CVE Database

36368+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-41842
7.5 HIGH

Spring MVC and WebFlux applications are vulnerable to Denial of Service (DoS) attacks when resolving static resources. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 …

Jun 9, 2026
CVE-2026-41720
7.4 HIGH

Spring LDAP's DirContextAuthenticationStrategy implementations do not reject a bind request where a non-empty username is paired with an empty or null password. Affected versions: Spring …

Jun 9, 2026
CVE-2026-41007
7.5 HIGH

Spring HATEOAS maintains an unbounded static cache of StringLinkRelation instances keyed on attacker-supplied strings. Affected versions: Spring HATEOAS 1.5.0 through 1.5.6; 2.3.0 through 2.3.4; 2.4.0 …

Jun 9, 2026
CVE-2026-41006
7.5 HIGH

Spring HATEOAS's internal PropertyUtils.createObjectFromProperties method, used by the Collection+JSON and UBER media type deserializers, performs bean property binding via reflection without consulting Jackson access-control annotations. …

Jun 9, 2026
CVE-2026-40984
7.5 HIGH

In Micrometer, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Affected versions: micrometer-core 1.16.0 …

Jun 9, 2026
CVE-2026-40983
7.5 HIGH

In Micrometer, it is possible for a user to provide specially crafted gRPC requests that may cause a denial-of-service (DoS) condition. Affected versions: Micrometer 1.16.0 …

Jun 9, 2026
CVE-2026-26236
7.5 HIGH

A missing authorization vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to access unauthorized data or perform unauthorized …

Jun 9, 2026
CVE-2026-7556
7.2 HIGH

The FV Flowplayer Video Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the comment text in all versions up to, and including, …

Jun 9, 2026
CVE-2026-11618
7.3 HIGH

A vulnerability was determined in DTStack Taier up to 1.4.0. The affected element is the function preHandle of the file taier-data-develop/src/main/java/com/dtstack/taier/develop/interceptor/LoginInterceptor.java of the component Source …

Jun 9, 2026
CVE-2026-8795
7.8 HIGH

A YAML injection vulnerability exists in the Windows.Collectors.Remapping artifact of Rapid7 Velociraptor before version 0.76.6. The hostname field in client_info.json inside a collection ZIP is …

Jun 9, 2026
CVE-2026-44751
7.1 HIGH

Application server ABAP does not perform necessary authorization checks for an authenticated user allowing an attacker to execute a report generation command which could overwrite …

Jun 9, 2026
CVE-2026-11700
8.3 HIGH

Use after free in Tracing in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a …

Jun 9, 2026
CVE-2026-11699
8.8 HIGH

Use after free in Bluetooth in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted …

Jun 9, 2026
CVE-2026-11698
8.8 HIGH

Use after free in Bluetooth in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted …

Jun 9, 2026
CVE-2026-11694
7.5 HIGH

Use after free in ServiceWorker in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to execute arbitrary code …

Jun 9, 2026
CVE-2026-11693
8.1 HIGH

Inappropriate implementation in Plugins in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to bypass site isolation via …

Jun 9, 2026
CVE-2026-11692
8.3 HIGH

Use after free in Read Anything in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform …

Jun 9, 2026
CVE-2026-11690
7.5 HIGH

Out of bounds read and write in Media in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer …

Jun 9, 2026
CVE-2026-11689
8.1 HIGH

Insufficient policy enforcement in Passwords in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to bypass site isolation …

Jun 9, 2026
CVE-2026-11688
8.8 HIGH

Inappropriate implementation in SVG in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML …

Jun 9, 2026
CVE-2026-11687
8.8 HIGH

Use after free in Dawn in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted …

Jun 9, 2026
CVE-2026-11683
8.8 HIGH

Use after free in WebCodecs in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted …

Jun 9, 2026
CVE-2026-11682
8.3 HIGH

Inappropriate implementation in Views in Google Chrome on Linux prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform …

Jun 9, 2026
CVE-2026-11681
8.8 HIGH

Use after free in Ozone in Google Chrome on Linux prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted …

Jun 9, 2026
CVE-2026-11680
8.8 HIGH

Use after free in Media in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via …

Jun 9, 2026
CVE-2026-11679
8.3 HIGH

Use after free in Codecs in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially …

Jun 9, 2026
CVE-2026-11677
8.3 HIGH

Race in Network in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker who had compromised the network process to potentially perform a …

Jun 9, 2026
CVE-2026-11676
8.3 HIGH

Insufficient validation of untrusted input in Dawn in Google Chrome on Linux and ChromeOS prior to 149.0.7827.103 allowed a remote attacker who had compromised the …

Jun 9, 2026
CVE-2026-11674
8.8 HIGH

Use after free in Guest View in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a …

Jun 9, 2026
CVE-2026-11673
8.8 HIGH

Use after free in InterestGroups in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted …

Jun 9, 2026
CVE-2026-11672
8.3 HIGH

Heap buffer overflow in GPU in Google Chrome on Android prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially …

Jun 9, 2026
CVE-2026-11670
8.8 HIGH

Use after free in PDF in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted …

Jun 9, 2026
CVE-2026-11667
7.5 HIGH

Out of bounds read in WebRTC in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the GPU process to potentially exploit …

Jun 9, 2026
CVE-2026-11664
8.8 HIGH

Use after free in Payments in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. …

Jun 9, 2026
CVE-2026-11663
8.3 HIGH

Use after free in Skia in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a …

Jun 9, 2026
CVE-2026-11662
8.8 HIGH

Type Confusion in Bindings in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML …

Jun 9, 2026
CVE-2026-11661
8.3 HIGH

Use after free in Views in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially …

Jun 9, 2026
CVE-2026-11660
8.3 HIGH

Insufficient validation of untrusted input in New Tab Page in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process …

Jun 9, 2026
CVE-2026-11657
8.8 HIGH

Use after free in Payments in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code via a crafted HTML …

Jun 9, 2026
CVE-2026-11656
8.3 HIGH

Use after free in ServiceWorker in Google Chrome prior to 149.0.7827.103 allowed an attacker who convinced a user to install a malicious extension to potentially …

Jun 9, 2026
CVE-2026-11655
8.3 HIGH

Integer overflow in Media in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform …

Jun 9, 2026
CVE-2026-11652
8.3 HIGH

Use after free in Extensions in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a …

Jun 9, 2026
CVE-2026-11650
8.8 HIGH

Use after free in V8 in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted …

Jun 9, 2026
CVE-2026-11649
8.8 HIGH

Use after free in V8 in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted …

Jun 9, 2026
CVE-2026-11648
8.8 HIGH

Use after free in FullScreen in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted …

Jun 9, 2026
CVE-2026-11647
8.3 HIGH

Use after free in Printing in Google Chrome on Android prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially …

Jun 9, 2026
CVE-2026-11646
8.8 HIGH

Use after free in ViewTransitions in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted …

Jun 9, 2026
CVE-2026-11645
8.8 HIGH KEV

Out of bounds read and write in V8 in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox …

Jun 9, 2026
CVE-2026-11644
7.5 HIGH

Use after free in Views in Google Chrome on Linux prior to 149.0.7827.103 allowed an attacker who convinced a user to install a malicious extension …

Jun 9, 2026
CVE-2026-11643
8.1 HIGH

Use after free in Proxy in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code via malicious network traffic. (Chromium security …

Jun 9, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.