CVE Database

36304+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-46604
7.5 HIGH

The TIFF decoder can panic when decoding an invalid image with an out-of-bounds strip offset.

Jun 26, 2026
CVE-2026-38641
7.5 HIGH

An issue in the DSO::mmap_and_copy function of relibc commit 61f42d allows attackers to cause a Denial of Service (DoS) via loading a crafted shared library.

Jun 26, 2026
CVE-2026-38639
7.5 HIGH

An issue in the parse_month function (/time/strptime.rs) of relibc commit ab6a2e allows attackers to cause a Denial of Service (DoS) via parsing a crafted input.

Jun 26, 2026
CVE-2026-55189
7.7 HIGH

RustFS is a distributed object storage system built in Rust. From 1.0.0-alpha.1 until 1.0.0-beta.9, when the FTP frontend is enabled, the FTP read and probe …

Jun 26, 2026
CVE-2026-55188
8.2 HIGH

RustFS is a distributed object storage system built in Rust. From 1.0.0-alpha.1 until 1.0.0-beta.9, RustFS contains an authorization bypass in the bucket replication admin API. …

Jun 26, 2026
CVE-2026-53322
8.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Clean up DMABUFs before disabling function On device shutdown, make vfio_pci_core_close_device() call vfio_pci_dma_buf_cleanup() before …

Jun 26, 2026
CVE-2026-53300
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: net: enetc: fix NTMP DMA use-after-free issue The AI-generated review reported a potential DMA use-after-free …

Jun 26, 2026
CVE-2026-53290
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: drm/xe/eustall: Fix drm_dev_put called before stream disable in close In xe_eu_stall_stream_close(), drm_dev_put() is called before …

Jun 26, 2026
CVE-2026-53284
7.5 HIGH

In the Linux kernel, the following vulnerability has been resolved: btrfs: only release the dirty pages io tree after successful writes [WARNING] With extra warning …

Jun 26, 2026
CVE-2026-53281
8.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Avoid NULL pointer dereference or refcount corruption Commit 60f030f7418d ("iommu/vt-d: Avoid use of NULL …

Jun 26, 2026
CVE-2026-52784
8.8 HIGH

OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, there is a CSRF on TARGET through /users/:id via POST parameter "user[admin]". This …

Jun 26, 2026
CVE-2026-52783
8.2 HIGH

OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, OpenProject's Storages module writes the OneDrive/SharePoint userless OAuth access_token plaintext to Rails.cache under …

Jun 26, 2026
CVE-2026-49991
8.6 HIGH

RustFS is a distributed object storage system built in Rust. In 1.0.0-beta.4, authenticated users with only PutObject permission on their own bucket can exploit a …

Jun 26, 2026
CVE-2026-47193
7.5 HIGH

OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, the journal diff endpoint discloses hidden historical field values without enforcing object and …

Jun 26, 2026
CVE-2026-32833
8.8 HIGH

Cudy LT300 3.0 running firmware prior to version 2.5.12 contains an OS command injection vulnerability that allows authenticated attackers to execute arbitrary commands by injecting …

Jun 26, 2026
CVE-2026-47220
7.5 HIGH

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.37.0 until 1.37.5 and 1.38.3, when the %REQUESTED_SERVER_NAME(X:Y)% is used in …

Jun 26, 2026
CVE-2026-13372
7.2 HIGH

Incorrect link resolution by display name in the custom PowerShell VPN editor in Devolutions Remote Desktop Manager 2026.2.5 through 2026.2.11 allows an authenticated attacker with …

Jun 26, 2026
CVE-2026-56876
8.1 HIGH

extract-zip does not validate symlink targets when extracting zip archives. When processing a malicious zip file containing a symlink with a relative path like '../../../../etc/passwd', …

Jun 26, 2026
CVE-2026-55441
8.6 HIGH

mise manages dev tools like node, python, cmake, and terraform. Prior to 2026.6.4, mise's trust feature gates config files (mise.toml, .tool-versions) through trust_check, but task-include …

Jun 26, 2026
CVE-2026-54341
7.5 HIGH

Dragonfly is an in-memory data store built for modern application workloads. Prior to 1.39.0, a crafted RESTORE payload triggers an out-of-bounds read in DragonflyDB's listpack …

Jun 26, 2026
CVE-2026-48743
7.5 HIGH

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, Envoy can translate a downstream …

Jun 26, 2026
CVE-2026-48044
7.5 HIGH

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.23.0 until 1.35.11, 1.36.7, 1.37.3, and 1.38.1, a vulnerability has been …

Jun 26, 2026
CVE-2026-48042
7.5 HIGH

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, destructor of JSON Object results …

Jun 26, 2026
CVE-2026-57518
8.8 HIGH

Pagekit CMS 1.0.18 contains a privilege escalation vulnerability that allows authenticated users with the 'user: manage users' permission to escalate privileges by assigning arbitrary custom …

Jun 26, 2026
CVE-2026-57231
7.5 HIGH

Podman is a tool for managing OCI containers and pods. From 1.8.1 until 5.8.4, a container image that contains a environment variable with just a …

Jun 26, 2026
CVE-2026-56663
8.5 HIGH

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.52, an authenticated user can bypass the SSRF …

Jun 26, 2026
CVE-2026-55677
7.5 HIGH

Echo is a Go web framework. Prior to 4.15.3 and 5.2.0, Echo's router and static file handler disagree on URL path decoding. The router matches …

Jun 26, 2026
CVE-2026-9640
7.2 HIGH

A privilege escalation vulnerability exists in LXD from 6.0 before 6.9, 5.21.0 before 5.21.5, and 5.0.0 before 5.0.7 regarding the handling of project-restriction policies during …

Jun 26, 2026
CVE-2026-5757
7.5 HIGH

Unauthenticated remote information disclosure vulnerability in Ollama's model quantization engine allows an attacker to read and exfiltrate the server's heap memory, potentially leading to sensitive …

Jun 26, 2026
CVE-2026-47214
7.1 HIGH

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. Prior to 2.94.0, the HTML backend has unsafe URI …

Jun 26, 2026
CVE-2026-45195
7.8 HIGH

Kernel software installed and running inside a Host VM may post improper commands to the GPU Firmware to trigger a memory read or write outside …

Jun 26, 2026
CVE-2026-21734
7.7 HIGH

A web page that contains unusual GPU shader code is loaded into the GPU compiler process and can trigger a write out-of-bounds write crash in …

Jun 26, 2026
CVE-2026-12411
8.4 HIGH

Broken Access Control in the devLXDInstancePatchHandler component of Canonical LXD allows an untrusted guest to mount, read, and overwrite another guest's custom storage volume via …

Jun 26, 2026
CVE-2026-0828
7.5 HIGH

Kernel driver ProcessMonitorDriver.sys in Safetica's endpoint client x64 , versions 10.5.75.0 and 11.11.4.0, allows unprivileged user to abuse IOCTL path and terminate protected system processes.

Jun 26, 2026
CVE-2026-57667
8.5 HIGH

Sales Representative SQL Injection in Groundhogg <= 4.5 versions.

Jun 26, 2026
CVE-2026-57663
8.5 HIGH

Contributor SQL Injection in Recipe Maker For Your Food Blog from Zip Recipes <= 8.2.7 versions.

Jun 26, 2026
CVE-2026-57662
8.5 HIGH

Contributor SQL Injection in Contest Gallery <= 30.0.0 versions.

Jun 26, 2026
CVE-2026-57659
8.8 HIGH

Unauthenticated Cross Site Request Forgery (CSRF) in Paid Memberships Pro - Add Member From Admin <= 0.7.2 versions.

Jun 26, 2026
CVE-2026-57655
8.2 HIGH

Unauthenticated Cross Site Request Forgery (CSRF) in Child Theme Wizard <= 1.4 versions.

Jun 26, 2026
CVE-2026-57653
8.5 HIGH

Contributor SQL Injection in WP Job Portal <= 2.5.2 versions.

Jun 26, 2026
CVE-2026-57647
7.5 HIGH

Contributor Local File Inclusion in Panorama Viewer – 360 Degree Image + Video Viewer <= 1.6.1 versions.

Jun 26, 2026
CVE-2026-57645
8.1 HIGH

newsletters_subscribers Broken Access Control in Newsletters <= 4.13 versions.

Jun 26, 2026
CVE-2026-57644
8.5 HIGH

Contributor SQL Injection in Restaurant Menu by MotoPress <= 2.4.10 versions.

Jun 26, 2026
CVE-2026-57643
8.5 HIGH

Contributor SQL Injection in WP Post Author <= 3.9.1 versions.

Jun 26, 2026
CVE-2026-57642
8.5 HIGH

Contributor SQL Injection in Gallery <= 4.7.8 versions.

Jun 26, 2026
CVE-2026-57636
8.5 HIGH

Contributor SQL Injection in wpForo Forum <= 3.0.9 versions.

Jun 26, 2026
CVE-2026-57631
7.6 HIGH

Administrator SQL Injection in Popup box <= 6.0.1 versions.

Jun 26, 2026
CVE-2026-57628
7.6 HIGH

Administrator SQL Injection in WP All Import <= 4.0.1 versions.

Jun 26, 2026
CVE-2026-57527
8.8 HIGH

Zed Attack Proxy (ZAP) ViewState add-on before version 4 contains an insecure deserialization vulnerability that allows attackers who control a proxied web server to achieve …

Jun 26, 2026
CVE-2026-57325
7.1 HIGH

Unauthenticated Cross Site Scripting (XSS) in NanoMag <= 1.8 versions.

Jun 26, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.