign. The...

Vendor: D-Link
Product: DIR-605L Firmware
Published: May 04, 2026
Source: NVD
CVE-2026-42090 CRITICAL - 9.6

Notesnook is a note-taking app focused on user privacy & ease of use. Prior to Notesnook Web/Desktop version 3.3.15 and prior to Notesnook iOS/Android version 3.3.20, a stored XSS vulnerability in the note export flow can be escalated to remote code execution in the desktop app. The root cause i...

Vendor: streetwriters
Product: notesnook
Published: May 04, 2026
Source: NVD
CVE-2026-42080 MEDIUM - 4.6

PPTAgent is an agentic framework for reflective PowerPoint generation. Prior to commit 418491a, there is an arbitrary file write vulnerability via `save_generated_slides`. This issue has been patched via commit 418491a.

Vendor: icip-cas
Product: PPTAgent
Published: May 04, 2026
Source: NVD
CVE-2026-42079 HIGH - 8.6

PPTAgent is an agentic framework for reflective PowerPoint generation. Prior to commit 418491a, PPTAgent is vulnerable to arbitrary code execution via Python eval() of LLM-generated code with builtins in scope. This issue has been patched via commit 418491a.

Vendor: icip-cas
Product: PPTAgent
Published: May 04, 2026
Source: NVD
CVE-2026-42078 MEDIUM - 4.6

PPTAgent is an agentic framework for reflective PowerPoint generation. Prior to commit 418491a, PPTAgent is vulnerable to arbitrary file write and directory creation via markdown_table_to_image. This issue has been patched via commit 418491a.

Vendor: icip-cas
Product: PPTAgent
Published: May 04, 2026
Source: NVD
CVE-2026-42077 MEDIUM - 5.2

Evolver is a GEP-powered self-evolving engine for AI agents. Prior to version 1.69.3, a prototype pollution vulnerability in the mailbox store module allows attackers to modify the behavior of all JavaScript objects by injecting malicious properties into Object.prototype. The vulnerability exists in...

Vendor: EvoMap
Product: evolver
Published: May 04, 2026
Source: NVD
CVE-2026-42076 CRITICAL - 9.8

Evolver is a GEP-powered self-evolving engine for AI agents. Prior to version 1.69.3, a command injection vulnerability in the _extractLLM() function allows attackers to execute arbitrary shell commands on the server. The function constructs a curl command using string concatenation and passes it to...

Vendor: EvoMap
Product: evolver
Published: May 04, 2026
Source: NVD
CVE-2026-42075 HIGH - 8.1

Evolver is a GEP-powered self-evolving engine for AI agents. Prior to version 1.69.3, a path traversal vulnerability in the skill download (fetch) command allows attackers to write files to arbitrary locations on the filesystem. The --out= flag accepts user-provided paths without validation, enablin...

Vendor: EvoMap
Product: evolver
Published: May 04, 2026
Source: NVD
CVE-2026-42027 CRITICAL - 9.8

Arbitrary Class Instantiation via Model Manifest in Apache OpenNLP ExtensionLoader Versions Affected: before 2.5.9, before 3.0.0-M3 Description:  The ExtensionLoader.instantiateExtension(Class, String) method loads a class by its fully-qualified name via Class.forName() and invokes its no...

Vendor: Apache Software Foundation
Product: Apache OpenNLP
Published: May 04, 2026
Source: NVD
CVE-2026-40682 CRITICAL - 9.1

XML External Entity (XXE) via Unsanitized Dictionary Parsing in Apache OpenNLP DictionaryEntryPersistor Versions Affected: before 2.5.9, before 3.0.0-M3 Description: The DictionaryEntryPersistor class initializes a static SAXParserFactory at class-load time without enabling FEATURE_SECURE_PROCES...

Vendor: Apache Software Foundation
Product: Apache OpenNLP
Published: May 04, 2026
Source: NVD
CVE-2026-38669 MEDIUM - 6.1

wCMS v.1.4 is vulnerable to Cross Site Scripting (XSS) when creating a new blog.

Published: May 04, 2026
Source: NVD
CVE-2026-37461 HIGH - 7.5

An out-of-bounds read in the ParseIP6Extended function (/bgp/bgp.go) of gobgp v4.3.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted BGP UPDATE message.

Vendor: osrg
Product: gobgp
Published: May 04, 2026
Source: NVD
CVE-2026-29514 HIGH - 8.8

NetBox versions 4.3.5 through 4.5.4 contain a remote code execution vulnerability in the RenderTemplateMixin.get_environment_params() method that allows authenticated users with exporttemplate or configtemplate permissions to execute arbitrary code by specifying malicious Python callables in the env...

Vendor: netbox-community
Product: netbox
Published: May 04, 2026
Source: NVD
CVE-2026-26956 CRITICAL - 9.8

vm2 is an open source vm/sandbox for Node.js. In version 3.10.4, vm2 is vulnerable to full sandbox escape with arbitrary code execution. Attacker code inside VM.run() obtains host process object and runs host commands with zero host cooperation. This issue has been patched in version 3.10.5.

Vendor: patriksimek
Product: vm2
Published: May 04, 2026
Source: NVD