CVE search

363,399 results
CVE-2026-12844HIGHList::SomeUtils::XS versions before 0.59 for Perl have a heap buffer overflow in the pairwise functionEPSS 0.4%CVE-2026-48941MEDIUMJoomla Extension - getk2.org - Unauthenticated folder delete in K2 extension for Joomla < 2.26EPSS 0.2%CVE-2026-48946MEDIUMJoomla Extension - getk2.org - Privileged RCE vulnerability in K2 extension for Joomla < 2.26EPSS 0.2%CVE-2026-57454MEDIUMVim: Out-of-bounds Read with Text PropertiesEPSS 0.1%CVE-2026-48944MEDIUMJoomla Extension - getk2.org - Exposure of sensitive files via attachment copy in K2 extension for Joomla < 2.26EPSS 0.3%CVE-2026-48942MEDIUMJoomla Extension - getk2.org - Stored-XSS in K2 extension for Joomla < 2.26EPSS 0.1%CVE-2026-48943MEDIUMJoomla Extension - getk2.org - Authenticated user property mass-assignment in K2 extension for Joomla < 2.26EPSS 0.2%CVE-2026-57455MEDIUMVim: Stack out-of-bounds write in `spell_soundfold_sofo()` via an over-length `soundfold()` argumentEPSS 0.1%CVE-2026-57456HIGHVim: Arbitrary Code Execution via Python Omni-Completion DocstringsEPSS 0.1%CVE-2026-9718MEDIUMCWE-617 Reachable Assertion vulnerability exists that could allow an authenticated attacker to trigger a denial-of-service condition, impactEPSS 0.2%CVE-2026-9717HIGHCWE-78 Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could allow unauthorized EPSS 1.2%CVE-2026-9716HIGHCWE-476 NULL Pointer Dereference vulnerability exists that could cause a denial-of-service condition, rendering the device’s HMI and configuEPSS 0.3%CVE-2026-55477HIGHAuthenticated Arbitrary File Write via Database Import and Xray Log Path ManipulationEPSS 0.3%CVE-2026-9651MEDIUMCWE-732 Incorrect Permission Assignment for Critical Resource vulnerability that could cause unauthorized disclosure of password hashes and EPSS 0.1%CVE-2026-9650HIGHCWE-522 Insufficiently Protected Credentials vulnerability that could cause unauthorized access and exposure of sensitive information when uEPSS 0.2%CVE-2026-57438LOWNokogiri: Possible Use-After-Free in XInclude ProcessingEPSS 0.1%CVE-2026-57437LOWNokogiri: Possible Use-After-Free when directly using `NokogirI::XML::XPathContext` beyond document lifetimeEPSS 0.3%CVE-2026-57436LOWNokogiri: Possible Use-After-Free when setting `Document#root=` to an invalid node typeEPSS 0.3%CVE-2026-57435LOWNokogiri: Possible Use-After-Free when setting an attribute value via `Nokogiri::XML::Attr#value=` or `#content=`EPSS 0.4%CVE-2026-57532HIGHMalicious HTML content contained in the layout specification of a PDF ticket or badge layout was executed when the PDF editor is opened in EPSS 0.3%