CVE Database

108577+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2023-29146
8.2 HIGH

The utility functions used by Malwarebytes EDR 1.0.11 on Linux for calculating a cryptographic hash of data bytes truncate the hashed data if it exceeds …

Jun 9, 2026
CVE-2026-50636
8.8 HIGH

The RemoteControl API methods invite_participants and remind_participants pass a caller-supplied token-ID array into TokenDynamic::findUninvited(), which concatenates the values directly into a tid IN ('...') SQL …

Jun 9, 2026
CVE-2026-50635
8.8 HIGH

LimeSurvey constructs account password-reset links from the client-supplied HTTP Host header without validating it. The optional allowedHosts allowlist that would constrain this is undefined in …

Jun 9, 2026
CVE-2026-50512
7.8 HIGH

Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.

Jun 9, 2026
CVE-2026-50511
7.8 HIGH

Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.

Jun 9, 2026
CVE-2026-48293
7.8 HIGH

InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of …

Jun 9, 2026
CVE-2026-44275
6.3 MEDIUM

Dell/Alienware Purchased Apps, versions prior to 1.1.32.0, contain an Improper Link Resolution Before File Access ('Link Following') vulnerability. A low privileged attacker with local access …

Jun 9, 2026
CVE-2026-41116
6.3 MEDIUM

Dell Inventory Collector Client, versions prior to 13.8.0, contain an Improper Link Resolution Before File Access ('Link Following') vulnerability. A low privileged attacker with local …

Jun 9, 2026
CVE-2026-34708
7.8 HIGH

InCopy versions 21.3, 20.5.3 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of …

Jun 9, 2026
CVE-2026-34707
7.8 HIGH

InCopy versions 21.3, 20.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of …

Jun 9, 2026
CVE-2026-34706
7.8 HIGH

InCopy versions 21.3, 20.5.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the …

Jun 9, 2026
CVE-2026-34705
5.5 MEDIUM

InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could …

Jun 9, 2026
CVE-2026-34704
5.5 MEDIUM

InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could …

Jun 9, 2026
CVE-2026-34703
5.5 MEDIUM

InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could …

Jun 9, 2026
CVE-2026-34702
7.8 HIGH

InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context …

Jun 9, 2026
CVE-2026-34701
7.8 HIGH

InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context …

Jun 9, 2026
CVE-2026-34700
7.8 HIGH

InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of …

Jun 9, 2026
CVE-2026-34699
7.8 HIGH

InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context …

Jun 9, 2026
CVE-2026-34698
7.8 HIGH

InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context …

Jun 9, 2026
CVE-2026-34697
7.8 HIGH

InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context …

Jun 9, 2026
CVE-2026-34696
7.8 HIGH

InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context …

Jun 9, 2026
CVE-2026-34695
7.8 HIGH

InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context …

Jun 9, 2026
CVE-2026-34694
5.9 MEDIUM

Adobe Experience Manager Forms JEE versions LTS SP1, 6.5.24.0 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by …

Jun 9, 2026
CVE-2026-34693
8.0 HIGH

Adobe Experience Manager Forms JEE versions LTS SP1, 6.5.24.0 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this …

Jun 9, 2026
CVE-2026-34691
9.3 CRITICAL

Adobe Experience Manager Forms JEE versions LTS SP1, 6.5.24.0 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by …

Jun 9, 2026
CVE-2026-28237

Unrestricted resource allocation in AMD uProf may be exploitable to consume excessive system resources, potentially leading to a loss of availability.

Jun 9, 2026
CVE-2026-0466

Improper access control in AMD uProf may allow a local attacker with user privileges to write to the kernel-shared memory section, potentially resulting in crash …

Jun 9, 2026
CVE-2025-54509

Improper access control for register interface in the input-output memory management unit (IOMMU) could allow a privileged attacker to cause non-coherent accesses by the AMD …

Jun 9, 2026
CVE-2026-9213

A vulnerability in the affected NETGEAR gaming routers allows attackers with the ability to intercept and tamper with traffic between the router and the Internet, …

Jun 9, 2026
CVE-2026-9212

Insufficient authentication and input validation in the listed NETGEAR models allow users connected to the local network to execute commands impacting the product's confidentiality or …

Jun 9, 2026
CVE-2026-9211

An unauthenticated user on the local network can gain control of the router and make unauthorized changes to its operation.

Jun 9, 2026
CVE-2026-9210

Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and …

Jun 9, 2026
CVE-2026-9076
7.5 HIGH

Issue summary: When CMS password-based decryption (RFC 3211 / PWRI key unwrap) processes attacker-supplied CMS data, an attacker-chosen stream-mode KEK cipher can trigger a heap …

Jun 9, 2026
CVE-2026-7383
8.1 HIGH

Issue summary: A signed integer overflow when sizing the destination buffer for Unicode output in ASN1_mbstring_ncopy() can lead to a heap buffer overflow. Impact summary: …

Jun 9, 2026
CVE-2026-50508
6.5 MEDIUM

Exposure of sensitive information to an unauthorized actor in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.

Jun 9, 2026
CVE-2026-50507
6.8 MEDIUM

Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.

Jun 9, 2026
CVE-2026-49959
8.8 HIGH

Hermes WebUI before version 0.51.311 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands by placing malicious executable Git configuration …

Jun 9, 2026
CVE-2026-49958
5.0 MEDIUM

Hermes WebUI before version 0.51.303 contains a time-of-check time-of-use (TOCTOU) race condition vulnerability in the git_discard function within api/workspace_git.py that allows attackers to delete files …

Jun 9, 2026
CVE-2026-49957
7.7 HIGH

Hermes WebUI before version 0.51.296 contains a workspace boundary bypass vulnerability that allows authenticated attackers to circumvent blocked-root path checks by exploiting an early return …

Jun 9, 2026
CVE-2026-49956
6.5 MEDIUM

Hermes WebUI before version 0.51.269 contains a profile isolation bypass vulnerability that allows authenticated users to access data belonging to other profiles by querying the …

Jun 9, 2026
CVE-2026-49955
5.3 MEDIUM

Hermes WebUI before version 0.51.270 contains a resource exhaustion vulnerability that allows unauthenticated remote attackers to degrade service availability by repeatedly calling the passkey options …

Jun 9, 2026
CVE-2026-49848
4.3 MEDIUM

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. …

Jun 9, 2026
CVE-2026-49847
7.5 HIGH

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. …

Jun 9, 2026
CVE-2026-49843
5.3 MEDIUM

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. …

Jun 9, 2026
CVE-2026-49842
7.5 HIGH

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. …

Jun 9, 2026
CVE-2026-49841
9.8 CRITICAL

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. …

Jun 9, 2026
CVE-2026-49840
9.1 CRITICAL

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. …

Jun 9, 2026
CVE-2026-49475
7.5 HIGH

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. …

Jun 9, 2026
CVE-2026-49472
5.3 MEDIUM

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. …

Jun 9, 2026
CVE-2026-49161
7.8 HIGH

Improper access control in Microsoft PC Manager allows an authorized attacker to bypass a security feature locally.

Jun 9, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.