CVE Database

108856+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-11346

A Server-Side Request Forgery (SSRF) vulnerability in the custom process creation feature of linqi allows an authenticated attacker to probe internal network components. By crafting …

Jun 5, 2026
CVE-2026-11345

An Improper Authentication vulnerability in the /api/Cdn/GetFile endpoint of linqi allows unauthenticated, remote attackers to bypass file access controls. The ValidateAnonFileAccess function incorrectly grants access …

Jun 5, 2026
CVE-2026-8914

In Teltonika Networks RUTOS devices, running versions 7.22 through 7.23.2 and TSWOS devices running versions 1.09 through 1.09.1, due to unsafe calls to an eval …

Jun 5, 2026
CVE-2026-50265

Rejected reason: This CVE ID was assigned as a duplicate of CVE-2026-50292

Jun 5, 2026
CVE-2026-21038

Improper input validation in Samsung Android USB Driver for Windows prior to version 1.9.5.0 allows local attacker to access out-of-bounds memory.

Jun 5, 2026
CVE-2026-21037

Improper input validation in Samsung Members prior to version 5.8.01.5 allows local attackers to access arbitrary URL and launch arbitrary activity with Samsung Members privilege.

Jun 5, 2026
CVE-2026-21036

Improper authorization in Samsung Internet prior to version 30.0.0.39 allows local attackers to access sensitive information.

Jun 5, 2026
CVE-2026-21035

Improper input validation in Samsung Plus TV prior to version 1.0.28.6 allows remote attackers to access sensitive information.

Jun 5, 2026
CVE-2026-21034

Improper export of android application components in Samsung Auto prior to version 3.1.2.61 in Android 15 and 3.2.0.38 in Android 16 allows local attacker to …

Jun 5, 2026
CVE-2026-21033
7.1 HIGH

Improper export of android application components in ExpressHomeWidgetReceiver of Samsung Assistant prior to version 9.3.14 allows local attacker to execute arbitrary script.

Jun 5, 2026
CVE-2026-21032
7.1 HIGH

Improper export of android application components in SmartHomeWidgetReceiver of Samsung Assistant prior to version 9.3.14 allows local attacker to execute arbitrary script.

Jun 5, 2026
CVE-2026-21031
7.8 HIGH

Improper authorization in AppBlock prior to SMR Jun-2026 Release 1 allows local attacker to launch arbitrary activity. User interaction is required for triggering this vulnerability.

Jun 5, 2026
CVE-2026-21030
7.8 HIGH

Improper access control in MediaTek Audio HAL prior to SMR Jun-2026 Release 1 allows local attackers to trigger privileged functions.

Jun 5, 2026
CVE-2026-21029
7.8 HIGH

Improper export of android application components in Galaxy Editing Service prior to SMR Jun-2026 Release 1 allows local attacker to execute privileged operations.

Jun 5, 2026
CVE-2026-21028
5.5 MEDIUM

Improper access control in AuditLogService prior to SMR Jun-2026 Release 1 allows local attackers to access sensitive information.

Jun 5, 2026
CVE-2026-21027
3.3 LOW

Improper export of android application components in ImsSettings prior to SMR Jun-2026 Release 1 allows local attackers to trigger logging function.

Jun 5, 2026
CVE-2026-21026
5.5 MEDIUM

Improper export of android application components in SpriteWallpaper prior to SMR Jun-2026 Release 1 allows local attackers to access to sensitive information.

Jun 5, 2026
CVE-2026-21025
5.5 MEDIUM

Incorrect privilege assignment in Telephony prior to SMR Jun-2026 Release 1 allows local attackers to access sensitive information.

Jun 5, 2026
CVE-2026-21017
5.5 MEDIUM

Improper handling of insufficient privileges in SecTelephonyProvider prior to SMR Jun-2026 Release 1 allows local attackers to access privileged files.

Jun 5, 2026
CVE-2026-11347

The linqi application contains hardcoded cryptographic keys. Additionally, the application uses a weak algorithm with a limited ASCII charset to dynamically generate Initialization Vectors (IVs) …

Jun 5, 2026
CVE-2026-6274
9.8 CRITICAL

Improper Authentication, Missing authentication for critical function, Weak Authentication vulnerability in DTS Electronics Industry and Trade Ltd. Co. Redline WR3200 allows Accessing Functionality Not Properly …

Jun 5, 2026
CVE-2026-49777
10.0 CRITICAL

Improper Validation of Specified Quantity in Input vulnerability in ShapedPlugin, LLC Product Slider Pro for WooCommerce allows Malicious Software Implanted. This issue affects Product Slider …

Jun 5, 2026
CVE-2026-11332
7.8 HIGH

A flaw was found in ansible-core. The ansible-galaxy role install command processes dependency specifications from a role's meta/requirements.yml file. Due to improper neutralization of argument …

Jun 5, 2026
CVE-2026-9088
2.7 LOW

A flaw was found in org.keycloak.services. An administrator with delegated access to read group memberships and users can bypass user profile permissions by accessing the …

Jun 5, 2026
CVE-2026-48907
KEV

A vulnerability in the JCE editor extension for Joomla allows the creation of new editor profiles for unauthenticated users, ultimately resulting in PHP code upload …

Jun 5, 2026
CVE-2026-21837
8.8 HIGH

HCL Digital Experience is affected by an OS command injection vulnerability in the Digital Asset Management API. An attacker may execute arbitrary operating system commands, …

Jun 5, 2026
CVE-2026-21826
6.1 MEDIUM

HCL Digital Experience and HCL Digital Experience Compose could be susceptible to Host header injection. An attacker can manipulate the Host header and cause the …

Jun 5, 2026
CVE-2026-21825
6.1 MEDIUM

HCL Digital Experience Compose is affected by a reflected cross-site scripting (XSS) vulnerability in the search center. An attacker could execute arbitrary JavaScript in the …

Jun 5, 2026
CVE-2026-10732
6.4 MEDIUM

All versions of the package decompress are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) when extracting a ZIP archive containing two entries …

Jun 5, 2026
CVE-2026-50593
7.3 HIGH

Graphite before 1.3.15 has an integer underflow and resultant out-of-bounds write via Graphite actions, because slotat does not ensure that an offset is within the …

Jun 5, 2026
CVE-2026-7763
9.8 CRITICAL

A heap-based buffer overflow vulnerability in the morse.ko HaLow Wi-Fi kernel driver in Morse Micro HaLowLink 2 software versions prior to 2.11.13 allows an unauthenticated …

Jun 5, 2026
CVE-2026-7762
9.8 CRITICAL

A heap-based buffer overflow vulnerability in the dot11ah.ko HaLow Wi-Fi kernel driver in Morse Micro HaLowLink 2 software versions prior to 2.11.13 allows an unauthenticated …

Jun 5, 2026
CVE-2026-50592
6.4 MEDIUM

In Znuny LTS before 6.5.21 and Znuny before 7.3.3, there is reflected XSS in AdminCommunicationLog (aka the communication log administration view).

Jun 5, 2026
CVE-2026-50591
5.4 MEDIUM

In Znuny LTS before 6.5.21 and Znuny before 7.3.3, XSS can occur via stored user preferences.

Jun 5, 2026
CVE-2026-50590
4.5 MEDIUM

In Mimecast Incydr before 2.6.0, arbitrary file access can occur.

Jun 5, 2026
CVE-2026-41567
7.2 HIGH

Moby is an open source container framework. In versions prior to 29.5.1 and in moby/moby v2 prior to v2.0.0-beta.14, when a compressed archive is uploaded …

Jun 5, 2026
CVE-2026-11326

OpenAI Atlas before 1.2025.288.15 exposed privileged browser APIs to web content on *.openai.com origins. A cross-site scripting vulnerability in forum.openai.com could be used to access …

Jun 5, 2026
CVE-2026-11312
3.3 LOW

A vulnerability was found in bytedance InfiniStore up to 0.2.33. The impacted element is the function purge_kv_map in the library /src/infinistore.h of the component KV …

Jun 5, 2026
CVE-2026-50589
5.3 MEDIUM

In OpenStack Ironic 32 before 37.0.0, an unauthenticated malicious user could submit a crafted JSON string to some endpoints on the API or JSON-RPC service …

Jun 5, 2026
CVE-2026-11309
4.3 MEDIUM

Insufficient policy enforcement in History in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium …

Jun 5, 2026
CVE-2026-11308
6.3 MEDIUM

Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to perform privilege …

Jun 5, 2026
CVE-2026-11307
8.8 HIGH

Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted …

Jun 5, 2026
CVE-2026-11306
8.8 HIGH

Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted …

Jun 5, 2026
CVE-2026-11305
8.8 HIGH

Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted …

Jun 5, 2026
CVE-2026-11304
8.8 HIGH

Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. …

Jun 5, 2026
CVE-2026-11303
8.8 HIGH

Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted …

Jun 5, 2026
CVE-2026-11302
4.3 MEDIUM

Insufficient policy enforcement in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to bypass discretionary access control via …

Jun 5, 2026
CVE-2026-11301
8.8 HIGH

Inappropriate implementation in LiveCaption in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform out of bounds memory access via malicious network …

Jun 5, 2026
CVE-2026-11300
4.3 MEDIUM

Inappropriate implementation in Permissions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security …

Jun 5, 2026
CVE-2026-11299
6.5 MEDIUM

Integer overflow in Fonts in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted …

Jun 5, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.