Total CVEs

142,518

Critical Severity

3,992

High Severity

14,327

Last 7 Days

1,893
Quick preset (or use dates below)
Clear Filters
📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →
Showing 16,201 - 16,220 of 38,923 CVEs

Plaintext storage of a password vulnerability in ILM Informatique OpenConcerto allows Retrieve Embedded Sensitive Data. This issue affects OpenConcerto: 1.7.5.

Published: May 04, 2026
Source: NVD
CVE-2026-33523 MEDIUM - 6.5

HTTP response splitting vulnerability in multiple Apache HTTP Server modules with untrusted or compromised backend servers. This issue affects Apache HTTP Server: from through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue.

Vendor: Apache Software Foundation
Product: Apache HTTP Server
Published: May 04, 2026
Source: NVD
CVE-2026-33007 MEDIUM - 5.3

A NULL pointer dereference in the mod_authn_socache in Apache HTTP Server 2.4.66 and earlier allows an unauthenticated remote user to crash a child process in a caching forward proxy configuration. Users are recommended to upgrade to version 2.4.67, which fixes this issue.

Vendor: Apache Software Foundation
Product: Apache HTTP Server
Published: May 04, 2026
Source: NVD
CVE-2026-33006 MEDIUM - 4.8

A timing attack against mod_auth_digest in Apache HTTP Server 2.4.66 allows a bypass of Digest authentication by a remote attacker. Users are recommended to upgrade to version 2.4.67, which fixes this issue.

Vendor: Apache Software Foundation
Product: Apache HTTP Server
Published: May 04, 2026
Source: NVD
CVE-2026-29169 HIGH - 7.5

A NULL pointer dereference in mod_dav_lock in Apache HTTP Server 2.4.66 and earlier may allow an attacker to crash the server with a malicious request.mod_dav_lock is not used internally by mod_dav or mod_dav_fs. The only known use-case for mod_dav_lock was mod_dav_svn from Apache Subversion earlie...

Vendor: Apache Software Foundation
Product: Apache HTTP Server
Published: May 04, 2026
Source: NVD
CVE-2026-23918 HIGH - 8.8

Double Free and possible RCE vulnerability in Apache HTTP Server with the HTTP/2 protocol. This issue affects Apache HTTP Server: 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue.

Vendor: Apache Software Foundation
Product: Apache HTTP Server
Published: May 04, 2026
Source: NVD
CVE-2025-70072 MEDIUM - 6.5

An issue in Assimp v.6.0.2 allows a remote attacker to cause a denial of service via the FBXConverter.cpp, FBXConverter::ConvertMeshMultiMaterial() components

Published: May 04, 2026
Source: NVD
CVE-2025-70070 MEDIUM - 6.5

An issue in Assimp v.6.0.2 allows a remote attacker to cause a denial of service via the FBXMeshGeometry.cpp, MeshGeometry::MeshGeometry()

Published: May 04, 2026
Source: NVD

3onedata modbus gateway device model GW1101-1D(RS-485)-TB-P (hardware version V2.2.0) allows authenticated users to execute arbitrary shell commands in the context of the root user by providing payload in the "IP address" field of the diagnosis test tools. This issue has been resolved in f...

Vendor: 3onedata
Product: GW1101-1D(RS-485)-TB-P
Published: May 04, 2026
Source: NVD

Incorrect Permission Assignment for Critical Resource vulnerability in ILM Informatique OpenConcerto allows Replace Binaries. This issue affects OpenConcerto: 1.7.5.

Published: May 04, 2026
Source: NVD
CVE-2026-6266 HIGH - 8.3

A flaw was found in the AAP gateway. The user auto-link strategy, introduced in AAP 2.6, automatically links an external Identity Provider (IDP) identity to an existing AAP user account based on email matching without verifying email ownership. This allows a remote attacker to potentially hijack a v...

Published: May 04, 2026
Source: NVD

Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.

Published: May 04, 2026
Source: NVD
CVE-2026-34032 MEDIUM - 5.3

Improper Null Termination, Out-of-bounds Read vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue.

Vendor: Apache Software Foundation
Product: Apache HTTP Server
Published: May 04, 2026
Source: NVD
CVE-2026-33857 MEDIUM - 5.3

Out-of-bounds Read vulnerability in mod_proxy_ajp of Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue.

Vendor: Apache Software Foundation
Product: Apache HTTP Server
Published: May 04, 2026
Source: NVD
CVE-2026-31205 MEDIUM - 5.7

Cross Site Scripting vulnerability in Pluck CMS before v.4.7.21dev allows a remote attacker to escalate privileges via the editpage.php and the sanitizePageContent function

Published: May 04, 2026
Source: NVD
CVE-2025-70069 HIGH - 7.5

An issue in Assimp v.6.0.2 allows a remote attacker to cause a denial of service via the FBXConverter.cpp and ConvertMeshMultiMaterial() method

Published: May 04, 2026
Source: NVD
CVE-2025-70067 CRITICAL - 9.8

Buffer Overflow vulnerability exists in Assimp versions up to 6.0.2 in the FBX Importer. The vulnerability occurs in aiMaterial::AddBinaryProperty, where a property key string from a crafted FBX file is copied into a fixed-size heap buffer using strcpy() without runtime length validation

Published: May 04, 2026
Source: NVD
CVE-2025-58074 HIGH - 8.8

A privilege escalation vulnerability exists during the installation of Norton Secure VPN via the Microsoft Store. A low-privilege user can replace files during the installation process, which may result in deletion of arbitrary files that can lead to elevation of privileges.

Vendor: Gen Digital
Product: Norton Secure VPN
Published: May 04, 2026
Source: NVD
CVE-2026-7482 CRITICAL - 9.1

Ollama before 0.17.1 contains a heap out-of-bounds read vulnerability in the GGUF model loader. The /api/create endpoint accepts an attacker-supplied GGUF file in which the declared tensor offset and size exceed the file's actual length; during quantization in fs/ggml/gguf.go and server/quantiz...

Vendor: ollama
Product: ollama
Published: May 04, 2026
Source: NVD
CVE-2026-34059 HIGH - 7.5

Buffer Over-read vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue.

Vendor: Apache Software Foundation
Product: Apache HTTP Server
Published: May 04, 2026
Source: NVD