Search

8,262 results

Severity:CRITICAL HIGH MEDIUM LOW|Ecosystem:npm PyPI Maven Debian Alpine|⚠ In KEV only

MEDIUM6.5CVE-2026-2340EPSS 0.07%A flaw was found in Samba’s vfs_worm module.5/27/2026
HIGH7.1CVE-2026-1933EPSS 0.06%A flaw was found in Samba’s handling of NTFS-style reparse points on shares configured with read only = yes.5/27/2026
HIGH8.0CVE-2026-3012EPSS 0.01%A flaw was found in Samba’s certificate auto-enrollment Group Policy handling.5/27/2026
MEDIUM6.5CVE-2026-44596Yamcs has No Rate Limiting on Authentication Endpoint5/27/2026
MEDIUM4.3CVE-2026-44595Yamcs vulnerable to unauthorized user enumeration via IAM API endpoints5/27/2026
MEDIUM4.3CVE-2026-42568Yamcs Vulnerable to LDAP Injection in LdapAuthModule5/26/2026
HIGH8.2CVE-2026-5260EPSS 0.23%A flaw was found in libgnutls.5/26/2026
MEDIUM5.3CVE-2026-42015EPSS 0.25%A flaw was found in gnutls.5/26/2026
HIGH8.2CVE-2026-42013EPSS 0.05%A flaw was found in gnutls.5/26/2026
HIGH7.1CVE-2026-42012EPSS 0.04%A flaw was found in gnutls.5/26/2026
HIGH7.5CVE-2026-48048XWiki Platform's Livetable results still allow reconstructing password hashes using 768 requests5/26/2026
HIGH8.5CVE-2026-4480EPSS 0.39%A flaw was found in the Samba printing subsystem.5/26/2026
MEDIUM5.3CVE-2026-5223EPSS 0.07%Cargo incorrectly handled symlinks inside of crate tarballs downloaded from third-party registries, allowing a malicious crate to override…5/25/2026
MEDIUM6.5CVE-2026-5222EPSS 0.03%Cargo between 1.68 and 1.96 incorrectly normalized the URLs of third-party registries using the sparse index protocol.5/25/2026
HIGH8.3CVE-2026-46481OpenMetadata: TEST_CONNECTION workflow leaks ingestion-bot JWT and database password to regular users5/21/2026
MEDIUM5.3CVE-2026-5950EPSS 0.14%An unbounded resend loop vulnerability exists in the BIND 9 resolver state machine during bad-server handling, enabling a remote unauthenti…5/20/2026
MEDIUM5.9CVE-2026-5947EPSS 0.04%Undefined behavior may result due to a race condition leading to a use-after-free violation.5/20/2026
HIGH7.5CVE-2026-5946EPSS 0.07%Multiple flaws have been identified in `named` related to the handling of DNS messages whose CLASS is not Internet (`IN`) — for example, `C…5/20/2026
MEDIUM5.3CVE-2026-3592EPSS 0.02%BIND resolvers are vulnerable to an amplified resource consumption/exhaustion attack.5/20/2026
HIGH7.5CVE-2026-3039EPSS 0.09%BIND servers that are configured to use TKEY-based authentication via GSS-API tokens are vulnerable to excessive memory consumption when re…5/20/2026
HIGH7.8CVE-2026-41054EPSS 0.00%In `src/havegecmd.c`, the `socket_handler` function performs a credential check on the abstract UNIX socket (`\0/sys/entropy/haveged`).5/20/2026
LOW3.7CVE-2026-45232EPSS 0.04%Rsync versions before 3.4.3 contain an off-by-one out-of-bounds stack write vulnerability in the establish_proxy_connection() function in s…5/20/2026
MEDIUM5.5CVE-2026-43620EPSS 0.02%Rsync version 3.4.2 and prior contain a receiver-side out-of-bounds array read vulnerability in recv_files() in receiver.c that allows a ma…5/20/2026
MEDIUM6.3CVE-2026-43619EPSS 0.01%Rsync version 3.4.2 and prior contain symlink race condition vulnerabilities in path-based system calls including chmod, lchown, utimes, re…5/20/2026
HIGH8.1CVE-2026-43618EPSS 0.06%Rsync version 3.4.2 and prior contain an integer overflow vulnerability in the compressed-token decoder where a 32-bit signed counter is no…5/20/2026

Page 1 of 331Next →