CVE Database

110968+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-31547
5.5 MEDIUM

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix missing runtime PM reference in ccs_mode_store ccs_mode_store() calls xe_gt_reset() which internally invokes xe_pm_runtime_get_noresume(). …

Apr 24, 2026
CVE-2026-31546
5.5 MEDIUM

In the Linux kernel, the following vulnerability has been resolved: net: bonding: fix NULL deref in bond_debug_rlb_hash_show rlb_clear_slave intentionally keeps RLB hash-table entries on the …

Apr 24, 2026
CVE-2026-31545
5.5 MEDIUM

In the Linux kernel, the following vulnerability has been resolved: NFC: nxp-nci: allow GPIOs to sleep Allow the firmware and enable GPIOs to sleep. This …

Apr 24, 2026
CVE-2026-31544
5.5 MEDIUM

In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scmi: Fix NULL dereference on notify error path Since commit b5daf93b809d1 ("firmware: arm_scmi: Avoid …

Apr 24, 2026
CVE-2026-31543
5.5 MEDIUM

In the Linux kernel, the following vulnerability has been resolved: crash_dump: don't log dm-crypt key bytes in read_key_from_user_keying When debug logging is enabled, read_key_from_user_keying() logs …

Apr 24, 2026
CVE-2026-31542
5.5 MEDIUM

In the Linux kernel, the following vulnerability has been resolved: x86/platform/uv: Handle deconfigured sockets When a socket is deconfigured, it's mapped to SOCK_EMPTY (0xffff). This …

Apr 24, 2026
CVE-2026-31541
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: tracing: Fix trace_marker copy link list updates When the "copy_trace_marker" option is enabled for an …

Apr 24, 2026
CVE-2026-31540
5.5 MEDIUM

In the Linux kernel, the following vulnerability has been resolved: drm/i915/gt: Check set_default_submission() before deferencing When the i915 driver firmware binaries are not present, the …

Apr 24, 2026
CVE-2026-31539
7.5 HIGH

In the Linux kernel, the following vulnerability has been resolved: smb: smbdirect: introduce smbdirect_socket.recv_io.credits.available The logic off managing recv credits by counting posted recv_io and …

Apr 24, 2026
CVE-2026-31538
7.5 HIGH

In the Linux kernel, the following vulnerability has been resolved: smb: server: make use of smbdirect_socket.recv_io.credits.available The logic off managing recv credits by counting posted …

Apr 24, 2026
CVE-2026-31537
5.5 MEDIUM

In the Linux kernel, the following vulnerability has been resolved: smb: server: make use of smbdirect_socket.send_io.bcredits It turns out that our code will corrupt the …

Apr 24, 2026
CVE-2026-31536
9.8 CRITICAL

In the Linux kernel, the following vulnerability has been resolved: smb: server: let send_done handle a completion without IB_SEND_SIGNALED With smbdirect_send_batch processing we likely have …

Apr 24, 2026
CVE-2026-31535
4.7 MEDIUM

In the Linux kernel, the following vulnerability has been resolved: smb: client: make use of smbdirect_socket.recv_io.credits.available The logic off managing recv credits by counting posted …

Apr 24, 2026
CVE-2026-31534

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Apr 24, 2026
CVE-2026-31052
5.3 MEDIUM

An issue in Hostbill v.2025-11-24 and 2025-12-01 allows a remote attacker to cause a denial of service via the Checkout Authentication Flow component

Apr 24, 2026
CVE-2026-31051
3.8 LOW

An issue in Hostbill v.2025-11-24 and 2025-12-01 allows a remote attacker to cause a denial of service via the Client Balance component

Apr 24, 2026
CVE-2026-31050
4.9 MEDIUM

Cross Site Scripting vulnerability in Hostbill v.2025-11-24 and 2025-12-01 allows a remote attacker to execute arbitrary code

Apr 24, 2026
CVE-2025-61872
6.1 MEDIUM

Mahara before 25.04.2 and 24.04.11 are vulnerable to displaying results that can trigger XSS via a malicious search query string. This occurs in the 'search …

Apr 24, 2026
CVE-2026-25660
9.8 CRITICAL

CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Authentication bypass occurs when the URL ends …

Apr 24, 2026
CVE-2026-5367
8.6 HIGH

A flaw was found in OVN (Open Virtual Network). A remote attacker, by sending crafted DHCPv6 (Dynamic Host Configuration Protocol for IPv6) SOLICIT packets with …

Apr 24, 2026
CVE-2026-5265
6.5 MEDIUM

When generating an ICMP Destination Unreachable or Packet Too Big response, the handler copies a portion of the original packet into the ICMP error body …

Apr 24, 2026
CVE-2026-40690
4.3 MEDIUM

The asset dependency graph did not restrict nodes by the viewer's DAG read permissions: a user with read access to at least one DAG could …

Apr 24, 2026
CVE-2026-38743
4.3 MEDIUM

The authenticated /ui/dags endpoint did not enforce per-DAG access control on embedded Human-in-the-Loop (HITL) and TaskInstance records: a logged-in Airflow user with read access to …

Apr 24, 2026
CVE-2026-21515
9.9 CRITICAL

Exposure of sensitive information to an unauthorized actor in Azure IOT Central allows an authorized attacker to elevate privileges over a network.

Apr 24, 2026
CVE-2026-6043

P4 Server versions prior to 2026.1 are configured with insecure default settings that, when exposed to untrusted networks, allow unauthenticated attackers to create arbitrary user …

Apr 24, 2026
CVE-2026-4313

AdaptiveGRC is vulnerable to Stored XSS via text type fields across the forms. Authenticated attacker can replace the value of the text field in the …

Apr 24, 2026
CVE-2026-23902
8.1 HIGH

Incorrect Authorization vulnerability in Apache DolphinScheduler allows authenticated users with system login permissions to use tenants that are not defined on the platform during workflow …

Apr 24, 2026
CVE-2026-41044
8.8 HIGH

Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ, Apache ActiveMQ Broker, Apache ActiveMQ All. An authenticated attacker can …

Apr 24, 2026
CVE-2026-41043
6.5 MEDIUM

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Apache ActiveMQ, Apache ActiveMQ Web. An authenticated attacker can show malicious …

Apr 24, 2026
CVE-2026-40466
8.8 HIGH

Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. An authenticated attacker may …

Apr 24, 2026
CVE-2025-62233
6.3 MEDIUM

Deserialization of Untrusted Data vulnerability in Apache DolphinScheduler RPC module. This issue affects Apache DolphinScheduler: Version >= 3.2.0 and < 3.3.1. Attackers who can access …

Apr 24, 2026
CVE-2026-6272

A client holding only a read JWT scope can still register itself as a signal provider through the production kuksa.val.v2 OpenProviderStream API by sending ProvideSignalRequest. …

Apr 24, 2026
CVE-2026-21728
7.5 HIGH

Tempo queries with large limits can cause large memory allocations which can impact the availability of the service, depending on its deployment strategy. Mitigation can …

Apr 24, 2026
CVE-2026-4078
6.4 MEDIUM

The ITERAS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcodes (iteras-ordering, iteras-signup, iteras-paywall-login, iteras-selfservice) in all versions up to and including …

Apr 24, 2026
CVE-2026-3569
5.3 MEDIUM

The Liaison Site Prober plugin for WordPress is vulnerable to Information Exposure in all versions up to and including 1.2.1 via the /wp-json/site-prober/v1/logs REST API …

Apr 24, 2026
CVE-2026-3565
4.3 MEDIUM

The Taqnix plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.3. This is due to a missing …

Apr 24, 2026
CVE-2025-11762
4.3 MEDIUM

The HubSpot All-In-One Marketing - Forms, Popups, Live Chat plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, …

Apr 24, 2026
CVE-2026-1952
9.8 CRITICAL

Delta Electronics AS320T has denial of service via the undocumented subfunction vulnerability.

Apr 24, 2026
CVE-2026-1951
9.8 CRITICAL

Delta Electronics AS320T has no checking of the length of the buffer with the directory name vulnerability.

Apr 24, 2026
CVE-2026-1950
9.8 CRITICAL

Delta Electronics AS320T has No checking of the length of the buffer with the file name vulnerability.

Apr 24, 2026
CVE-2026-6810
5.3 MEDIUM

The Booking Calendar Contact Form plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2.63 via the …

Apr 24, 2026
CVE-2026-5428
6.4 MEDIUM

The Royal Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image captions in the Image Grid/Slider/Carousel widget in versions up to …

Apr 24, 2026
CVE-2026-5364
8.1 HIGH

The Drag and Drop File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file upload in versions up to, and including, …

Apr 24, 2026
CVE-2026-5347
5.3 MEDIUM

The HM Books Gallery plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 4.8.0. This is due to the absence …

Apr 24, 2026
CVE-2026-1949
9.8 CRITICAL

Delta Electronics AS320T has incorrect calculation of the buffer size on the stack in the GET/PUT request handler of the web service.

Apr 24, 2026
CVE-2026-6947
7.5 HIGH

DWM-222W USB Wi-Fi Adapter developed by D-Link has a Brute-Force Protection Bypass vulnerability, allowing unauthenticated adjacent network attackers to bypass login attempt limits to perform …

Apr 24, 2026
CVE-2026-6393
4.3 MEDIUM

The BetterDocs plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 4.3.11. This is due to a missing capability check …

Apr 24, 2026
CVE-2026-5488
5.3 MEDIUM

The ExactMetrics – Google Analytics Dashboard for WordPress plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 9.1.2. This is …

Apr 24, 2026
CVE-2026-41485
7.7 HIGH

Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1.17.2 and 1.16.4, an unchecked type assertion in the `forEach` …

Apr 24, 2026
CVE-2026-41430
6.1 MEDIUM

Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service (SaaS). Redirect parameter on login page is vulnerable to reflected …

Apr 24, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.