CVE search
365,137 resultsCVE-2026-56223CRITICALCapgo - Account Takeover via Cross-Domain SSO Email Assertion in provision-userEPSS 0.2%CVE-2025-71361HIGHpicklescan - Remote Code Execution via Undetected idlelib.calltip.Calltip.fetch_tipEPSS 0.3%CVE-2025-71354HIGHpicklescan - Remote Code Execution via idlelib.debugobj.ObjectTreeItem.SetTextEPSS 0.3%CVE-2025-71332HIGHFlowise - SQL Injection in importChatflows API via chatflow.id ParameterEPSS 0.3%CVE-2026-13140LOWStored Cross-Site Scripting in Canarytokens.orgEPSS 0.2%CVE-2026-13150MEDIUMSSRF in Pentestify PDF generation endpoint via Host headerEPSS 0.3%CVE-2026-52944—ksmbd: fix FSCTL permission bypass by adding a permission check for FSCTL_SET_SPARSEEPSS 0.1%CVE-2026-11968MEDIUMImproper Neutralization of Argument Delimiters in a Command ('Argument Injection') in TortoiseGitEPSS 0.1%CVE-2026-52943HIGHnet: skbuff: fix missing zerocopy reference in pskb_carve helpersEPSS 0.2%CVE-2026-10745HIGHImproper output neutralization for logs vulnerability in upKeeper Solutions upKeeper Instant Privilege Access on Windows allows Log InjectioEPSS 0.3%CVE-2026-56052HIGHWordPress Funnel Builder by FunnelKit plugin <= 3.15.0.5 - SQL Injection vulnerabilityEPSS 0.2%CVE-2026-52942HIGHnetfilter: nf_log: validate MAC header was set before dumping itEPSS 0.1%CVE-2026-52941—net/smc: avoid NULL deref of conn->lnk in smc_msg_event tracepointEPSS 0.1%CVE-2026-52940—tun: zero the whole vnet header in tun_put_user()EPSS 0.1%CVE-2026-52939—net/rds: fix NULL deref in rds_ib_send_cqe_handler() on masked atomic completionEPSS 0.1%CVE-2026-52938—bpf: Fix NULL pointer dereference in bpf_sk_storage_clone and diag pathsEPSS 0.1%CVE-2026-52937—tap: fix stack info leak in tap_ioctl() SIOCGIFHWADDREPSS 0.1%CVE-2026-52936—crypto: jitterentropy - replace long-held spinlock with mutexEPSS 0.1%CVE-2026-52935HIGHxfrm: espintcp: do not reuse an in-progress partial sendEPSS 0.1%CVE-2026-52934HIGHbatman-adv: tvlv: reject oversized TVLV packetsEPSS 0.2%