CVE Database

108224+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-52976
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix error cleanup in xe_exec_queue_create_ioctl() Two error handling issues exist in xe_exec_queue_create_ioctl(): 1. When …

Jun 24, 2026
CVE-2026-52975
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: bonding: 3ad: implement proper RCU rules for port->aggregator syzbot found a data-race in bond_3ad_get_active_agg_info / …

Jun 24, 2026
CVE-2026-52974
7.5 HIGH

In the Linux kernel, the following vulnerability has been resolved: net: tls: fix strparser anchor skb leak on offload RX setup failure When tls_set_device_offload_rx() fails …

Jun 24, 2026
CVE-2026-52973
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: futex: Drop CLONE_THREAD requirement for private default hash alloc Currently need_futex_hash_allocate_default() depends on strict pthread …

Jun 24, 2026
CVE-2026-52972
7.0 HIGH

In the Linux kernel, the following vulnerability has been resolved: crypto: af_alg - Cap AEAD AD length to 0x80000000 In order to prevent arithmetic overflows …

Jun 24, 2026
CVE-2026-52971
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: net: ena: PHC: Fix potential use-after-free in get_timestamp Move the phc->active check and resp pointer …

Jun 24, 2026
CVE-2026-52970

In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_ct: fix missing expect put in obj eval nft_ct_expect_obj_eval() allocates an expectation and may …

Jun 24, 2026
CVE-2026-52969
7.0 HIGH

In the Linux kernel, the following vulnerability has been resolved: KVM: Reject wrapped offset in kvm_reset_dirty_gfn() kvm_reset_dirty_gfn() guards the gfn range with if (!memslot || …

Jun 24, 2026
CVE-2026-52968

In the Linux kernel, the following vulnerability has been resolved: KVM: s390: pci: fix GAIT table indexing due to double-scaling pointer arithmetic kvm_s390_pci_aif_enable(), kvm_s390_pci_aif_disable(), and …

Jun 24, 2026
CVE-2026-52967
8.1 HIGH

In the Linux kernel, the following vulnerability has been resolved: smb/client: fix possible infinite loop and oob read in symlink_data() On 32-bit architectures, the infinite …

Jun 24, 2026
CVE-2026-52966

In the Linux kernel, the following vulnerability has been resolved: drm: Replace old pointer to new idr Commit 5e28b7b94408 introduced a logical error by failing …

Jun 24, 2026
CVE-2026-52965

In the Linux kernel, the following vulnerability has been resolved: drm/ttm: Fix ttm_bo_swapout() infinite LRU walk on swapout failure When ttm_tt_swapout() fails, the current code …

Jun 24, 2026
CVE-2026-52964

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Bound MIDI 2.0 endpoint descriptor scans The USB MIDI 2.0 endpoint parser has …

Jun 24, 2026
CVE-2026-52963

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Bound MIDI endpoint descriptor scans snd_usbmidi_get_ms_info() validates the internal MIDIStreaming endpoint descriptor size …

Jun 24, 2026
CVE-2026-52962

In the Linux kernel, the following vulnerability has been resolved: ceph: fix a buffer leak in __ceph_setxattr() The old_blob in __ceph_setxattr() can store ci->i_xattrs.prealloc_blob value …

Jun 24, 2026
CVE-2026-52961

In the Linux kernel, the following vulnerability has been resolved: ceph: fix BUG_ON in __ceph_build_xattrs_blob() due to stale blob size The generic/642 test-case can reproduce …

Jun 24, 2026
CVE-2026-52960
7.5 HIGH

In the Linux kernel, the following vulnerability has been resolved: ceph: put folios not suitable for writeback The batch holds references to the folios (see …

Jun 24, 2026
CVE-2026-52959
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: virt: sev-guest: Do not use host-controlled page order in cleanup path When issuing an extended …

Jun 24, 2026
CVE-2026-52958
9.1 CRITICAL

In the Linux kernel, the following vulnerability has been resolved: libceph: Fix potential out-of-bounds access in osdmap_decode() When decoding osd_state and osd_weight from an incoming …

Jun 24, 2026
CVE-2026-52957
7.5 HIGH

In the Linux kernel, the following vulnerability has been resolved: libceph: Fix potential null-ptr-deref in decode_choose_args() A message of type CEPH_MSG_OSD_MAP contains an OSD map …

Jun 24, 2026
CVE-2026-52956
7.5 HIGH

In the Linux kernel, the following vulnerability has been resolved: libceph: Fix potential out-of-bounds access in __ceph_x_decrypt() In __ceph_x_decrypt(), a part of the buffer p …

Jun 24, 2026
CVE-2026-52955
9.8 CRITICAL

In the Linux kernel, the following vulnerability has been resolved: libceph: Fix potential out-of-bounds access in crush_decode() A message of type CEPH_MSG_OSD_MAP containing a crush …

Jun 24, 2026
CVE-2026-52954
7.5 HIGH

In the Linux kernel, the following vulnerability has been resolved: libceph: handle rbtree insertion error in decode_choose_args() A message of type CEPH_MSG_OSD_MAP contains an OSD …

Jun 24, 2026
CVE-2026-52953
7.1 HIGH

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix oops due to out of scope access Below oops triggers when kill QEMU …

Jun 24, 2026
CVE-2026-52952
8.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: iommu: Fix WARN_ON in __iommu_group_set_domain_nofail() due to reset In __iommu_group_set_domain_internal(), concurrent domain attachments are rejected …

Jun 24, 2026
CVE-2026-52951
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: drm/xe/dma-buf: handle empty bo and UAF races There look to be some nasty races here …

Jun 24, 2026
CVE-2026-52950
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: drm/xe/dma-buf: fix UAF with retry loop Retry doesn't work here, since bo will be freed …

Jun 24, 2026
CVE-2026-52949

In the Linux kernel, the following vulnerability has been resolved: drm/ttm: Fix ttm_bo_shrink() infinite LRU walk on backup failure Apply the same fix as b2ed01e7ad …

Jun 24, 2026
CVE-2026-52948

In the Linux kernel, the following vulnerability has been resolved: i2c: dev: prevent integer overflow in I2C_TIMEOUT ioctl While fuzzing with Syzkaller, a persistent `schedule_timeout: …

Jun 24, 2026
CVE-2026-52947
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: net: qrtr: fix refcount saturation and potential UAF in qrtr_port_remove In qrtr_port_remove(), the socket reference …

Jun 24, 2026
CVE-2026-52946
7.5 HIGH

In the Linux kernel, the following vulnerability has been resolved: fs/fcntl: fix SOFTIRQ-unsafe lock order in fasync signaling A SOFTIRQ-safe to SOFTIRQ-unsafe lock order deadlock …

Jun 24, 2026
CVE-2026-52945
7.5 HIGH

In the Linux kernel, the following vulnerability has been resolved: Revert "wireguard: device: enable threaded NAPI" This reverts commit 933466fc50a8e4eb167acbd0d8ec96a078462e9c which is commit db9ae3b6b43c79b1ba87eea849fd65efa05b4b2e upstream. …

Jun 24, 2026
CVE-2026-13164

Missing Authentication for Critical Function (CWE-306) in the RegisterView (apps/accounts/views.py), exposed at POST /api/auth/register/, in MailerUp <1.0.1 allows a remote, unauthenticated attacker to self-register a …

Jun 24, 2026
CVE-2026-56121
9.8 CRITICAL

Feast before 0.63.0 contains an unsafe deserialization vulnerability that allows unauthenticated or unauthorized attackers to achieve remote code execution by sending a crafted gRPC request …

Jun 24, 2026
CVE-2026-56119

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Jun 24, 2026
CVE-2026-56118

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Jun 24, 2026
CVE-2026-56111
9.1 CRITICAL

Marlin Firmware through 2.1.2.7, fixed in commit 1f255d1, when built with MESH_BED_LEVELING enabled, contains an out-of-bounds write vulnerability in the M421 G-code handler that allows …

Jun 24, 2026
CVE-2026-55488

motionEye (mEye) is an online interface for a piece of software called "motion," which is a video surveillance program with motion detection. Versions prior to …

Jun 24, 2026
CVE-2026-50712

A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the frappe.ui.Tree component

Jun 24, 2026
CVE-2026-50711

A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the Number Card component.

Jun 24, 2026
CVE-2026-50710

A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to unsafe evaluation of user-controlled data in the Number Card component.

Jun 24, 2026
CVE-2026-50709

A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the Notifications > Events panel.

Jun 24, 2026
CVE-2026-50708

A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the MultiSelectDialog component.

Jun 24, 2026
CVE-2026-50705

A Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of untrusted input in the Form Dashboard headline renderer.

Jun 24, 2026
CVE-2026-50704

A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the File View breadcrumb renderer.

Jun 24, 2026
CVE-2026-50703

A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the Desk desktop icon renderer.

Jun 24, 2026
CVE-2026-50701

A Reflected Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the dashboard-view component.

Jun 24, 2026
CVE-2026-50700

A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the frappe.get_avatar function.

Jun 24, 2026
CVE-2026-49269
8.6 HIGH

Apple M1 GPUs retain register file data between compute shader dispatches from different processes. A sandboxed Metal attacker app can run a GPU reader shader …

Jun 24, 2026
CVE-2026-50699

A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev. An authenticated attacker with write access to Auto Repeat can persist HTML/JavaScript in …

Jun 24, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.