Total CVEs

142,027

Critical Severity

3,943

High Severity

14,108

Last 7 Days

1,702
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 16,301 - 16,320 of 38,432 CVEs
CVE-2026-42800 HIGH - 7.4

NULL pointer dereference vulnerability in ASR1903 in ASR Lapwing_Linux on Linux (ims_client modules) allows Pointer Manipulation. This vulnerability is associated with program files sip/utils/src/sipuri.c.

Vendor: ASR
Product: Lapwing_Linux
Published: Apr 30, 2026
Source: NVD
CVE-2026-41016 MEDIUM - 5.9

Apache Airflow's SMTP provider `SmtpHook` called Python's `smtplib.SMTP.starttls()` without an SSL context, so no certificate validation was performed on the TLS upgrade. A man-in-the-middle between the Airflow worker and the SMTP server could present a self-signed certificate, complete th...

Vendor: Apache Software Foundation
Product: Apache Airflow Providers SMTP
Published: Apr 30, 2026
Source: NVD
CVE-2026-42799 HIGH - 7.4

Out-of-bounds read vulnerability in ASR Kestrel (nr_fw modules) allows Overflow Buffers. This vulnerability is associated with program files Code/Nr/nr_fw/RA/src/NrPwrCtrl.C. This issue affects Kestrel: before 2026/02/10.

Vendor: ASR
Product: Kestrel
Published: Apr 30, 2026
Source: NVD
CVE-2026-42512 HIGH - 7.3

As dhclient is building an environment to pass to dhclient-script, it may need to resize the array of string pointers. The code which expands the array incorrectly calculates its new size when requesting memory, resulting in a heap buffer overrun. A specially crafted packet can cause dhclient to o...

Vendor: FreeBSD
Product: FreeBSD
Published: Apr 30, 2026
Source: NVD
CVE-2026-39457 HIGH - 7.8

When exchanging data over a socket, libnv uses select(2) to wait for data to arrive. However, it does not verify whether the provided socket descriptor fits in select(2)'s file descriptor set size limit of FD_SETSIZE (1024). An attacker who is able to force a libnv application to allocate lar...

Vendor: FreeBSD
Product: FreeBSD
Published: Apr 30, 2026
Source: NVD
CVE-2026-35547 CRITICAL - 9.1

When processing the header of an incoming message, libnv failed to properly validate the message size. The lack of validation allows a malicious program to write outside the bounds of a heap allocation. This can trigger a crash or system panic, and it may be possible for an unprivileged user to ex...

Vendor: FreeBSD
Product: FreeBSD
Published: Apr 30, 2026
Source: NVD
CVE-2026-22070 HIGH - 7.1

ColorOS Assistant has an unauthenticated start-download channel, leading to file path traversal.

Vendor: OPPO
Product: ColorOS Assistant
Published: Apr 30, 2026
Source: NVD
CVE-2026-7164 HIGH - 7.5

Incorrect packet validation allowed unbounded recursion parsing SCTP chunk parameters. This can eventually result in a stack overflow and panic. Remote attackers can craft packets which cause affected systems to panic. This affects any system where pf is configured to process traffic, independent...

Vendor: freebsd
Product: freebsd
Published: Apr 30, 2026
Source: NVD
CVE-2026-7270 HIGH - 7.3

An operator precedence bug in the kernel results in a scenario where a buffer overflow causes attacker-controlled data to overwrite adjacent execve(2) argument buffers. The bug may be exploitable by an unprivileged user to obtain superuser privileges.

Vendor: freebsd
Product: freebsd
Published: Apr 30, 2026
Source: NVD
CVE-2026-6870 MEDIUM - 5.5

GSM RP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

Vendor: wireshark
Product: wireshark
Published: Apr 30, 2026
Source: NVD
CVE-2026-6869 MEDIUM - 5.5

WebSocket protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

Vendor: wireshark
Product: wireshark
Published: Apr 30, 2026
Source: NVD
CVE-2026-6867 MEDIUM - 5.5

SMB2 protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

Vendor: wireshark
Product: wireshark
Published: Apr 30, 2026
Source: NVD
CVE-2026-6538 MEDIUM - 5.5

BEEP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

Vendor: wireshark
Product: wireshark
Published: Apr 30, 2026
Source: NVD
CVE-2026-6537 MEDIUM - 5.5

ZigBee protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

Vendor: wireshark
Product: wireshark
Published: Apr 30, 2026
Source: NVD
CVE-2026-6536 MEDIUM - 5.5

DLMS/COSEM protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4

Vendor: wireshark
Product: wireshark
Published: Apr 30, 2026
Source: NVD
CVE-2026-6535 MEDIUM - 5.5

Dissection engine zlib decompression crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

Vendor: wireshark
Product: wireshark
Published: Apr 30, 2026
Source: NVD
CVE-2026-6534 MEDIUM - 5.5

USB HID protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

Vendor: wireshark
Product: wireshark
Published: Apr 30, 2026
Source: NVD
CVE-2026-6533 MEDIUM - 5.5

Dissection engine LZ77 decompression crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

Vendor: wireshark
Product: wireshark
Published: Apr 30, 2026
Source: NVD
CVE-2026-6532 MEDIUM - 5.5

Kismet protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

Vendor: wireshark
Product: wireshark
Published: Apr 30, 2026
Source: NVD
CVE-2026-6531 MEDIUM - 5.5

SANE protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

Vendor: wireshark
Product: wireshark
Published: Apr 30, 2026
Source: NVD