Common Vulnerabilities and Exposures (CVE)

CVE-2026-41016

Apr 30, 2026 09:09:45 UTC

Apache Airflow's SMTP provider `SmtpHook` called Python's `smtplib.SMTP.starttls()` without an SSL context, so no certificate validation was performed on the TLS upgrade. A man-in-the-middle between the Airflow worker and the SMTP server co...

CVE-2026-42799

Apr 30, 2026 08:57:31 UTC

Out-of-bounds read vulnerability in ASR Kestrel (nr_fw modules) allows Overflow Buffers. This vulnerability is associated with program files Code/Nr/nr_fw/RA/src/NrPwrCtrl.C. This issue affects Kestrel: before 2026/02/10.

CVE-2026-42800

Apr 30, 2026 08:52:01 UTC

NULL pointer dereference vulnerability in ASR1903 in ASR Lapwing_Linux on Linux (ims_client modules) allows Pointer Manipulation. This vulnerability is associated with program files sip/utils/src/sipuri.c.

CVE-2026-22070

Apr 30, 2026 08:27:57 UTC

ColorOS Assistant has an unauthenticated start-download channel, leading to file path traversal.

CVE-2026-21422

Apr 30, 2026 08:26:50 UTC

Dell PowerScale OneFS, versions 9.10.0.0 through 9.13.1.0, contains an external control of system or configuration setting vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to ...

CVE-2026-35547

Apr 30, 2026 08:08:13 UTC

When processing the header of an incoming message, libnv failed to properly validate the message size. The lack of validation allows a malicious program to write outside the bounds of a heap allocation. This can trigger a crash or system ...

CVE-2026-39457

Apr 30, 2026 08:01:49 UTC

When exchanging data over a socket, libnv uses select(2) to wait for data to arrive. However, it does not verify whether the provided socket descriptor fits in select(2)'s file descriptor set size limit of FD_SETSIZE (1024). An attacker w...

CVE-2026-42512

Apr 30, 2026 07:58:37 UTC

As dhclient is building an environment to pass to dhclient-script, it may need to resize the array of string pointers. The code which expands the array incorrectly calculates its new size when requesting memory, resulting in a heap buffer ...

CVE-2026-7164

Apr 30, 2026 07:23:52 UTC

Incorrect packet validation allowed unbounded recursion parsing SCTP chunk parameters. This can eventually result in a stack overflow and panic. Remote attackers can craft packets which cause affected systems to panic. This affects any s...

CVE-2026-5201

Apr 30, 2026 07:20:23 UTC

A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vulnerability occurs in the JPEG image loader due to improper validation of color component counts when processing a specially crafted JPEG image. A remote attacker...

CVE-2024-39847

Apr 30, 2026 07:10:17 UTC

Unauthenticated attackers can exploit a weakness in the XML parser functionality of the SOAP endpoints in 4D server. This allows them to obtain read access to files on the application server and adjacent network shares, and perform HTTP GET...

CVE-2026-7270

Apr 30, 2026 07:02:48 UTC

An operator precedence bug in the kernel results in a scenario where a buffer overflow causes attacker-controlled data to overwrite adjacent execve(2) argument buffers. The bug may be exploitable by an unprivileged user to obtain superuser...

CVE-2026-42511

Apr 30, 2026 06:56:36 UTC

The BOOTP file field is written to the lease file without escaping embedded double-quotes, allowing injection of arbitrary dhclient.conf directives. When the lease file is subsequently re-parsed by dhclient, e.g., after a system restart, a...

CVE-2026-42798

Apr 30, 2026 06:49:45 UTC

Little CMS (lcms2) 2.16 through 2.18 before 2.19 has an integer overflow in ParseCube in cmscgats.c.

CVE-2026-41226

Apr 30, 2026 06:08:41 UTC

Open redirect vulnerability exists in Multiple laser printers and MFPs which implement Ricoh Web Image Monitor. When accessing a specially crafted URL, the user may be redirected to an arbitrary website. As a result, the user may become a v...