CVE Database

36368+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-42061
7.3 HIGH

Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis DeviceLock DLP (Windows) before build 9.0.15051.93227.

Jun 3, 2026
CVE-2026-8889
7.5 HIGH

Version 3.0.7 of the Securly Chrome Extension uses deprecated SHA-1 hashing for IWF CSAM URL matching (25,020 hashes) and CIPA blocklist matching (12,352 hashes).

Jun 3, 2026
CVE-2026-8888
7.5 HIGH

Version 3.0.7 of the Securly Chrome Extension downloads config.json over HTTP and compiles server-provided patterns as JavaScript regular expressions via new RegExp() without complexity validation. …

Jun 3, 2026
CVE-2026-8881
7.5 HIGH

Version 3.0.7 of the Securly Chrome Extension uses EVP_BytesToKey key derivation with MD5 and a single iteration for AES encryption. MD5 has been broken since …

Jun 3, 2026
CVE-2026-8879
7.5 HIGH

Version 3.0.7 of the Securly Chrome Extension dynamically registers content13.min.js as a content script via chrome.scripting.registerContentScripts() at runtime. This script is NOT declared in manifest.json …

Jun 3, 2026
CVE-2026-8878
7.5 HIGH

Version 3.0.7 of the Securly Chrome Extension exposes multiple publicly accessible endpoints that allow unauthenticated access to sensitive data. The exposed information consists of SHA-1 …

Jun 3, 2026
CVE-2026-8876
7.3 HIGH

Version 3.0.7 of the Securly Chrome Extension contains hardcoded, plaintext AES passphrases in securly.min.js. These keys decrypt crisis alert keyword data and intervention site data.

Jun 3, 2026
CVE-2026-8874
7.1 HIGH

Version 3.0.7 of the Securly Chrome Extension downloads JSON files containing crisis alert keywords and filtering rules over unencrypted HTTP via the Fetch API. Other …

Jun 3, 2026
CVE-2026-46273
8.6 HIGH

In the Linux kernel, the following vulnerability has been resolved: ibmveth: Disable GSO for packets with small MSS Some physical adapters on Power systems do …

Jun 3, 2026
CVE-2026-46271
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: do WoW offloads only on primary link In case of multi-link connection, WCN7850 …

Jun 3, 2026
CVE-2026-46270
8.4 HIGH

In the Linux kernel, the following vulnerability has been resolved: power: supply: rt9455: Fix use-after-free in power_supply_changed() Using the `devm_` variant for requesting IRQ _before_ …

Jun 3, 2026
CVE-2026-46267
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: nfc: hci: shdlc: Stop timers and work before freeing context llc_shdlc_deinit() purges SHDLC skb queues …

Jun 3, 2026
CVE-2026-46265
7.5 HIGH

In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix WQ_MEM_RECLAIM warning When sunrpc is used, if a reset triggered, our wq may …

Jun 3, 2026
CVE-2026-46264
8.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: drm/xe/pf: Fix sysfs initialization In case of devm_add_action_or_reset() failure the provided cleanup action will be …

Jun 3, 2026
CVE-2026-46263
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix out-of-bounds stream encoder index v3 eng_id can be negative and that stream_enc_regs[] can …

Jun 3, 2026
CVE-2026-46260
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix out-of-bound access in fib6_add_rt2node(). syzbot reported out-of-bound read in fib6_add_rt2node(). [0] When IPv6 …

Jun 3, 2026
CVE-2026-46259
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: procfs: fix missing RCU protection when reading real_parent in do_task_stat() When reading /proc/[pid]/stat, do_task_stat() accesses …

Jun 3, 2026
CVE-2026-46253
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: pstore/ram: fix buffer overflow in persistent_ram_save_old() persistent_ram_save_old() can be called multiple times for the same …

Jun 3, 2026
CVE-2026-46251
8.4 HIGH

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix block_group_tree dirty_list corruption When the incompat flag EXTENT_TREE_V2 is set, we unconditionally add …

Jun 3, 2026
CVE-2026-46250
7.3 HIGH

In the Linux kernel, the following vulnerability has been resolved: MIPS: Work around LLVM bug when gp is used as global register variable On MIPS, …

Jun 3, 2026
CVE-2026-46246
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: power: supply: pm8916_lbc: Fix use-after-free for extcon in IRQ handler Using the `devm_` variant for …

Jun 3, 2026
CVE-2026-40290
7.8 HIGH

OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting …

Jun 3, 2026
CVE-2026-36611
7.3 HIGH

Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909 returns 128 bytes of uninitialized buffer when receiving POST requests without SOAPAction header on UPnP port 1900, exposing …

Jun 3, 2026
CVE-2026-36609
7.3 HIGH

Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 uses a static authentication nonce that does not change between requests from the same source IP. Combined …

Jun 3, 2026
CVE-2026-36608
8.8 HIGH

Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 allows UPnP AddPortMapping to forward external ports to the router's own admin interface by accepting its own …

Jun 3, 2026
CVE-2026-36607
8.8 HIGH

Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 allows unauthenticated brute-force attacks via the TDDP password change endpoint (code=10), which lacks the rate limiting applied …

Jun 3, 2026
CVE-2026-36606
7.1 HIGH

Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 encrypts configuration backups with a hardcoded DES key using single DES in ECB mode. An attacker who …

Jun 3, 2026
CVE-2026-36603
8.1 HIGH

Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 exposes 15 of 18 UPnP IGD actions without authentication on port 1900, including AddPortMapping and GetExternalIPAddress. UPnP …

Jun 3, 2026
CVE-2026-20230
8.6 HIGH KEV

A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote …

Jun 3, 2026
CVE-2026-37462
7.5 HIGH

An integer underflow in the BGPUpdate.DecodeFromBytes function (/bgp/bgp.go) of gobgp v4.3.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted BGP …

Jun 3, 2026
CVE-2026-36574
7.8 HIGH

A DLL hijacking vulnerability in Wassimulator (GitHub) CactusViewer v2.3.0 allows attackers to escalate privileges and execute arbitrary code via a crafted DLL.

Jun 3, 2026
CVE-2026-37460
7.5 HIGH

Missing input validation in the rfapiRibBi2Ri() function (rfapi_rib.c) of FRRouting (FRR) stable/10.0 to stable/10.6 allows attackers to cause a Denial of Service (DoS) via supplying …

Jun 3, 2026
CVE-2022-49042
7.8 HIGH

An inclusion of functionality from untrusted control sphere vulnerability in MinGW DLL component in Synology Hyper Backup Explorer before 3.0.1-0156 allows local users to execute …

Jun 3, 2026
CVE-2022-49036
7.8 HIGH

An inclusion of functionality from untrusted control sphere vulnerability in OpenSSL configuration in Synology Active Backup for Business Recovery Media Creator before 2.5.0-2081 allows local …

Jun 3, 2026
CVE-2026-35085
8.8 HIGH

A remote attacker with user privileges can exploit a stack buffer overflow in gdv-serverconfig to gain full system access as root.

Jun 3, 2026
CVE-2026-35084
8.8 HIGH

A remote attacker with user privileges can exploit a stack buffer overflow in dali-devconfig to gain full system access as root.

Jun 3, 2026
CVE-2026-35083
8.8 HIGH

A remote attacker with user privileges can exploit a stack buffer overflow to gain full system access as root.

Jun 3, 2026
CVE-2026-35082
8.8 HIGH

The ugw-logread method allows a remote attacker with user privileges to access arbitrary local files due to insufficient validation of user-supplied input.

Jun 3, 2026
CVE-2026-35081
8.1 HIGH

The ugw-logstop method allows a remote attacker with user privileges to terminate arbitrary processes due to insufficient validation of user-supplied input.

Jun 3, 2026
CVE-2026-35080
8.1 HIGH

The ugw-restoreinfo method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input.

Jun 3, 2026
CVE-2026-35079
8.1 HIGH

The ugw-restore method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input.

Jun 3, 2026
CVE-2026-35078
8.1 HIGH

The ugw-logstop method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input.

Jun 3, 2026
CVE-2026-35077
8.1 HIGH

The ugw-delete-file method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input.

Jun 3, 2026
CVE-2026-35076
8.1 HIGH

The bac-scanresult method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input.

Jun 3, 2026
CVE-2026-41032
7.5 HIGH

It is possible for an unauthenticated adjacent attacker to download log files of the controller, which may disclose some restricted information.

Jun 3, 2026
CVE-2025-15656
8.8 HIGH

Incorrect Privilege Assignment vulnerability in Mojoomla School Management allows Privilege Escalation. This issue affects School Management: from n/a through 93.2.0.

Jun 3, 2026
CVE-2025-15655
7.6 HIGH

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mojoomla School Management allows SQL Injection. This issue affects School Management: …

Jun 3, 2026
CVE-2025-14774
7.4 HIGH

Incorrect Authorization vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24.

Jun 3, 2026
CVE-2025-14773
8.0 HIGH

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24.

Jun 3, 2026
CVE-2025-14772
8.8 HIGH

Authorization bypass through User-Controlled key vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24.

Jun 3, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.