CVE Database

36709+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-31570
8.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: can: gw: fix OOB heap access in cgw_csum_crc8_rel() cgw_csum_crc8_rel() correctly computes bounds-safe indices via calc_idx(): …

Apr 24, 2026
CVE-2026-31569
7.3 HIGH

In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Handle the case that EIOINTC's coremap is empty EIOINTC's coremap in eiointc_update_sw_coremap() can …

Apr 24, 2026
CVE-2026-31568
7.1 HIGH

In the Linux kernel, the following vulnerability has been resolved: s390/mm: Add missing secure storage access fixups for donated memory There are special cases where …

Apr 24, 2026
CVE-2026-31566
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix fence put before wait in amdgpu_amdkfd_submit_ib amdgpu_amdkfd_submit_ib() submits a GPU job and gets …

Apr 24, 2026
CVE-2026-31563
7.5 HIGH

In the Linux kernel, the following vulnerability has been resolved: net: macb: Use dev_consume_skb_any() to free TX SKBs The napi_consume_skb() function is not intended to …

Apr 24, 2026
CVE-2026-31558
8.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Make kvm_get_vcpu_by_cpuid() more robust kvm_get_vcpu_by_cpuid() takes a cpuid parameter whose type is int, …

Apr 24, 2026
CVE-2026-31557
7.5 HIGH

In the Linux kernel, the following vulnerability has been resolved: nvmet: move async event work off nvmet-wq For target nvmet_ctrl_free() flushes ctrl->async_event_work. If nvmet_ctrl_free() runs …

Apr 24, 2026
CVE-2026-31554
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: futex: Require sys_futex_requeue() to have identical flags Nicholas reported that his LLM found it was …

Apr 24, 2026
CVE-2026-31553
8.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Fix the descriptor address in __kvm_at_swap_desc() Using "(u64 __user *)hva + offset" to …

Apr 24, 2026
CVE-2026-31552
7.5 HIGH

In the Linux kernel, the following vulnerability has been resolved: wifi: wlcore: Return -ENOMEM instead of -EAGAIN if there is not enough headroom Since upstream …

Apr 24, 2026
CVE-2026-31548
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: cancel pmsr_free_wk in cfg80211_pmsr_wdev_down When the nl80211 socket that originated a PMSR request …

Apr 24, 2026
CVE-2026-31541
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: tracing: Fix trace_marker copy link list updates When the "copy_trace_marker" option is enabled for an …

Apr 24, 2026
CVE-2026-31539
7.5 HIGH

In the Linux kernel, the following vulnerability has been resolved: smb: smbdirect: introduce smbdirect_socket.recv_io.credits.available The logic off managing recv credits by counting posted recv_io and …

Apr 24, 2026
CVE-2026-31538
7.5 HIGH

In the Linux kernel, the following vulnerability has been resolved: smb: server: make use of smbdirect_socket.recv_io.credits.available The logic off managing recv credits by counting posted …

Apr 24, 2026
CVE-2026-5367
8.6 HIGH

A flaw was found in OVN (Open Virtual Network). A remote attacker, by sending crafted DHCPv6 (Dynamic Host Configuration Protocol for IPv6) SOLICIT packets with …

Apr 24, 2026
CVE-2026-23902
8.1 HIGH

Incorrect Authorization vulnerability in Apache DolphinScheduler allows authenticated users with system login permissions to use tenants that are not defined on the platform during workflow …

Apr 24, 2026
CVE-2026-41044
8.8 HIGH

Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ, Apache ActiveMQ Broker, Apache ActiveMQ All. An authenticated attacker can …

Apr 24, 2026
CVE-2026-40466
8.8 HIGH

Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. An authenticated attacker may …

Apr 24, 2026
CVE-2026-21728
7.5 HIGH

Tempo queries with large limits can cause large memory allocations which can impact the availability of the service, depending on its deployment strategy. Mitigation can …

Apr 24, 2026
CVE-2026-5364
8.1 HIGH

The Drag and Drop File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file upload in versions up to, and including, …

Apr 24, 2026
CVE-2026-6947
7.5 HIGH

DWM-222W USB Wi-Fi Adapter developed by D-Link has a Brute-Force Protection Bypass vulnerability, allowing unauthenticated adjacent network attackers to bypass login attempt limits to perform …

Apr 24, 2026
CVE-2026-41485
7.7 HIGH

Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1.17.2 and 1.16.4, an unchecked type assertion in the `forEach` …

Apr 24, 2026
CVE-2026-41324
7.5 HIGH

basic-ftp is an FTP client for Node.js. Versions prior to 5.3.0 are vulnerable to denial of service through unbounded memory growth while processing directory listings …

Apr 24, 2026
CVE-2026-41323
8.1 HIGH

Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1.18.0-rc1, 1.17.2-rc1, and 1.16.4, Kyverno's apiCall feature in ClusterPolicy automatically …

Apr 24, 2026
CVE-2026-41068
7.7 HIGH

Kyverno is a policy engine designed for cloud native platform engineering teams. The patch for CVE-2026-22039 fixed cross-namespace privilege escalation in Kyverno's `apiCall` context by …

Apr 24, 2026
CVE-2026-41317
7.5 HIGH

Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service (SaaS).`press.api.account.create_api_secret` is prone to CSRF-like exploits. This endpoint writes to …

Apr 24, 2026
CVE-2026-41316
8.1 HIGH

ERB is a templating system for Ruby. Ruby 2.7.0 (before ERB 2.2.0 was published on rubygems.org) introduced an `@_init` instance variable guard in `ERB#result` and …

Apr 24, 2026
CVE-2026-41309
8.2 HIGH

Open Source Social Network (OSSN) is open-source social networking software developed in PHP. Versions prior to 9.0 are vulnerable to resource exhaustion. An attacker can …

Apr 24, 2026
CVE-2026-33318
8.8 HIGH

Actual is a local-first personal finance tool. Prior to version 26.4.0, any authenticated user (including `BASIC` role) can escalate to `ADMIN` on servers migrated from …

Apr 24, 2026
CVE-2026-33317
8.7 HIGH

OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. In …

Apr 24, 2026
CVE-2026-33208
8.8 HIGH

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.4, the /config/ < service > /find-in-config endpoint in …

Apr 24, 2026
CVE-2026-33077
7.5 HIGH

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.4, the oldconfig parameter in the haproxy_section_save interface has …

Apr 24, 2026
CVE-2026-41325
8.8 HIGH

Kirby is an open-source content management system. Kirby's user permissions control which user role is allowed to perform specific actions to content models in the …

Apr 24, 2026
CVE-2026-34587
8.1 HIGH

Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, Kirby's user permissions control which user role is allowed to perform specific …

Apr 24, 2026
CVE-2026-32870
7.5 HIGH

Kirby is an open-source content management system. Kirby's `Xml::value()` method has special handling for `<![CDATA[ ]]>` blocks. If the input value is already valid `CDATA`, …

Apr 24, 2026
CVE-2026-40623
8.1 HIGH

A vulnerability in SenseLive X3050's web management interface allows critical system and network configuration parameters to be modified without sufficient validation and safety controls. Due …

Apr 24, 2026
CVE-2026-39462
8.1 HIGH

A vulnerability exists in SenseLive X3050’s web management interface in which password updates are not reliably applied due to improper handling of credential changes on …

Apr 24, 2026
CVE-2026-35064
7.5 HIGH

A vulnerability in SenseLive X3050’s management ecosystem allows unauthenticated discovery of deployed units through the vendor’s management protocol, enabling identification of device presence, identifiers, and …

Apr 24, 2026
CVE-2026-31952
7.6 HIGH

Xibo is an open source digital signage platform with a web content management system and Windows display player software. Versions 1.7 through 4.4.0 have an …

Apr 24, 2026
CVE-2026-27841
8.1 HIGH

A vulnerability in SenseLive X3050's web management interface allows state-changing operations to be triggered without proper Cross-Site Request Forgery (CSRF) protections. Because the application does …

Apr 24, 2026
CVE-2026-41361
7.1 HIGH

OpenClaw before 2026.3.28 contains an SSRF guard bypass vulnerability that fails to block four IPv6 special-use ranges. Attackers can exploit this by crafting URLs targeting …

Apr 23, 2026
CVE-2026-41359
7.1 HIGH

OpenClaw before 2026.3.28 contains a privilege escalation vulnerability allowing authenticated operators with write permissions to access admin-class Telegram configuration and cron persistence settings via the …

Apr 23, 2026
CVE-2026-41355
7.3 HIGH

OpenClaw before 2026.3.28 contains an arbitrary code execution vulnerability in mirror mode that converts untrusted sandbox files into workspace hooks. Attackers with mirror mode access …

Apr 23, 2026
CVE-2026-41353
8.1 HIGH

OpenClaw before 2026.3.22 contains an access control bypass vulnerability in the allowProfiles feature that allows attackers to circumvent profile restrictions through persistent profile mutation and …

Apr 23, 2026
CVE-2026-41352
8.8 HIGH

OpenClaw before 2026.3.31 contains a remote code execution vulnerability where a device-paired node can bypass the node scope gate authentication mechanism. Attackers with device pairing …

Apr 23, 2026
CVE-2026-41349
8.8 HIGH

OpenClaw before 2026.3.28 contains an agentic consent bypass vulnerability allowing LLM agents to silently disable execution approval via config.patch parameter. Remote attackers can exploit this …

Apr 23, 2026
CVE-2026-41347
7.1 HIGH

OpenClaw before 2026.3.31 lacks browser-origin validation in HTTP operator endpoints when operating in trusted-proxy mode, allowing cross-site request forgery attacks. Attackers can exploit this by …

Apr 23, 2026
CVE-2026-41342
7.3 HIGH

OpenClaw before 2026.3.28 contains an authentication bypass vulnerability in the remote onboarding component that persists unauthenticated discovery endpoints without explicit trust confirmation. Attackers can spoof …

Apr 23, 2026
CVE-2026-41336
7.8 HIGH

OpenClaw before 2026.3.31 allows workspace .env files to override the OPENCLAW_BUNDLED_HOOKS_DIR environment variable, enabling loading of attacker-controlled hook code. Attackers can replace trusted default-on bundled …

Apr 23, 2026
CVE-2026-32172
8.0 HIGH

Uncontrolled search path element in Microsoft Power Apps allows an unauthorized attacker to execute code over a network.

Apr 23, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.