CVE Database

109356+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-43379
9.8 CRITICAL

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in smb_lazy_parent_lease_break_close() opinfo pointer obtained via rcu_dereference(fp->f_opinfo) is being accessed after rcu_read_unlock() …

May 8, 2026
CVE-2026-43378

In the Linux kernel, the following vulnerability has been resolved: smb: server: fix use-after-free in smb2_open() The opinfo pointer obtained via rcu_dereference(fp->f_opinfo) is dereferenced after …

May 8, 2026
CVE-2026-43377
8.1 HIGH

In the Linux kernel, the following vulnerability has been resolved: ksmbd: Don't log keys in SMB3 signing and encryption key generation When KSMBD_DEBUG_AUTH logging is …

May 8, 2026
CVE-2026-43376
9.8 CRITICAL

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free by using call_rcu() for oplock_info ksmbd currently frees oplock_info immediately using kfree(), …

May 8, 2026
CVE-2026-43375
5.5 MEDIUM

In the Linux kernel, the following vulnerability has been resolved: net: mctp: fix device leak on probe failure Driver core holds a reference to the …

May 8, 2026
CVE-2026-43374
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: net: nexthop: fix percpu use-after-free in remove_nh_grp_entry When removing a nexthop from a group, remove_nh_grp_entry() …

May 8, 2026
CVE-2026-43373
7.5 HIGH

In the Linux kernel, the following vulnerability has been resolved: net: ncsi: fix skb leak in error paths Early return paths in NCSI RX and …

May 8, 2026
CVE-2026-43372
5.5 MEDIUM

In the Linux kernel, the following vulnerability has been resolved: net: dsa: microchip: Fix error path in PTP IRQ setup If request_threaded_irq() fails during the …

May 8, 2026
CVE-2026-43371
5.5 MEDIUM

In the Linux kernel, the following vulnerability has been resolved: net: macb: Shuffle the tx ring before enabling tx Quanyang observed that when using an …

May 8, 2026
CVE-2026-43370
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix use-after-free race in VM acquire Replace non-atomic vm->process_info assignment with cmpxchg() to prevent …

May 8, 2026
CVE-2026-43369
5.5 MEDIUM

In the Linux kernel, the following vulnerability has been resolved: drm/amd: Fix NULL pointer dereference in device cleanup When GPU initialization fails due to an …

May 8, 2026
CVE-2026-43368
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: drm/i915: Fix potential overflow of shmem scatterlist length When a scatterlists table of a GEM …

May 8, 2026
CVE-2026-43367
5.5 MEDIUM

In the Linux kernel, the following vulnerability has been resolved: drm/amd: Fix a few more NULL pointer dereference in device cleanup I found a few …

May 8, 2026
CVE-2026-43366
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: io_uring/kbuf: check if target buffer list is still legacy on recycle There's a gap between …

May 8, 2026
CVE-2026-43365
8.2 HIGH

In the Linux kernel, the following vulnerability has been resolved: xfs: fix undersized l_iclog_roundoff values If the superblock doesn't list a log stripe unit, we …

May 8, 2026
CVE-2026-43364
5.5 MEDIUM

In the Linux kernel, the following vulnerability has been resolved: ublk: fix NULL pointer dereference in ublk_ctrl_set_size() ublk_ctrl_set_size() unconditionally dereferences ub->ub_disk via set_capacity_and_notify() without checking …

May 8, 2026
CVE-2026-43363
5.5 MEDIUM

In the Linux kernel, the following vulnerability has been resolved: x86/apic: Disable x2apic on resume if the kernel expects so When resuming from s2ram, firmware …

May 8, 2026
CVE-2026-43362
8.1 HIGH

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix in-place encryption corruption in SMB2_write() SMB2_write() places write payload in iov[1..n] as …

May 8, 2026
CVE-2026-43361
5.5 MEDIUM

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix transaction abort when snapshotting received subvolumes Currently a user can trigger a transaction …

May 8, 2026
CVE-2026-43360
5.5 MEDIUM

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix transaction abort on file creation due to name hash collision If we attempt …

May 8, 2026
CVE-2026-43359
5.5 MEDIUM

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix transaction abort on set received ioctl due to item overflow If the set …

May 8, 2026
CVE-2026-43358
5.5 MEDIUM

In the Linux kernel, the following vulnerability has been resolved: btrfs: add missing RCU unlock in error path in try_release_subpage_extent_buffer() Call rcu_read_lock() before exiting the …

May 8, 2026
CVE-2026-43357
5.5 MEDIUM

In the Linux kernel, the following vulnerability has been resolved: iio: gyro: mpu3050-core: fix pm_runtime error handling The return value of pm_runtime_get_sync() is not checked, …

May 8, 2026
CVE-2026-43356
5.5 MEDIUM

In the Linux kernel, the following vulnerability has been resolved: iio: imu: adis: Fix NULL pointer dereference in adis_init The adis_init() function dereferences adis->ops to …

May 8, 2026
CVE-2026-43355
5.5 MEDIUM

In the Linux kernel, the following vulnerability has been resolved: iio: light: bh1780: fix PM runtime leak on error path Move pm_runtime_put_autosuspend() before the error …

May 8, 2026
CVE-2026-43354
5.5 MEDIUM

In the Linux kernel, the following vulnerability has been resolved: iio: proximity: hx9023s: Protect against division by zero in set_samp_freq Avoid division by zero when …

May 8, 2026
CVE-2026-43353
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: i3c: mipi-i3c-hci: Fix race in DMA ring dequeue The HCI DMA dequeue path (hci_dma_dequeue_xfer()) may …

May 8, 2026
CVE-2026-43352
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: i3c: mipi-i3c-hci: Correct RING_CTRL_ABORT handling in DMA dequeue The logic used to abort the DMA …

May 8, 2026
CVE-2026-43351
5.5 MEDIUM

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Eagerly init vgic dist/redist on vgic creation If vgic_allocate_private_irqs_locked() fails for any odd …

May 8, 2026
CVE-2026-41588
9.0 CRITICAL

RELATE is a web-based courseware package. Prior to commit 2f68e16, there is a timing attack vulnerability in course/auth.py — check_sign_in_key(). This issue has been patched …

May 8, 2026
CVE-2026-41585
6.5 MEDIUM

ZEBRA is a Zcash node written entirely in Rust. From zebrad versions 2.2.0 to before 4.3.1 and from zebra-rpc versions 1.0.0-beta.45 to before 6.0.2, a …

May 8, 2026
CVE-2026-41584
7.5 HIGH

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.1 and prior to zebra-chain version 6.0.2, Orchard transactions contain a rk …

May 8, 2026
CVE-2026-41583
9.1 CRITICAL

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.1 and prior to zebra-script version 5.0.2, after a refactoring, Zebra failed …

May 8, 2026
CVE-2026-41576
7.1 HIGH

Brave CMS is an open-source CMS. Prior to commit 6c56603, the contact form is publicly accessible (no authentication required). User-supplied message text is passed through …

May 8, 2026
CVE-2026-41575
6.1 MEDIUM

In th30d4y/IP from version 1.0.1 to before version 2.0.1, a DOM-Based Cross-Site Scripting (XSS) vulnerability was identified in an IP Reputation Checker application. Unsanitized user …

May 8, 2026
CVE-2026-41574
9.8 CRITICAL

Nhost is an open source Firebase alternative with GraphQL. Prior to version 0.49.1, Nhost automatically links an incoming OAuth identity to an existing Nhost account …

May 8, 2026
CVE-2026-41570
7.8 HIGH

PHPUnit is a testing framework for PHP. In versions 12.5.21 and 13.1.5, PHPUnit forwards PHP INI settings to child processes (used for isolated/PHPT test execution) …

May 8, 2026
CVE-2026-41524
8.7 HIGH

Brave CMS is an open-source CMS. Prior to commit 6c56603, page and article body content entered through the CKEditor rich-text editor is stored verbatim in …

May 8, 2026
CVE-2026-41487
5.4 MEDIUM

Langfuse is an open source large language model engineering platform. From version 3.68.0 to before version 3.167.0, there is a role-based-access control flaw in the …

May 8, 2026
CVE-2026-41308
6.5 MEDIUM

Password Pusher is an open source application to communicate sensitive information over the web. Prior to versions 1.69.3 and 2.4.2, a security issue in OSS …

May 8, 2026
CVE-2026-38361
7.5 HIGH

An issue in fohrloop dash-uploader v.0.1.0 through v.0.7.0a2 allows a remote attacker to execute arbitrary code via the dash_uploader/httprequesthandler.py, dash_uploader/upload.py in the Upload function and …

May 8, 2026
CVE-2026-37431
9.8 CRITICAL

Beauty Parlour Management System v1.1 was discovered to contain a SQL injection vulnerability via the aptnumber parameter in the /appointment-detail.php endpoint. This vulnerability allows attackers …

May 8, 2026
CVE-2025-67486
7.2 HIGH

Dolibarr is an enterprise resource planning (ERP) and customer relationship management (CRM) software package. Versions 22.0.2 and earlier contains an authenticated remote code execution vulnerability …

May 8, 2026
CVE-2026-7864

SEPPmail Secure Email Gateway before version 15.0.4 exposes server environment variables through an unauthenticated endpoint in the new GINA UI, allowing remote attackers to obtain …

May 8, 2026
CVE-2026-44340
7.5 HIGH

PraisonAI is a multi-agent teams system. Prior to version 4.6.37, the _safe_extractall helper that all recipe pull, recipe publish, and recipe unpack flows route through …

May 8, 2026
CVE-2026-44339
8.6 HIGH

PraisonAI is a multi-agent teams system. Prior to praisonai version 4.6.37 and praisonaiagents version 1.6.37, praisonaiagents resolves unresolved tool names against module globals and __main__ …

May 8, 2026
CVE-2026-44338
7.3 HIGH

PraisonAI is a multi-agent teams system. From version 2.5.6 to before version 4.6.34, PraisonAI ships a legacy Flask API server with authentication disabled by default. …

May 8, 2026
CVE-2026-44337
6.3 MEDIUM

PraisonAI is a multi-agent teams system. From version 2.4.1 to before version 4.6.34, PraisonAI exposes optional SQL/CQL-backed knowledge-store implementations that build table and index identifiers …

May 8, 2026
CVE-2026-44336
9.6 CRITICAL

PraisonAI is a multi-agent teams system. Prior to version 4.6.34, PraisonAI's MCP (Model Context Protocol) server (praisonai mcp serve) registers four file-handling tools by default …

May 8, 2026
CVE-2026-44335
9.8 CRITICAL

PraisonAI is a multi-agent teams system. Prior to version 1.6.32, the URL checking logic in PraisonAI has a logical flaw that could be bypassed by …

May 8, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.