6.5
CVE-2025-47404 - Buffer Copy Without Checking Size of Input in Automotive Audio
Memory corruption when dynamically changing the size of a previously allocated buffer while its contents are being modified.
6.5
CVE-2025-47403 - Buffer Over-read in WLAN Firmware
Transient DOS when processing a malformed Fast Transition response frame with an invalid header structure during wireless roaming.
6.5
CVE-2025-47401 - Buffer Over-read in WLAN HAL
Transient DOS when processing target power rate tables during channel configuration.
9.6
CVE-2026-42090 - Notesnook: RCE via stored XSS in note export rendering
Notesnook is a note-taking app focused on user privacy & ease of use. Prior to Notesnook Web/Desktop version 3.3.15 and prior to Notesnook iOS/Android version 3.3.20, a stored XSS vulnerability in the note export flow can be escalated to remote code execution in the desktop app. The root cause is tβ¦
7.5
CVE-2026-42440 - Apache OpenNLP: OOM DoS via Unbounded Array Allocation in AbstractModelReader
OOM Denial of Service via Unbounded Array Allocation in Apache OpenNLP AbstractModelReaderΒ Versions Affected:Β before 2.5.9 before 3.0.0-M3Β Description: The AbstractModelReader methods getOutcomes(), getOutcomePatterns(), and getPredicates() each read a 32-bit signed integer count field froβ¦
9.8
CVE-2026-26956 - vm2: WASM Sandbox Escape (Node 25 only)
vm2 is an open source vm/sandbox for Node.js. In version 3.10.4, vm2 is vulnerable to full sandbox escape with arbitrary code execution. Attacker code inside VM.run() obtains host process object and runs host commands with zero host cooperation. This issue has been patched in version 3.10.5.
9.4
CVE-2026-42811 - Apache Polaris: could broaden vended GCS credentials through unescaped identifier content in accessβ¦
In plain terms, Apache Polaris is supposed to issue short-lived GCS credentials that only work for one table's files, but a crafted namespace or table name can cause those credentials to work across the configured bucket instead. Apache Polaris builds Google Cloud Storage downscoped credentials bβ¦
9.8
CVE-2026-26332 - vm2: Sandbox Escape
vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.0, SuppressedError allows attackers to escape the sandbox and run arbitrary code. This issue has been patched in version 3.11.0.
9.8
CVE-2026-24781 - vm2: Sandbox Breakout Through Inspect
vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.0, VM2 suffers from a sandbox breakout vulnerability through the inspect function. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system. This issue has been patβ¦
9.8
CVE-2026-24120 - vm2: Sandbox Breakout Through Promise Species
vm2 is an open source vm/sandbox for Node.js. Prior to version 3.10.5, the fix for CVE-2023-37466 is insufficient and can be circumvented allowing attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system. This issue has been patched in version β¦