CVE Database

109287+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-42541
4.3 MEDIUM

Kubewarden is a policy engine for Kubernetes. Prior to , An attacker with privileged AdmissionPolicy or AdmissionPolicyGroup create permissions (which isn't the default) can craft …

May 12, 2026
CVE-2026-42348
5.9 MEDIUM

OpenTelemetry.OpAmp.Client is the OpAMP client for OpenTelemetry .NET. Prior to 0.2.0-alpha.1, when receiving responses from the OpAMP server over HTTP, the OpAMP client allocates an …

May 12, 2026
CVE-2026-42303

Fides is an open-source privacy engineering platform. From 2.75.0 to before 2.83.2, Fides deployments that enable both subject identity verification and duplicate privacy request detection …

May 12, 2026
CVE-2026-42300

DevGuard provides vulnerability management for the full software supply chain. Prior to 1.2.2, the SessionMiddleware accepts a client-supplied X-Admin-Token HTTP request header and uses its …

May 12, 2026
CVE-2026-42177
5.3 MEDIUM

linux-entra-sso is a browser plugin for Linux to SSO on Microsoft Entra ID. Prior to 1.8.1, platform/chrome/js/platform-chrome.js:69-88 registers a single declarativeNetRequest rule whose urlFilter is …

May 12, 2026
CVE-2026-42175
6.5 MEDIUM

requests-hardened is a library that overrides the default behaviors of the requests library, and adds new security features. Prior to , the SSRF protection in …

May 12, 2026
CVE-2026-42141
7.7 HIGH

Xibo is an open source digital signage platform with a web content management system and Windows display player software. Prior to 4.4.1, an authenticated Server-Side …

May 12, 2026
CVE-2026-42048
9.6 CRITICAL

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.0, Langflow is vulnerable to Path Traversal in the Knowledge Bases …

May 12, 2026
CVE-2026-42045
6.2 MEDIUM

LobeHub is a work-and-lifestyle space to find, build, and collaborate with agent teammates that grow with you. Prior to 2.1.48, when LobeChat processes custom tags …

May 12, 2026
CVE-2026-41895
7.5 HIGH

changedetection.io is a free open source web page change detection tool. In 0.54.9 and earlier, xpath_filter() switches to XML mode for XML/RSS content and creates …

May 12, 2026
CVE-2026-41614
6.2 MEDIUM

Improper access control in M365 Copilot for Desktop allows an unauthorized attacker to perform spoofing locally.

May 12, 2026
CVE-2026-41613
8.8 HIGH

Session fixation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network.

May 12, 2026
CVE-2026-41612
5.5 MEDIUM

Relative path traversal in Visual Studio Code allows an unauthorized attacker to disclose information locally.

May 12, 2026
CVE-2026-41611
7.8 HIGH

Improper neutralization of script-related html tags in a web page (basic xss) in Visual Studio Code allows an unauthorized attacker to execute code locally.

May 12, 2026
CVE-2026-41610
6.3 MEDIUM

Improper neutralization of input during web page generation ('cross-site scripting') in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.

May 12, 2026
CVE-2026-41513

Horilla is an HR and CRM software. In 1.5.0, the notification endpoints trust the unvalidated next parameter and redirect users to arbitrary external URLs. This …

May 12, 2026
CVE-2026-41109
8.8 HIGH

Improper neutralization of special elements in output used by a downstream component ('injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to bypass …

May 12, 2026
CVE-2026-41107
7.4 HIGH

External control of file name or path in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network.

May 12, 2026
CVE-2026-41103
9.1 CRITICAL

Incorrect implementation of authentication algorithm in Microsoft SSO Plugin for Jira & Confluence allows an unauthorized attacker to elevate privileges over a network.

May 12, 2026
CVE-2026-41102
7.1 HIGH

Improper access control in Microsoft Office PowerPoint allows an authorized attacker to perform spoofing locally.

May 12, 2026
CVE-2026-41101
7.1 HIGH

Improper access control in Microsoft Office Word allows an authorized attacker to perform spoofing locally.

May 12, 2026
CVE-2026-41100
4.4 MEDIUM

Improper access control in M365 Copilot allows an authorized attacker to perform spoofing locally.

May 12, 2026
CVE-2026-41097
6.7 MEDIUM

Reliance on a component that is not updateable in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.

May 12, 2026
CVE-2026-41096
9.8 CRITICAL

Heap-based buffer overflow in Microsoft Windows DNS allows an unauthorized attacker to execute code over a network.

May 12, 2026
CVE-2026-41095
7.8 HIGH

Use after free in Data Deduplication allows an authorized attacker to elevate privileges locally.

May 12, 2026
CVE-2026-41094
8.8 HIGH

Improper control of generation of code ('code injection') in Microsoft Data Formulator allows an unauthorized attacker to execute code over a network.

May 12, 2026
CVE-2026-41089
9.8 CRITICAL

Stack-based buffer overflow in Windows Netlogon allows an unauthorized attacker to execute code over a network.

May 12, 2026
CVE-2026-41088
7.8 HIGH

External control of file name or path in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

May 12, 2026
CVE-2026-41086
8.8 HIGH

Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges over a network.

May 12, 2026
CVE-2026-40421
4.3 MEDIUM

External control of file name or path in Microsoft Office Word allows an unauthorized attacker to disclose information over a network.

May 12, 2026
CVE-2026-40420
8.8 HIGH

Improper access control in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.

May 12, 2026
CVE-2026-40419
7.8 HIGH

Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.

May 12, 2026
CVE-2026-40418
7.8 HIGH

Use after free in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.

May 12, 2026
CVE-2026-40417
7.8 HIGH

Weak authentication in Dynamics Business Central allows an authorized attacker to elevate privileges locally.

May 12, 2026
CVE-2026-40416
4.3 MEDIUM

User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

May 12, 2026
CVE-2026-40415
8.1 HIGH

Use after free in Windows TCP/IP allows an unauthorized attacker to execute code over a network.

May 12, 2026
CVE-2026-40414
7.4 HIGH

Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over an adjacent network.

May 12, 2026
CVE-2026-40413
7.4 HIGH

Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over an adjacent network.

May 12, 2026
CVE-2026-40410
7.0 HIGH

Use after free in Windows SMB Client allows an authorized attacker to elevate privileges locally.

May 12, 2026
CVE-2026-40408
7.8 HIGH

Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.

May 12, 2026
CVE-2026-40407
7.8 HIGH

Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

May 12, 2026
CVE-2026-40406
7.5 HIGH

Use after free in Windows TCP/IP allows an unauthorized attacker to disclose information over a network.

May 12, 2026
CVE-2026-40405
7.5 HIGH

Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over a network.

May 12, 2026
CVE-2026-40403
8.8 HIGH

Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to execute code locally.

May 12, 2026
CVE-2026-40402
9.3 CRITICAL

Use after free in Windows Hyper-V allows an unauthorized attacker to elevate privileges locally.

May 12, 2026
CVE-2026-40401
7.1 HIGH

Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service locally.

May 12, 2026
CVE-2026-40399
7.8 HIGH

Stack-based buffer overflow in Windows TCP/IP allows an authorized attacker to elevate privileges locally.

May 12, 2026
CVE-2026-40398
7.8 HIGH

Heap-based buffer overflow in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.

May 12, 2026
CVE-2026-40397
7.8 HIGH

Integer underflow (wrap or wraparound) in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

May 12, 2026
CVE-2026-40382
7.8 HIGH

Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.

May 12, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.