CVE Database

36368+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-11642
8.3 HIGH

Use after free in Web Apps in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform …

Jun 9, 2026
CVE-2026-11641
7.5 HIGH

Use after free in Bluetooth in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker who convinced a user to engage in specific …

Jun 9, 2026
CVE-2026-11640
8.3 HIGH

Integer overflow in libyuv in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox …

Jun 9, 2026
CVE-2026-11639
7.5 HIGH

Use after free in Compositing in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code via a crafted HTML …

Jun 9, 2026
CVE-2026-11637
8.8 HIGH

Use after free in Views in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code via a crafted HTML …

Jun 9, 2026
CVE-2026-11636
7.5 HIGH

Use after free in Autofill in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker who convinced a user to engage in specific …

Jun 9, 2026
CVE-2026-11635
8.3 HIGH

Use after free in Bluetooth in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially …

Jun 9, 2026
CVE-2026-11633
8.8 HIGH

Use after free in Bluetooth in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code via a malicious peripheral. …

Jun 9, 2026
CVE-2026-11632
7.5 HIGH

Use after free in TabStrip in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who convinced a user to engage in specific UI gestures …

Jun 9, 2026
CVE-2026-11631
8.3 HIGH

Use after free in Aura in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially …

Jun 9, 2026
CVE-2026-11630
8.8 HIGH

Use after free in File Input in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML …

Jun 9, 2026
CVE-2026-11629
8.8 HIGH

Use after free in Ozone in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. …

Jun 9, 2026
CVE-2026-49141
7.1 HIGH

WACRM prior to commit 73041bf contain an authorization bypass vulnerability in the automation engine that allows authenticated attackers to access and modify contacts belonging to …

Jun 8, 2026
CVE-2026-46484
8.1 HIGH

Headplane is a feature-complete Web UI for Headscale. Prior to versions 0.6.3 and 0.7.0-beta.3, Headplane was vulnerable to a path traversal / authorization bypass in …

Jun 8, 2026
CVE-2026-40519
7.5 HIGH

Nginx Proxy Manager versions 2.9.14 through 2.15.1, fixed in commit a5db5ed, contain an authenticated remote code execution vulnerability via OS command injection in the setupCertbotPlugins() …

Jun 8, 2026
CVE-2026-11582
7.3 HIGH

A flaw has been found in CodeAstro Student Attendance Management System 1.0. The impacted element is an unknown function of the file /attendance-php/index.php. Executing a …

Jun 8, 2026
CVE-2026-46490
8.8 HIGH

samlify is a Node.js library for SAML single sign-on. Prior to version 2.13.0, samlify’s template substitution only escapes attribute contexts. Values inserted into element text …

Jun 8, 2026
CVE-2026-11557
8.8 HIGH

A weakness has been identified in Tenda F451 1.0.0.7/1.0.0.9. The affected element is the function fromNatlimit of the file /goform/Natlimit of the component Web Management …

Jun 8, 2026
CVE-2026-11556
8.8 HIGH

A security flaw has been discovered in Tenda F451 1.0.0.7/1.0.0.9. Impacted is the function formWriteFacMac of the file /goform/WriteFacMac of the component Web Management Interface. …

Jun 8, 2026
CVE-2026-11553
8.8 HIGH

A vulnerability was found in Tenda HG7HG9 and HG10 300001138_en_xpon. This affects the function formPPPEdit of the file /boaform/formPPPEdit. The manipulation of the argument encodename …

Jun 8, 2026
CVE-2026-48507
7.1 HIGH

Snipe-IT is an IT asset/license management system. A vulnerability in versions prior to 8.6.0 allows a non-admin user holding only the granular `users.edit` permission to …

Jun 8, 2026
CVE-2026-46481
8.3 HIGH

OpenMetadata is a unified metadata platform. Prior to version 1.12.4, a non-admin SSO user can trigger a TEST_CONNECTION workflow for a Database Service and receive, …

Jun 8, 2026
CVE-2026-46311
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/userq: fix access to stale wptr mapping Use drm_exec to take both locks i.e vm …

Jun 8, 2026
CVE-2026-46307
8.3 HIGH

In the Linux kernel, the following vulnerability has been resolved: wifi: ath5k: do not access array OOB Vincent reports: > The ath5k driver seems to …

Jun 8, 2026
CVE-2026-46306
7.5 HIGH

In the Linux kernel, the following vulnerability has been resolved: flow_dissector: do not dissect PPPoE PFC frames RFC 2516 Section 7 states that Protocol Field …

Jun 8, 2026
CVE-2026-46304
7.5 HIGH

In the Linux kernel, the following vulnerability has been resolved: nvmet: avoid recursive nvmet-wq flush in nvmet_ctrl_free nvmet_tcp_release_queue_work() runs on nvmet-wq and can drop the …

Jun 8, 2026
CVE-2026-46303
8.2 HIGH

In the Linux kernel, the following vulnerability has been resolved: isofs: validate Rock Ridge CE continuation extent against volume size rock_continue() reads rs->cont_extent verbatim from …

Jun 8, 2026
CVE-2026-46299
7.0 HIGH

In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix held lock freed on hfsplus_fill_super() hfsplus_fill_super() calls hfs_find_init() to initialize a search structure, …

Jun 8, 2026
CVE-2026-46288
8.4 HIGH

In the Linux kernel, the following vulnerability has been resolved: of: unittest: fix use-after-free in of_unittest_changeset() The variable 'parent' is assigned the value of 'nchangeset' …

Jun 8, 2026
CVE-2026-46280
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: lib: test_hmm: evict device pages on file close to avoid use-after-free Patch series "Minor hmm_test …

Jun 8, 2026
CVE-2026-46277
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: mm/zone_device: do not touch device folio after calling ->folio_free() The contents of a device folio …

Jun 8, 2026
CVE-2026-25856
8.8 HIGH

OpenBullet2 through version 0.3.2 contains an authenticated remote code execution vulnerability that allows authenticated users to execute arbitrary C# code on the server host by …

Jun 8, 2026
CVE-2026-25855
8.8 HIGH

OpenBullet2 through version 0.3.2 contains a remote code execution vulnerability that allows authenticated users to execute arbitrary commands by uploading script files (.bat.ps1.sh) through the …

Jun 8, 2026
CVE-2026-25559
8.8 HIGH

OpenBullet2 through version 0.3.2 contains a path traversal vulnerability in the wordlist endpoint that allows authenticated attackers to perform arbitrary file read, write, and delete …

Jun 8, 2026
CVE-2026-11531
7.3 HIGH

A security flaw has been discovered in imvks786 student_management_system up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. This impacts an unknown function of the file admin/admin_login.php of the component Administrator …

Jun 8, 2026
CVE-2026-11530
7.3 HIGH

A vulnerability was identified in imvks786 student_management_system up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. This affects an unknown function of the file /index.ph of the component Login. Such manipulation …

Jun 8, 2026
CVE-2026-49975
7.5 HIGH

Memory Allocation with Excessive Size Value vulnerability in Apache HTTP Server's mod_http leads to denial of service via malicious HTTP requests. This issue affects Apache …

Jun 8, 2026
CVE-2026-48913
7.3 HIGH

Use After Free vulnerability in Apache HTTP Server module mod_http2 when file handles are already exhausted. This issue affects Apache HTTP Server: from 2.4.55 through …

Jun 8, 2026
CVE-2026-46657
7.1 HIGH

Bludit is a content management system. Versions prior to 3.22.0 have a vulnerability in the user management logic that allows deactivated accounts to maintain access …

Jun 8, 2026
CVE-2026-46656
8.8 HIGH

Bludit is a content management system. Versions prior to 3.22.0 have a Broken Access Control flaw where active sessions remain valid even after the corresponding …

Jun 8, 2026
CVE-2026-46480
8.8 HIGH

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, evaluator create and update mass-assignment …

Jun 8, 2026
CVE-2026-46475
8.8 HIGH

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, assistant create and update mass-assignment …

Jun 8, 2026
CVE-2026-46444
8.8 HIGH

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, all CRUD endpoints for OpenAI …

Jun 8, 2026
CVE-2026-46275
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_uart: fix UAFs and race conditions in close and init paths Vulnerabilities leading to …

Jun 8, 2026
CVE-2026-46274
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: io-wq: check that the predecessor is hashed in io_wq_remove_pending() io_wq_remove_pending() needs to fix up wq->hash_tail[] …

Jun 8, 2026
CVE-2026-44186
7.3 HIGH

Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in the mod_proxy_ftp module in Apache HTTP Server with an attacker controlled backend FTP server. This issue …

Jun 8, 2026
CVE-2026-44185
7.3 HIGH

Buffer Over-read vulnerability in Apache HTTP Server via outbound OCSP requests to an attacker controlled OCSP server This issue affects Apache HTTP Server: from 2.4.0 …

Jun 8, 2026
CVE-2026-42863
8.1 HIGH

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, a mass assignment vulnerability exists …

Jun 8, 2026
CVE-2026-42536
7.5 HIGH

Heap-based Buffer Overflow vulnerability in Apache HTTP Server with mod_xml2enc, xml2StartParse, and untrusted content This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users …

Jun 8, 2026
CVE-2026-36786
7.5 HIGH

Shenzhen Tenda Technology Co., Ltd Tenda FH451 V1.0.0.9 was discovered to contain a stack overflow in the list1 parameter of the fromDhcpListClient function. This vulnerability …

Jun 8, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.