CVE search

363,659 results
CVE-2026-12245HIGHDenial of DNS over TLS service by any DoT clientEPSS 0.3%CVE-2026-12244HIGHHeap overflow and crash with crafted SVCB RREPSS 0.3%CVE-2026-10086HIGHImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLabEPSS 0.2%CVE-2026-13311HIGHshell-quote parse() is quadratic in token count, enabling denial of serviceEPSS 0.4%CVE-2026-0934LOWIncorrect Authorization in GitLabEPSS 0.2%CVE-2026-1606MEDIUMImproper Control of Generation of Code ('Code Injection') in GitLabEPSS 0.2%CVE-2026-2238MEDIUMMissing Authorization in GitLabEPSS 0.3%CVE-2026-3176LOWMissing Authorization in GitLabEPSS 0.2%CVE-2026-5309MEDIUMAuthorization Bypass Through User-Controlled Key in GitLabEPSS 0.2%CVE-2026-5796MEDIUMIncorrect Authorization in GitLabEPSS 0.2%CVE-2026-5952MEDIUMIncorrect Authorization in GitLabEPSS 0.2%CVE-2026-8330MEDIUMInsertion of Sensitive Information into Log File in GitLabEPSS 0.1%CVE-2026-10712HIGHImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLabEPSS 0.2%CVE-2026-11379MEDIUMIncorrect Authorization in GitLabEPSS 0.2%CVE-2026-12053HIGHInsertion of Sensitive Information into Log File in GitLabEPSS 0.3%CVE-2026-12635NONEReliance on Reverse DNS Resolution for a Security-Critical Action in GitLabEPSS 0.2%CVE-2026-2508MEDIUMGravity Forms Booking <= 2.7.1 - Authenticated (Subscriber+) Time-Based SQL Injection via 'staff_id'EPSS 0.2%CVE-2026-12077HIGHDokan Pro <= 5.0.4 - Unauthenticated SQL Injection via 'latitude' and 'longitude' ParametersEPSS 0.3%CVE-2026-12079MEDIUMDokan Pro <= 5.0.4 - Authenticated (Subscriber+) SQL Injection via 'orderby' ParameterEPSS 0.2%CVE-2026-10833MEDIUMGutenberg Essential Blocks - Page Builder for Gutenberg Blocks & Patterns <= 6.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'configurablePrefix' Block AttributeEPSS 0.2%