CVE Database

110702+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-31786
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: Buffer overflow in drivers/xen/sys-hypervisor.c The build id returned by HYPERVISOR_xen_version(XENVER_build_id) is neither NUL terminated nor …

Apr 30, 2026
CVE-2026-31692
5.5 MEDIUM

In the Linux kernel, the following vulnerability has been resolved: rtnetlink: add missing netlink_ns_capable() check for peer netns rtnl_newlink() lacks a CAP_NET_ADMIN capability check on …

Apr 30, 2026
CVE-2026-6498
5.3 MEDIUM

The Five Star Restaurant Reservations plugin for WordPress is vulnerable to a payment bypass via PHP type juggling in versions up to, and including, 2.7.16 …

Apr 30, 2026
CVE-2026-42800
7.4 HIGH

NULL pointer dereference vulnerability in ASR1903 in ASR Lapwing_Linux on Linux (ims_client modules) allows Pointer Manipulation. This vulnerability is associated with program files sip/utils/src/sipuri.c.

Apr 30, 2026
CVE-2026-41016
5.9 MEDIUM

Apache Airflow's SMTP provider `SmtpHook` called Python's `smtplib.SMTP.starttls()` without an SSL context, so no certificate validation was performed on the TLS upgrade. A man-in-the-middle between …

Apr 30, 2026
CVE-2026-42799
7.4 HIGH

Out-of-bounds read vulnerability in ASR Kestrel (nr_fw modules) allows Overflow Buffers. This vulnerability is associated with program files Code/Nr/nr_fw/RA/src/NrPwrCtrl.C. This issue affects Kestrel: before 2026/02/10.

Apr 30, 2026
CVE-2026-42512
8.1 HIGH

As dhclient is building an environment to pass to dhclient-script, it may need to resize the array of string pointers. The code which expands the …

Apr 30, 2026
CVE-2026-39457
7.8 HIGH

When exchanging data over a socket, libnv uses select(2) to wait for data to arrive. However, it does not verify whether the provided socket descriptor …

Apr 30, 2026
CVE-2026-35547
8.1 HIGH

When processing the header of an incoming message, libnv failed to properly validate the message size. The lack of validation allows a malicious program to …

Apr 30, 2026
CVE-2026-22070
7.1 HIGH

ColorOS Assistant has an unauthenticated start-download channel, leading to file path traversal.

Apr 30, 2026
CVE-2026-7164
7.5 HIGH

Incorrect packet validation allowed unbounded recursion parsing SCTP chunk parameters. This can eventually result in a stack overflow and panic. Remote attackers can craft packets …

Apr 30, 2026
CVE-2026-7270
7.8 HIGH

An operator precedence bug in the kernel results in a scenario where a buffer overflow causes attacker-controlled data to overwrite adjacent execve(2) argument buffers. The …

Apr 30, 2026
CVE-2026-6870
5.5 MEDIUM

GSM RP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

Apr 30, 2026
CVE-2026-6869
5.5 MEDIUM

WebSocket protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

Apr 30, 2026
CVE-2026-6867
5.5 MEDIUM

SMB2 protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

Apr 30, 2026
CVE-2026-6538
5.5 MEDIUM

BEEP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

Apr 30, 2026
CVE-2026-6537
5.5 MEDIUM

ZigBee protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

Apr 30, 2026
CVE-2026-6536
5.5 MEDIUM

DLMS/COSEM protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4

Apr 30, 2026
CVE-2026-6535
5.5 MEDIUM

Dissection engine zlib decompression crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

Apr 30, 2026
CVE-2026-6534
5.5 MEDIUM

USB HID protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

Apr 30, 2026
CVE-2026-6533
5.5 MEDIUM

Dissection engine LZ77 decompression crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

Apr 30, 2026
CVE-2026-6532
5.5 MEDIUM

Kismet protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

Apr 30, 2026
CVE-2026-6531
5.5 MEDIUM

SANE protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

Apr 30, 2026
CVE-2026-6530
5.5 MEDIUM

DCP-ETSI protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

Apr 30, 2026
CVE-2026-6529
5.5 MEDIUM

iLBC audio codec crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

Apr 30, 2026
CVE-2026-6528
5.5 MEDIUM

TLS protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 allows denial of service

Apr 30, 2026
CVE-2026-6527
5.5 MEDIUM

ASN.1 PER protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

Apr 30, 2026
CVE-2026-6526
5.5 MEDIUM

RTSP protocol dissector crash in Wireshark 4.6.0 to 4.6.4

Apr 30, 2026
CVE-2026-6524
5.5 MEDIUM

MySQL protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

Apr 30, 2026
CVE-2026-6523
5.5 MEDIUM

GNW protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

Apr 30, 2026
CVE-2026-6522
5.5 MEDIUM

RPKI-Router protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

Apr 30, 2026
CVE-2026-6521
5.5 MEDIUM

OpenFlow v5 protocol dissector infinite loops in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

Apr 30, 2026
CVE-2026-6520
5.5 MEDIUM

OpenFlow v6 protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

Apr 30, 2026
CVE-2026-6519
5.5 MEDIUM

MBIM protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

Apr 30, 2026
CVE-2026-5657
5.5 MEDIUM

iLBC codec crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

Apr 30, 2026
CVE-2026-5655
5.5 MEDIUM

SDP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 allows denial of service

Apr 30, 2026
CVE-2026-5654
5.5 MEDIUM

AMR-NB codec crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

Apr 30, 2026
CVE-2026-5653
5.5 MEDIUM

DCP-ETSI protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

Apr 30, 2026
CVE-2026-5409
5.5 MEDIUM

Monero protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

Apr 30, 2026
CVE-2026-5408
5.5 MEDIUM

BT-DHT protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

Apr 30, 2026
CVE-2026-5407
5.5 MEDIUM

SMB2 protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

Apr 30, 2026
CVE-2026-5406
5.5 MEDIUM

FC-SWILS protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

Apr 30, 2026
CVE-2026-5402
8.8 HIGH

TLS protocol dissector heap overflow in Wireshark 4.6.0 to 4.6.4 allows denial of service and possible code execution

Apr 30, 2026
CVE-2026-5401
5.5 MEDIUM

AFP Spotlight protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

Apr 30, 2026
CVE-2026-5299
5.5 MEDIUM

ICMPv6 PvD protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

Apr 30, 2026
CVE-2026-42798
4.0 MEDIUM

Little CMS (lcms2) 2.16 through 2.18 before 2.19 has an integer overflow in ParseCube in cmscgats.c.

Apr 30, 2026
CVE-2026-42511
8.1 HIGH

The BOOTP file field is written to the lease file without escaping embedded double-quotes, allowing injection of arbitrary dhclient.conf directives. When the lease file is …

Apr 30, 2026
CVE-2026-41226
4.7 MEDIUM

Open redirect vulnerability exists in Multiple laser printers and MFPs which implement Ricoh Web Image Monitor. When accessing a specially crafted URL, the user may …

Apr 30, 2026
CVE-2024-39847
7.5 HIGH

Unauthenticated attackers can exploit a weakness in the XML parser functionality of the SOAP endpoints in 4D server. This allows them to obtain read access …

Apr 30, 2026
CVE-2026-7379
5.5 MEDIUM

Memory leak in sharkd 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

Apr 30, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.