Total CVEs

142,518

Critical Severity

3,992

High Severity

14,327

Last 7 Days

1,904
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 16,181 - 16,200 of 38,923 CVEs
CVE-2026-26332 CRITICAL - 9.8

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.0, SuppressedError allows attackers to escape the sandbox and run arbitrary code. This issue has been patched in version 3.11.0.

Vendor: patriksimek
Product: vm2
Published: May 04, 2026
Source: NVD
CVE-2026-25293 CRITICAL - 9.6

Buffer overflow due to incorrect authorization in PLC FW

Vendor: Qualcomm, Inc.
Product: Snapdragon
Published: May 04, 2026
Source: NVD
CVE-2026-25266 MEDIUM - 5.5

Memory corruption while processing IOCTL command when device is in power-save state.

Vendor: Qualcomm, Inc.
Product: Snapdragon
Published: May 04, 2026
Source: NVD
CVE-2026-24781 CRITICAL - 9.8

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.0, VM2 suffers from a sandbox breakout vulnerability through the inspect function. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system. This issue has been patc...

Vendor: patriksimek
Product: vm2
Published: May 04, 2026
Source: NVD
CVE-2026-24120 CRITICAL - 9.8

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.10.5, the fix for CVE-2023-37466 is insufficient and can be circumvented allowing attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system. This issue has been patched in version 3...

Vendor: patriksimek
Product: vm2
Published: May 04, 2026
Source: NVD
CVE-2026-24118 CRITICAL - 9.8

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.0, VM2 suffers from a sandbox breakout vulnerability. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system. This issue has been patched in version 3.11.0.

Vendor: patriksimek
Product: vm2
Published: May 04, 2026
Source: NVD
CVE-2026-24082 HIGH - 7.8

Memory Corruption when copying data from a freed source while executing performance counter deselect operation.

Vendor: Qualcomm, Inc.
Product: Snapdragon
Published: May 04, 2026
Source: NVD
CVE-2025-47408 HIGH - 7.8

Memory corruption when another driver calls an IOCTL with invalid input/output buffer.

Vendor: Qualcomm, Inc.
Product: Snapdragon
Published: May 04, 2026
Source: NVD
CVE-2025-47407 HIGH - 7.8

Memory corruption while creating a process on the digital signal processor due to allocation failure at the kernel level.

Vendor: Qualcomm, Inc.
Product: Snapdragon
Published: May 04, 2026
Source: NVD
CVE-2025-47406 MEDIUM - 6.1

Information Disclosure while processing IOCTL handler callbacks without verifying buffer size.

Vendor: Qualcomm, Inc.
Product: Snapdragon
Published: May 04, 2026
Source: NVD
CVE-2025-47405 HIGH - 7.8

Memory corruption when processing camera sensor input/output control codes with invalid output buffers.

Vendor: Qualcomm, Inc.
Product: Snapdragon
Published: May 04, 2026
Source: NVD
CVE-2025-47404 MEDIUM - 6.5

Memory corruption when dynamically changing the size of a previously allocated buffer while its contents are being modified.

Vendor: Qualcomm, Inc.
Product: Snapdragon
Published: May 04, 2026
Source: NVD
CVE-2025-47403 MEDIUM - 6.5

Transient DOS when processing a malformed Fast Transition response frame with an invalid header structure during wireless roaming.

Vendor: Qualcomm, Inc.
Product: Snapdragon
Published: May 04, 2026
Source: NVD
CVE-2025-47401 MEDIUM - 6.5

Transient DOS when processing target power rate tables during channel configuration.

Vendor: Qualcomm, Inc.
Product: Snapdragon
Published: May 04, 2026
Source: NVD
CVE-2026-35527 MEDIUM - 4.3

Incus is an open source container and virtual machine manager. In versions prior to 7.0.0, the image import flow issues an outbound HEAD request to a user-supplied URL before validating the request against project restrictions such as restricted.images.servers. The imgPostURLInfo function constructs...

Vendor: go
Product: github.com/lxc/incus/v6/cmd/incusd
Published: May 04, 2026
Source: GitHub
CVE-2026-40563 HIGH - 7.1

Description: Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Atlas Apache Atlas exposes a DSL search endpoint that accepts user-supplied query strings. Attacker can alter Gremlin traversal logic within grammar-allowed characters to access unintended data ...

Vendor: Apache Software Foundation
Product: Apache Atlas
Published: May 04, 2026
Source: NVD
CVE-2026-37458 MEDIUM - 6.5

Missing input validation in the MP_REACH_NLRI component of FRRouting (FRR) stable/10.0 to stable/10.6 allows authenticated attackers to cause a Denial of Service (DoS) via supplying a crafted UPDATE message.

Vendor: frrouting
Product: frrouting
Published: May 04, 2026
Source: NVD
CVE-2026-36365 HIGH - 7.8

An issue in Lymphatus caesium-image-compressor All versions up to and including commit 02da2c6 allows a local attacker to execute arbitrary code via the shutdownMachine and putMachineToSleep functions in PostCompressionActions.cpp

Published: May 04, 2026
Source: NVD
CVE-2025-70071 MEDIUM - 5.9

An issue in Assimp v.6.0.2 allows a remote attacker to cause a denial of service via the FBXParser.cpp, ParseVectorDataArray()

Published: May 04, 2026
Source: NVD

Improper restriction of XML external entity reference vulnerability in ILM Informatique jOpenDocument allows Data Serialization External Entities Blowup. This issue affects jOpenDocument: 1.5.

Published: May 04, 2026
Source: NVD