CVE Database

36500+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-44064
7.1 HIGH

An out-of-bounds read in ASP session ID handling in Netatalk 1.3 through 4.4.2 allows an adjacent network attacker to obtain limited information or cause a …

May 21, 2026
CVE-2026-44062
7.5 HIGH

A missing output length bounds check in pull_charset_flags() in Netatalk 2.0.4 through 4.4.2 allows a remote authenticated attacker to execute arbitrary code or cause a …

May 21, 2026
CVE-2026-44060
7.5 HIGH

An integer underflow in dsi_writeinit() in Netatalk 1.5.0 through 4.4.2 allows a remote unauthenticated attacker to cause a denial of service via a crafted DSI …

May 21, 2026
CVE-2026-44058
7.2 HIGH

An authentication bypass vulnerability in Netatalk 2.2.2 through 4.4.2 allows a remote privileged user to authenticate as an arbitrary user via the admin auth user …

May 21, 2026
CVE-2026-44055
7.5 HIGH

A logic error involving bitwise OR operations in Netatalk 3.1.4 through 4.4.2 allows a remote authenticated attacker to inject OS commands and execute arbitrary code.

May 21, 2026
CVE-2026-44053
7.4 HIGH

Netatalk 1.5.0 through 4.2.2 uses a broken cryptographic algorithm in the DHCAST128 UAM, which allows a remote attacker to obtain authentication credentials or impersonate a …

May 21, 2026
CVE-2026-44052
7.5 HIGH

Netatalk 2.1.0 through 4.4.2 inserts LDAP simple-bind passwords into log output in cleartext, which allows an attacker with access to the log files to obtain …

May 21, 2026
CVE-2026-44051
8.1 HIGH

An improper link resolution vulnerability in Netatalk 3.0.2 through 4.4.2 allows a remote authenticated attacker to read arbitrary files or overwrite arbitrary files via attacker-controlled …

May 21, 2026
CVE-2026-44049
7.5 HIGH

An out-of-bounds write due to improper null termination in convert_charset() in Netatalk 2.0.4 through 4.4.2 allows a remote authenticated attacker to execute arbitrary code or …

May 21, 2026
CVE-2026-44048
8.8 HIGH

A stack-based buffer overflow via UCS-2 type confusion in convert_charset() in Netatalk 2.0.4 through 4.4.2 allows a remote authenticated attacker to execute arbitrary code or …

May 21, 2026
CVE-2026-44047
8.8 HIGH

An SQL injection vulnerability in the MySQL CNID backend in Netatalk 3.1.0 through 4.4.2 allows a remote authenticated attacker to obtain unauthorized access to data, …

May 21, 2026
CVE-2026-40165
8.7 HIGH

authentik is an open-source identity provider. Versions 2025.12.4 and prior, and versions 2026.2.0-rc1 through 2026.2.2 were vulnerable to Authentication Bypass through SAML NameID XML Comment …

May 21, 2026
CVE-2026-40092
7.5 HIGH

nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. In versions 1.3.0 and below, a malicious network peer can crash any Nimiq full node by …

May 20, 2026
CVE-2026-8632
7.8 HIGH

A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software. This potential vulnerability may allow escalation of privileges and/or arbitrary …

May 20, 2026
CVE-2026-47373
7.5 HIGH

Crypt::SaltedHash versions through 0.09 for Perl is susceptible to timing attacks. These versions use Perl's built-in eq comparison. Discrepencies in timing could be used to …

May 20, 2026
CVE-2026-9144
7.6 HIGH

Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains a stored cross-site scripting vulnerability in the embedded web configuration interface that allows authenticated …

May 20, 2026
CVE-2026-9133
7.7 HIGH

Active debug code exists in the ARN resolver of amazon-mq rabbitmq-aws before version 0.2.1. A debug ARN scheme (arn:aws-debug:file) accepted by the PUT /api/aws/arn/validate validation …

May 20, 2026
CVE-2026-9126
8.8 HIGH

Use after free in DOM in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code inside a sandbox via a …

May 20, 2026
CVE-2026-9123
7.5 HIGH

Heap buffer overflow in Chromecast in Google Chrome on Android, Linux, ChromeOS prior to 148.0.7778.179 allowed a local attacker to execute arbitrary code inside a …

May 20, 2026
CVE-2026-9121
8.8 HIGH

Out of bounds read in GPU in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to potentially exploit heap corruption via a crafted …

May 20, 2026
CVE-2026-9120
8.8 HIGH

Use after free in WebRTC in Google Chrome prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium …

May 20, 2026
CVE-2026-9119
8.8 HIGH

Heap buffer overflow in WebRTC in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code inside a sandbox via a …

May 20, 2026
CVE-2026-9118
8.8 HIGH

Use after free in XR in Google Chrome on Windows prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code via a crafted HTML …

May 20, 2026
CVE-2026-9117
7.5 HIGH

Type Confusion in GFX in Google Chrome on Linux, ChromeOS prior to 148.0.7778.179 allowed a remote attacker who had compromised the renderer process to potentially …

May 20, 2026
CVE-2026-9114
8.8 HIGH

Use after free in QUIC in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code inside a sandbox via malicious …

May 20, 2026
CVE-2026-9112
8.8 HIGH

Use after free in GPU in Google Chrome on Windows prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code inside a sandbox via …

May 20, 2026
CVE-2026-9111
8.8 HIGH

Use after free in WebRTC in Google Chrome on Linux prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code via a crafted HTML …

May 20, 2026
CVE-2026-39850
7.4 HIGH

Yii 2 is a PHP application framework. Versions 2.0.54 and prior contain flawed logic in the core view rendering method View::renderPhpFile() that leads to Local …

May 20, 2026
CVE-2026-39310
8.6 HIGH

Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. In versions 0.102.1 and prior, the Clipper API in …

May 20, 2026
CVE-2026-24218
8.1 HIGH

NVIDIA DGX OS contains a vulnerability in the factory provisioning process, where the cloning of a base image causes identical SSH host keys to be …

May 20, 2026
CVE-2026-24217
8.8 HIGH

NVIDIA BioNeMo Core for Linux contains a vulnerability where a user could cause a path traversal by loading a malicious file. A successful exploit of …

May 20, 2026
CVE-2026-24216
7.8 HIGH

NVIDIA BioNemo for Linux contains a vulnerability where a user could cause a deserialization of untrusted data. A successful exploit of this vulnerability might lead …

May 20, 2026
CVE-2026-24188
8.2 HIGH

NVIDIA TensorRT contains a vulnerability where an attacker could cause an out-of-bounds write. A successful exploit of this vulnerability might lead to data tampering.

May 20, 2026
CVE-2026-20239
7.5 HIGH

In Splunk Enterprise versions below 10.2.2 and 10.0.5, and Splunk Cloud Platform versions below 10.3.2512.8, 10.2.2510.11, 10.1.2507.21, and 10.0.2503.13, a user with a role that …

May 20, 2026
CVE-2026-7613
7.2 HIGH

The Cost of Goods by PixelYourSite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'csvdata[0][cost_of_goods_value]' parameter in versions up to, and including, …

May 20, 2026
CVE-2026-44926
8.8 HIGH

InfoScale CmdServer before 7.4.2 mishandles access control.

May 20, 2026
CVE-2026-44925
8.8 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in InfoScale v.9.1.3 Operations Manager (VIOM) allows an attacker to force the user with an active session into clicking a …

May 20, 2026
CVE-2026-5783
7.6 HIGH

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Beyaz Computer Software Design Industry and Trade Ltd. Co. CityPLus allows Reflected XSS. …

May 20, 2026
CVE-2026-39047
7.5 HIGH

Buffer Overflow vulnerability in EPSON L14150 FL27PB allows a remote attacker to execute arbitrary code via the RAW Printing Service (JetDirect) on TCP port 9100

May 20, 2026
CVE-2025-32750
7.5 HIGH

Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Exposure of Information Through Directory Listing vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, …

May 20, 2026
CVE-2026-24425
8.8 HIGH

Twig versions 2.16.x and 3.9.0 through 3.25.x contain a sandbox bypass vulnerability when using a SourcePolicyInterface that allows attackers with template rendering capabilities to pass …

May 20, 2026
CVE-2026-22554
7.8 HIGH

MediaArea MediaInfoLib Channel Splitting heap-based buffer overflow vulnerability

May 20, 2026
CVE-2026-5947
7.5 HIGH

Undefined behavior may result due to a race condition leading to a use-after-free violation. If BIND receives an incoming DNS message signed with SIG(0), it …

May 20, 2026
CVE-2026-5946
7.5 HIGH

Multiple flaws have been identified in `named` related to the handling of DNS messages whose CLASS is not Internet (`IN`) — for example, `CHAOS` or …

May 20, 2026
CVE-2026-45584
8.1 HIGH

Heap-based buffer overflow in Microsoft Defender allows an unauthorized attacker to execute code over a network.

May 20, 2026
CVE-2026-42834
7.8 HIGH

Improper link resolution before file access ('link following') in Azure Portal Windows Admin Center allows an authorized attacker to elevate privileges locally.

May 20, 2026
CVE-2026-42383
7.6 HIGH

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YITH YITH WooCommerce Product Add-Ons allows Blind SQL Injection. This issue …

May 20, 2026
CVE-2026-41091
7.8 HIGH KEV

Improper link resolution before file access ('link following') in Microsoft Defender allows an authorized attacker to elevate privileges locally.

May 20, 2026
CVE-2026-3593
7.4 HIGH

A use-after-free vulnerability exists within the DNS-over-HTTPS implementation. This issue affects BIND 9 versions 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, and 9.20.9-S1 through 9.20.22-S1. BIND …

May 20, 2026
CVE-2026-3039
7.5 HIGH

BIND servers that are configured to use TKEY-based authentication via GSS-API tokens are vulnerable to excessive memory consumption when receiving and processing maliciously-constructed packets. Typically …

May 20, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.