Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
4.4 MEDIUM
CVE-2026-42446 — NanaZip: Stack out-of-bounds read in NanaZip ZealFS bitmap parser

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a stack-based out-of-bounds read exists in the ZealFS filesystem image parser in NanaZip. The vulnerability is triggered …

| Memory Corruption
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
3.3 LOW
CVE-2026-42445 — NanaZip: Uncontrolled recursion in NanaZip UFS directory traversal causes stack exhaustion

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an uncontrolled recursion vulnerability exists in the UFS/UFS2 filesystem image parser in NanaZip. The function GetAllPat…

| Memory Corruption
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
3.3 LOW
CVE-2026-42444 — NanaZip: Unbounded resource consumption in NanaZip littlefs parser via attacker-controlle…

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a denial-of-service vulnerability exists in the littlefs filesystem image parser in NanaZip. The handler's Open method re…

| Denial of Service
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
3.3 LOW
CVE-2026-42443 — NanaZip: Integer divide-by-zero in NanaZip UFS inode offset calculation

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an integer divide-by-zero exists in the UFS/UFS2 filesystem image parser in NanaZip. The vulnerability is triggered when …

| Denial of Service
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
3.3 LOW
CVE-2026-42442 — NanaZip: Null-pointer dereference in NanaZip UFS parser when root inode is a symlink

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a null-pointer dereference exists in the UFS/UFS2 filesystem image parser in NanaZip. The vulnerability is triggered when…

| Memory Corruption
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
3.3 LOW
CVE-2026-42355 — NanaZip: Uncontrolled recursion in NanaZip Electron ASAR parser causes stack exhaustion

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an uncontrolled recursion vulnerability exists in the Electron Archive (ASAR) parser in NanaZip. When opening a crafted .…

| Denial of Service
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
5.3 MEDIUM
CVE-2026-42338 — ip-address: XSS in Address6 HTML-emitting methods

ip-address is a library for parsing and manipulating IPv4 and IPv6 addresses in JavaScript. Prior to 10.1.1, Address6.group() and Address6.link() do not HTML-escape attacker-controlled content before…

Remote | Cross-Site Scripting
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
6.5 MEDIUM
CVE-2026-42191 — OpenTelemetry.Exporter.OpenTelemetryProtocol: Disk retry default temp path enables local …

OpenTelemetry.Exporter.OpenTelemetryProtocol is the OTLP (OpenTelemetry Protocol) exporter implementation. From 1.8.0 to 1.15.2, the OTLP disk retry feature in OpenTelemetry.Exporter.OpenTelemetryPro…

opentelemetry.exporter.zipkin | Misconfiguration
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
7.8 HIGH
CVE-2026-34690 — After Effects | Stack-based Buffer Overflow (CWE-121)

After Effects versions 26.0, 25.6.4 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitat…

| Memory Corruption
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
6.2 MEDIUM
CVE-2026-34688 — CAI Content Credentials | Improper Input Validation (CWE-20)

CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit …

| Denial of Service
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
8.7 HIGH
CVE-2026-34686 — Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-pr…

Remote | Cross-Site Scripting
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
3.4 LOW
CVE-2026-34685 — Adobe Commerce | Improper Input Validation (CWE-20)

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier [NEEDS REVIEW: impact mismatch — ticket says 'Arbitrary file system write', CIA triad derives 'Sec…

Remote | Authorization
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
6.2 MEDIUM
CVE-2026-34680 — CAI Content Credentials | Integer Overflow or Wraparound (CWE-190)

CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in an application denial-of-service. An attacker could exp…

| Denial of Service
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
6.2 MEDIUM
CVE-2026-34679 — CAI Content Credentials | Improper Input Validation (CWE-20)

CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit …

| Denial of Service
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
6.2 MEDIUM
CVE-2026-34678 — CAI Content Credentials | Uncontrolled Resource Consumption (CWE-400)

CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could explo…

| Denial of Service
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
6.2 MEDIUM
CVE-2026-34677 — CAI Content Credentials | Uncontrolled Resource Consumption (CWE-400)

CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could explo…

| Denial of Service
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
6.2 MEDIUM
CVE-2026-34673 — CAI Content Credentials | Uncontrolled Resource Consumption (CWE-400)

CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could explo…

| Denial of Service
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
6.2 MEDIUM
CVE-2026-34672 — CAI Content Credentials | Integer Underflow (Wrap or Wraparound) (CWE-191)

CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in an application denial-of-service. An attacker c…

| Denial of Service
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
6.2 MEDIUM
CVE-2026-34671 — CAI Content Credentials | Integer Overflow or Wraparound (CWE-190)

CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in an application denial-of-service. An attacker could exp…

| Denial of Service
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
6.2 MEDIUM
CVE-2026-34670 — CAI Content Credentials | Improper Input Validation (CWE-20)

CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit …

| Denial of Service
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
Showing 20 of 6289 Results