CVE Database

108577+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-10523
9.9 CRITICAL

An Authentication Bypass vulnerability (CWE-288) in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated attacker to create arbitrary administrative accounts …

Jun 9, 2026
CVE-2026-10520
10.0 CRITICAL KEV

An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-level remote code …

Jun 9, 2026
CVE-2025-67862
6.7 MEDIUM

An Internal Asset Exposed to Unsafe Debug Access Level or State vulnerability [CWE-1244] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.2, FortiOS 7.4.0 through 7.4.7, FortiOS …

Jun 9, 2026
CVE-2026-9279

Logseq exposes an IPC handler that allows the renderer process to execute shell commands. While an allowlist restricts the command name (e.g. `git`, `pandoc`, `grep`), …

Jun 9, 2026
CVE-2026-7486
9.8 CRITICAL

Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Netcad Software Inc. E-İmar allows SQL Injection. This issue affects E-İmar: …

Jun 9, 2026
CVE-2026-52907
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: media: rockchip: rkcif: fix off by one bugs Change these comparisons from > vs >= …

Jun 9, 2026
CVE-2026-52906
7.7 HIGH

In the Linux kernel, the following vulnerability has been resolved: 9p: fix access mode flags being ORed instead of replaced Since commit 1f3e4142c0eb ("9p: convert …

Jun 9, 2026
CVE-2026-52905

In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: disallow non-power of two min_region_sz on damon_start() Commit d8f867fa0825 ("mm/damon: add damon_ctx->min_sz_region") introduced a …

Jun 9, 2026
CVE-2026-52904

In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: fix nvkm_device leak on aperture removal failure When aperture_remove_conflicting_pci_devices() fails during probe, the error …

Jun 9, 2026
CVE-2026-49762

Uncontrolled Resource Consumption vulnerability in the Elixir standard library's Version module allows an attacker who controls a version string to cause a denial of service …

Jun 9, 2026
CVE-2026-47901

Logseq is vulnerable to a sandbox escape flaw where plugins running in sandboxed iframes can inject arbitrary HTML attributes, such as event handlers, into their …

Jun 9, 2026
CVE-2026-47900

Logseq is vulnerable to a stored cross-site scripting (XSS). A malicious plugin can include a JavaScript payload in the "name" field of its "package.json" file, …

Jun 9, 2026
CVE-2026-47899

The Electron preload script in Logseq exposes an API method that allows the renderer process to invoke IPC handlers without proper path validation. An attacker …

Jun 9, 2026
CVE-2026-46332
8.0 HIGH

In the Linux kernel, the following vulnerability has been resolved: greybus: gb-beagleplay: bound bootloader receive buffering cc1352_bootloader_rx() appends each serdev chunk into the fixed rx_buffer …

Jun 9, 2026
CVE-2026-46330
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: Revert "net/smc: Introduce TCP ULP support" This reverts commit d7cd421da9da2cc7b4d25b8537f66db5c8331c40. As reported by Al Viro, …

Jun 9, 2026
CVE-2026-46329

In the Linux kernel, the following vulnerability has been resolved: erofs: handle end of filesystem properly for file-backed mounts I/O requests beyond the end of …

Jun 9, 2026
CVE-2026-46328
7.3 HIGH

In the Linux kernel, the following vulnerability has been resolved: apparmor: fix rlimit for posix cpu timers Posix cpu timers requires an additional step beyond …

Jun 9, 2026
CVE-2026-46327
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: dm: fix unlocked test for dm_suspended_md The function dm_blk_report_zones tests if the device is suspended …

Jun 9, 2026
CVE-2026-46326
8.4 HIGH

In the Linux kernel, the following vulnerability has been resolved: iio: pressure: mprls0025pa: fix spi_transfer struct initialisation Make sure that the spi_transfer struct is zeroed …

Jun 9, 2026
CVE-2026-46325
9.8 CRITICAL

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix iova-to-va conversion for MR page sizes != PAGE_SIZE The current implementation incorrectly handles …

Jun 9, 2026
CVE-2026-11793
4.9 MEDIUM

A stack buffer overflow flaw was found in 389 Directory Server. The checkPrefix() function in pw.c copies an attacker-controlled algorithm ID into a 256-byte stack …

Jun 9, 2026
CVE-2026-11792
3.3 LOW

A heap buffer overflow flaw was found in 389 Directory Server. When audit logging is enabled, the create_masked_entry_string() function in auditlog.c copies a fixed-length password …

Jun 9, 2026
CVE-2026-11790
4.9 MEDIUM

A flaw was found in 389 Directory Server. The PBKDF2-SHA256 password storage plugin does not enforce an upper bound on the iteration count extracted from …

Jun 9, 2026
CVE-2026-11789
4.9 MEDIUM

A flaw was found in 389 Directory Server. The SMD5 password storage plugin performs unsigned integer underflow when computing salt length from a crafted password …

Jun 9, 2026
CVE-2026-11788
5.9 MEDIUM

A flaw was found in 389 Directory Server. The dereference control plugin does not check for allocation failure before using a BER structure, allowing an …

Jun 9, 2026
CVE-2026-11787
5.0 MEDIUM

A flaw was found in 389 Directory Server. The ldap_utf8prev() function reads bytes before the start of a buffer without bounds checking, causing a heap …

Jun 9, 2026
CVE-2026-11786
1.9 LOW

A flaw was found in 389 Directory Server. The LDIF parser reads past the end of a heap buffer when processing attribute types with trailing …

Jun 9, 2026
CVE-2026-11785
4.3 MEDIUM

A flaw was found in 389 Directory Server. A type confusion in the SSO token extended operation handler causes partial stack address information to be …

Jun 9, 2026
CVE-2026-46324
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: use list_del_rcu for netlink hooks nft_netdev_unregister_hooks and __nft_unregister_flowtable_net_hooks need to use list_del_rcu(), this …

Jun 9, 2026
CVE-2026-46323
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: net: gro: don't merge zcopy skbs skb_gro_receive() can currently copy frags between the source and …

Jun 9, 2026
CVE-2026-46322
7.1 HIGH

In the Linux kernel, the following vulnerability has been resolved: tun: free page on build_skb failure in tun_xdp_one() When build_skb() fails in tun_xdp_one(), the function …

Jun 9, 2026
CVE-2026-46321
7.1 HIGH

In the Linux kernel, the following vulnerability has been resolved: tun: free page on short-frame rejection in tun_xdp_one() tun_xdp_one() returns -EINVAL on a frame shorter …

Jun 9, 2026
CVE-2026-46320
7.4 HIGH

In the Linux kernel, the following vulnerability has been resolved: tap: free page on error paths in tap_get_user_xdp() tap_get_user_xdp() rejects a frame shorter than ETH_HLEN …

Jun 9, 2026
CVE-2026-46319
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: net/sched: act_ct: Only release RCU read lock after ct_ft When looking up a flow table …

Jun 9, 2026
CVE-2026-46318

In the Linux kernel, the following vulnerability has been resolved: Revert "mm/hugetlbfs: update hugetlbfs to use mmap_prepare" This reverts commit ea52cb24cd3f ("mm/hugetlbfs: update hugetlbfs to …

Jun 9, 2026
CVE-2026-46317
8.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Reassign nested_mmus array behind mmu_lock kvm->arch.nested_mmus[] is walked under kvm->mmu_lock, including from the …

Jun 9, 2026
CVE-2026-46316
9.3 CRITICAL

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Drop the translation cache reference only for the erased entry vgic_its_invalidate_cache() walks …

Jun 9, 2026
CVE-2026-2638

A vulnerability in the quarantine and restore workflow of the X-VPN macOS website versions 77.0 through 77.5 allow a local attacker to leverage a race …

Jun 9, 2026
CVE-2026-11764

When creating an export of all reusable media, the secrets of connected gift cards were included in the export even if the user creating the …

Jun 9, 2026
CVE-2017-20251
9.8 CRITICAL

WordPress Insert PHP plugin versions before 3.3.1 contain a PHP code injection vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by injecting malicious …

Jun 9, 2026
CVE-2017-20250
7.5 HIGH

Mac Photo Gallery 3.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary files by manipulating the albid parameter. Attackers can send …

Jun 9, 2026
CVE-2017-20249
8.2 HIGH

Apptha Slider Gallery 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the albid …

Jun 9, 2026
CVE-2017-20248
7.5 HIGH

Apptha Slider Gallery 1.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary files by manipulating the imgname parameter. Attackers can send …

Jun 9, 2026
CVE-2017-20247
8.2 HIGH

WordPress Plugin PICA Photo Gallery 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through …

Jun 9, 2026
CVE-2017-20246
8.2 HIGH

KittyCatfish 2.2 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to read database contents by exploiting an unescaped GET parameter. Attackers …

Jun 9, 2026
CVE-2017-20245
8.2 HIGH

Wow Viral Signups 2.1 WordPress plugin contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by exploiting the unescaped 'idsignup' POST …

Jun 9, 2026
CVE-2017-20244
8.2 HIGH

Wow Forms WordPress Plugin version 2.1 contains an SQL injection vulnerability that allows unauthenticated attackers to read arbitrary database information by exploiting an unescaped POST …

Jun 9, 2026
CVE-2017-20243
8.2 HIGH

WordPress Car Park Booking Plugin version 13 October 17 contains a time-based SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting …

Jun 9, 2026
CVE-2016-20065
8.2 HIGH

Product Catalog 8 1.2 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code …

Jun 9, 2026
CVE-2016-20064
6.2 MEDIUM

WP Vault 0.8.6.6 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting an unescaped parameter in the include …

Jun 9, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.