CVE Database

108856+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-42970
5.5 MEDIUM

Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally.

Jun 9, 2026
CVE-2026-42969
5.5 MEDIUM

Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally.

Jun 9, 2026
CVE-2026-42968
5.5 MEDIUM

Out-of-bounds read in Windows Telephony Service allows an authorized attacker to disclose information locally.

Jun 9, 2026
CVE-2026-42916
7.8 HIGH

Integer underflow (wrap or wraparound) in Windows NT OS Kernel allows an authorized attacker to elevate privileges locally.

Jun 9, 2026
CVE-2026-42915
5.7 MEDIUM

Incorrect calculation of buffer size in Windows TCP/IP allows an authorized attacker to deny service over an adjacent network.

Jun 9, 2026
CVE-2026-42914
5.3 MEDIUM

Windows Kerberos Denial of Service Vulnerability

Jun 9, 2026
CVE-2026-42913
7.5 HIGH

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

Jun 9, 2026
CVE-2026-42912
7.0 HIGH

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Telephony Service allows an authorized attacker to elevate privileges locally.

Jun 9, 2026
CVE-2026-42911
7.0 HIGH

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

Jun 9, 2026
CVE-2026-42910
7.8 HIGH

Out-of-bounds write in Windows Hotpatch Monitoring Service allows an authorized attacker to elevate privileges locally.

Jun 9, 2026
CVE-2026-42909
7.5 HIGH

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

Jun 9, 2026
CVE-2026-42908
7.5 HIGH

Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network.

Jun 9, 2026
CVE-2026-42907
6.5 MEDIUM

Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information locally.

Jun 9, 2026
CVE-2026-42906
5.5 MEDIUM

Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information locally.

Jun 9, 2026
CVE-2026-42905
7.8 HIGH

Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

Jun 9, 2026
CVE-2026-42904
9.6 CRITICAL

Heap-based buffer overflow in Windows TCP/IP allows an unauthorized attacker to elevate privileges over an adjacent network.

Jun 9, 2026
CVE-2026-42903
6.5 MEDIUM

Null pointer dereference in Windows Kerberos allows an authorized attacker to deny service over a network.

Jun 9, 2026
CVE-2026-42902
7.8 HIGH

Improper authorization in Microsoft PowerToys allows an authorized attacker to elevate privileges locally.

Jun 9, 2026
CVE-2026-42837
7.8 HIGH

Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privileges locally.

Jun 9, 2026
CVE-2026-42836
7.0 HIGH

Concurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally.

Jun 9, 2026
CVE-2026-42835
8.1 HIGH

Improper neutralization of special elements in output used by a downstream component ('injection') in Microsoft Teams for Android allows an authorized attacker to disclose information …

Jun 9, 2026
CVE-2026-42829
7.8 HIGH

Improper access control in Windows Administrator Protection allows an authorized attacker to bypass a security feature locally.

Jun 9, 2026
CVE-2026-42828
7.8 HIGH

Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privileges locally.

Jun 9, 2026
CVE-2026-42771
6.2 MEDIUM

Issue summary: When the X509_VERIFY_PARAM_set1_email is called by an application to validate a crafted e-mail address, such as during S/MIME message validation, an out of …

Jun 9, 2026
CVE-2026-42770
3.7 LOW

Issue summary: When EVP_PKEY_derive_set_peer() is called with a DHX (X9.42) peer key, the peer key is not properly checked for the subgroup membership. Impact summary: …

Jun 9, 2026
CVE-2026-42769
5.3 MEDIUM

Issue Summary: An error in the callback used to verify the certificate provided in a Root CA key update Certificate Management Protocol (CMP) message response …

Jun 9, 2026
CVE-2026-42768
3.7 LOW

Issue summary: The CMS_decrypt and PKCS7_decrypt functions are vulnerable to Bleichenbacher-style attack when an attacker is able to provide the CMS or S/MIME messages and …

Jun 9, 2026
CVE-2026-42767
5.9 MEDIUM

Issue summary: An attacker-controlled CMP (Certificate Management Protocol) server could trigger a NULL pointer dereference in a CMP client application. Impact summary: A NULL pointer …

Jun 9, 2026
CVE-2026-42766
5.9 MEDIUM

Issue summary: A specially crafted password-encrypted CMS message can trigger a NULL pointer dereference during CMS decryption. Impact summary: This NULL pointer dereference leads to …

Jun 9, 2026
CVE-2026-42765
7.5 HIGH

Issue summary: When a partial-chain certificate verification is enabled together with OCSP response checking for the whole chain, a NULL dereference will happen if the …

Jun 9, 2026
CVE-2026-42764
7.5 HIGH

Issue summary: Receiving a QUIC initial packet with an invalid token may trigger a NULL pointer dereference in the OpenSSL QUIC server with address validation …

Jun 9, 2026
CVE-2026-42599
6.1 MEDIUM

Svelte is a performance oriented web framework. Prior to version 5.55.7, when using spread syntax to render attributes from untrusted data, event handler properties are …

Jun 9, 2026
CVE-2026-42573
6.1 MEDIUM

Svelte is a performance oriented web framework. Prior to version 5.55.7, Svelte was vulnerable to DOM clobbering of its internal framework state on elements, potentially …

Jun 9, 2026
CVE-2026-42570
7.5 HIGH

Svelte devalue is a JavaScript library that serializes values into strings when JSON.stringify isn't sufficient for the job. From version 5.6.3 to before version 5.8.1, …

Jun 9, 2026
CVE-2026-42567
7.5 HIGH

Svelte is a performance oriented web framework. From version 5.51.5 to before version 5.55.7, an internal regex in the Svelte runtime can take exponential time …

Jun 9, 2026
CVE-2026-41108
7.0 HIGH

Heap-based buffer overflow in Microsoft Windows DNS allows an authorized attacker to elevate privileges locally.

Jun 9, 2026
CVE-2026-41098
8.4 HIGH

Improper neutralization of input during web page generation ('cross-site scripting') in Azure Stack Edge allows an authorized attacker to perform spoofing over a network.

Jun 9, 2026
CVE-2026-41092
7.8 HIGH

Improper access control in Microsoft Kinect allows an authorized attacker to elevate privileges locally.

Jun 9, 2026
CVE-2026-40409
7.8 HIGH

Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability

Jun 9, 2026
CVE-2026-40404
7.8 HIGH

Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability

Jun 9, 2026
CVE-2026-40376
7.5 HIGH

Improper input validation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network.

Jun 9, 2026
CVE-2026-40371
8.8 HIGH

Improper handling of insufficient permissions or privileges in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to elevate privileges over a network.

Jun 9, 2026
CVE-2026-3088

Unauthenticated users on the local network can cause the router to become unavailable by sending specially crafted requests.

Jun 9, 2026
CVE-2026-38615
9.8 CRITICAL

DedeCMS V5.7.118 is vulnerable to Command Execution in file_manage_control.php.

Jun 9, 2026
CVE-2026-35188
5.0 MEDIUM

Issue summary: A malicious server can exploit TLS OCSP stapling by delivering a crafted response through the status_request extension, triggering a double-free in the client's …

Jun 9, 2026
CVE-2026-34692
5.4 MEDIUM

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue …

Jun 9, 2026
CVE-2026-34335
7.0 HIGH

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

Jun 9, 2026
CVE-2026-34183
7.5 HIGH

Issue summary: Remote peer may exhaust heap memory of the QUIC server or client by flooding it with packets containing PATH_CHALLENGE frames. Impact summary: A …

Jun 9, 2026
CVE-2026-34182
9.1 CRITICAL

Issue Summary: Cryptographic Message Services (CMS) processing fails to perform sufficient input validation on the cipher and tag length fields of AuthEnvelopedData containers, leading to …

Jun 9, 2026
CVE-2026-34181
7.4 HIGH

Issue Summary: The PKCS#12 file processing fails to perform sufficient input validation for files that use Password-Based Message Authentication Code 1 (PBMAC1) integrity mechanism allowing …

Jun 9, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.