CVE search
361,525 resultsCVE-2026-30040MEDIUMA heap overflow in the FSViewer.exe process of FastStone Image Viewer v8.3 allows attackers to cause a execute arbitrary code in the contextEPSS —CVE-2026-38641—An issue in the DSO::mmap_and_copy function of relibc commit 61f42d allows attackers to cause a Denial of Service (DoS) via loading a crafteEPSS —CVE-2026-36478—An issue in Technitium DNS Server v.14.3 and before allows a remote attacker to cause a denial of service via the DnsServerApp.exe, DnsServeEPSS —CVE-2026-50766—A stored cross-site scripting (XSS) vulnerability in the OPAC item detail page of Koha Library Management System through 25.11 allows an autEPSS —CVE-2026-50765—Cross-Site Scripting (XSS) vulnerability in the patron restriction type administration page of Koha Library Management System through 25.11 EPSS —CVE-2026-39031—Lansweeper lsrunase 2.0 and lsencrypt 2.0 use RC4 encryption with a hardcoded 142-byte static key array to encrypt credentials. An 8-charactEPSS —CVE-2026-50767—A stored cross-site scripting (XSS) vulnerability in the item type administration page of Koha Library Management System through 25.11 allowEPSS —CVE-2026-9222CRITICALSetracker2 Children's Smartwatch Ecosystem Use of password hash instead of password for authenticationEPSS —CVE-2026-9221HIGHSetracker2 Children's Smartwatch Ecosystem Use of a Broken or Risky Cryptographic AlgorithmEPSS —CVE-2026-13083MEDIUMPen-drive: pen-drive: stored xss via unescaped cluster data in html reportEPSS —CVE-2026-13318MEDIUMVirt-api-rhel9: kubevirt: kubevirt: ssrf in virt-api port-forward via unvalidated guest-agent-reported ipEPSS —CVE-2026-13218MEDIUMKubevirt: kubevirt: symlink following in writetocachedfile allows host file overwrite from virt-launcherEPSS —CVE-2026-12993MEDIUMApicurio/apicurio-registry: apicurio-registry: xml entity-expansion denial of service via internal dtd subsetEPSS —CVE-2026-9220HIGHSetracker2 Children's Smartwatch Ecosystem Use of hard-coded cryptographic keyEPSS —CVE-2026-9219HIGHSetracker2 Children's Smartwatch Ecosystem Generation of Predictable Numbers or IdentifiersEPSS —CVE-2026-43920MEDIUMFOSSBilling: Unauthenticated update patcher endpoint allows remote maintenance executionEPSS —CVE-2026-40941HIGHCacti: Package Import Signature Validation Bypass Allows Self-Signed PackagesEPSS —CVE-2026-40084MEDIUMCacti: Arbitrary File Read via Path Traversal in Report `format_file` ParameterEPSS —CVE-2026-40083HIGHCacti: SQL Injection in managers.phpEPSS —CVE-2026-40082MEDIUMCacti: Session Fixation via missing session_regenerate_id() after loginEPSS —