CVE Database

108577+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-42765
7.5 HIGH

Issue summary: When a partial-chain certificate verification is enabled together with OCSP response checking for the whole chain, a NULL dereference will happen if the …

Jun 9, 2026
CVE-2026-42764
7.5 HIGH

Issue summary: Receiving a QUIC initial packet with an invalid token may trigger a NULL pointer dereference in the OpenSSL QUIC server with address validation …

Jun 9, 2026
CVE-2026-42599
6.1 MEDIUM

Svelte is a performance oriented web framework. Prior to version 5.55.7, when using spread syntax to render attributes from untrusted data, event handler properties are …

Jun 9, 2026
CVE-2026-42573
6.1 MEDIUM

Svelte is a performance oriented web framework. Prior to version 5.55.7, Svelte was vulnerable to DOM clobbering of its internal framework state on elements, potentially …

Jun 9, 2026
CVE-2026-42570
7.5 HIGH

Svelte devalue is a JavaScript library that serializes values into strings when JSON.stringify isn't sufficient for the job. From version 5.6.3 to before version 5.8.1, …

Jun 9, 2026
CVE-2026-42567
7.5 HIGH

Svelte is a performance oriented web framework. From version 5.51.5 to before version 5.55.7, an internal regex in the Svelte runtime can take exponential time …

Jun 9, 2026
CVE-2026-41108
7.0 HIGH

Heap-based buffer overflow in Microsoft Windows DNS allows an authorized attacker to elevate privileges locally.

Jun 9, 2026
CVE-2026-41098
8.4 HIGH

Improper neutralization of input during web page generation ('cross-site scripting') in Azure Stack Edge allows an authorized attacker to perform spoofing over a network.

Jun 9, 2026
CVE-2026-41092
7.8 HIGH

Improper access control in Microsoft Kinect allows an authorized attacker to elevate privileges locally.

Jun 9, 2026
CVE-2026-40409
7.8 HIGH

Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability

Jun 9, 2026
CVE-2026-40404
7.8 HIGH

Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability

Jun 9, 2026
CVE-2026-40376
7.5 HIGH

Improper input validation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network.

Jun 9, 2026
CVE-2026-40371
8.8 HIGH

Improper handling of insufficient permissions or privileges in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to elevate privileges over a network.

Jun 9, 2026
CVE-2026-3088

Unauthenticated users on the local network can cause the router to become unavailable by sending specially crafted requests.

Jun 9, 2026
CVE-2026-38615
9.8 CRITICAL

DedeCMS V5.7.118 is vulnerable to Command Execution in file_manage_control.php.

Jun 9, 2026
CVE-2026-35188
5.0 MEDIUM

Issue summary: A malicious server can exploit TLS OCSP stapling by delivering a crafted response through the status_request extension, triggering a double-free in the client's …

Jun 9, 2026
CVE-2026-34692
5.4 MEDIUM

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue …

Jun 9, 2026
CVE-2026-34335
7.0 HIGH

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

Jun 9, 2026
CVE-2026-34183
7.5 HIGH

Issue summary: Remote peer may exhaust heap memory of the QUIC server or client by flooding it with packets containing PATH_CHALLENGE frames. Impact summary: A …

Jun 9, 2026
CVE-2026-34182
9.1 CRITICAL

Issue Summary: Cryptographic Message Services (CMS) processing fails to perform sufficient input validation on the cipher and tag length fields of AuthEnvelopedData containers, leading to …

Jun 9, 2026
CVE-2026-34181
7.4 HIGH

Issue Summary: The PKCS#12 file processing fails to perform sufficient input validation for files that use Password-Based Message Authentication Code 1 (PBMAC1) integrity mechanism allowing …

Jun 9, 2026
CVE-2026-34180
7.5 HIGH

Issue summary: Parsing a crafted DER-encoded ASN.1 structure with a primitive element whose content exceeds 2 gigabytes in length may cause a heap buffer over-read …

Jun 9, 2026
CVE-2026-33828
7.8 HIGH

Trust boundary violation in Windows Attestation allows an authorized attacker to elevate privileges locally.

Jun 9, 2026
CVE-2026-33113
5.4 MEDIUM

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

Jun 9, 2026
CVE-2026-32193
8.8 HIGH

Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Azure Kubernetes Service allows an authorized attacker to execute code locally.

Jun 9, 2026
CVE-2026-28301
4.8 MEDIUM

A vulnerability in which an attacker can provide a crafted external URL that may redirect a user to an unintended website.

Jun 9, 2026
CVE-2026-26142
9.8 CRITICAL

Deserialization of untrusted data in Nuance PowerScribe allows an unauthorized attacker to execute code over a network.

Jun 9, 2026
CVE-2026-24181
7.3 HIGH

NVIDIA DALI contains a vulnerability in a component where an attacker could cause an improper index validation. A successful exploit of this vulnerability might lead …

Jun 9, 2026
CVE-2026-24180
7.3 HIGH

NVIDIA DALI contains a vulnerability in a component where an attacker could cause a heap-based buffer overflow. A successful exploit of this vulnerability might lead …

Jun 9, 2026
CVE-2026-22926
7.8 HIGH

Omnissa Workspace ONE® Assist for macOS contains a Local Privilege Escalation Vulnerability.

Jun 9, 2026
CVE-2026-0420

An improper implementation of TLS certificate validation vulnerability found in NETGEAR's ReadyCloud client app which could allow an attacker to perform attacker-in-the-middle (MiTM) style attacks …

Jun 9, 2026
CVE-2026-0419

Insufficient input validation in NETGEAR JR6150 (AC750 WiFi Router 802.11ac Dual Band Gigabit released in 2014) allows users connected to the local WiFi Networks to …

Jun 9, 2026
CVE-2026-0418

Insufficient configuration management in the listed devices allows authenticated administrators connected to the local network to tamper with the system.

Jun 9, 2026
CVE-2026-0417

Insufficient input validation vulnerability in the listed NETGEAR devices allows authenticated administrators connected to the local network to tamper with the router's integrity.

Jun 9, 2026
CVE-2026-0416

An insufficient input validation vulnerability in certain NETGEAR router models as listed allows an authenticated administrator with local network access to submit crafted input that …

Jun 9, 2026
CVE-2026-0415

Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and …

Jun 9, 2026
CVE-2026-0414

Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and …

Jun 9, 2026
CVE-2026-0413

A buffer overflow vulnerability due to insufficient input validation in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized …

Jun 9, 2026
CVE-2026-0412

Insufficient input validation vulnerability in NETGEAR JR6150 (AC750 WiFi Router 802.11ac Dual Band Gigabit released in 2014) allows administrators connected to the local network to …

Jun 9, 2026
CVE-2026-0411

An information disclosure vulnerability in the NETGEAR Orbi satellites (RBR/RBE/RBS Series) could allow a user connected to your network to gain administrator access to the …

Jun 9, 2026
CVE-2026-0410

Authenticated administrators connected to the local network can gain elevated access to the router and make unauthorized changes to router software and functionality.

Jun 9, 2026
CVE-2026-0409

A NETGEAR security issue that could allow an attacker with ability to intercept and tamper with traffic between the router and the Internet to run …

Jun 9, 2026
CVE-2026-8045

CWE-611 Improper Restriction of XML External Entity Reference vulnerability exists that could cause information disclosure of server-side file contents when an attacker with a Data …

Jun 9, 2026
CVE-2026-8025
9.8 CRITICAL

Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in MOSK Information Technologies Ltd. CBS Platform allows SQL Injection. This issue …

Jun 9, 2026
CVE-2026-49948
8.1 HIGH

Mem0 versions through 0.2.8, fixed in commit ae7f406, contain a missing authorization vulnerability in the self-hosted server component where the POST /configure endpoint modifies global …

Jun 9, 2026
CVE-2026-49938
6.5 MEDIUM

A improper access control vulnerability in Fortinet FortiPortal 7.4.0 through 7.4.7, FortiPortal 7.2.0 through 7.2.8, FortiPortal 7.0 all versions may allow attacker to improper access …

Jun 9, 2026
CVE-2026-25089
9.8 CRITICAL

A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, …

Jun 9, 2026
CVE-2026-24065
8.1 HIGH

Waves Central for macOS versions 13.0.9 through 16.5.5 contain a local privilege escalation vulnerability in the privileged helper service. The helper validates connecting XPC clients …

Jun 9, 2026
CVE-2026-24064
7.8 HIGH

Waves Central for macOS versions 13.0.9 through 16.5.5 contain a local privilege escalation vulnerability. A trusted XPC client component included with the product is signed …

Jun 9, 2026
CVE-2026-10727
7.2 HIGH

An OS command injection vulnerability in Ivanti EPMM before 12.9.0.1, 12.8.0.3 and 12.7.0.2 versions allows a remote authenticated attacker to execute arbitrary commands as root

Jun 9, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.