CVE search
363,346 resultsCVE-2026-48619MEDIUMA flaw in Node.js HTTP/2 client allows a server to send an unlimited number of ORIGIN frames, which could lead to an Out of Memory error on EPSS 0.7%CVE-2026-48615MEDIUMA flaw in Node.js proxy tunnel error handling could expose proxy credentials in `ERR_PROXY_TUNNEL` error messages.
When proxy credentialsEPSS 0.4%CVE-2026-50745MEDIUMA missing sanitisation vulnerability exists with user input in the stats-video.php script. The way URLs to this script were constructed did EPSS 0.2%CVE-2026-50740MEDIUMA missing sanitisation vulnerability of user input in the zone-include.php script exists in Revive Adserver 6.0.7 and earlier. A low‑privileEPSS 0.2%CVE-2026-50742MEDIUMA stored XSS vulnerabilities exists in the `maintenance-acl-check.php` and `maintenance-banners-check.php` tools of Revive Adserver 6.0.7. TEPSS 0.2%CVE-2026-50741HIGHBypass to the fix for CVE-2026-34916. Variants of such vectors have been also reported by phucrio and offsetmd. The fix can be bypassed eithEPSS 2.7%CVE-2026-50739MEDIUMA bypass for CVE‑2026‑34913 exists with proper ownership validation that had not been applied to the reverse operation of linking campaigns EPSS 0.3%CVE-2026-50744MEDIUMA bypass to the admin‑only restriction of the XML‑RPC API in Revive Adserver 6.0.7. The API response for the ox.login method returned a sessEPSS 0.2%CVE-2026-13322LOWKubevirt: virt-handler-rhel9: kubevirt: unbounded virtio-serial readline in virt-handler causes oom denial of serviceEPSS 0.1%CVE-2026-30040MEDIUMA heap overflow in the FSViewer.exe process of FastStone Image Viewer v8.3 allows attackers to cause a execute arbitrary code in the contextEPSS 0.5%CVE-2026-30041HIGHAn integer overflow in the PSD parser compnent of FastStone Image Viewer v8.3 allows attackers to execute arbitrary code or cause a Denial oEPSS 0.6%CVE-2026-50767MEDIUMA stored cross-site scripting (XSS) vulnerability in the item type administration page of Koha Library Management System 0 through 25.11 verEPSS 0.2%CVE-2026-36478HIGHAn issue in Technitium DNS Server v.14.3 and before allows a remote attacker to cause a denial of service via the DnsServerApp.exe, DnsServeEPSS 0.4%CVE-2026-36908MEDIUMA stack overflow in the AP4_Array<AP4_TrunAtom::Entry>::EnsureCapacity component of axiomatic-systems Bento4 before v1.8.9allows attackers tEPSS 0.1%CVE-2026-36907MEDIUMA stack overflow in the AP4_StsdAtom::AP4_StsdAtom component of axiomatic-systems Bento4 before v1.8.9allows attackers to cause a Denial of EPSS 0.1%CVE-2026-50766MEDIUMA stored cross-site scripting (XSS) vulnerability in the OPAC item detail page of Koha Library Management System 0 through 25.11 versions alEPSS 0.2%CVE-2026-38571MEDIUMCleartext storage and exposure of WPA2 credentials, and missing authentication on the rr/wr memory read/write commands, in the unauthenticatEPSS 0.1%CVE-2026-38641HIGHAn issue in the DSO::mmap_and_copy function of relibc commit 61f42d allows attackers to cause a Denial of Service (DoS) via loading a crafteEPSS 0.4%CVE-2026-38639HIGHAn issue in the parse_month function (/time/strptime.rs) of relibc commit ab6a2e allows attackers to cause a Denial of Service (DoS) via parEPSS 0.4%CVE-2026-50765MEDIUMA stored cross-site scripting (XSS) vulnerability in the patron restriction type administration page of Koha Library Management System 0 thrEPSS 0.2%