CVE search

363,349 results
CVE-2026-38641HIGHAn issue in the DSO::mmap_and_copy function of relibc commit 61f42d allows attackers to cause a Denial of Service (DoS) via loading a crafteEPSS 0.4%CVE-2026-38639HIGHAn issue in the parse_month function (/time/strptime.rs) of relibc commit ab6a2e allows attackers to cause a Denial of Service (DoS) via parEPSS 0.4%CVE-2026-39031MEDIUMLansweeper lsrunase 2.0 and lsencrypt 2.0 use RC4 encryption with a hardcoded 142-byte static key array to encrypt credentials. An 8-charactEPSS 0.1%CVE-2026-36908MEDIUMA stack overflow in the AP4_Array<AP4_TrunAtom::Entry>::EnsureCapacity component of axiomatic-systems Bento4 before v1.8.9allows attackers tEPSS 0.1%CVE-2026-9222CRITICALSetracker2 Children's Smartwatch Ecosystem Use of password hash instead of password for authenticationEPSS 0.2%CVE-2026-9221HIGHSetracker2 Children's Smartwatch Ecosystem Use of a Broken or Risky Cryptographic AlgorithmEPSS 0.2%CVE-2026-13083MEDIUMPen-drive: pen-drive: stored xss via unescaped cluster data in html reportEPSS 0.2%CVE-2026-13318MEDIUMVirt-api-rhel9: kubevirt: kubevirt: ssrf in virt-api port-forward via unvalidated guest-agent-reported ipEPSS 0.2%CVE-2026-13218MEDIUMKubevirt: kubevirt: symlink following in writetocachedfile allows host file overwrite from virt-launcherEPSS 0.1%CVE-2026-12993MEDIUMApicurio/apicurio-registry: apicurio-registry: xml entity-expansion denial of service via internal dtd subsetEPSS 0.2%CVE-2026-9220HIGHSetracker2 Children's Smartwatch Ecosystem Use of hard-coded cryptographic keyEPSS 0.2%CVE-2026-9219HIGHSetracker2 Children's Smartwatch Ecosystem Generation of Predictable Numbers or IdentifiersEPSS 0.2%CVE-2026-43920MEDIUMFOSSBilling: Unauthenticated update patcher endpoint allows remote maintenance executionEPSS 0.5%CVE-2026-40941HIGHCacti: Package Import Signature Validation Bypass Allows Self-Signed PackagesEPSS 0.2%CVE-2026-40084MEDIUMCacti: Arbitrary File Read via Path Traversal in Report `format_file` ParameterEPSS 0.3%CVE-2026-40083HIGHCacti: SQL Injection in managers.phpEPSS 0.3%CVE-2026-40082MEDIUMCacti: Session Fixation via missing session_regenerate_id() after loginEPSS 0.2%CVE-2026-40080MEDIUMCacti: Open Redirect via HTTP_REFERER substring check in auth_login_redirectEPSS 0.2%CVE-2026-13283HIGHUse after free in AdFilter in Google Chrome on Android prior to 149.0.7827.201 allowed a remote attacker who convinced a user to engage in sEPSS 0.2%CVE-2026-13282MEDIUMUse after free in Payments in Google Chrome on Android prior to 149.0.7827.201 allowed a local attacker to potentially exploit heap corruptiEPSS 0.1%