CVE Database

108856+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-46273
8.6 HIGH

In the Linux kernel, the following vulnerability has been resolved: ibmveth: Disable GSO for packets with small MSS Some physical adapters on Power systems do …

Jun 3, 2026
CVE-2026-46272
4.7 MEDIUM

In the Linux kernel, the following vulnerability has been resolved: coresight: tmc-etr: Fix race condition between sysfs and perf mode When trying to run perf …

Jun 3, 2026
CVE-2026-46271
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: do WoW offloads only on primary link In case of multi-link connection, WCN7850 …

Jun 3, 2026
CVE-2026-46270
8.4 HIGH

In the Linux kernel, the following vulnerability has been resolved: power: supply: rt9455: Fix use-after-free in power_supply_changed() Using the `devm_` variant for requesting IRQ _before_ …

Jun 3, 2026
CVE-2026-46269
5.5 MEDIUM

In the Linux kernel, the following vulnerability has been resolved: pinctrl: canaan: k230: Fix NULL pointer dereference when parsing devicetree When probing the k230 pinctrl …

Jun 3, 2026
CVE-2026-46268
5.5 MEDIUM

In the Linux kernel, the following vulnerability has been resolved: PCI/P2PDMA: Fix p2pmem_alloc_mmap() warning condition Commit b7e282378773 has already changed the initial page refcount of …

Jun 3, 2026
CVE-2026-46267
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: nfc: hci: shdlc: Stop timers and work before freeing context llc_shdlc_deinit() purges SHDLC skb queues …

Jun 3, 2026
CVE-2026-46266
9.1 CRITICAL

In the Linux kernel, the following vulnerability has been resolved: inet: RAW sockets using IPPROTO_RAW MUST drop incoming ICMP Yizhou Zhao reported that simply having …

Jun 3, 2026
CVE-2026-46265
7.5 HIGH

In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix WQ_MEM_RECLAIM warning When sunrpc is used, if a reset triggered, our wq may …

Jun 3, 2026
CVE-2026-46264
8.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: drm/xe/pf: Fix sysfs initialization In case of devm_add_action_or_reset() failure the provided cleanup action will be …

Jun 3, 2026
CVE-2026-46263
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix out-of-bounds stream encoder index v3 eng_id can be negative and that stream_enc_regs[] can …

Jun 3, 2026
CVE-2026-46262
5.5 MEDIUM

In the Linux kernel, the following vulnerability has been resolved: ASoC: fsl_xcvr: Revert fix missing lock in fsl_xcvr_mode_put() This reverts commit f51424872760 ("ASoC: fsl_xcvr: fix …

Jun 3, 2026
CVE-2026-46261
5.5 MEDIUM

In the Linux kernel, the following vulnerability has been resolved: spi: wpcm-fiu: Fix potential NULL pointer dereference in wpcm_fiu_probe() platform_get_resource_byname() can return NULL, which would …

Jun 3, 2026
CVE-2026-46260
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix out-of-bound access in fib6_add_rt2node(). syzbot reported out-of-bound read in fib6_add_rt2node(). [0] When IPv6 …

Jun 3, 2026
CVE-2026-46259
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: procfs: fix missing RCU protection when reading real_parent in do_task_stat() When reading /proc/[pid]/stat, do_task_stat() accesses …

Jun 3, 2026
CVE-2026-46258
5.5 MEDIUM

In the Linux kernel, the following vulnerability has been resolved: gpio: cdev: Avoid NULL dereference in linehandle_create() In linehandle_create(), there is a statement like this: …

Jun 3, 2026
CVE-2026-46257
5.5 MEDIUM

In the Linux kernel, the following vulnerability has been resolved: clocksource/drivers/timer-sp804: Fix an Oops when read_current_timer is called on ARM32 platforms where the SP804 is …

Jun 3, 2026
CVE-2026-46256
5.5 MEDIUM

In the Linux kernel, the following vulnerability has been resolved: NFS/localio: prevent direct reclaim recursion into NFS via nfs_writepages LOCALIO is an NFS loopback mount …

Jun 3, 2026
CVE-2026-46255
5.5 MEDIUM

In the Linux kernel, the following vulnerability has been resolved: dmaengine: fsl-edma: don't explicitly disable clocks in .remove() The clocks in fsl_edma_engine::muxclk are allocated and …

Jun 3, 2026
CVE-2026-46254
5.5 MEDIUM

In the Linux kernel, the following vulnerability has been resolved: AppArmor: Allow apparmor to handle unaligned dfa tables The dfa tables can originate from kernel …

Jun 3, 2026
CVE-2026-46253
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: pstore/ram: fix buffer overflow in persistent_ram_save_old() persistent_ram_save_old() can be called multiple times for the same …

Jun 3, 2026
CVE-2026-46252
5.5 MEDIUM

In the Linux kernel, the following vulnerability has been resolved: regulator: core: fix locking in regulator_resolve_supply() error path If late enabling of a supply regulator …

Jun 3, 2026
CVE-2026-46251
8.4 HIGH

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix block_group_tree dirty_list corruption When the incompat flag EXTENT_TREE_V2 is set, we unconditionally add …

Jun 3, 2026
CVE-2026-46250
7.3 HIGH

In the Linux kernel, the following vulnerability has been resolved: MIPS: Work around LLVM bug when gp is used as global register variable On MIPS, …

Jun 3, 2026
CVE-2026-46249
5.5 MEDIUM

In the Linux kernel, the following vulnerability has been resolved: octeontx2-af: Fix PF driver crash with kexec kernel booting During a kexec reboot the hardware …

Jun 3, 2026
CVE-2026-46248
5.5 MEDIUM

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: clear stale link mapping of ahvif->links_map When an arvif is initialized in non-AP …

Jun 3, 2026
CVE-2026-46247
5.5 MEDIUM

In the Linux kernel, the following vulnerability has been resolved: clk: qcom: gfx3d: add parent to parent request map After commit d228ece36345 ("clk: divider: remove …

Jun 3, 2026
CVE-2026-46246
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: power: supply: pm8916_lbc: Fix use-after-free for extcon in IRQ handler Using the `devm_` variant for …

Jun 3, 2026
CVE-2026-46245
5.5 MEDIUM

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix dc_link NULL handling in HPD init amdgpu_dm_hpd_init() may see connectors without a valid …

Jun 3, 2026
CVE-2026-46244
9.1 CRITICAL

In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_inner: Fix IPv6 inner_thoff desync In nft_inner_parse_l2l3(), when processing inner IPv6 packets, ipv6_find_hdr() correctly …

Jun 3, 2026
CVE-2026-40290
7.8 HIGH

OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting …

Jun 3, 2026
CVE-2026-39107
6.3 MEDIUM

A Cross Site Scripting vulnerability exists in the Kimi AI v1.0 web interface's 'Preview' feature. The application fails to properly sanitize or encode HTML/JavaScript payloads …

Jun 3, 2026
CVE-2026-36618
4.3 MEDIUM

Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909 responds to version.bind CHAOS TXT queries, disclosing the DNS resolver software version (unbound 1.22.0), aiding targeted attacks against …

Jun 3, 2026
CVE-2026-36616
5.9 MEDIUM

Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909 contains hardcoded WiFi driver credentials including a RADIUS shared secret, WPS test key, and default PSK embedded in …

Jun 3, 2026
CVE-2026-36615
4.3 MEDIUM

Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909 exposes an undocumented /agileconfigreset endpoint that returns internal buffer contents to unauthenticated attackers on the adjacent network.

Jun 3, 2026
CVE-2026-36613
4.3 MEDIUM

Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909 returns 128 bytes of uninitialized internal buffer contents when receiving HTTP POST requests to undefined paths, exposing server …

Jun 3, 2026
CVE-2026-36612
6.4 MEDIUM

Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909 enables WPS 2.0 by default with a weak lockout policy (60-second lockout after 10 attempts).

Jun 3, 2026
CVE-2026-36611
7.3 HIGH

Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909 returns 128 bytes of uninitialized buffer when receiving POST requests without SOAPAction header on UPnP port 1900, exposing …

Jun 3, 2026
CVE-2026-36610
5.9 MEDIUM

Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909 transmits DDNS credentials over plaintext HTTP with only Base64 encoding. The firmware contains no TLS implementation, allowing man-in-the-middle …

Jun 3, 2026
CVE-2026-36609
7.3 HIGH

Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 uses a static authentication nonce that does not change between requests from the same source IP. Combined …

Jun 3, 2026
CVE-2026-36608
8.8 HIGH

Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 allows UPnP AddPortMapping to forward external ports to the router's own admin interface by accepting its own …

Jun 3, 2026
CVE-2026-36607
8.8 HIGH

Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 allows unauthenticated brute-force attacks via the TDDP password change endpoint (code=10), which lacks the rate limiting applied …

Jun 3, 2026
CVE-2026-36606
7.1 HIGH

Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 encrypts configuration backups with a hardcoded DES key using single DES in ECB mode. An attacker who …

Jun 3, 2026
CVE-2026-36605
6.5 MEDIUM

Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 is vulnerable to a HTTP denial of service via a low number of crafted incomplete HTTP requests, …

Jun 3, 2026
CVE-2026-36604
6.5 MEDIUM

Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 does not validate the HTTP Host header, enabling DNS rebinding attacks. An external attacker can rebind a …

Jun 3, 2026
CVE-2026-36603
8.1 HIGH

Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 exposes 15 of 18 UPnP IGD actions without authentication on port 1900, including AddPortMapping and GetExternalIPAddress. UPnP …

Jun 3, 2026
CVE-2026-36602
4.3 MEDIUM

Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 discloses kernel memory layout via the UPnP GetStatusInfo action. An unauthenticated attacker on the adjacent network can …

Jun 3, 2026
CVE-2026-36460
4.8 MEDIUM

Dovestones Softwares ADPhonebook before v4.0.1.1 is vulnerable to a Cross Site Scripting vulnerability. The /Admin/Save API allows an authenticated admin user to store malicious JavaScript …

Jun 3, 2026
CVE-2026-20233
6.1 MEDIUM

A vulnerability in the web-based user interface of Cisco Webex Meetings could have allowed an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. …

Jun 3, 2026
CVE-2026-20230
8.6 HIGH KEV

A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote …

Jun 3, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.