1922 items
Unread (2160) All Dismissed
CRITICAL
CVE-2026-42796 (CVSS 9.8) — Arelle before 2.39.10 contains an unauthenticated remote code execution vulnerability in the /rest/c...
NVD CVE-2026-42796 33d ago
HIGH
CVE-2026-37540 (CVSS 8.4) — OpenAMP v2025.10.0 ELF loader contains an integer overflow vulnerability in firmware image parsing. ...
NVD CVE-2026-37540 36d ago
HIGH
CVE-2026-43052 (CVSS 7.1) — In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: check tdls flag...
NVD CVE-2026-43052 36d ago
HIGH
CVE-2026-31702 (CVSS 7.8) — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix use-after-free of sbi...
NVD CVE-2026-31702CVE-2026-23234 36d ago
HIGH
CVE-2026-31696 (CVSS 7.8) — In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix missing validation o...
NVD CVE-2026-31696 36d ago
HIGH
CVE-2026-43001 (CVSS 7.9) — An issue was discovered in OpenStack Keystone before 29.0.2. POST /v3/credentials did not validate t...
NVD CVE-2026-43001 37d ago
MEDIUM
CVE-2026-3833 (CVSS 6.5) — A flaw was found in gnutls. This vulnerability occurs because gnutls performs case-sensitive compari...
NVD CVE-2026-3833 37d ago
HIGH
CVE-2026-33845 (CVSS 7.5) — A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero off...
NVD CVE-2026-33845 37d ago
HIGH
CVE-2026-5781 (CVSS 8.8) — An authorization vulnerability in MphRx's Minerva V3.6.0, specifically in the '/minerva/moUser/updat...
NVD CVE-2026-5781 39d ago
HIGH
CVE-2026-3087 (CVSS 7.5) — If `shutil.unpack_archive()` is given a ZIP archive with an absolute Windows path containing a drive...
NVD CVE-2026-3087 40d ago
HIGH
CVE-2026-31686 (CVSS 7.8) — In the Linux kernel, the following vulnerability has been resolved: mm/kasan: fix double free for k...
NVD CVE-2026-31686 40d ago
MEDIUM
CVE-2026-40514 (CVSS 5.9) — SmarterTools SmarterMail builds prior to 9610 contain a cryptographic weakness in the file and email...
NVD CVE-2026-40514 40d ago
HIGH
CVE-2026-32688 (CVSS 0) — Allocation of Resources Without Limits or Throttling vulnerability in elixir-plug plug_cowboy allows...
NVD CVE-2026-32688 40d ago
HIGH
CVE-2026-7101 (CVSS 8.8) — A vulnerability has been found in Tenda F456 1.0.0.5. This affects the function fromWrlclientSet of ...
NVD CVE-2026-7101 41d ago
HIGH
CVE-2026-31583 (CVSS 7.8) — In the Linux kernel, the following vulnerability has been resolved: media: em28xx: fix use-after-fr...
NVD CVE-2026-31583 43d ago
HIGH
CVE-2026-31581 (CVSS 7.8) — In the Linux kernel, the following vulnerability has been resolved: ALSA: 6fire: fix use-after-free...
NVD CVE-2026-31581 43d ago
HIGH
CVE-2026-31580 (CVSS 7.8) — In the Linux kernel, the following vulnerability has been resolved: bcache: fix cached_dev.sb_bio u...
NVD CVE-2026-31580 43d ago
HIGH
CVE-2026-31578 (CVSS 7.8) — In the Linux kernel, the following vulnerability has been resolved: media: as102: fix to not free m...
NVD CVE-2026-31578 43d ago
HIGH
CVE-2026-31576 (CVSS 7.8) — In the Linux kernel, the following vulnerability has been resolved: media: hackrf: fix to not free ...
NVD CVE-2026-31576 43d ago
HIGH
CVE-2026-6947 (CVSS 7.5) — DWM-222W USB Wi-Fi Adapter developed by D-Link has a Brute-Force Protection Bypass vulnerability, al...
NVD CVE-2026-6947 44d ago
MEDIUM
CVE-2026-32952 (CVSS 5.3) — go-ntlmssp is a Go package that provides NTLM/Negotiate authentication over HTTP. Prior to version 0...
NVD CVE-2026-32952 44d ago
CRITICAL
CVE-2026-6942 (CVSS 9.8) — radare2-mcp version 1.6.0 and earlier contains an os command injection vulnerability that allows rem...
NVD CVE-2026-6942 44d ago
HIGH
CVE-2026-41205 (CVSS 7.5) — Mako is a template library written in Python. Prior to 1.3.11, TemplateLookup.get_template() is vuln...
NVD CVE-2026-41205 44d ago
HIGH
CVE-2026-31532 (CVSS 7.8) — In the Linux kernel, the following vulnerability has been resolved: can: raw: fix ro->uniq use-afte...
NVD CVE-2026-31532 44d ago
CRITICAL
CVE-2026-6887 (CVSS 9.8) — Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has a SQL Injection vul...
NVD CVE-2026-6887 45d ago
CRITICAL
CVE-2026-6886 (CVSS 9.8) — Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has a Authentication By...
NVD CVE-2026-6886 45d ago
CRITICAL
CVE-2026-6885 (CVSS 9.8) — Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has an Arbitrary File U...
NVD CVE-2026-6885 45d ago
CRITICAL
CVE-2026-3960 (CVSS 9.8) — A critical remote code execution vulnerability exists in the unauthenticated REST API endpoint /99/I...
NVD CVE-2026-3960 45d ago
CRITICAL
CVE-2026-41179 (CVSS 9.8) — Rclone is a command-line program to sync files and directories to and from different cloud storage p...
NVD CVE-2026-41179 45d ago
HIGH
CVE-2026-31527 (CVSS 7.8) — In the Linux kernel, the following vulnerability has been resolved: driver core: platform: use gene...
NVD CVE-2026-31527 45d ago
HIGH
CVE-2026-31500 (CVSS 7.8) — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btintel: serialize b...
NVD CVE-2026-31500 45d ago
HIGH
CVE-2026-31489 (CVSS 7.8) — In the Linux kernel, the following vulnerability has been resolved: spi: meson-spicc: Fix double-pu...
NVD CVE-2026-31489 45d ago
HIGH
CVE-2026-31455 (CVSS 7.8) — In the Linux kernel, the following vulnerability has been resolved: xfs: stop reclaim before pushin...
NVD CVE-2026-31455 45d ago
HIGH
CVE-2026-6855 (CVSS 7.1) — A flaw was found in InstructLab. A local attacker could exploit a path traversal vulnerability in th...
NVD CVE-2026-6855 45d ago
MEDIUM
CVE-2026-6848 (CVSS 5.4) — A flaw was found in Red Hat Quay. When Red Hat Quay requests password re-verification for sensitive ...
NVD CVE-2026-6848 46d ago
INFO
CVE-2026-41144 (CVSS 0) — F´ (F Prime) is a framework that enables development and deployment of spaceflight and other embedde...
NVD CVE-2026-41144 46d ago
HIGH
CVE-2026-40938 (CVSS 7.5) — Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting ...
NVD CVE-2026-40938 46d ago
CRITICAL
CVE-2026-5965 (CVSS 9.8) — NewSoftOA developed by NewSoft has an OS Command Injection vulnerability, allowing unauthenticated l...
NVD CVE-2026-5965 47d ago
CRITICAL
CVE-2026-32311 (CVSS 9.8) — Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, tr...
NVD CVE-2026-32311 47d ago
HIGH
CVE-2026-31430 (CVSS 7.1) — In the Linux kernel, the following vulnerability has been resolved: X.509: Fix out-of-bounds access...
NVD CVE-2026-31430 48d ago
HIGH
CVE-2026-40476 (CVSS 7.5) — graphql-go is a Go implementation of GraphQL. In versions 15.31.4 and below, the OverlappingFieldsCa...
NVD CVE-2026-40476 50d ago
CRITICAL
CVE-2026-29013 (CVSS 9.8) — libcoap contains out-of-bounds read vulnerabilities in OSCORE Appendix B.2 CBOR unwrap handling wher...
NVD CVE-2026-29013 50d ago
HIGH
CVE-2026-40527 (CVSS 7.8) — radare2 prior to commit bc5a890 contains a command injection vulnerability in the afsv/afsvj command...
NVD CVE-2026-40527 50d ago
HIGH
CVE-2026-40518 (CVSS 7.1) — ByteDance DeerFlow before commit 2176b2b contains a path traversal and arbitrary file write vulnerab...
NVD CVE-2026-40518 50d ago
CRITICAL
CVE-2025-15625 (CVSS 9.8) — Unauthenticated user is able to execute arbitrary SQL commands in Sparx Pro Cloud Server database in...
NVD CVE-2025-15625 51d ago
HIGH
CVE-2025-15624 (CVSS 7.5) — Plaintext Storage of a Password vulnerability in Sparx Systems Pty Ltd. Sparx Pro Cloud Server.  In ...
NVD CVE-2025-15624 51d ago
HIGH
CVE-2025-15623 (CVSS 7.5) — Exposure of Private Personal Information to an Unauthorized Actor, : Exposure of Sensitive System In...
NVD CVE-2025-15623 51d ago
CRITICAL
CVE-2026-27820 (CVSS 9.8) — zlib is a Ruby interface for the zlib compression/decompression library. Versions 3.0.0 and below, 3...
NVD CVE-2026-27820 51d ago
HIGH
CVE-2026-41035 (CVSS 7.4) — In rsync 3.0.1 through 3.4.1, receive_xattr relies on an untrusted length value during a qsort call,...
NVD CVE-2026-41035 52d ago
HIGH
CVE-2026-6351 (CVSS 7.5) — MailGates/MailAudit developed by Openfind has a CRLF Injection vulnerability, allowing unauthenticat...
NVD CVE-2026-6351 52d ago
CRITICAL NVD Mon, 04 May 2026 18:16:32 UTC
CVE-2026-42796 (CVSS 9.8) — Arelle before 2.39.10 contains an unauthenticated remote code execution vulnerability in the /rest/c...
https://nvd.nist.gov/vuln/detail/CVE-2026-42796
TL;DR
Arelle before 2.39.10 contains an unauthenticated remote code execution vulnerability in the /rest/configure REST endpoint that accepts a plugins query parameter and forwards it to the plugin manager without authentication or authorization. Attackers can supply a URL to a malicious Python file through the plugins parameter, causing the Arelle webserver to download and execute the attacker-controll…
CVE-2026-42796
Read full story ↗