Common Vulnerabilities and Exposures (CVE)

CVE-2025-71256

May 6, 2026 01:43:17 UTC

In nr modem, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed.

CVE-2025-71255

May 6, 2026 01:43:15 UTC

In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed.

CVE-2025-71254

May 6, 2026 01:43:13 UTC

In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed.

CVE-2025-71253

May 6, 2026 01:43:08 UTC

In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed.

CVE-2025-71252

May 6, 2026 01:43:07 UTC

In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed.

CVE-2025-71251

May 6, 2026 01:42:58 UTC

In IMS, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed.

CVE-2026-44405

May 5, 2026 23:55:03 UTC

In Paramiko through 4.0.0 before a448945, rsakey.py allows the SHA-1 algorithm.

CVE-2024-0456

May 5, 2026 23:00:13 UTC

An authorization vulnerability exists in GitLab versions 14.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. An unauthorized attacker is able to assign arbitrary users to MRs that they created within the project

CVE-2023-6955

May 5, 2026 23:00:12 UTC

A missing authorization check vulnerability exists in GitLab Remote Development affecting all versions prior to 16.5.6, 16.6 prior to 16.6.4 and 16.7 prior to 16.7.2. This condition allows an attacker to create a workspace in one group that...

CVE-2026-28780

May 5, 2026 22:24:30 UTC

Heap-based Buffer Overflow vulnerability in mod_proxy_ajp of Apache HTTP Server. If mod_proxy_ajp connects to a malicious AJP server this AJP server can send a malicious AJP message back to mod_proxy_ajp and cause it to write 4 attacker con...

CVE-2026-40934

May 5, 2026 21:31:42 UTC

Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, the secret used to sign authentication cookies is persisted to a static file at ~/.local/share/jupyter/runtime/jupyter_cookie_secret and is never ro...

CVE-2026-40110

May 5, 2026 21:29:31 UTC

Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, the Origin header validation uses Python's re.match() to check incoming origins against the allow_origin_pat configuration value. Because re.match()...

CVE-2026-40075

May 5, 2026 21:25:41 UTC

OpenMRS Core is an open source electronic medical record system platform. In versions 2.7.8 and earlier and versions 2.8.0 through 2.8.5, the `/openmrs/moduleResources/{moduleid}` endpoint is vulnerable to a path traversal attack. The Modul...

CVE-2022-24387

May 5, 2026 21:08:45 UTC

With administrator or admin privileges the application can be tricked into overwriting files in app_data/Config folder, e.g. the systemsettings.xml file. THis is possible in SmarterTrack v100.0.8019.14010

CVE-2026-39852

May 5, 2026 20:58:29 UTC

Quarkus is a Java framework for building cloud-native applications. In versions prior to 3.20.6.1, 3.27.3.1, 3.33.1.1, 3.35.1.1, 3.34.7, and 3.35.2, a path normalization inconsistency between the security layer and the routing layer allows ...