CVE search

367,168 results
CVE-2026-4983MEDIUMOpen VSX Registry does not sanitize SVG files uploaded as extension icons prior to storage, and serves them with Content-Type: image/svg+xmlEPSS 0.2%CVE-2026-11374CRITICALAccount Takeover via Predictable SSO Ticket GenerationEPSS 1.2%CVE-2026-10521HIGHAuthenticated unintended access to critical program parametersEPSS 0.3%CVE-2026-9733CRITICALMojolicious::Plugin::Web::Auth::OAuth2 versions through 0.17 for Perl have an insecure default state parameterEPSS 0.3%CVE-2026-8379HIGHFrontend File Manager Plugin <= 23.6 - Unauthenticated Arbitrary File DownloadEPSS 0.2%CVE-2026-8378MEDIUMFrontend File Manager Plugin <= 23.6 - Subscriber+ Stored Cross-Site Scripting via File RenameEPSS 0.1%CVE-2026-8172HIGHSimple Basic Contact Form <= 20250114 - Reflected XSSEPSS 0.2%CVE-2026-8163HIGHInfility Global < 2.15.19 - Subscriber+ SQL Injection via order ParameterEPSS 0.2%CVE-2026-7842MEDIUMInfility Global < 2.15.20 - Editor+ SQL Injection via orderby ParameterEPSS 0.2%CVE-2026-12866CRITICALAll versions of the package expr-eval are vulnerable to Code Execution via the toJSFunction() API. An attacker can execute arbitrary JavaScrEPSS 0.5%CVE-2026-55654LOWOpenssh: heap out-of-bounds read in red hat enterprise linux versions of openssh gssapi indicator cleanup due to missing null sentinel terminationEPSS 0.4%CVE-2026-55655MEDIUMOpenssh: local mitm of x11 forwarding via abstract unix socket pre-binding in red hat enterprise linux openssh client versionsEPSS 0.1%CVE-2026-55653MEDIUMOpenssh: double free in red hat enterprise linux versions of openssh dh-gex client path during fips known-group validation leads to client-side denial of serviceEPSS 0.2%CVE-2026-11833HIGHOverview: A vulnerability has been found in FAST/TOOLS and CI Server. The web server may return a response containing the CI Server settingEPSS 0.2%CVE-2025-61025HIGHAn issue in the sslr_qst_get component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via craftEPSS 0.4%CVE-2025-61027HIGHAn issue in the t_set_push component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via craftedEPSS 0.4%CVE-2025-61029HIGHAn issue in the sqlo_untry component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via craftedEPSS 0.4%CVE-2025-61028HIGHAn issue in the time_t_to_dt component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via craftEPSS 0.5%CVE-2025-61018HIGHAn issue in the sqlo_place_dt_set component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via EPSS 0.5%CVE-2025-61024HIGHAn issue in the sqlo_try_in_loop component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via cEPSS 0.4%