CVE Database

108224+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-54830
7.5 HIGH

Unauthenticated Broken Access Control in Five Star Restaurant Reservations <= 2.7.19 versions.

Jun 25, 2026
CVE-2026-54829
7.5 HIGH

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Jacob N. Breetvelt WP Photo Album Plus allows Blind SQL Injection. …

Jun 25, 2026
CVE-2026-54828
7.5 HIGH

Unauthenticated Broken Access Control in Motors <= 1.4.109 versions.

Jun 25, 2026
CVE-2026-54823
9.9 CRITICAL

Contributor Remote Code Execution (RCE) in Widget Options <= 4.2.3 versions.

Jun 25, 2026
CVE-2026-54822
8.5 HIGH

Subscriber SQL Injection in SALESmanago & Leadoo <= 3.11.2 versions.

Jun 25, 2026
CVE-2026-54821
7.4 HIGH

Subscriber Sensitive Data Exposure in Visual Link Preview <= 2.3.1 versions.

Jun 25, 2026
CVE-2026-52690
5.9 MEDIUM

Spoofing replies to Recursor might mark an IP of an authoritative server as not supporting EDNS, causing valdiation of DNSSEC records served by that server …

Jun 25, 2026
CVE-2026-4526
6.5 MEDIUM

In EmberZNet v9.0.2 and earlier, malformed global ZCL messages can trigger out-of-bounds reads in framework parsing logic and terminate the process. These messages must come …

Jun 25, 2026
CVE-2026-49506
7.2 HIGH

Dell Wyse Management Suite, versions prior to WMS 5.5 HF1, contain an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability. A …

Jun 25, 2026
CVE-2026-47154
6.5 MEDIUM

In EmberZNet v9.0.2 and earlier, a malformed GetProfileResponse message can trigger out-of-bounds reads while iterating interval entries and terminate the process. These messages must come …

Jun 25, 2026
CVE-2026-47153
6.5 MEDIUM

In EmberZNet v9.0.2 and earlier, a malformed Level Control Step command can terminate the process through a divide-by-zero fault. This command must come from a …

Jun 25, 2026
CVE-2026-47152
6.5 MEDIUM

In EmberZNet v9.0.2 and earlier, a malformed Level Control Move command can terminate the process through a divide-by-zero fault. This command must come from a …

Jun 25, 2026
CVE-2026-47151
7.1 HIGH

In EmberZNet v9.0.2 and earlier, malformed ClearWeekdaySchedule messages can trigger out-of-bounds writes into Door Lock schedule state. The size and location of this data is …

Jun 25, 2026
CVE-2026-47150
7.1 HIGH

In EmberZNet v9.0.2 and earlier, malformed IAS Zone enrollment messages can trigger an out-of-bounds state-table write and terminate the process. The size and location of …

Jun 25, 2026
CVE-2026-47149
6.5 MEDIUM

In EmberZNet v9.0.2 and earlier, malformed or out-of-range Door Lock user identifiers can trigger out-of-bounds table reads and terminate the process. These messages must come …

Jun 25, 2026
CVE-2026-47148
6.5 MEDIUM

In EmberZNet v9.0.2 and earlier, malformed GetGroupMembership commands can trigger repeated reads past the end of the message payload and terminate the process. These messages …

Jun 25, 2026
CVE-2026-47147
7.1 HIGH

In EmberZNet v9.0.2 and earlier, malformed OTA requests can drive the OTA server parser into out-of-bounds reads. A limited amount of data from RAM is …

Jun 25, 2026
CVE-2026-47146
6.5 MEDIUM

In EmberZNet v9.0.2 and earlier, malformed Color Control messages can lead to asserts that terminate the process. These messages must come from a device that …

Jun 25, 2026
CVE-2026-47145
6.5 MEDIUM

In EmberZNet v9.0.2 and earlier, malformed Color Control messages can lead to asserts that terminate the process. These messages must come from a device that …

Jun 25, 2026
CVE-2026-46734
7.3 HIGH

Dell Display and Peripheral Manager (DDPM Mac), versions prior to 2.3, contain an Improper Certificate Validation vulnerability. A low privileged attacker with local access could …

Jun 25, 2026
CVE-2026-46733
7.8 HIGH

Dell Display and Peripheral Manager (DDPM Windows), versions prior to 2.3, contain an Improper Access Control vulnerability. A low privileged attacker with local access could …

Jun 25, 2026
CVE-2026-46732
6.7 MEDIUM

Dell Display and Peripheral Manager (DDPM Mac), versions prior to 2.3, contain a Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability. A …

Jun 25, 2026
CVE-2026-42390
5.3 MEDIUM

An invalid zone might pass ZONEMD validation while it should not. This is only relevant if ZoneToCache is configured with ZONEMD validation.

Jun 25, 2026
CVE-2026-42389
5.3 MEDIUM

This fix provides extra hardening for the 5.4.x branch by doing extra validation of incoming answers from authoritative servers.

Jun 25, 2026
CVE-2026-42388
5.9 MEDIUM

Incomplete validation of the SOA record present in a catalog zone might lead to a crash.

Jun 25, 2026
CVE-2026-42387
5.9 MEDIUM

A malicious authoritative server can send a crafted zone via the ZoneToCache function that leads to a crash of the Recursor due to insuffcient input …

Jun 25, 2026
CVE-2026-41120
9.8 CRITICAL

Dell Wyse Management Suite, versions prior to WMS 5.5 HF1, contain an Acceptance of Extraneous Untrusted Data With Trusted Data vulnerability. A low privileged attacker …

Jun 25, 2026
CVE-2026-40012
5.3 MEDIUM

ECS zero scoped answers are stored in the packet cache while they should not. This impacts only configurations that have ECS enabled;

Jun 25, 2026
CVE-2026-2815

Incorrect use of the PUF key for user key generation in EFR32xG27 results in predictable keys

Jun 25, 2026
CVE-2026-27366
7.5 HIGH

Unauthenticated Broken Access Control in MainWP Child <= 6.1.1 versions.

Jun 25, 2026
CVE-2026-12755
2.7 LOW

Improper input validation in the PAM AD discovery endpoints in Devolutions Server 2026.2.4.0 through 2026.2.7.0 allows an authenticated user with the UserGroupsView permission to coerce …

Jun 25, 2026
CVE-2026-42004
3.7 LOW

An attacker can send a crafted EDNS OPT record that will be ignored by DNSdist’s filtering rules, but will be rewritten as a valid OPT …

Jun 25, 2026
CVE-2026-40211
5.3 MEDIUM

An attacker can send crafted DNS over HTTP/3 queries, triggering an exception that prevents some buffer from being freed right away. The buffer will be …

Jun 25, 2026
CVE-2026-40210
4.8 MEDIUM

An out-of-bounds read might happen when SetMacAddrAction is used, potentially resulting in uninitialized memory being sent over the network or a crash.

Jun 25, 2026
CVE-2026-40209
5.3 MEDIUM

An attacker might be able to cause outgoing TCP connections to backend to be stuck until a timeout occurs instead of being released immediately, by …

Jun 25, 2026
CVE-2026-40208
3.7 LOW

An attacker might be able to delay the processing of DoH3 queries by sending DoH3 GET queries with an invalid DATA frame.

Jun 25, 2026
CVE-2026-40011
3.7 LOW

An attacker sending a large number of crafted DNS queries might be able to trigger a dynamic block being inserted with a value causing invalid …

Jun 25, 2026
CVE-2026-33612
7.5 HIGH

A malicious authoritative server can send a crafted zone via the ZoneToCache function that leads to cache poisoning.

Jun 25, 2026
CVE-2026-42005
4.3 MEDIUM

An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal …

Jun 25, 2026
CVE-2026-56130

"Remember me" cookie age is not verified on the server. This potentially allows an attacker to intercept a valid cookie and reuse it indefinitely, even …

Jun 25, 2026
CVE-2026-56091

When using Apache Shiro with the shiro-guice module in a web servlet context, a specially crafted HTTP request may cause an authentication bypass. This vulnerability …

Jun 25, 2026
CVE-2026-54226

A vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: from 2.6.0 through 2.15.0. Users are recommended to upgrade to version 2.16.0, which fixes the …

Jun 25, 2026
CVE-2026-53277
8.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Take the SRCU lock for page table walks in fault injection and AT …

Jun 25, 2026
CVE-2026-53276
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ISO: Fix a use-after-free of the hci_conn pointer In iso_sock_rebind_bc(), the bis pointer is …

Jun 25, 2026
CVE-2026-53275
8.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: ipv6: mcast: Fix use-after-free when processing MLD queries When processing an MLD query, a pointer …

Jun 25, 2026
CVE-2026-53274

In the Linux kernel, the following vulnerability has been resolved: net/smc: fix sleep-inside-lock in __smc_setsockopt() causing local DoS A logic flaw in __smc_setsockopt() allows a …

Jun 25, 2026
CVE-2026-53273
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: tee: optee: prevent use-after-free when the client exits before the supplicant Commit 70b0d6b0a199 ("tee: optee: …

Jun 25, 2026
CVE-2026-53272

In the Linux kernel, the following vulnerability has been resolved: erofs: fix use-after-free on sbi->sync_decompress z_erofs_decompress_kickoff() can race with filesystem unmount, causing a use-after-free on …

Jun 25, 2026
CVE-2026-53271

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix NULL-deref of opinfo->conn in oplock/lease break notifiers smb2_oplock_break_noti() and smb2_lease_break_noti() read opinfo->conn into …

Jun 25, 2026
CVE-2026-53270
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: ipvs: clear the svc scheduler ptr early on edit ip_vs_edit_service() while unbinding the old scheduler …

Jun 25, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.