CVE Database

108856+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-48112
6.5 MEDIUM

7-Zip is a file archiver with a high compression ratio. Versions 9.18 through 26.00 contain a heap out-of-bounds read in 7-Zip Ar handler BSD SYMDEF …

Jun 5, 2026
CVE-2026-48111
4.3 MEDIUM

7-Zip is a file archiver with a high compression ratio. Versions 9.21 through 26.00 contain an off-by-one out-of-bounds read vulnerability in the ParseDepedencyExpression function of …

Jun 5, 2026
CVE-2026-48104
4.2 MEDIUM

7-Zip is a file archiver with a high compression ratio. Versions 9.18 through 26.00 contain an uninitialized heap read in the SquashFS archive handler caused …

Jun 5, 2026
CVE-2026-48103
4.3 MEDIUM

7-Zip is a file archiver with a high compression ratio. Versions 9.34 through 26.00 contain an off-by-one heap out-of-bounds read in the WIM (Windows Imaging) …

Jun 5, 2026
CVE-2026-11339
6.3 MEDIUM

A vulnerability was detected in D-Link DWR-M920 up to 1.1.50. The affected element is the function sub_41CF20 of the file /boafrm/formUSSDSetup. The manipulation of the …

Jun 5, 2026
CVE-2026-11338
2.4 LOW

A security vulnerability has been detected in SourceCodester Ship Ferry Ticket Reservation System 1.0. Impacted is an unknown function of the file /admin/?page=user/manage_user. The manipulation …

Jun 5, 2026
CVE-2026-11337
4.3 MEDIUM

A vulnerability was found in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. Affected by this vulnerability is an unknown functionality of the file /dashboard_page/forms/fetch.php. The manipulation of the argument …

Jun 5, 2026
CVE-2025-5090
6.5 MEDIUM

CVX is not resilient to unexpected messages from a connected switch. This leads to agent crashes on CVX causing instability in the CVX cluster. An …

Jun 5, 2026
CVE-2025-5089
6.5 MEDIUM

In a CVX cluster, an EOS switch connected to a CVX server is not resilient to certain malformed messages received from the connected CVX server. …

Jun 5, 2026
CVE-2025-5088
8.3 HIGH

An authenticated Redis session could be used to obtain full root access to all servers in the CVX cluster. Note that this would require an …

Jun 5, 2026
CVE-2026-9270
9.1 CRITICAL

DataDog::DogStatsd versions through 0.07 for Perl allow metric injections. DataDog::DogStatsd does not properly sanitise input, allowing metric injections of data from untrusted sources. The send_stats …

Jun 5, 2026
CVE-2026-48102
3.1 LOW

7-Zip is a file archiver with a high compression ratio. Versions 9.11 through 26.00 contain a heap out-of-bounds read of up to 3 bytes in …

Jun 5, 2026
CVE-2026-48101
6.5 MEDIUM

7-Zip is a file archiver with a high compression ratio. Versions 9.21 through 26.00 contain an An uninitialized memory disclosure vulnerability in the UEFI capsule …

Jun 5, 2026
CVE-2026-11362
9.8 CRITICAL

DataDog::DogStatsd versions through 0.07 for Perl allow metric injections from event tags. DataDog::DogStatsd does not properly sanitise input, allowing metric injections of data from untrusted …

Jun 5, 2026
CVE-2026-11336
6.3 MEDIUM

A vulnerability has been found in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. Affected is an unknown function of the file dashboard_page/admin_page.php of the component Admin Interface. The manipulation …

Jun 5, 2026
CVE-2026-6209

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Jun 5, 2026
CVE-2026-6208

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Jun 5, 2026
CVE-2026-6207

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Jun 5, 2026
CVE-2026-48095
8.8 HIGH

7-Zip is a file archiver with a high compression ratio. Versions 26.00 and prior contain a heap buffer overflow vulnerability caused by an under-allocation in …

Jun 5, 2026
CVE-2026-48092
4.3 MEDIUM

7-Zip is a file archiver with a high compression ratio. Versions 9.34 through 26.00 contain a heap memory disclosure via SquashFS fragment offset integer overflow …

Jun 5, 2026
CVE-2026-38579
6.1 MEDIUM

Multiple reflected Cross-Site Scripting (XSS) vulnerabilities in damasac thaipalliative_lte through version 3.0 allow remote attackers to inject arbitrary web script or HTML via the idFormMain …

Jun 5, 2026
CVE-2026-37737
6.5 MEDIUM

sanic-cors version 2.2.0 and prior contains an improper regular expression in the try_match() function in sanic_cors/core.py that uses re.match without end-anchoring. This allows an attacker …

Jun 5, 2026
CVE-2026-11335
6.3 MEDIUM

A flaw has been found in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. This impacts the function session_start of the file /login-form.php. Executing a manipulation of the argument UserAuthData …

Jun 5, 2026
CVE-2026-11334
7.3 HIGH

A vulnerability was detected in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. This affects an unknown function of the file dashboard_page/forms/fetch.php. Performing a manipulation of the argument department_code results …

Jun 5, 2026
CVE-2026-11333
6.3 MEDIUM

A security vulnerability has been detected in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. The impacted element is an unknown function of the file dashboard_page/forms/upload_student_data.php of the component Student …

Jun 5, 2026
CVE-2026-10879
9.8 CRITICAL

DBI versions before 1.648 for Perl have a heap overflow when preparsing SQL statements with more than 9 binders. The preparse method expands SQL placeholder …

Jun 5, 2026
CVE-2025-59174
6.5 MEDIUM

Ericsson Packet Core Controller (PCC) versions prior to 1.39 contain a vulnerability where an attacker sending a large volume of specially crafted messages may cause …

Jun 5, 2026
CVE-2020-25900
5.3 MEDIUM

HelloTalk through 3.4.1 stores full-precision GPS coordinates even when the user had intended to share only a country or city. Furthermore, these coordinates are placed …

Jun 5, 2026
CVE-2026-50235
6.1 MEDIUM

Lyrion Music Server 9.2.0 contains a reflected cross-site scripting vulnerability in advanced search parameters that fail to properly sanitize user input before displaying it in …

Jun 5, 2026
CVE-2026-50234
7.5 HIGH

Lyrion Music Server 9.2.0 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting directory traversal in the web server …

Jun 5, 2026
CVE-2026-50233
5.3 MEDIUM

Lyrion Music Server 9.2.0 contains an arbitrary directory listing vulnerability in its readdirectory query, exposed through both the CLI service (TCP port 9090) and the …

Jun 5, 2026
CVE-2026-50232
7.2 HIGH

Lyrion Music Server 9.2.0 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts through media file metadata tags like GENRE, ARTIST, …

Jun 5, 2026
CVE-2026-50231
7.2 HIGH

Lyrion Music Server 9.2.0 contains an unauthenticated stored cross-site scripting vulnerability in the log viewer that allows attackers to inject malicious scripts by exploiting unescaped …

Jun 5, 2026
CVE-2026-50230
6.1 MEDIUM

Lyrion Music Server 9.2.0 contains an unauthenticated reflected cross-site scripting vulnerability in the server.log endpoint that allows attackers to inject arbitrary HTML and JavaScript code …

Jun 5, 2026
CVE-2026-38500

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not …

Jun 5, 2026
CVE-2026-11369

The Comment API (GET /api/Comment and POST /api/Comment) in the affected application fails to perform authorization checks to verify that the requesting user has access …

Jun 5, 2026
CVE-2026-11330
3.6 LOW

A weakness has been identified in thedotmack claude-mem up to 11.0.1. The affected element is the function computeObservationContentHash of the file src/services/sqlite/observations/store.ts of the component …

Jun 5, 2026
CVE-2026-11329
3.6 LOW

A vulnerability has been found in onnx onnx-mlir up to 0.5.0.0. Affected by this issue is the function generate_hash_key of the file src/Runtime/python/torch_onnxmlir/src/torch_onnxmlir/backend.py of the …

Jun 5, 2026
CVE-2026-50264
7.8 HIGH

An out-of-bounds write flaw was found in the X.Org X server and Xwayland in DRIGetBuffers/DRIGetBuffersWithFormat. A client that requests multiple DRI2BufferBackLeft attachments and one DRI2BufferFrontLeft …

Jun 5, 2026
CVE-2026-50263
5.5 MEDIUM

A use-after-free flaw was found in the X.Org X server and Xwayland in CreateSaverWindow(). A client can trigger a use-after-free read after changing window attributes …

Jun 5, 2026
CVE-2026-50262
5.5 MEDIUM

An out-of-bounds read flaw was found in the X.Org X server and Xwayland in __glXDisp_ChangeDrawableAttributes(). A wrong size validation check can read a client-controlled number …

Jun 5, 2026
CVE-2026-50261
7.8 HIGH

A use-after-free flaw was found in the X.Org X server and Xwayland in SyncChangeCounter(). A client that sets up multiple SyncCounters can trigger a use-after-free …

Jun 5, 2026
CVE-2026-50260
7.8 HIGH

A use-after-free flaw was found in the X.Org X server and Xwayland in FreeCounter(). A client that sets up multiple SyncCounters and awaits on those …

Jun 5, 2026
CVE-2026-50259
7.8 HIGH

A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. _XkbSetMapChecks() declares a fixed-size stack buffer mapWidths[256] indexed by key type …

Jun 5, 2026
CVE-2026-50258
7.8 HIGH

A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. The X server has multiple stack buffers sized XkbMaxShiftLevel * XkbNumKbdGroups …

Jun 5, 2026
CVE-2026-50257
7.8 HIGH

A use-after-free flaw was found in the X.Org X server and Xwayland in miSyncDestroyFence(). A client that sets up multiple fence triggers can trigger a …

Jun 5, 2026
CVE-2026-50256
7.8 HIGH

A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. A mismatch between the X server and the libXfont2 library's maximum …

Jun 5, 2026
CVE-2026-25659
6.5 MEDIUM

Ericsson Packet Core Gateway (PCG) versions prior to 1.30 contain an Improper Handling of Missing Values (CWE-230) vulnerability where an attacker continuously sending a specially …

Jun 5, 2026
CVE-2026-25658
6.5 MEDIUM

Ericsson Packet Core Gateway (PCG) versions prior to 1.30 contain an Improper Handling of Missing Values (CWE-230) vulnerability where an attacker continuously sending a specially …

Jun 5, 2026
CVE-2026-25657
6.5 MEDIUM

Ericsson Packet Core Gateway (PCG) versions prior to 1.30 contain an Improper Handling of Syntactically Invalid Structure (CWE-228) vulnerability where an attacker continuously sending a …

Jun 5, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.