Search
19,591 CVEs · High severity
CVEs (19,591, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 1–25 of 19,591 (capped at 500)
| CVE ID | Severity | Patch | CVSS ↑ | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-46164 | HIGH | 7.0 | 2026-05-28 | In the Linux kernel, the following vulnerability has been resolved: btrfs: fix double free in create_space_info_sub_group() error path When kobject_init_and_add() fails, … | |
| CVE-2026-46154 | HIGH | 7.0 | 2026-05-28 | In the Linux kernel, the following vulnerability has been resolved: sched_ext: Read scx_root under scx_cgroup_ops_rwsem in cgroup setters scx_group_set_{weight,idle,bandw… | |
| CVE-2026-44604 | HIGH | 7.0 | 2026-05-28 | A command injection vulnerability was discovered in the `rpmuncompress` utility of RPM. When extracting certain archive formats (ZIP, 7z, GEM) to a specified destination di… | |
| CVE-2026-46029 | HIGH | 7.0 | 2026-05-27 | In the Linux kernel, the following vulnerability has been resolved: mm/slab: return NULL early from kmalloc_nolock() in NMI on UP On UP kernels (!CONFIG_SMP), spin_tryloc… | |
| CVE-2026-49000 | HIGH | 7.0 | 2026-05-27 | An insecure password scheme refers to vulnerabilities arising from improper selection of encryption algorithms, inadequate key management, or flawed code implementation, wh… | |
| CVE-2025-46284 | HIGH | Patched | 7.0 | 2026-05-26 | A race condition was addressed with additional validation. This issue is fixed in macOS Sequoia 15.7, macOS Tahoe 26. An app may be able to gain root privileges. |
| CVE-2026-24200 | HIGH | 7.0 | 2026-05-26 | NVIDIA vGPU software contains a vulnerability in the virtual GPU manager, where an attacker could cause a use-after-free for stack memory. A successful exploit of this vuln… | |
| CVE-2025-71215 | HIGH | 7.0 | 2026-05-21 | A time-of-check time-of-use vulnerability in the Trend Micro Apex One (mac) agent iCore service signature verification could allow a local attacker to escalate privileges o… | |
| CVE-2026-29518 | HIGH | Patched | 7.0 | 2026-05-20 | Rsync versions before 3.4.3 contain a time-of-check to time-of-use (TOCTOU) race condition in daemon file handling that allows attackers to redirect file writes outside int… |
| CVE-2026-45036 | HIGH | Patched | 7.0 | 2026-05-15 | Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.233, Tabby before 1.0.233 automatically confirms ZMODEM protocol detection on all termina… |
| CVE-2026-42825 | HIGH | Patched | 7.0 | 2026-05-12 | Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally. |
| CVE-2026-40410 | HIGH | Patched | 7.0 | 2026-05-12 | Use after free in Windows SMB Client allows an authorized attacker to elevate privileges locally. |
| CVE-2026-35416 | HIGH | Patched | 7.0 | 2026-05-12 | Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. |
| CVE-2026-34345 | HIGH | Patched | 7.0 | 2026-05-12 | Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. |
| CVE-2026-34347 | HIGH | Patched | 7.0 | 2026-05-12 | Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. |
| CVE-2026-34340 | HIGH | Patched | 7.0 | 2026-05-12 | Use after free in Windows Projected File System allows an authorized attacker to elevate privileges locally. |
| CVE-2026-34341 | HIGH | Patched | 7.0 | 2026-05-12 | Double free in Windows Link-Layer Discovery Protocol (LLDP) allows an authorized attacker to elevate privileges locally. |
| CVE-2026-34342 | HIGH | Patched | 7.0 | 2026-05-12 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Print Spooler Components allows an authorized attacker to elevate pri… |
| CVE-2026-33839 | HIGH | Patched | 7.0 | 2026-05-12 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. |
| CVE-2026-34331 | HIGH | Patched | 7.0 | 2026-05-12 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. |
| CVE-2026-7818 | HIGH | Patched | 7.0 | 2026-05-11 | Deserialization of untrusted data (CWE-502) in pgAdmin 4 FileBackedSessionManager. The session manager performed unsafe deserialization of session-file contents (using Pyt… |
| CVE-2026-5788 | HIGH | Patched | 7.0 | 2026-05-07 | An Improper Access Control in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to invoke arbitrary methods. |
| CVE-2026-34596 | HIGH | Patched | 7.0 | 2026-05-05 | Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, a Time-of-Check-to-Time-of-Use (TOCTOU) race condition exists… |
| CVE-2026-7832 | HIGH | 7.0 | 2026-05-05 | A security flaw has been discovered in IObit Advanced SystemCare 19. This affects an unknown part of the file ASC.exe of the component Service. The manipulation results in … | |
| CVE-2026-43050 | HIGH | Patched | 7.0 | 2026-05-01 | In the Linux kernel, the following vulnerability has been resolved: atm: lec: fix use-after-free in sock_def_readable() A race condition exists between lec_atm_close() se… |