CVE Database

36368+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-44693
8.8 HIGH

Pi-hole FTL is the core engine of the Pi-hole network-level advertisement and tracker blocker. Prior to version 6.6.1, Pi-hole FTL contains a race condition vulnerability …

Jun 10, 2026
CVE-2026-42558
7.6 HIGH

Xibo is an open source digital signage platform with a web content management system and Windows display player software. Prior to 4.4.2, a vulnerability chain …

Jun 10, 2026
CVE-2026-42305
8.8 HIGH

Dulwich is a pure-Python implementation of the Git file formats and protocols. Versions starting with 0.10.0 and prior to 1.2.5 have an arbitrary file write …

Jun 10, 2026
CVE-2026-53738
8.1 HIGH

Copy & Delete Posts through 1.5.4 lets any plugin-enabled non-admin role invoke every operation in the cdp_action_handling AJAX handler. Attackers with an enabled role can …

Jun 10, 2026
CVE-2026-50131
8.6 HIGH

Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Fedify previously addressed SSRF/internal network access in GHSA-p9cg-vqcc-grcx by adding public URL …

Jun 10, 2026
CVE-2026-48110
7.5 HIGH

Russh is a Rust SSH client & server library. From version 0.34.0 to before version 0.61.0, several russh client and server message handlers decoded attacker-controlled …

Jun 10, 2026
CVE-2026-46702
7.5 HIGH

Russh is a Rust SSH client & server library. From version 0.34.0 to before version 0.61.1, when SSH compression is enabled, russh accepted compressed packets …

Jun 10, 2026
CVE-2026-46679
7.5 HIGH

libp2p is a JavaScript Implementation of libp2p networking stack. Prior to version 15.0.23, three cooperating omissions in @libp2p/gossipsub allow an unauthenticated single peer to exhaust …

Jun 10, 2026
CVE-2026-46673
7.5 HIGH

Russh is a Rust SSH client & server library. Prior to version 0.60.3, CryptoVec used unchecked capacity growth, unchecked length arithmetic, and unsafe allocation/locking paths. …

Jun 10, 2026
CVE-2026-46669
7.5 HIGH

OpenVM is a performant and modular zkVM framework built for customization and extensibility. Prior to version 1.6.0, the openvm-pairing guest library's try_honest_pairing_check function invokes Theorem …

Jun 10, 2026
CVE-2026-46625
7.5 HIGH

JavaScript Cookie is a JavaScript API for handling cookies, client-side. Prior to version 3.0.7, js-cookie's internal assign() helper copies properties with for...in + plain assignment. …

Jun 10, 2026
CVE-2026-46522
7.5 HIGH

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2.23 and 6.9.13-48, due to a missing check in …

Jun 10, 2026
CVE-2026-46520
7.5 HIGH

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, when reading multiple images with different …

Jun 10, 2026
CVE-2026-45783
7.5 HIGH

libp2p is a JavaScript Implementation of libp2p networking stack. Prior to version 16.2.6, an unauthenticated remote peer can exhaust the disk storage of any @libp2p/kad-dht …

Jun 10, 2026
CVE-2026-44692
7.7 HIGH

Sharp is a content management framework built for Laravel as a package. Prior to version 9.22.0, Sharp exposes a generic download endpoint that authorizes access …

Jun 10, 2026
CVE-2026-42542
7.5 HIGH

TDengine is an open source, time-series database optimized for Internet of Things devices. In versions 3.4.0.0 through 3.4.1.5, an unauthenticated remote attacker can crash the …

Jun 10, 2026
CVE-2026-42462
7.0 HIGH

Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Prior to versions 1.9.11, 1.10.10, 2.0.18, 2.1.14, and 2.2.3, an attacker can …

Jun 10, 2026
CVE-2026-2049
7.8 HIGH

GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. …

Jun 10, 2026
CVE-2026-10143
7.5 HIGH

kafka-python prior to 2.3.2 contains a denial-of-service vulnerability in SCRAM authentication handling that allows a malicious or machine-in-the-middle broker to freeze the client event loop …

Jun 10, 2026
CVE-2026-10142
7.5 HIGH

kafka-python prior to 2.3.2 contains a denial-of-service vulnerability in the protocol parser that allows a malicious broker or machine-in-the-middle attacker to exhaust memory or hang …

Jun 10, 2026
CVE-2022-26758
7.1 HIGH

A malicious application may cause unexpected changes in memory shared between processes. A memory corruption issue was addressed with improved state management. This issue is …

Jun 10, 2026
CVE-2026-6893
7.5 HIGH

A flaw was found in dracut. A remote attacker on the adjacent network can exploit this vulnerability by providing specially crafted DHCP (Dynamic Host Configuration …

Jun 10, 2026
CVE-2026-1220
7.5 HIGH

Race in V8 in Google Chrome prior to 144.0.7559.99 allowed a remote attacker to potentially exploit type confusion via a crafted HTML page. (Chromium security …

Jun 10, 2026
CVE-2026-50637
8.2 HIGH

Metrics::Any::Adapter::Statsd versions before 0.04 for Perl does not protect against metric injections. The statsd protocol (and extensions) allow mutiple metrics,separated by newlines, to be sent …

Jun 10, 2026
CVE-2026-50570
8.5 HIGH

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.25.0, Fission added PodSpec safety …

Jun 10, 2026
CVE-2026-50567
7.7 HIGH

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.25.0, Unarchive in pkg/utils/zip.go joined …

Jun 10, 2026
CVE-2026-49824
8.5 HIGH

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, the Fission Function admission …

Jun 10, 2026
CVE-2026-49823
7.7 HIGH

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, a Fission Function spec …

Jun 10, 2026
CVE-2026-49822
7.7 HIGH

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, a low-privilege developer who …

Jun 10, 2026
CVE-2026-49821
7.7 HIGH

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, Fission's buildermgr controller processed …

Jun 10, 2026
CVE-2026-46612
8.8 HIGH

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.23.0, the Fission storagesvc component …

Jun 10, 2026
CVE-2026-45062
8.1 HIGH

FrankenPHP is a modern application server for PHP. From version 1.11.2 to before version 1.12.3, the splitPos() function in cgi.go misuses golang.org/x/text/search with search.IgnoreCase when …

Jun 10, 2026
CVE-2026-20258
7.1 HIGH

In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.11, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that …

Jun 10, 2026
CVE-2026-20252
7.6 HIGH

In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.4.2604.3, 10.3.2512.12, 10.2.2510.14, 10.1.2507.22, and 9.3.2411.132, a low-privileged user …

Jun 10, 2026
CVE-2026-20251
8.8 HIGH

In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, Splunk Cloud Platform versions below 10.3.2512.12, 10.2.2510.14, 10.1.2507.22, and 9.3.2411.132, and Splunk Secure Gateway versions …

Jun 10, 2026
CVE-2026-11417
7.3 HIGH

OS command injection in the NodejsFunction local bundling pipeline in aws-cdk-lib before 2.245.0 (2.246.0 on Windows) might allow an actor who controls the value of …

Jun 10, 2026
CVE-2026-49759
8.2 HIGH

Stack-based Buffer Overflow vulnerability in Erlang OTP erts (inet_drv) allows an unauthenticated remote attacker to crash the BEAM VM by sending a crafted SCTP ERROR …

Jun 10, 2026
CVE-2026-46558
8.3 HIGH

Plane is an open-source project management tool. Prior to version 1.3.1, there is a cross-workspace asset authorization bypass lets any authenticated user read, copy, delete, …

Jun 10, 2026
CVE-2026-45569
8.1 HIGH

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, ommit d4d10006 ("Expand validation to block .. …

Jun 10, 2026
CVE-2026-45567
8.3 HIGH

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, there is an authentication bypass vulnerability via …

Jun 10, 2026
CVE-2026-45565
8.1 HIGH

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, EscapedString (app/modules/roxywi/class_models.py:16-30) is the centralised Pydantic validator …

Jun 10, 2026
CVE-2026-25700
7.2 HIGH

Improper Restriction of Security Token Assignment vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. Previously issued administrative tokens were not invalidated after …

Jun 10, 2026
CVE-2026-9045
7.8 HIGH

During an internal security assessment, a potential vulnerability was discovered in Lenovo Accessories and Display Manager for Enterprise for Windows that could allow a local …

Jun 10, 2026
CVE-2026-8637
7.8 HIGH

A potential uncontrolled search path vulnerability was reported in the LanSchool Classic client application that could allow a local authenticated user to execute arbitrary code …

Jun 10, 2026
CVE-2026-6090
7.0 HIGH

A potential authentication bypass was reported in Lenovo Smart Connect for Windows that could allow a local authenticated user to execute arbitrary code with elevated …

Jun 10, 2026
CVE-2026-53689
7.1 HIGH

libnfs through 6.0.2 before 55c18ea does not validate a string size, leading to an integer overflow during a connection to a crafted NFS server. This …

Jun 10, 2026
CVE-2026-53473
7.3 HIGH

A flaw was found in migration-planner-ui-app. An attacker can register a malicious discovery agent with a specially crafted credentialUrl containing JavaScript code. When an organizational …

Jun 10, 2026
CVE-2026-45564
8.8 HIGH

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, POST /config/versions/<service>/<server_ip>/<configver>/save interpolates the URL-path configver parameter …

Jun 10, 2026
CVE-2026-45549
8.5 HIGH

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, agent_action (app/routes/smon/agent_routes.py:166-179) has decorators @bp.post('/agent/action/<action>') and @jwt_required() …

Jun 10, 2026
CVE-2026-9758
7.3 HIGH

Improper comparison with the certificates trusted list in S2OPC allows an attacker well-formed untrusted certificate to be considered trusted

Jun 10, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.