CVE Database

108042+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-54350
10.0 CRITICAL

Budibase is an open-source low-code platform. Prior to 3.39.12, an unauthenticated visitor of any published Budibase app reads every document of the backing MongoDB, CouchDB, …

Jun 26, 2026
CVE-2026-52885
6.3 MEDIUM

Notepad++ is a free and open-source source code editor. Prior to 8.9.6.4, NppCommands.cpp checks the HMAC of the on-disk shortcuts.xml at the moment a user …

Jun 26, 2026
CVE-2026-52884
7.8 HIGH

Notepad++ is a free and open-source source code editor. In v8.9.6.1, isInTrustedDirectory() does NOT canonicalize the path before checking. It uses a prefix-based check (PathIsPrefix() …

Jun 26, 2026
CVE-2026-50137
9.4 CRITICAL

Budibase is an open-source low-code platform. Prior to 3.39.0, an anonymous attacker who knows or can enumerate a workspace id (app_...) and an S3-source datasource …

Jun 26, 2026
CVE-2026-50136
7.4 HIGH

Budibase is an open-source low-code platform. Prior to 3.39.3, the application server exposes an unauthenticated endpoint that generates S3 PutObject presigned URLs using credentials stored …

Jun 26, 2026
CVE-2026-50132
7.3 HIGH

Budibase is an open-source low-code platform. Prior to 3.39.0, `GET /api/chat-links/:instance/:token/handoff` is a public endpoint (no auth required) that performs a permanent, state-changing operation: it …

Jun 26, 2026
CVE-2026-48800
7.8 HIGH

Notepad++ is a free and open-source source code editor. Prior to 8.9.6.1, the <Command> tag text content inside <UserDefinedCommands> in shortcuts.xml is read by NppXml::value(aNode) …

Jun 26, 2026
CVE-2026-48778
7.8 HIGH

Notepad++ is a free and open-source source code editor. Prior to 8.9.6.1, the <GUIConfig name="commandLineInterpreter"> tag in config.xml is read by NppXml::value() (Parameters.cpp:6430) and stored …

Jun 26, 2026
CVE-2026-48770
5.0 MEDIUM

Notepad++ is a free and open-source source code editor. Prior to 8.9.6.1, a local process in the same interactive Windows session can send a malformed …

Jun 26, 2026
CVE-2026-46710
7.8 HIGH

Notepad++ is a free and open-source source code editor. From 8.9.4 until 8.9.6, Notepad++ contains a local privilege escalation vulnerability in the installer. During installation, …

Jun 26, 2026
CVE-2026-46604
7.5 HIGH

The TIFF decoder can panic when decoding an invalid image with an out-of-bounds strip offset.

Jun 26, 2026
CVE-2026-39031
5.5 MEDIUM

Lansweeper lsrunase 2.0 and lsencrypt 2.0 use RC4 encryption with a hardcoded 142-byte static key array to encrypt credentials. An 8-character prefix is stored in …

Jun 26, 2026
CVE-2026-38641
7.5 HIGH

An issue in the DSO::mmap_and_copy function of relibc commit 61f42d allows attackers to cause a Denial of Service (DoS) via loading a crafted shared library.

Jun 26, 2026
CVE-2026-38639
7.5 HIGH

An issue in the parse_month function (/time/strptime.rs) of relibc commit ab6a2e allows attackers to cause a Denial of Service (DoS) via parsing a crafted input.

Jun 26, 2026
CVE-2024-23581
6.7 MEDIUM

The HCL Traveler for Microsoft Outlook libraries are being flagged as potentially malicious software or an unrecognized application.

Jun 26, 2026
CVE-2026-55838
4.3 MEDIUM

RustFS is a distributed object storage system built in Rust. In 1.0.0-beta.7 and earlier, the real-time metrics endpoint at /rustfs/admin/v3/metrics is accessible to any valid …

Jun 26, 2026
CVE-2026-55189
7.7 HIGH

RustFS is a distributed object storage system built in Rust. From 1.0.0-alpha.1 until 1.0.0-beta.9, when the FTP frontend is enabled, the FTP read and probe …

Jun 26, 2026
CVE-2026-55188
8.2 HIGH

RustFS is a distributed object storage system built in Rust. From 1.0.0-alpha.1 until 1.0.0-beta.9, RustFS contains an authorization bypass in the bucket replication admin API. …

Jun 26, 2026
CVE-2026-53324

In the Linux kernel, the following vulnerability has been resolved: net: mana: Use pci_name() for debugfs directory naming Use pci_name(pdev) for the per-device debugfs directory …

Jun 26, 2026
CVE-2026-53323

In the Linux kernel, the following vulnerability has been resolved: net: dsa: remove redundant netdev_lock_ops() from conduit ethtool ops DSA replaces the conduit (master) device's …

Jun 26, 2026
CVE-2026-53322
8.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Clean up DMABUFs before disabling function On device shutdown, make vfio_pci_core_close_device() call vfio_pci_dma_buf_cleanup() before …

Jun 26, 2026
CVE-2026-53321

In the Linux kernel, the following vulnerability has been resolved: io_uring/napi: cap busy_poll_to 10 msec Currently there's no cap on the maximum amount of time …

Jun 26, 2026
CVE-2026-53320

In the Linux kernel, the following vulnerability has been resolved: nilfs2: reject zero bd_oblocknr in nilfs_ioctl_mark_blocks_dirty() nilfs_ioctl_mark_blocks_dirty() uses bd_oblocknr to detect dead blocks by comparing …

Jun 26, 2026
CVE-2026-53319

In the Linux kernel, the following vulnerability has been resolved: blk-wbt: remove WARN_ON_ONCE from wbt_init_enable_default() wbt_init_enable_default() uses WARN_ON_ONCE to check for failures from wbt_alloc() and …

Jun 26, 2026
CVE-2026-53318

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7925: prevent NULL pointer dereference in mt7925_tx_check_aggr() Move the NULL check for 'sta' …

Jun 26, 2026
CVE-2026-53317

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7921: Place upper limit on station AID Any station configured with an AID …

Jun 26, 2026
CVE-2026-53316

In the Linux kernel, the following vulnerability has been resolved: drm/amd/ras: Fix NULL deref in ras_core_ras_interrupt_detected() Fixes a NULL pointer dereference when ras_core is NULL …

Jun 26, 2026
CVE-2026-53315

In the Linux kernel, the following vulnerability has been resolved: drm/amd/ras: Fix NULL deref in ras_core_get_utc_second_timestamp() ras_core_get_utc_second_timestamp() retrieves the current UTC timestamp (in seconds since …

Jun 26, 2026
CVE-2026-53314

In the Linux kernel, the following vulnerability has been resolved: padata: Put CPU offline callback in ONLINE section to allow failure syzbot reported the following …

Jun 26, 2026
CVE-2026-53313

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Avoid NULL dereference in dc_dmub_srv error paths In dc_dmub_srv_log_diagnostic_data() and dc_dmub_srv_enable_dpia_trace(). Both functions check: …

Jun 26, 2026
CVE-2026-53312

In the Linux kernel, the following vulnerability has been resolved: iommu/riscv: Remove overflows on the invalidation path Since RISC-V supports a sign extended page table …

Jun 26, 2026
CVE-2026-53311

In the Linux kernel, the following vulnerability has been resolved: fuse: fix uninit-value in fuse_dentry_revalidate() fuse_dentry_revalidate() may be called with a dentry that didn't had …

Jun 26, 2026
CVE-2026-53310

In the Linux kernel, the following vulnerability has been resolved: soc/tegra: cbb: Fix cross-fabric target timeout lookup When a fabric receives an error interrupt, the …

Jun 26, 2026
CVE-2026-53309
9.8 CRITICAL

In the Linux kernel, the following vulnerability has been resolved: ocfs2/dlm: fix off-by-one in dlm_match_regions() region comparison The local-vs-remote region comparison loop uses '<=' instead …

Jun 26, 2026
CVE-2026-53308

In the Linux kernel, the following vulnerability has been resolved: power: supply: max77705: Free allocated workqueue and fix removal order Use devm interface for allocating …

Jun 26, 2026
CVE-2026-53307

In the Linux kernel, the following vulnerability has been resolved: pinctrl: pinconf-generic: Fully validate 'pinmux' property The pinconf_generic_parse_dt_pinmux() assumes that the 'pinmux' property is not …

Jun 26, 2026
CVE-2026-53306

In the Linux kernel, the following vulnerability has been resolved: tty: hvc_iucv: fix off-by-one in number of supported devices MAX_HVC_IUCV_LINES == HVC_ALLOC_TTY_ADAPTERS == 8. This …

Jun 26, 2026
CVE-2026-53305

In the Linux kernel, the following vulnerability has been resolved: usb: typec: ps883x: Fix Oops at unbind When trying to unbind a device in order …

Jun 26, 2026
CVE-2026-53304

In the Linux kernel, the following vulnerability has been resolved: scsi: sg: Resolve soft lockup issue when opening /dev/sgX The parameter def_reserved_size defines the default …

Jun 26, 2026
CVE-2026-53303

In the Linux kernel, the following vulnerability has been resolved: f2fs: protect extension_list reading with sb_lock in f2fs_sbi_show() In f2fs_sbi_show(), the extension_list, extension_count and hot_ext_count …

Jun 26, 2026
CVE-2026-53302

In the Linux kernel, the following vulnerability has been resolved: crypto: eip93 - fix hmac setkey algo selection eip93_hmac_setkey() allocates a temporary ahash transform for …

Jun 26, 2026
CVE-2026-53301

In the Linux kernel, the following vulnerability has been resolved: reset: amlogic: t7: Fix null reset ops Fix missing reset ops causing kernel null pointer …

Jun 26, 2026
CVE-2026-53300
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: net: enetc: fix NTMP DMA use-after-free issue The AI-generated review reported a potential DMA use-after-free …

Jun 26, 2026
CVE-2026-53299

In the Linux kernel, the following vulnerability has been resolved: net: airoha: Move ndesc initialization at end of airoha_qdma_init_tx() If queue entry list allocation fails …

Jun 26, 2026
CVE-2026-53298

In the Linux kernel, the following vulnerability has been resolved: net: airoha: Move ndesc initialization at end of airoha_qdma_init_rx_queue() If queue entry or DMA descriptor …

Jun 26, 2026
CVE-2026-53297

In the Linux kernel, the following vulnerability has been resolved: net: mana: Guard mana_remove against double invocation If PM resume fails (e.g., mana_attach() returns an …

Jun 26, 2026
CVE-2026-53296

In the Linux kernel, the following vulnerability has been resolved: mailbox: mailbox-test: free channels on probe error On probe error, free the previously obtained channels. …

Jun 26, 2026
CVE-2026-53295

In the Linux kernel, the following vulnerability has been resolved: mailbox: add sanity check for channel array Fail gracefully if there is no channel array …

Jun 26, 2026
CVE-2026-53294

In the Linux kernel, the following vulnerability has been resolved: mailbox: mailbox-test: don't free the reused channel The RX channel can be aliased to the …

Jun 26, 2026
CVE-2026-53293

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix AMDGPU_INFO_READ_MMR_REG There were multiple issues in that code. First of all the order …

Jun 26, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.