CVE Database

36709+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-33733
7.2 HIGH

EspoCRM is an open source customer relationship management application. Prior to version 9.3.4, the admin template management endpoints accept attacker-controlled `name` and `scope` values and …

Apr 22, 2026
CVE-2026-34065
7.5 HIGH

nimiq-primitives contains primitives (e.g., block, account, transaction) to be used in Nimiq's Rust implementation. Prior to version 1.3.0, an untrusted p2p peer can cause a …

Apr 22, 2026
CVE-2026-34063
7.5 HIGH

Nimiq's network-libp2p is a Nimiq network implementation based on libp2p. Prior to version 1.3.0, `network-libp2p` discovery uses a libp2p `ConnectionHandler` state machine. the handler assumes …

Apr 22, 2026
CVE-2026-41468
8.7 HIGH

Beghelli Sicuro24 SicuroWeb embeds AngularJS 1.5.2, an end-of-life component containing known sandbox escape primitives. When combined with template injection present in the same application, these …

Apr 22, 2026
CVE-2026-34414
7.1 HIGH

Xerte Online Toolkits versions 3.15 and earlier contain a relative path traversal vulnerability in the elFinder connector endpoint at /editor/elfinder/php/connector.php where the name parameter in …

Apr 22, 2026
CVE-2026-34413
8.6 HIGH

Xerte Online Toolkits versions 3.15 and earlier contain a missing authentication vulnerability in the elFinder connector endpoint at /editor/elfinder/php/connector.php where an HTTP redirect to unauthenticated …

Apr 22, 2026
CVE-2026-26354
8.1 HIGH

Dell PowerProtect Data Domain with Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.10, LTS2024 release …

Apr 22, 2026
CVE-2026-5816
8.0 HIGH

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.10 before 18.10.4 and 18.11 before 18.11.1 that could have allowed an unauthenticated …

Apr 22, 2026
CVE-2026-5262
8.0 HIGH

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.1.0 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that under certain …

Apr 22, 2026
CVE-2026-4922
8.1 HIGH

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.0 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that could have …

Apr 22, 2026
CVE-2026-35368
7.8 HIGH

A vulnerability exists in the chroot utility of uutils coreutils when using the --userspec option. The utility resolves the user specification via getpwnam() after entering …

Apr 22, 2026
CVE-2026-35352
7.0 HIGH

A Time-of-Check to Time-of-Use (TOCTOU) race condition exists in the mkfifo utility of uutils coreutils. The utility creates a FIFO and then performs a path-based …

Apr 22, 2026
CVE-2026-35341
7.1 HIGH

A vulnerability in uutils coreutils mkfifo allows for the unauthorized modification of permissions on existing files. When mkfifo fails to create a FIFO because a …

Apr 22, 2026
CVE-2026-35338
7.3 HIGH

A vulnerability in the chmod utility of uutils coreutils allows users to bypass the --preserve-root safety mechanism. The implementation only validates if the target path …

Apr 22, 2026
CVE-2018-25268
8.4 HIGH

LanSpy 2.0.1.159 contains a local buffer overflow vulnerability that allows attackers to overwrite the instruction pointer by supplying oversized input to the scan field. Attackers …

Apr 22, 2026
CVE-2018-25265
8.4 HIGH

LanSpy 2.0.1.159 contains a local buffer overflow vulnerability in the scan section that allows local attackers to execute arbitrary code by exploiting structured exception handling …

Apr 22, 2026
CVE-2018-25261
8.4 HIGH

Iperius Backup 5.8.1 contains a local buffer overflow vulnerability in the structured exception handling (SEH) mechanism that allows local attackers to execute arbitrary code by …

Apr 22, 2026
CVE-2018-25260
8.4 HIGH

MAGIX Music Editor 3.1 contains a buffer overflow vulnerability in the FreeDB Proxy Options dialog that allows local attackers to execute arbitrary code by exploiting …

Apr 22, 2026
CVE-2018-25259
8.4 HIGH

Terminal Services Manager 3.1 contains a stack-based buffer overflow vulnerability in the computer names field that allows local attackers to execute arbitrary code by triggering …

Apr 22, 2026
CVE-2026-35548
8.5 HIGH

An issue was discovered in guardsix (formerly Logpoint) ODBC Enrichment Plugins before 5.2.1 (5.2.1 is used in guardsix 7.9.0.0). A logic flaw allowed stored database …

Apr 22, 2026
CVE-2026-6859
8.8 HIGH

A flaw was found in InstructLab. The `linux_train.py` script hardcodes `trust_remote_code=True` when loading models from HuggingFace. This allows a remote attacker to achieve arbitrary Python …

Apr 22, 2026
CVE-2026-41651
8.8 HIGH

PackageKit is a a D-Bus abstraction layer that allows the user to manage packages in a secure way using a cross-distro, cross-architecture API. PackageKit between …

Apr 22, 2026
CVE-2026-33608
7.4 HIGH

An attacker can send a notify request that causes a new secondary domain to be added to the bind backend, but causes said backend to …

Apr 22, 2026
CVE-2026-33593
7.5 HIGH

A client can trigger a divide by zero error leading to crash by sending a crafted DNSCrypt query.

Apr 22, 2026
CVE-2026-31530
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: cxl/port: Fix use after free of parent_port in cxl_detach_ep() cxl_detach_ep() is called during bottom-up removal …

Apr 22, 2026
CVE-2026-31528
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: perf: Make sure to use pmu_ctx->pmu for groups Oliver reported that x86_pmu_del() ended up doing …

Apr 22, 2026
CVE-2026-31527
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: driver core: platform: use generic driver_override infrastructure When a driver is probed through __driver_attach(), the …

Apr 22, 2026
CVE-2026-31525
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix undefined behavior in interpreter sdiv/smod for INT_MIN The BPF interpreter's signed 32-bit division …

Apr 22, 2026
CVE-2026-31516
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: xfrm: prevent policy_hthresh.work from racing with netns teardown A XFRM_MSG_NEWSPDINFO request can queue the per-net …

Apr 22, 2026
CVE-2026-31513
8.1 HIGH

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix stack-out-of-bounds read in l2cap_ecred_conn_req Syzbot reported a KASAN stack-out-of-bounds read in l2cap_build_cmd() …

Apr 22, 2026
CVE-2026-31511
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix dangling pointer on mgmt_add_adv_patterns_monitor_complete This fixes the condition checking so mgmt_pending_valid is …

Apr 22, 2026
CVE-2026-31508
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: Avoid releasing netdev before teardown completes The patch cited in the Fixes tag …

Apr 22, 2026
CVE-2026-31507
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: net/smc: fix double-free of smc_spd_priv when tee() duplicates splice pipe buffer smc_rx_splice() allocates one smc_spd_priv …

Apr 22, 2026
CVE-2026-31506
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: net: bcmasp: fix double free of WoL irq We do not need to free wol_irq …

Apr 22, 2026
CVE-2026-31505
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: iavf: fix out-of-bounds writes in iavf_get_ethtool_stats() iavf incorrectly uses real_num_tx_queues for ETH_SS_STATS. Since the value …

Apr 22, 2026
CVE-2026-31504
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: net: fix fanout UAF in packet_release() via NETDEV_UP race `packet_release()` has a race window where …

Apr 22, 2026
CVE-2026-31502
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: team: fix header_ops type confusion with non-Ethernet ports Similar to commit 950803f72547 ("bonding: fix type …

Apr 22, 2026
CVE-2026-31500
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btintel: serialize btintel_hw_error() with hci_req_sync_lock btintel_hw_error() issues two __hci_cmd_sync() calls (HCI_OP_RESET and Intel exception-info …

Apr 22, 2026
CVE-2026-31494
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: net: macb: use the current queue number for stats There's a potential mismatch between the …

Apr 22, 2026
CVE-2026-31493
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: RDMA/efa: Fix use of completion ctx after free On admin queue completion handling, if the …

Apr 22, 2026
CVE-2026-31490
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: drm/xe/pf: Fix use-after-free in migration restore When an error is returned from xe_sriov_pf_migration_restore_produce(), the data …

Apr 22, 2026
CVE-2026-31489
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: spi: meson-spicc: Fix double-put in remove path meson_spicc_probe() registers the controller with devm_spi_register_controller(), so teardown …

Apr 22, 2026
CVE-2026-31488
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Do not skip unrelated mode changes in DSC validation Starting with commit 17ce8a6907f7 ("drm/amd/display: …

Apr 22, 2026
CVE-2026-31486
7.1 HIGH

In the Linux kernel, the following vulnerability has been resolved: hwmon: (pmbus/core) Protect regulator operations with mutex The regulator operations pmbus_regulator_get_voltage(), pmbus_regulator_set_voltage(), and pmbus_regulator_list_voltage() access …

Apr 22, 2026
CVE-2026-31485
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: spi: spi-fsl-lpspi: fix teardown order issue (UAF) There is a teardown order issue in the …

Apr 22, 2026
CVE-2026-31484
7.1 HIGH

In the Linux kernel, the following vulnerability has been resolved: io_uring/fdinfo: fix OOB read in SQE_MIXED wrap check __io_uring_show_fdinfo() iterates over pending SQEs and, for …

Apr 22, 2026
CVE-2026-31479
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: drm/xe: always keep track of remap prev/next During 3D workload, user is reporting hitting: [ …

Apr 22, 2026
CVE-2026-31477
7.5 HIGH

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix memory leaks and NULL deref in smb2_lock() smb2_lock() has three error handling issues …

Apr 22, 2026
CVE-2026-31476
8.2 HIGH

In the Linux kernel, the following vulnerability has been resolved: ksmbd: do not expire session on binding failure When a multichannel session binding request fails …

Apr 22, 2026
CVE-2026-31475
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: ASoC: sma1307: fix double free of devm_kzalloc() memory A previous change added NULL checks and …

Apr 22, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.