Search

3,799 results

Severity:CRITICAL HIGH MEDIUM LOW|Ecosystem:npm PyPI Maven Debian Alpine|⚠ In KEV only

HIGH7.1CVE-2026-1933EPSS 0.06%A flaw was found in Samba’s handling of NTFS-style reparse points on shares configured with read only = yes.5/27/2026
HIGH8.0CVE-2026-3012EPSS 0.01%A flaw was found in Samba’s certificate auto-enrollment Group Policy handling.5/27/2026
HIGH8.2CVE-2026-5260EPSS 0.23%A flaw was found in libgnutls.5/26/2026
HIGH8.2CVE-2026-42013EPSS 0.05%A flaw was found in gnutls.5/26/2026
HIGH7.1CVE-2026-42012EPSS 0.04%A flaw was found in gnutls.5/26/2026
HIGH7.5CVE-2026-48048XWiki Platform's Livetable results still allow reconstructing password hashes using 768 requests5/26/2026
HIGH8.5CVE-2026-4480EPSS 0.39%A flaw was found in the Samba printing subsystem.5/26/2026
HIGH8.3CVE-2026-46481OpenMetadata: TEST_CONNECTION workflow leaks ingestion-bot JWT and database password to regular users5/21/2026
HIGH7.5CVE-2026-5946EPSS 0.07%Multiple flaws have been identified in `named` related to the handling of DNS messages whose CLASS is not Internet (`IN`) — for example, `C…5/20/2026
HIGH7.5CVE-2026-3039EPSS 0.09%BIND servers that are configured to use TKEY-based authentication via GSS-API tokens are vulnerable to excessive memory consumption when re…5/20/2026
HIGH7.8CVE-2026-41054EPSS 0.00%In `src/havegecmd.c`, the `socket_handler` function performs a credential check on the abstract UNIX socket (`\0/sys/entropy/haveged`).5/20/2026
HIGH8.1CVE-2026-43618EPSS 0.06%Rsync version 3.4.2 and prior contain an integer overflow vulnerability in the compressed-token decoder where a 32-bit signed counter is no…5/20/2026
HIGH7.5CVE-2026-45799Wire: skipGroup() missing negative-length check allows 10-byte payload to crash any Wire-decoding service5/19/2026
HIGH7.8CVE-2026-23558EPSS 0.01%The adjustments made for XSA-379 as well as those subsequently becoming XSA-387 still left a race window, when a HVM or PVH guest does a gr…5/19/2026
HIGH7.5CVE-2026-45367HAPI FHIR: ReDoS via FHIRPath matches()/replaceMatches() in FHIR Validator HTTP Endpoint5/18/2026
HIGH7.4CVE-2026-45300async-http-client: Cookie header not stripped on cross-origin redirect5/18/2026
HIGH7.2CVE-2026-45609EPSS 0.04%Spring AI MCP Security: Unvalidated URL Fetching (SSRF)5/18/2026
HIGH7.5CVE-2026-42009EPSS 0.49%A flaw was found in gnutls.5/18/2026
HIGH7.3CVE-2026-8771EPSS 0.04%org.linlinjava:litemall-wx-api has an Injection issue5/18/2026
HIGH7.3CVE-2026-8759EPSS 0.03%Beetl's SpELFunction extension function has an expression injection risk5/17/2026
HIGH7.4CVE-2026-45575EPSS 0.01%Improper Verification of Cryptographic Signature in com.oviva.telematik:epa4all-client5/15/2026
HIGH8.1CVE-2026-35194EPSS 0.07%Apache Flink: Remote code execution via SQL injection in code generation5/15/2026
HIGH8.1CVE-2026-45574EPSS 0.01%epa4all-client: TLS Certificate Validation Disabled in Production5/15/2026
HIGH7.0CVE-2026-46483EPSS 0.02%Vim is an open source, command line text editor.5/15/2026
HIGH8.8CVE-2026-6638EPSS 0.02%PostgreSQL REFRESH PUBLICATION allows SQL injection via table name5/14/2026

Page 1 of 152Next →