Total CVEs

143,793

Critical Severity

4,093

High Severity

14,778

Last 7 Days

1,525
Quick preset (or use dates below)
Clear Filters
📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →
Showing 17,481 - 17,500 of 40,198 CVEs
CVE-2026-23918 HIGH - 8.8

Double Free and possible RCE vulnerability in Apache HTTP Server with the HTTP/2 protocol. This issue affects Apache HTTP Server: 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue.

Vendor: Apache Software Foundation
Product: Apache HTTP Server
Published: May 04, 2026
Source: NVD
CVE-2025-70072 MEDIUM - 6.5

An issue in Assimp v.6.0.2 allows a remote attacker to cause a denial of service via the FBXConverter.cpp, FBXConverter::ConvertMeshMultiMaterial() components

Published: May 04, 2026
Source: NVD
CVE-2025-70070 MEDIUM - 6.5

An issue in Assimp v.6.0.2 allows a remote attacker to cause a denial of service via the FBXMeshGeometry.cpp, MeshGeometry::MeshGeometry()

Published: May 04, 2026
Source: NVD

3onedata modbus gateway device model GW1101-1D(RS-485)-TB-P (hardware version V2.2.0) allows authenticated users to execute arbitrary shell commands in the context of the root user by providing payload in the "IP address" field of the diagnosis test tools. This issue has been resolved in f...

Vendor: 3onedata
Product: GW1101-1D(RS-485)-TB-P
Published: May 04, 2026
Source: NVD

Incorrect Permission Assignment for Critical Resource vulnerability in ILM Informatique OpenConcerto allows Replace Binaries. This issue affects OpenConcerto: 1.7.5.

Published: May 04, 2026
Source: NVD
CVE-2026-6266 HIGH - 8.3

A flaw was found in the AAP gateway. The user auto-link strategy, introduced in AAP 2.6, automatically links an external Identity Provider (IDP) identity to an existing AAP user account based on email matching without verifying email ownership. This allows a remote attacker to potentially hijack a v...

Published: May 04, 2026
Source: NVD

Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.

Published: May 04, 2026
Source: NVD
CVE-2026-34032 MEDIUM - 5.3

Improper Null Termination, Out-of-bounds Read vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue.

Vendor: Apache Software Foundation
Product: Apache HTTP Server
Published: May 04, 2026
Source: NVD
CVE-2026-33857 MEDIUM - 5.3

Out-of-bounds Read vulnerability in mod_proxy_ajp of Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue.

Vendor: Apache Software Foundation
Product: Apache HTTP Server
Published: May 04, 2026
Source: NVD
CVE-2026-31205 MEDIUM - 5.7

Cross Site Scripting vulnerability in Pluck CMS before v.4.7.21dev allows a remote attacker to escalate privileges via the editpage.php and the sanitizePageContent function

Published: May 04, 2026
Source: NVD
CVE-2025-70069 HIGH - 7.5

An issue in Assimp v.6.0.2 allows a remote attacker to cause a denial of service via the FBXConverter.cpp and ConvertMeshMultiMaterial() method

Published: May 04, 2026
Source: NVD
CVE-2025-70067 CRITICAL - 9.8

Buffer Overflow vulnerability exists in Assimp versions up to 6.0.2 in the FBX Importer. The vulnerability occurs in aiMaterial::AddBinaryProperty, where a property key string from a crafted FBX file is copied into a fixed-size heap buffer using strcpy() without runtime length validation

Published: May 04, 2026
Source: NVD
CVE-2025-58074 HIGH - 8.8

A privilege escalation vulnerability exists during the installation of Norton Secure VPN via the Microsoft Store. A low-privilege user can replace files during the installation process, which may result in deletion of arbitrary files that can lead to elevation of privileges.

Vendor: Gen Digital
Product: Norton Secure VPN
Published: May 04, 2026
Source: NVD
CVE-2026-7482 CRITICAL - 9.1

Ollama before 0.17.1 contains a heap out-of-bounds read vulnerability in the GGUF model loader. The /api/create endpoint accepts an attacker-supplied GGUF file in which the declared tensor offset and size exceed the file's actual length; during quantization in fs/ggml/gguf.go and server/quantiz...

Vendor: ollama
Product: ollama
Published: May 04, 2026
Source: NVD
CVE-2026-34059 HIGH - 7.5

Buffer Over-read vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue.

Vendor: Apache Software Foundation
Product: Apache HTTP Server
Published: May 04, 2026
Source: NVD
CVE-2026-24072 HIGH - 8.8

An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. Users are recommended to upgrade to version 2.4.67, which fixes this issue.

Vendor: Apache Software Foundation
Product: Apache HTTP Server
Published: May 04, 2026
Source: NVD
CVE-2026-3120 HIGH - 7.2

Improper Control of Generation of Code ('Code Injection') vulnerability in Profelis Information and Consulting Trade and Industry Limited Company SambaBox allows OS Command Injection. This issue affects SambaBox: from 5.1 before 5.3.

Published: May 04, 2026
Source: NVD
CVE-2026-7750 HIGH - 8.8

A vulnerability was detected in Totolink N300RH 3.2.4-B20220812. This vulnerability affects the function setMacFilterRules of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument mac_address results in buffer overflow. The attack may be launched remot...

Published: May 04, 2026
Source: NVD
CVE-2026-7749 HIGH - 8.8

A security vulnerability has been detected in Totolink N300RH 3.2.4-B20220812. This affects the function setWanConfig of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument priDns leads to buffer overflow. The attack may be initiated remotely. The ex...

Published: May 04, 2026
Source: NVD
CVE-2026-7748 HIGH - 8.8

A weakness has been identified in Totolink N300RH 3.2.4-B20220812. Affected by this issue is the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Executing a manipulation of the argument FileName can lead to buffer overflow. The attack can be launched rem...

Published: May 04, 2026
Source: NVD