CVE Database

36731+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2023-53575
7.1 HIGH

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: fix potential array out of bounds access Account for IWL_SEC_WEP_KEY_OFFSET when needed …

Oct 4, 2025
CVE-2023-53572
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: clk: imx: scu: use _safe list iterator to avoid a use after free This loop …

Oct 4, 2025
CVE-2023-53570
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: wifi: nl80211: fix integer overflow in nl80211_parse_mbssid_elems() nl80211_parse_mbssid_elems() uses a u8 variable num_elems to count …

Oct 4, 2025
CVE-2023-53569
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: ext2: Check block size validity during mount Check that log of block size stored in …

Oct 4, 2025
CVE-2023-53560
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: tracing/histograms: Add histograms to hist_vars if they have referenced variables Hist triggers can have referenced …

Oct 4, 2025
CVE-2023-53559
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: ip_vti: fix potential slab-use-after-free in decode_session6 When ip_vti device is set to the qdisc of …

Oct 4, 2025
CVE-2023-53556
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: iavf: Fix use-after-free in free_netdev We do netif_napi_add() for all allocated q_vectors[], but potentially do …

Oct 4, 2025
CVE-2023-53554
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: staging: ks7010: potential buffer overflow in ks_wlan_set_encode_ext() The "exc->key_len" is a u16 that comes from …

Oct 4, 2025
CVE-2023-53552
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: drm/i915: mark requests for GuC virtual engines to avoid use-after-free References to i915_requests may be …

Oct 4, 2025
CVE-2023-53544
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: cpufreq: davinci: Fix clk use after free The remove function first frees the clks and …

Oct 4, 2025
CVE-2023-53543
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: vdpa: Add max vqp attr to vdpa_nl_policy for nlattr length check The vdpa_nl_policy structure is …

Oct 4, 2025
CVE-2023-53541
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: mtd: rawnand: brcmnand: Fix potential out-of-bounds access in oob write When the oob buffer length …

Oct 4, 2025
CVE-2023-53537
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid use-after-free for cached IPU bio xfstest generic/019 reports a bug: kernel …

Oct 4, 2025
CVE-2023-53536
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: blk-crypto: make blk_crypto_evict_key() more robust If blk_crypto_evict_key() sees that the key is still in-use (due …

Oct 4, 2025
CVE-2022-50508
7.1 HIGH

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt76x0: fix oob access in mt76x0_phy_get_target_power After 'commit ba45841ca5eb ("wifi: mt76: mt76x02: simplify …

Oct 4, 2025
CVE-2022-50507
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Validate data run offset This adds sanity checks for data run offset. We should …

Oct 4, 2025
CVE-2022-50499
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: media: dvb-core: Fix double free in dvb_register_device() In function dvb_register_device() -> dvb_register_media_device() -> dvb_create_media_entity(), dvb->entity …

Oct 4, 2025
CVE-2022-50497
7.1 HIGH

In the Linux kernel, the following vulnerability has been resolved: binfmt_misc: fix shift-out-of-bounds in check_special_flags UBSAN reported a shift-out-of-bounds warning: left shift of 1 by …

Oct 4, 2025
CVE-2022-50496
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: dm cache: Fix UAF in destroy() Dm_cache also has the same UAF problem when dm_resume() …

Oct 4, 2025
CVE-2022-50492
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: drm/msm: fix use-after-free on probe deferral The bridge counter was never reset when tearing down …

Oct 4, 2025
CVE-2022-50490
7.1 HIGH

In the Linux kernel, the following vulnerability has been resolved: bpf: Propagate error from htab_lock_bucket() to userspace In __htab_map_lookup_and_delete_batch() if htab_lock_bucket() returns -EBUSY, it will …

Oct 4, 2025
CVE-2022-50488
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix possible uaf for 'bfqq->bic' Our test report a uaf for 'bfqq->bic' in …

Oct 4, 2025
CVE-2022-50478
7.1 HIGH

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix shift-out-of-bounds/overflow in nilfs_sb2_bad_offset() Patch series "nilfs2: fix UBSAN shift-out-of-bounds warnings on mount time". …

Oct 4, 2025
CVE-2022-50470
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: xhci: Remove device endpoints from bandwidth list when freeing the device Endpoints are normally deleted …

Oct 4, 2025
CVE-2025-39952
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: wifi: wilc1000: avoid buffer overflow in WID string configuration Fix the following copy overflow warning …

Oct 4, 2025
CVE-2025-39951
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: um: virtio_uml: Fix use-after-free after put_device in probe When register_virtio_device() fails in virtio_uml_probe(), the code …

Oct 4, 2025
CVE-2025-39945
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: cnic: Fix use-after-free bugs in cnic_delete_task The original code uses cancel_delayed_work() in cnic_cm_stop_bnx2x_hw(), which does …

Oct 4, 2025
CVE-2025-39944
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: Fix use-after-free bugs in otx2_sync_tstamp() The original code relies on cancel_delayed_work() in otx2_ptp_destroy(), which …

Oct 4, 2025
CVE-2025-39943
7.1 HIGH

In the Linux kernel, the following vulnerability has been resolved: ksmbd: smbdirect: validate data_offset and data_length field of smb_direct_data_transfer If data_offset and data_length of smb_direct_data_transfer …

Oct 4, 2025
CVE-2025-39939
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: iommu/s390: Fix memory corruption when using identity domain zpci_get_iommu_ctrs() returns counter information to be reported …

Oct 4, 2025
CVE-2025-39935
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: ASoC: codec: sma1307: Fix memory corruption in sma1307_setting_loaded() The sma1307->set.header_size is how many integers are …

Oct 4, 2025
CVE-2025-9243
8.1 HIGH

The Cost Calculator Builder plugin for WordPress is vulnerable to unauthorizedmodification of data due to a missing capability check on the get_cc_orders and update_order_status functions …

Oct 4, 2025
CVE-2025-10751
7.8 HIGH

MacForge contains an insecure XPC service that allows local, unprivileged users to escalate their privileges to root.This issue affects MacForge: 1.2.0 Beta 1.

Oct 4, 2025
CVE-2025-61679
7.7 HIGH

Anyquery is an SQL query engine built on top of SQLite. Versions 0.4.3 and below allow attackers who have already gained access to localhost, even …

Oct 3, 2025
CVE-2025-61673
8.6 HIGH

Karapace is an open-source implementation of Kafka REST and Schema Registry. Versions 5.0.0 and 5.0.1 contain an authentication bypass vulnerability when configured to use OAuth …

Oct 3, 2025
CVE-2025-59944
8.0 HIGH

Cursor is a code editor built for programming with AI. Versions 1.6.23 and below contain case-sensitive checks in the way Cursor IDE protects its sensitive …

Oct 3, 2025
CVE-2025-59943
8.1 HIGH

phpMyFAQ is an open source FAQ web application. Versions 4.0-nightly-2025-10-03 and below do not enforce uniqueness of email addresses during user registration. This allows multiple …

Oct 3, 2025
CVE-2025-54374
8.8 HIGH

Eidos is an extensible framework for Personal Data Management. Versions 0.21.0 and below contain a one-click remote code execution vulnerability. An attacker can exploit this …

Oct 3, 2025
CVE-2025-57714
7.8 HIGH

An unquoted search path or element vulnerability has been reported to affect NetBak Replicator. If a local attacker gains a user account, they can then …

Oct 3, 2025
CVE-2025-54153
8.8 HIGH

An SQL injection vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability …

Oct 3, 2025
CVE-2025-53595
8.8 HIGH

An SQL injection vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability …

Oct 3, 2025
CVE-2025-52656
7.6 HIGH

HCL MyXalytics: 6.6. is affected by Mass Assignment vulnerability. Mass Assignment occurs when user input is automatically bound to application objects without proper validation or …

Oct 3, 2025
CVE-2025-47212
7.2 HIGH

A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then …

Oct 3, 2025
CVE-2025-44014
8.8 HIGH

An out-of-bounds write vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability …

Oct 3, 2025
CVE-2025-61593
7.1 HIGH

Cursor is a code editor built for programming with AI. In versions 1.7 and below, a vulnerability in the way Cursor CLI Agent protects its …

Oct 3, 2025
CVE-2025-61592
8.8 HIGH

Cursor is a code editor built for programming with AI. In versions 1.7 and below, automatic loading of project-specific CLI configuration from the current working …

Oct 3, 2025
CVE-2025-52653
7.6 HIGH

HCL MyXalytics product is affected by Cross Site Scripting vulnerability in the web application. This can allow the execution of unauthorized scripts, potentially resulting in …

Oct 3, 2025
CVE-2025-46817
7.0 HIGH

Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua …

Oct 3, 2025
CVE-2024-56804
8.8 HIGH

An SQL injection vulnerability has been reported to affect Video Station. If a remote attacker gains a user account, they can then exploit the vulnerability …

Oct 3, 2025
CVE-2025-61591
8.8 HIGH

Cursor is a code editor built for programming with AI. In versions 1.7 and below, when MCP uses OAuth authentication with an untrusted MCP server, …

Oct 3, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.