CVE Database

110968+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-31441
5.5 MEDIUM

In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix memory leak when a wq is reset idxd_wq_disable_cleanup() which is called from …

Apr 22, 2026
CVE-2026-31440
5.5 MEDIUM

In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix leaking event log memory During the device remove process, the device is …

Apr 22, 2026
CVE-2026-31439

In the Linux kernel, the following vulnerability has been resolved: dmaengine: xilinx: xdma: Fix regmap init error handling devm_regmap_init_mmio returns an ERR_PTR() upon error, not …

Apr 22, 2026
CVE-2026-31438

In the Linux kernel, the following vulnerability has been resolved: netfs: Fix kernel BUG in netfs_limit_iter() for ITER_KVEC iterators When a process crashes and the …

Apr 22, 2026
CVE-2026-31437

In the Linux kernel, the following vulnerability has been resolved: netfs: Fix NULL pointer dereference in netfs_unbuffered_write() on retry When a write subrequest is marked …

Apr 22, 2026
CVE-2026-31436
9.8 CRITICAL

In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: fix possible wrong descriptor completion in llist_abort_desc() At the end of this function, …

Apr 22, 2026
CVE-2026-31435
8.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: netfs: Fix read abandonment during retry Under certain circumstances, all the remaining subrequests from a …

Apr 22, 2026
CVE-2026-31434

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix leak of kobject name for sub-group space_info When create_space_info_sub_group() allocates elements of space_info->sub_group[], …

Apr 22, 2026
CVE-2026-31192
6.5 MEDIUM

Insufficient validation of Chrome extension identifiers in Raindrop.io Bookmark Manager Web App 5.6.76.0 allows attackers to obtain sensitive user data via a crafted request.

Apr 22, 2026
CVE-2026-0539

Incorrect Default Permissions in pcvisit service binary on Windows allows a low-privileged local attacker to escalate their privileges by overwriting the service binary with arbitrary …

Apr 22, 2026
CVE-2014-125120

Rejected reason: This CVE has the been REJECTED and will not be published by the CNA.

Apr 22, 2026
CVE-2013-10056

Rejected reason: This CVE has the been REJECTED and will not be published by the CNA.

Apr 22, 2026
CVE-2013-10045

Rejected reason: This CVE has the been REJECTED and will not be published by the CNA.

Apr 22, 2026
CVE-2013-10041

Rejected reason: This CVE has the been REJECTED and will not be published by the CNA.

Apr 22, 2026
CVE-2011-10031

Rejected reason: This CVE has the been REJECTED and will not be published by the CNA.

Apr 22, 2026
CVE-2010-20124

Rejected reason: This CVE has the been REJECTED and will not be published by the CNA.

Apr 22, 2026
CVE-2010-20118

Rejected reason: This CVE has the been REJECTED and will not be published by the CNA.

Apr 22, 2026
CVE-2010-20117

Rejected reason: This CVE has the been REJECTED and will not be published by the CNA.

Apr 22, 2026
CVE-2010-20116

Rejected reason: This CVE has the been REJECTED and will not be published by the CNA.

Apr 22, 2026
CVE-2010-20110

Rejected reason: This CVE has the been REJECTED and will not be published by the CNA.

Apr 22, 2026
CVE-2009-20012

Rejected reason: This CVE has the been REJECTED and will not be published by the CNA.

Apr 22, 2026
CVE-2008-20003

Rejected reason: This CVE has the been REJECTED and will not be published by the CNA.

Apr 22, 2026
CVE-2008-20002

Rejected reason: This CVE has the been REJECTED and will not be published by the CNA.

Apr 22, 2026
CVE-2005-20001

Rejected reason: This CVE has the been REJECTED and will not be published by the CNA.

Apr 22, 2026
CVE-2000-5001

Rejected reason: This CVE has the been REJECTED and will not be published by the CNA.

Apr 22, 2026
CVE-2026-6857
7.5 HIGH

A flaw was found in camel-infinispan. This vulnerability involves unsafe deserialization in the ProtoStream remote aggregation repository. A remote attacker with low privileges could exploit …

Apr 22, 2026
CVE-2026-6855
7.1 HIGH

A flaw was found in InstructLab. A local attacker could exploit a path traversal vulnerability in the chat session handler by manipulating the `logs_dir` parameter. …

Apr 22, 2026
CVE-2026-6848
5.4 MEDIUM

A flaw was found in Red Hat Quay. When Red Hat Quay requests password re-verification for sensitive operations, such as token generation or robot account …

Apr 22, 2026
CVE-2026-33601
4.4 MEDIUM

If you use the zoneToCache function with a malicious authoritative server, an attacker can send a zone that result in a null pointer dereference, caused …

Apr 22, 2026
CVE-2026-33600
4.4 MEDIUM

An RPZ sent by a malicious authoritative server can result in a null pointer dereference, caused by a missing consistency check and leading to a …

Apr 22, 2026
CVE-2026-33262
5.9 MEDIUM

An attacker can send replies that result in a null pointer dereference, caused by a missing consistency check and leading to a denial of service. …

Apr 22, 2026
CVE-2026-33261
5.9 MEDIUM

A zone transition from NSEC to NSEC3 might trigger an internal inconsistency and cause a denial of service.

Apr 22, 2026
CVE-2026-33260
5.3 MEDIUM

An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal …

Apr 22, 2026
CVE-2026-33259
5.0 MEDIUM

Having many concurrent transfers of the same RPZ can lead to inconsistent RPZ data, use after free and/or a crash of the recursor. Normally concurrent …

Apr 22, 2026
CVE-2026-33258
5.3 MEDIUM

By publishing and querying a crafted zone an attacker can cause allocation of large entries in the negative and aggressive NSEC(3) caches.

Apr 22, 2026
CVE-2026-33257
5.3 MEDIUM

An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal …

Apr 22, 2026
CVE-2026-33256
5.3 MEDIUM

An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal …

Apr 22, 2026
CVE-2026-1930
4.3 MEDIUM

The Emailchef plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the page_options_ajax_disconnect() function in all versions …

Apr 22, 2026
CVE-2026-1913
6.4 MEDIUM

The Gallagher Website Design plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's login_link shortcode in all versions up to, and including, …

Apr 22, 2026
CVE-2026-1395
6.4 MEDIUM

The Gutentools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Slider block's block_id attribute in all versions up to, and including, …

Apr 22, 2026
CVE-2026-6846
7.8 HIGH

A flaw was found in binutils. A heap-buffer-overflow vulnerability exists when processing a specially crafted XCOFF (Extended Common Object File Format) object file during linking. …

Apr 22, 2026
CVE-2026-6845
5.0 MEDIUM

A flaw was found in binutils, specifically within the `readelf` utility. This vulnerability allows a local attacker to cause a Denial of Service (DoS) by …

Apr 22, 2026
CVE-2026-6844
5.5 MEDIUM

A flaw was found in the `readelf` utility of the binutils package. A local attacker could exploit two Denial of Service (DoS) vulnerabilities by providing …

Apr 22, 2026
CVE-2026-6843
5.5 MEDIUM

A flaw was found in nano. A local user could exploit a format string vulnerability in the `statusline()` function. By creating a directory with a …

Apr 22, 2026
CVE-2026-6396
4.3 MEDIUM

The Fast & Fancy Filter – 3F plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.2.2. This is …

Apr 22, 2026
CVE-2026-6294
4.3 MEDIUM

The Google PageRank Display plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.4. This is due to missing …

Apr 22, 2026
CVE-2026-6246
6.4 MEDIUM

The Simple Random Posts Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'container_right_width' attribute of the 'simple_random_posts' shortcode in all versions …

Apr 22, 2026
CVE-2026-6236
6.4 MEDIUM

The Posts map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name' shortcode attribute in all versions up to, and including, 0.1.3 …

Apr 22, 2026
CVE-2026-6235
9.8 CRITICAL

The Sendmachine for WordPress plugin for WordPress is vulnerable to authorization bypass via the 'manage_admin_requests' function in all versions up to, and including, 1.0.20. This …

Apr 22, 2026
CVE-2026-6041
4.4 MEDIUM

The Buzz Comments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Custom Buzz Avatar' (buzz_comments_avatar_image) setting in all versions up to, and …

Apr 22, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.