1015 items
Unread (2147) All Dismissed
HIGH
CVE-2026-49014 (CVSS 7.4) — In GDAL 3.1.0 through 3.13.0, scanForGeometryContainers in the netCDF driver allows code execution v...
NVD CVE-2026-49014 10d ago
HIGH
CVE-2026-9606 (CVSS 7.3) — A vulnerability has been found in itsourcecode Courier Management System 1.0. Impacted is an unknown...
NVD CVE-2026-9606 10d ago
HIGH
CVE-2026-9605 (CVSS 7.3) — A flaw has been found in GNU libredwg up to 0.13.4.8160. This issue affects the function bit_read_RC...
NVD CVE-2026-9605 10d ago
HIGH
CVE-2026-9312 (CVSS 8.2) — A server-side request forgery (SSRF) vulnerability was identified in GitHub Enterprise Server that a...
NVD CVE-2026-9312 10d ago
HIGH
CVE-2026-9584 (CVSS 7.3) — A security vulnerability has been detected in code-projects Project Management System 1.0. Affected ...
NVD CVE-2026-9584 10d ago
HIGH
CVE-2026-45298 (CVSS 8.6) — Dozzle is a realtime log viewer for docker containers. Prior to 10.5.2, in a default dozzle deploy (...
NVD CVE-2026-45298 10d ago
HIGH
CVE-2026-44966 (CVSS 8.3) — Velocity.js is a JavaScript implementation of the Apache Velocity template engine. In 2.1.5 and earl...
NVD CVE-2026-44966 10d ago
HIGH
CVE-2026-9580 (CVSS 7.3) — A vulnerability was determined in JeecgBoot up to 3.9.1. The affected element is the function LoginC...
NVD CVE-2026-9580 10d ago
HIGH
CVE-2026-9575 (CVSS 7.3) — A vulnerability has been found in itsourcecode Student Transcript Processing System 1.0. This issue ...
NVD CVE-2026-9575 10d ago
HIGH
CVE-2026-9574 (CVSS 7.3) — A flaw has been found in itsourcecode Student Transcript Processing System 1.0. This vulnerability a...
NVD CVE-2026-9574 10d ago
HIGH
CVE-2026-44832 (CVSS 8.8) — Snipe-IT is an IT asset/license management system. Prior to 8.4.1, aAn authenticated user with only ...
NVD CVE-2026-44832 10d ago
HIGH
CVE-2026-9560 (CVSS 7.8) — Privilege escalation via background service of OpenVPN Connect 3.5.1 through 3.8.1 on macOS allows a...
NVD CVE-2026-9560 10d ago
HIGH
CVE-2026-9170 (CVSS 7.5) — IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5, 9.0 IBM WebSpher...
NVD CVE-2026-9170 10d ago
HIGH
CVE-2026-8856 (CVSS 7.7) — IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service in configurations where an attacker ...
NVD CVE-2026-8856 10d ago
HIGH
CVE-2026-8855 (CVSS 8.1) — IBM HTTP Server 8.5, and 9.0 is vulnerable to remote code execution and denial of service in configu...
NVD CVE-2026-8855 10d ago
HIGH
CVE-2026-8854 (CVSS 7.5) — IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service via the optional module mod_mem_cach...
NVD CVE-2026-8854 10d ago
HIGH
CVE-2026-8835 (CVSS 7.3) — IBM HTTP Server 8.5, and 9.0 is vulnerable to invalid pointer dereference. A privileged user, authen...
NVD CVE-2026-8835 10d ago
HIGH
CVE-2026-8834 (CVSS 8) — IBM HTTP Server 8.5, and 9.0 contains a buffer overflow vulnerability. A privileged user, authentica...
NVD CVE-2026-8834 10d ago
HIGH
CVE-2026-8620 (CVSS 7.5) — IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5, 9.0 IBM WebSpher...
NVD CVE-2026-8620 10d ago
HIGH
CVE-2026-7454 (CVSS 7.8) — A maliciously crafted WRL file, when parsed through Autodesk 3ds Max, can force a Memory Corruption ...
NVD CVE-2026-7454 10d ago
HIGH
CVE-2026-7452 (CVSS 7.8) — A maliciously crafted WRL file, when parsed through Autodesk 3ds Max, can force a Memory Corruption ...
NVD CVE-2026-7452 10d ago
HIGH
CVE-2026-7451 (CVSS 7.8) — A maliciously crafted TIF file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Wri...
NVD CVE-2026-7451 10d ago
HIGH
CVE-2026-48695 (CVSS 8.1) — FastNetMon Community Edition through 1.2.9 contains an OS command injection vulnerability in the Mik...
NVD CVE-2026-48695 10d ago
HIGH
CVE-2026-48694 (CVSS 8.1) — FastNetMon Community Edition through 1.2.9 contains a configuration injection vulnerability in the J...
NVD CVE-2026-48694 10d ago
HIGH
CVE-2026-44728 (CVSS 8.2) — Babel is a compiler for writing next generation JavaScript. From 7.12.0 to before 7.29.4 and 8.0.0-a...
NVD CVE-2026-44728 10d ago
HIGH
CVE-2026-9562 (CVSS 7.3) — A vulnerability has been found in sambitraj STUDENT-MANAGEMENT-SYSTEM up to 56ba287f2e9031523ccb4244...
NVD CVE-2026-9562 10d ago
HIGH
CVE-2026-8850 (CVSS 7.5) — IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service via the optional module mod_ibm_uplo...
NVD CVE-2026-8850 10d ago
HIGH
CVE-2026-48897 (CVSS 7.5) — Insufficient state checks lead to a vector that allows to bypass 2FA checks.
NVD CVE-2026-48897 10d ago
HIGH
CVE-2026-48896 (CVSS 7.5) — Insufficient state checks lead to a vector that allows to bypass 2FA checks.
NVD CVE-2026-48896 10d ago
HIGH
CVE-2026-48864 (CVSS 7.8) — A flaw was found in libsolv. This heap buffer overflow occurs during the decompression of attacker-c...
NVD CVE-2026-48864 10d ago
HIGH
CVE-2026-48697 (CVSS 7.4) — FastNetMon Community Edition through 1.2.9 does not verify TLS certificates on outbound HTTPS connec...
NVD CVE-2026-48697 10d ago
HIGH
CVE-2026-48690 (CVSS 7.1) — FastNetMon Community Edition through 1.2.9 contains an integer overflow vulnerability in the packet ...
NVD CVE-2026-48690 10d ago
HIGH
CVE-2026-40384 (CVSS 7.5) — An improper validation of the search parameter of the com_media files API endpoint leads to a path t...
NVD CVE-2026-40384 10d ago
HIGH
CVE-2026-24212 (CVSS 7.5) — NVIDIA Isaac Launchable for Linux contains a vulnerability where sensitive information is transmitte...
NVD CVE-2026-24212 10d ago
HIGH
CVE-2026-48692 (CVSS 8.1) — FastNetMon Community Edition through 1.2.9 exposes a gRPC API server on port 50052 with no authentic...
NVD CVE-2026-48692 10d ago
HIGH
CVE-2026-48688 (CVSS 7.5) — FastNetMon Community Edition through 1.2.9 contains multiple out-of-bounds reads in the BGP MP_REACH...
NVD CVE-2026-48688 10d ago
HIGH
CVE-2026-9552 (CVSS 7.3) — A security flaw has been discovered in Das Parking Management System 停车场管理系统 6.2.0. This vulnerabili...
NVD CVE-2026-9552 10d ago
HIGH
CVE-2026-9551 (CVSS 7.3) — A vulnerability was identified in Das Parking Management System 停车场管理系统 6.2.0. This affects the func...
NVD CVE-2026-9551 10d ago
HIGH
CVE-2026-9550 (CVSS 7.3) — A vulnerability was determined in Acrel Electrical EEMS Enterprise Power Operation and Maintenance C...
NVD CVE-2026-9550 10d ago
HIGH
CVE-2026-4480 (CVSS 8.5) — A flaw was found in the Samba printing subsystem. Samba passes the client-controlled job description...
NVD CVE-2026-4480 10d ago
HIGH
CVE-2026-46368 (CVSS 8.8) — luci-app-https-dns-proxy through 2025.12.29-5 — an optional LuCI web UI add-on for the https-dns-pro...
NVD CVE-2026-46368 10d ago
HIGH
CVE-2026-42785 (CVSS 7.2) — OpenKM 6.3.12 contains a remote code execution vulnerability that allows authenticated administrator...
NVD CVE-2026-42785 10d ago
HIGH
CVE-2026-42425 (CVSS 7.2) — OpenKM 6.3.12 contains an unrestricted SQL execution vulnerability that allows authenticated adminis...
NVD CVE-2026-42425 10d ago
HIGH
CVE-2026-40034 (CVSS 7.8) — gix-submodule before 0.82.0 incorrectly validates the update field in .gitmodules, allowing attacker...
NVD CVE-2026-40034 10d ago
HIGH
CVE-2026-40033 (CVSS 8.8) — FreeRDP before 3.26.0 contains a heap-buffer-overflow vulnerability in gdi_CacheToSurface that allow...
NVD CVE-2026-40033 10d ago
HIGH
CVE-2026-9544 (CVSS 7.3) — A vulnerability was found in Shenzhen Sixun Software Sixun Shanghui Group Business Management System...
NVD CVE-2026-9544 10d ago
HIGH
CVE-2026-8047 (CVSS 7.5) — The affected products perform improper length checking when parsing incoming HTTP requests, resultin...
NVD CVE-2026-8047 11d ago
HIGH
CVE-2026-8046 (CVSS 8.1) — The affected products insufficiently verify authorization when deleting user accounts. An authentica...
NVD CVE-2026-8046 11d ago
HIGH
CVE-2026-44469 (CVSS 7.8) — The affected product extracts installation files to a temporary directory with incorrect default per...
NVD CVE-2026-44469 11d ago
HIGH
CVE-2026-44468 (CVSS 7.8) — The affected product creates a directory with insecure default permissions during administrative ins...
NVD CVE-2026-44468 11d ago
HIGH NVD Wed, 27 May 2026 02:16:34 UTC
CVE-2026-49014 (CVSS 7.4) — In GDAL 3.1.0 through 3.13.0, scanForGeometryContainers in the netCDF driver allows code execution v...
https://nvd.nist.gov/vuln/detail/CVE-2026-49014
TL;DR
In GDAL 3.1.0 through 3.13.0, scanForGeometryContainers in the netCDF driver allows code execution via a stack-based buffer overflow. It reads a geometry attribute into a fixed-size stack buffer without validating the attribute length. The attacker embeds the exploit as an oversized geometry attribute in a crafted NetCDF file. This achieves arbitrary code execution on the server running GDAL. This…
CVE-2026-49014
Read full story ↗