CVE Database

108856+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-34180
7.5 HIGH

Issue summary: Parsing a crafted DER-encoded ASN.1 structure with a primitive element whose content exceeds 2 gigabytes in length may cause a heap buffer over-read …

Jun 9, 2026
CVE-2026-33828
7.8 HIGH

Trust boundary violation in Windows Attestation allows an authorized attacker to elevate privileges locally.

Jun 9, 2026
CVE-2026-33113
5.4 MEDIUM

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

Jun 9, 2026
CVE-2026-32193
8.8 HIGH

Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Azure Kubernetes Service allows an authorized attacker to execute code locally.

Jun 9, 2026
CVE-2026-28301
4.8 MEDIUM

A vulnerability in which an attacker can provide a crafted external URL that may redirect a user to an unintended website.

Jun 9, 2026
CVE-2026-26142
9.8 CRITICAL

Deserialization of untrusted data in Nuance PowerScribe allows an unauthorized attacker to execute code over a network.

Jun 9, 2026
CVE-2026-24181
7.3 HIGH

NVIDIA DALI contains a vulnerability in a component where an attacker could cause an improper index validation. A successful exploit of this vulnerability might lead …

Jun 9, 2026
CVE-2026-24180
7.3 HIGH

NVIDIA DALI contains a vulnerability in a component where an attacker could cause a heap-based buffer overflow. A successful exploit of this vulnerability might lead …

Jun 9, 2026
CVE-2026-22926
7.8 HIGH

Omnissa Workspace ONE® Assist for macOS contains a Local Privilege Escalation Vulnerability.

Jun 9, 2026
CVE-2026-0420

An improper implementation of TLS certificate validation vulnerability found in NETGEAR's ReadyCloud client app which could allow an attacker to perform attacker-in-the-middle (MiTM) style attacks …

Jun 9, 2026
CVE-2026-0419

Insufficient input validation in NETGEAR JR6150 (AC750 WiFi Router 802.11ac Dual Band Gigabit released in 2014) allows users connected to the local WiFi Networks to …

Jun 9, 2026
CVE-2026-0418

Insufficient configuration management in the listed devices allows authenticated administrators connected to the local network to tamper with the system.

Jun 9, 2026
CVE-2026-0417

Insufficient input validation vulnerability in the listed NETGEAR devices allows authenticated administrators connected to the local network to tamper with the router's integrity.

Jun 9, 2026
CVE-2026-0416

An insufficient input validation vulnerability in certain NETGEAR router models as listed allows an authenticated administrator with local network access to submit crafted input that …

Jun 9, 2026
CVE-2026-0415

Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and …

Jun 9, 2026
CVE-2026-0414

Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and …

Jun 9, 2026
CVE-2026-0413

A buffer overflow vulnerability due to insufficient input validation in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized …

Jun 9, 2026
CVE-2026-0412

Insufficient input validation vulnerability in NETGEAR JR6150 (AC750 WiFi Router 802.11ac Dual Band Gigabit released in 2014) allows administrators connected to the local network to …

Jun 9, 2026
CVE-2026-0411

An information disclosure vulnerability in the NETGEAR Orbi satellites (RBR/RBE/RBS Series) could allow a user connected to your network to gain administrator access to the …

Jun 9, 2026
CVE-2026-0410

Authenticated administrators connected to the local network can gain elevated access to the router and make unauthorized changes to router software and functionality.

Jun 9, 2026
CVE-2026-0409

A NETGEAR security issue that could allow an attacker with ability to intercept and tamper with traffic between the router and the Internet to run …

Jun 9, 2026
CVE-2026-8045

CWE-611 Improper Restriction of XML External Entity Reference vulnerability exists that could cause information disclosure of server-side file contents when an attacker with a Data …

Jun 9, 2026
CVE-2026-8025
9.8 CRITICAL

Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in MOSK Information Technologies Ltd. CBS Platform allows SQL Injection. This issue …

Jun 9, 2026
CVE-2026-49948
8.1 HIGH

Mem0 versions through 0.2.8, fixed in commit ae7f406, contain a missing authorization vulnerability in the self-hosted server component where the POST /configure endpoint modifies global …

Jun 9, 2026
CVE-2026-49938
6.5 MEDIUM

A improper access control vulnerability in Fortinet FortiPortal 7.4.0 through 7.4.7, FortiPortal 7.2.0 through 7.2.8, FortiPortal 7.0 all versions may allow attacker to improper access …

Jun 9, 2026
CVE-2026-25089
9.8 CRITICAL

A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, …

Jun 9, 2026
CVE-2026-24065
8.1 HIGH

Waves Central for macOS versions 13.0.9 through 16.5.5 contain a local privilege escalation vulnerability in the privileged helper service. The helper validates connecting XPC clients …

Jun 9, 2026
CVE-2026-24064
7.8 HIGH

Waves Central for macOS versions 13.0.9 through 16.5.5 contain a local privilege escalation vulnerability. A trusted XPC client component included with the product is signed …

Jun 9, 2026
CVE-2026-10727
7.2 HIGH

An OS command injection vulnerability in Ivanti EPMM before 12.9.0.1, 12.8.0.3 and 12.7.0.2 versions allows a remote authenticated attacker to execute arbitrary commands as root

Jun 9, 2026
CVE-2026-10523
9.9 CRITICAL

An Authentication Bypass vulnerability (CWE-288) in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated attacker to create arbitrary administrative accounts …

Jun 9, 2026
CVE-2026-10520
10.0 CRITICAL KEV

An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-level remote code …

Jun 9, 2026
CVE-2025-67862
6.7 MEDIUM

An Internal Asset Exposed to Unsafe Debug Access Level or State vulnerability [CWE-1244] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.2, FortiOS 7.4.0 through 7.4.7, FortiOS …

Jun 9, 2026
CVE-2026-9279

Logseq exposes an IPC handler that allows the renderer process to execute shell commands. While an allowlist restricts the command name (e.g. `git`, `pandoc`, `grep`), …

Jun 9, 2026
CVE-2026-7486
9.8 CRITICAL

Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Netcad Software Inc. E-İmar allows SQL Injection. This issue affects E-İmar: …

Jun 9, 2026
CVE-2026-52907
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: media: rockchip: rkcif: fix off by one bugs Change these comparisons from > vs >= …

Jun 9, 2026
CVE-2026-52906
7.7 HIGH

In the Linux kernel, the following vulnerability has been resolved: 9p: fix access mode flags being ORed instead of replaced Since commit 1f3e4142c0eb ("9p: convert …

Jun 9, 2026
CVE-2026-52905

In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: disallow non-power of two min_region_sz on damon_start() Commit d8f867fa0825 ("mm/damon: add damon_ctx->min_sz_region") introduced a …

Jun 9, 2026
CVE-2026-52904

In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: fix nvkm_device leak on aperture removal failure When aperture_remove_conflicting_pci_devices() fails during probe, the error …

Jun 9, 2026
CVE-2026-49762

Uncontrolled Resource Consumption vulnerability in the Elixir standard library's Version module allows an attacker who controls a version string to cause a denial of service …

Jun 9, 2026
CVE-2026-47901

Logseq is vulnerable to a sandbox escape flaw where plugins running in sandboxed iframes can inject arbitrary HTML attributes, such as event handlers, into their …

Jun 9, 2026
CVE-2026-47900

Logseq is vulnerable to a stored cross-site scripting (XSS). A malicious plugin can include a JavaScript payload in the "name" field of its "package.json" file, …

Jun 9, 2026
CVE-2026-47899

The Electron preload script in Logseq exposes an API method that allows the renderer process to invoke IPC handlers without proper path validation. An attacker …

Jun 9, 2026
CVE-2026-46332
8.0 HIGH

In the Linux kernel, the following vulnerability has been resolved: greybus: gb-beagleplay: bound bootloader receive buffering cc1352_bootloader_rx() appends each serdev chunk into the fixed rx_buffer …

Jun 9, 2026
CVE-2026-46330
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: Revert "net/smc: Introduce TCP ULP support" This reverts commit d7cd421da9da2cc7b4d25b8537f66db5c8331c40. As reported by Al Viro, …

Jun 9, 2026
CVE-2026-46329

In the Linux kernel, the following vulnerability has been resolved: erofs: handle end of filesystem properly for file-backed mounts I/O requests beyond the end of …

Jun 9, 2026
CVE-2026-46328
7.3 HIGH

In the Linux kernel, the following vulnerability has been resolved: apparmor: fix rlimit for posix cpu timers Posix cpu timers requires an additional step beyond …

Jun 9, 2026
CVE-2026-46327
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: dm: fix unlocked test for dm_suspended_md The function dm_blk_report_zones tests if the device is suspended …

Jun 9, 2026
CVE-2026-46326
8.4 HIGH

In the Linux kernel, the following vulnerability has been resolved: iio: pressure: mprls0025pa: fix spi_transfer struct initialisation Make sure that the spi_transfer struct is zeroed …

Jun 9, 2026
CVE-2026-46325
9.8 CRITICAL

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix iova-to-va conversion for MR page sizes != PAGE_SIZE The current implementation incorrectly handles …

Jun 9, 2026
CVE-2026-11793
4.9 MEDIUM

A stack buffer overflow flaw was found in 389 Directory Server. The checkPrefix() function in pw.c copies an attacker-controlled algorithm ID into a 256-byte stack …

Jun 9, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.