CVE Vulnerabilities - 4 May 2026

The GV-VMS V20 software has a bug that can cause it to crash and potentially be taken over by an attacker if the WebCam Server feature is enabled. This is because the software doesn't properly check t...

Apache Polaris can create temporary storage credentials that give an attacker too much access to data. This happens when creating a new table before checking where the data will be stored. To fix this...

In plain terms, Apache Polaris is supposed to issue short-lived GCS credentials that only work for one table's files, but a crafted namespace or table name can cause those credentials to work across t...

Apache Polaris doesn't properly handle certain characters in table names, which can allow an attacker to access data from other tables on Amazon S3. This is a security risk because an attacker could p...

Apache Iceberg and Polaris have a security issue where a user with the right permissions can make the system write metadata files to an unintended location. This could lead to incorrect data being loa...

This vulnerability affects all versions of Comet Backup from 20.11.0 to 26.1.1 and 26.2.1. If left unpatched, a malicious admin can access other users' accounts on the same server. Update to the lates...

A hacker can use a specially crafted web request to gain elevated access to the GeoVision LPC2011/LPC2211 system. This could allow them to perform actions they shouldn't be able to do. Update the syst...

The Net-IMAP library in certain situations sends user-controlled input directly to the server without checking for malicious code. This allows an attacker to inject and execute arbitrary commands. Aff...

Net::IMAP, a library for working with email servers, has a security issue that allows attackers to inject malicious commands. This is because the library does not properly validate certain types of in...

A security issue in ArchiveBox allows an attacker to execute arbitrary commands on the system, potentially leading to unauthorized access to local files. This issue affects users who have enabled book...

A vulnerability in Apache OpenNLP allows an attacker to run arbitrary code by creating a malicious model archive. This can happen when users load models from untrusted sources, such as community model...

An attacker can upload and run their own code on the Arelle server without permission, potentially gaining control of the system. This is a serious issue because it allows unauthorized access and coul...

Evolver, a tool used to create AI agents, is vulnerable to a security issue that allows hackers to execute commands on the server. This could lead to unauthorized access or data theft. Update to versi...

A security issue in older versions of Apache OpenNLP's ExtensionLoader allows an attacker to make any class on the computer run when a specially crafted model is loaded. This could potentially lead to...

VM2's sandbox is vulnerable to a breach, allowing malicious code to execute on the host system. This means an attacker could potentially take control of your system. To protect yourself, update to the...

A vulnerability in Assimp's FBX Importer, used in various 3D modeling software, could allow a malicious FBX file to crash the application. This issue affects Assimp versions up to 6.0.2. To protect yo...

The rootio-cryptography package on Root's PyPI repository had a security weakness that could allow unauthorized access to sensitive data. This has been addressed by Root through a software update. Use...

A security flaw in the Totolink N300RH router's password system can be exploited by hackers to gain unauthorized access. This can happen if an attacker sends a malicious password to the router. To pro...

A security flaw in the Tegsoft Online Support Application could allow hackers to inject malicious code into the application, potentially stealing sensitive information or taking control of user sessio...

A vulnerability in the Totolink WA300 router's login function allows an attacker to potentially execute malicious code remotely, potentially allowing them to take control of the device. This could lea...

An attacker can send a specially crafted HTTP request to the GeoVision GV-VMS V20 20.0.2 WebCam Server Login, potentially allowing them to execute malicious code on your system. This can happen withou...

A security issue exists in the QuestDB database used by OpenC3 COSMOS. If an attacker with certain permissions can exploit this issue, they may be able to access and delete sensitive telemetry data. T...

OpenC3 COSMOS has a security flaw in its Time-Series Database that could allow an attacker to delete data. This vulnerability exists in versions of OpenC3 COSMOS from 6.7.0 to before 7.0.0-rc3. Users ...

Notesnook's note export feature had a security flaw that allowed attackers to execute malicious code on users' computers. This issue has been fixed in versions 3.3.15 and 3.3.20 of the desktop app and...

The Siemens SIMATIC S7-1200 PLC software has a flaw in its authentication system. This allows unauthorized access to the system, potentially leading to data tampering or system crashes. To protect you...