CVE Database

110968+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-35355
6.3 MEDIUM

The install utility in uutils coreutils is vulnerable to a Time-of-Check to Time-of-Use (TOCTOU) race condition during file installation. The implementation unlinks an existing destination …

Apr 22, 2026
CVE-2026-35354
4.7 MEDIUM

A Time-of-Check to Time-of-Use (TOCTOU) vulnerability exists in the mv utility of uutils coreutils during cross-device moves. The extended attribute (xattr) preservation logic uses multiple …

Apr 22, 2026
CVE-2026-35353
3.3 LOW

The mkdir utility in uutils coreutils incorrectly applies permissions when using the -m flag by creating a directory with umask-derived permissions (typically 0755) before subsequently …

Apr 22, 2026
CVE-2026-35352
7.0 HIGH

A Time-of-Check to Time-of-Use (TOCTOU) race condition exists in the mkfifo utility of uutils coreutils. The utility creates a FIFO and then performs a path-based …

Apr 22, 2026
CVE-2026-35351
4.2 MEDIUM

The mv utility in uutils coreutils fails to preserve file ownership during moves across different filesystem boundaries. The utility falls back to a copy-and-delete routine …

Apr 22, 2026
CVE-2026-35350
6.6 MEDIUM

The cp utility in uutils coreutils fails to properly handle setuid and setgid bits when ownership preservation fails. When copying with the -p (preserve) flag, …

Apr 22, 2026
CVE-2026-35349
6.7 MEDIUM

A vulnerability in the rm utility of uutils coreutils allows a bypass of the --preserve-root protection. The implementation uses a path-string check rather than comparing …

Apr 22, 2026
CVE-2026-35348
5.5 MEDIUM

The sort utility in uutils coreutils is vulnerable to a process panic when using the --files0-from option with inputs containing non-UTF-8 filenames. The implementation enforces …

Apr 22, 2026
CVE-2026-35347
4.4 MEDIUM

The comm utility in uutils coreutils incorrectly consumes data from non-regular file inputs before performing comparison operations. The are_files_identical function opens and reads from both …

Apr 22, 2026
CVE-2026-35346
3.3 LOW

The comm utility in uutils coreutils silently corrupts data by performing lossy UTF-8 conversion on all output lines. The implementation uses String::from_utf8_lossy(), which replaces invalid …

Apr 22, 2026
CVE-2026-35345
5.3 MEDIUM

A vulnerability in the tail utility of uutils coreutils allows for the exfiltration of sensitive file contents when using the --follow=name option. Unlike GNU tail, …

Apr 22, 2026
CVE-2026-35344
3.3 LOW

The dd utility in uutils coreutils suppresses errors during file truncation operations by unconditionally calling Result::ok() on truncation attempts. While intended to mimic GNU behavior …

Apr 22, 2026
CVE-2026-35343
3.3 LOW

The cut utility in uutils coreutils incorrectly handles the -s (only-delimited) option when a newline character is specified as the delimiter. The implementation fails to …

Apr 22, 2026
CVE-2026-35342
3.3 LOW

The mktemp utility in uutils coreutils fails to properly handle an empty TMPDIR environment variable. Unlike GNU mktemp, which falls back to /tmp when TMPDIR …

Apr 22, 2026
CVE-2026-35341
7.1 HIGH

A vulnerability in uutils coreutils mkfifo allows for the unauthorized modification of permissions on existing files. When mkfifo fails to create a FIFO because a …

Apr 22, 2026
CVE-2026-35340
5.5 MEDIUM

A flaw in the ChownExecutor used by uutils coreutils chown and chgrp causes the utilities to return an incorrect exit code during recursive operations. The …

Apr 22, 2026
CVE-2026-35339
5.5 MEDIUM

The recursive mode (-R) of the chmod utility in uutils coreutils incorrectly handles exit codes when processing multiple files. The final return value is determined …

Apr 22, 2026
CVE-2026-35338
7.3 HIGH

A vulnerability in the chmod utility of uutils coreutils allows users to bypass the --preserve-root safety mechanism. The implementation only validates if the target path …

Apr 22, 2026
CVE-2026-32885
6.5 MEDIUM

DDEV is an open-source tool for running local web development environments for PHP and Node.js. Versions prior to 1.25.2 have unsanitized extraction in both `Untar()` …

Apr 22, 2026
CVE-2026-1660
6.5 MEDIUM

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.3 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that under certain …

Apr 22, 2026
CVE-2025-9957
2.7 LOW

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.2 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that under certain …

Apr 22, 2026
CVE-2025-6016
6.5 MEDIUM

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.2 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that could have …

Apr 22, 2026
CVE-2025-3922
6.5 MEDIUM

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.4 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that could have …

Apr 22, 2026
CVE-2025-0186
6.5 MEDIUM

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.6 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that could have …

Apr 22, 2026
CVE-2026-30139
6.1 MEDIUM

A reflected cross-site scripting (XSS) vulnerability in the AdvancedSearch functionality of Silverpeas Core before version 6.4.6 allows attackers to execute arbitrary JavaScript in the context …

Apr 22, 2026
CVE-2025-58922
4.3 MEDIUM

Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Avada allows Cross Site Request Forgery.This issue affects Avada: from n/a before 7.13.2.

Apr 22, 2026
CVE-2024-58344
6.4 MEDIUM

Carbon Forum 5.9.0 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious JavaScript code through the Forum Name field in dashboard …

Apr 22, 2026
CVE-2018-25272
9.8 CRITICAL

ELBA5 5.8.0 contains a remote code execution vulnerability that allows attackers to obtain database credentials and execute arbitrary commands with SYSTEM level permissions. Attackers can …

Apr 22, 2026
CVE-2018-25271
6.2 MEDIUM

Textpad 8.1.2 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long buffer string through the …

Apr 22, 2026
CVE-2018-25270
9.8 CRITICAL

ThinkPHP 5.0.23 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by invoking functions through the routing parameter. Attackers …

Apr 22, 2026
CVE-2018-25269
6.1 MEDIUM

ICEWARP 11.0.0.0 contains a cross-site scripting vulnerability that allows attackers to inject malicious HTML elements into emails by embedding base64-encoded payloads in object and embed …

Apr 22, 2026
CVE-2018-25268
8.4 HIGH

LanSpy 2.0.1.159 contains a local buffer overflow vulnerability that allows attackers to overwrite the instruction pointer by supplying oversized input to the scan field. Attackers …

Apr 22, 2026
CVE-2018-25267
6.2 MEDIUM

UltraISO 9.7.1.3519 contains a local buffer overflow vulnerability in the Output FileName field of the Make CD/DVD Image dialog that allows attackers to overwrite SEH …

Apr 22, 2026
CVE-2018-25266
6.2 MEDIUM

Angry IP Scanner 3.5.3 contains a buffer overflow vulnerability in the preferences dialog that allows local attackers to crash the application by supplying an excessively …

Apr 22, 2026
CVE-2018-25265
8.4 HIGH

LanSpy 2.0.1.159 contains a local buffer overflow vulnerability in the scan section that allows local attackers to execute arbitrary code by exploiting structured exception handling …

Apr 22, 2026
CVE-2018-25262
6.2 MEDIUM

Angry IP Scanner for Linux 3.5.3 contains a denial of service vulnerability that allows local attackers to crash the application by supplying malformed input to …

Apr 22, 2026
CVE-2018-25261
8.4 HIGH

Iperius Backup 5.8.1 contains a local buffer overflow vulnerability in the structured exception handling (SEH) mechanism that allows local attackers to execute arbitrary code by …

Apr 22, 2026
CVE-2018-25260
8.4 HIGH

MAGIX Music Editor 3.1 contains a buffer overflow vulnerability in the FreeDB Proxy Options dialog that allows local attackers to execute arbitrary code by exploiting …

Apr 22, 2026
CVE-2018-25259
8.4 HIGH

Terminal Services Manager 3.1 contains a stack-based buffer overflow vulnerability in the computer names field that allows local attackers to execute arbitrary code by triggering …

Apr 22, 2026
CVE-2026-35548
8.5 HIGH

An issue was discovered in guardsix (formerly Logpoint) ODBC Enrichment Plugins before 5.2.1 (5.2.1 is used in guardsix 7.9.0.0). A logic flaw allowed stored database …

Apr 22, 2026
CVE-2026-6862
5.5 MEDIUM

A flaw was found in libefiboot, a component of efivar. The device path node parser in libefiboot fails to validate that each node's Length field …

Apr 22, 2026
CVE-2026-6861
6.1 MEDIUM

A flaw was found in GNU Emacs. This vulnerability, a memory corruption issue, occurs when Emacs processes specially crafted SVG (Scalable Vector Graphics) CSS (Cascading …

Apr 22, 2026
CVE-2026-6859
8.8 HIGH

A flaw was found in InstructLab. The `linux_train.py` script hardcodes `trust_remote_code=True` when loading models from HuggingFace. This allows a remote attacker to achieve arbitrary Python …

Apr 22, 2026
CVE-2026-6356
9.6 CRITICAL

A vulnerability in the web application allows standard users to escalate their privileges to those of a super administrator through parameter manipulation, enabling them to …

Apr 22, 2026
CVE-2026-6355
6.5 MEDIUM

A vulnerability in the web application allows unauthorized users to access and manipulate sensitive data across different tenants by exploiting insecure direct object references. This …

Apr 22, 2026
CVE-2026-5750

An insecure direct object reference (IDOR) vulnerability in the Fullstep V5 registration process allows authenticated users to access data belonging to other registered users through …

Apr 22, 2026
CVE-2026-5749

Inadequate access control in the registration process in Fullstep V5, which could allow unauthenticated users to obtain a valid JWT token with which to interact …

Apr 22, 2026
CVE-2026-41651
8.8 HIGH

PackageKit is a a D-Bus abstraction layer that allows the user to manage packages in a secure way using a cross-distro, cross-architecture API. PackageKit between …

Apr 22, 2026
CVE-2026-33611
6.5 MEDIUM

An operator allowed to use the REST API can cause the Authoritative server to produce invalid HTTPS or SVCB record data, which can in turn …

Apr 22, 2026
CVE-2026-33610
5.9 MEDIUM

A rogue primary server may cause file descriptor exhaustion and eventually a denial of service, when a PowerDNS secondary server forwards a DNS update request …

Apr 22, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.