CVE Database

109287+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-13479
7.5 HIGH

Authorization bypass through User-Controlled key vulnerability in PosCube Hardware Software and Consulting Ltd. QR Menu allows Exploitation of Trusted Identifiers. This issue affects QR Menu: …

May 21, 2026
CVE-2025-13477
7.1 HIGH

Exposure of private personal information to an unauthorized actor, Insufficiently Protected Credentials vulnerability in Digital Operations Services Inc. WifiBurada allows Authentication Bypass. This issue affects …

May 21, 2026
CVE-2026-6841

Request Tracker is vulnerable to a reflected cross-site scripting (XSS) vulnerability via the "Page" parameter in GET requests. An attacker can craft a URL that, …

May 21, 2026
CVE-2026-5118
9.8 CRITICAL

The Divi Form Builder plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.1.2. This is due to the plugin …

May 21, 2026
CVE-2026-45760
8.1 HIGH

(Externally Controlled Reference to a Resource in Another Sphere), (Authorization Bypass Through User-Controlled Key) vulnerability in Apache Camel K. Authorized users in a Kubernetes namespace …

May 21, 2026
CVE-2026-43502

In the Linux kernel, the following vulnerability has been resolved: net/rds: handle zerocopy send cleanup before the message is queued A zerocopy send can fail …

May 21, 2026
CVE-2026-43501

In the Linux kernel, the following vulnerability has been resolved: ipv6: rpl: reserve mac_len headroom when recompressed SRH grows ipv6_rpl_srh_rcv() decompresses an RFC 6554 Source …

May 21, 2026
CVE-2026-43499

In the Linux kernel, the following vulnerability has been resolved: rtmutex: Use waiter::task instead of current in remove_waiter() remove_waiter() is used by the slowlock paths, …

May 21, 2026
CVE-2026-43498

In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Disallow re-exporting imported GEM objects Prevent re-exporting of imported GEM buffers by adding a …

May 21, 2026
CVE-2026-43497

In the Linux kernel, the following vulnerability has been resolved: fbdev: udlfb: add vm_ops to dlfb_ops_mmap to prevent use-after-free dlfb_ops_mmap() uses remap_pfn_range() to map vmalloc …

May 21, 2026
CVE-2026-43496

In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_red: Replace direct dequeue call with peek and qdisc_dequeue_peeked When red qdisc has children …

May 21, 2026
CVE-2026-43495

In the Linux kernel, the following vulnerability has been resolved: net: wwan: t7xx: validate port_count against message length in t7xx_port_enum_msg_handler t7xx_port_enum_msg_handler() uses the modem-supplied port_count …

May 21, 2026
CVE-2026-43494

In the Linux kernel, the following vulnerability has been resolved: net/rds: reset op_nents when zerocopy page pin fails When iov_iter_get_pages2() fails in rds_message_zcopy_from_user(), the pinned …

May 21, 2026
CVE-2026-0393

The affected product may expose credentials remotely between low privileged visualization users during concurrent login operations due to insufficient isolation of authentication data. The vulnerability …

May 21, 2026
CVE-2026-45255
7.5 HIGH

When bsdinstall or bsdconfig are prompted to scan for nearby Wi-Fi networks, they build up a list of network names and use bsddialog(1) to prompt …

May 21, 2026
CVE-2026-45254
6.5 MEDIUM

In the case of the cap_net service, when a key present in the old limit was omitted from the new limit, the missing key was …

May 21, 2026
CVE-2026-45253
8.4 HIGH

ptrace(PT_SC_REMOTE) failed to properly validate parameters for the syscall(2) and __syscall(2) meta-system calls. As a result, a user with the ability to debug a process …

May 21, 2026
CVE-2026-45252
5.5 MEDIUM

When a fusefs file system implements extended attributes, the kernel may send a FUSE_LISTXATTR message to the userspace daemon to retrieve the list of extended …

May 21, 2026
CVE-2026-45251
7.8 HIGH

A file descriptor can be closed while a thread is blocked in a poll(2) or select(2) call waiting for that descriptor. Because the blocked thread …

May 21, 2026
CVE-2026-42396
4.9 MEDIUM

Insufficient Validation of Member Zone Data May Cause Catalog Zone Transfer to Fail

May 21, 2026
CVE-2026-42002
5.9 MEDIUM

Concurrency and locking defects in GSS-TSIG

May 21, 2026
CVE-2026-42001
7.5 HIGH

Insufficient Validation of Autoprimary SOA Queries

May 21, 2026
CVE-2026-42000
6.8 MEDIUM

Insufficient Validation of Names During AXFR

May 21, 2026
CVE-2026-41999
4.8 MEDIUM

Incorrect Behaviour of Views with TCP PROXY Requests

May 21, 2026
CVE-2026-39461
8.8 HIGH

libcasper(3) communicates with helper processes via UNIX domain sockets, and uses the select(2) system call to wait for data to become available. However, it does …

May 21, 2026
CVE-2026-28764
7.8 HIGH

MediaArea MediaInfoLib LXF element parsing heap-based buffer overflow vulnerability

May 21, 2026
CVE-2026-9157
8.4 HIGH

Improper input validation, Unrestricted upload of file with dangerous type vulnerability in Gmission Web Fax allows Remote Code Inclusion. This issue affects Web Fax: from …

May 21, 2026
CVE-2026-7837
3.7 LOW

A time-of-check time-of-use (TOCTOU) condition in the ad_flush function in Netatalk 3.0.0 through 4.4.2 involves root-privileged file operations, which may allow a remote attacker to …

May 21, 2026
CVE-2026-5434
5.9 MEDIUM

Honeywell Control Network Module (CNM) contains insertion of sensitive information into an unintended directory. An attacker could exploit this vulnerability through probing system files, potentially …

May 21, 2026
CVE-2026-5433
9.1 CRITICAL

Honeywell Control Network Module (CNM) contains command injection vulnerability in the web interface. An attacker could exploit this vulnerability via command delimiters, potentially resulting in …

May 21, 2026
CVE-2026-4858
8.0 HIGH

Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to check integration URL for path traversal which allows an …

May 21, 2026
CVE-2026-45250
7.8 HIGH

The setcred(2) system call is only available to privileged users. However, before the privilege level of the caller is checked, the user-supplied list of supplementary …

May 21, 2026
CVE-2026-44075
3.7 LOW

A missing break statement in DSI OpenSession processing in Netatalk 1.5.0 through 4.4.2 causes a DSIOPT_ATTNQUANT switch case to fall through into DSIOPT_SERVQUANT, resulting in …

May 21, 2026
CVE-2026-44074
3.7 LOW

Netatalk 2.1.0 through 4.4.2 combines multiple errno values using bitwise OR, resulting in incorrect error codes when multiple error conditions occur simultaneously, which may allow …

May 21, 2026
CVE-2026-44071
3.7 LOW

Netatalk 3.1.2 through 4.4.2 is compiled without FORTIFY_SOURCE, which disables built-in buffer overflow detection at runtime, potentially allowing a remote attacker to cause a minor …

May 21, 2026
CVE-2026-44057
3.1 LOW

A dead bounds check in the Spotlight RPC unmarshaller in Netatalk 3.0.0 through 4.4.2 results in an unreachable code path that provides no effective bounds …

May 21, 2026
CVE-2026-27393
5.3 MEDIUM

Missing Authorization vulnerability in Tobias CF7 WOW Styler allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CF7 WOW Styler: from n/a through …

May 21, 2026
CVE-2026-27349
4.3 MEDIUM

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPFunnels Team Mail Mint allows Retrieve Embedded Sensitive Data. This issue affects Mail …

May 21, 2026
CVE-2026-22880
6.1 MEDIUM

Mattermost Mobile Apps versions <=2.37 11.4 2.0.37 11.0.4 11.1.3 11.3.2 10.11.11.0 fail to properly validate the SSO authentication callback origin which allows an attacker controlling …

May 21, 2026
CVE-2026-7836
3.1 LOW

An incorrect calculation in the hextoint macro in Netatalk 2.0.0 through 4.4.2 due to improper uppercase character handling allows a remote authenticated attacker to cause …

May 21, 2026
CVE-2026-7835
3.1 LOW

A format string argument mismatch in Netatalk 3.0.3 through 4.4.2 allows a remote authenticated attacker to cause a minor denial of service via crafted input …

May 21, 2026
CVE-2026-4055
4.3 MEDIUM

Mattermost versions 11.5.x <= 11.5.1 fail to validate team-level run_create permission against the target team when creating a playbook run which allows an authenticated team …

May 21, 2026
CVE-2026-44076
6.7 MEDIUM

Insufficient sanitization of volume paths in Netatalk 3.1.0 through 4.4.2 allows a local privileged user to inject OS commands and execute arbitrary code via a …

May 21, 2026
CVE-2026-44073
5.0 MEDIUM

Authentication modules in Netatalk 1.5.0 through 4.4.2 fail to check the return value of seteuid(), which may allow a remote authenticated attacker to retain elevated …

May 21, 2026
CVE-2026-44072
3.0 LOW

Netatalk 2.2.1 through 4.4.2 calls system() after a failed chdir() without properly handling the error condition, which allows a local privileged user to execute unintended …

May 21, 2026
CVE-2026-44070
3.1 LOW

An unbounded memory reallocation in the charset conversion code in Netatalk 2.0.0 through 4.4.2 allows a remote authenticated attacker to cause a minor denial of …

May 21, 2026
CVE-2026-44069
3.9 LOW

An integer underflow in the volxlate function in Netatalk 3.0.0 through 4.4.2 allows a local privileged user to obtain limited information, modify limited data, or …

May 21, 2026
CVE-2026-44068
7.6 HIGH

Incomplete sanitization of extended attribute (EA) path components in Netatalk 2.1.0 through 4.4.2 allows a remote authenticated attacker to write to files outside the intended …

May 21, 2026
CVE-2026-44067
4.2 MEDIUM

A heap over-read in extended attribute (EA) header parsing in Netatalk 2.1.0 through 4.4.2 allows a remote authenticated attacker to obtain limited information or cause …

May 21, 2026
CVE-2026-44066
7.1 HIGH

Multiple heap out-of-bounds reads in the Spotlight RPC unmarshalling code in Netatalk 3.1.0 through 4.4.2 allow a remote authenticated attacker to obtain sensitive information or …

May 21, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.