Search
2,539 CVEs · High severity
CVEs (2,539, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 1–25 of 2,539 (capped at 500)
| CVE ID | Severity | Patch | CVSS ↑ | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-46164 | HIGH | 7.0 | 2026-05-28 | In the Linux kernel, the following vulnerability has been resolved: btrfs: fix double free in create_space_info_sub_group() error path When kobject_init_and_add() fails, … | |
| CVE-2026-46154 | HIGH | 7.0 | 2026-05-28 | In the Linux kernel, the following vulnerability has been resolved: sched_ext: Read scx_root under scx_cgroup_ops_rwsem in cgroup setters scx_group_set_{weight,idle,bandw… | |
| CVE-2026-44604 | HIGH | 7.0 | 2026-05-28 | A command injection vulnerability was discovered in the `rpmuncompress` utility of RPM. When extracting certain archive formats (ZIP, 7z, GEM) to a specified destination di… | |
| CVE-2026-46029 | HIGH | 7.0 | 2026-05-27 | In the Linux kernel, the following vulnerability has been resolved: mm/slab: return NULL early from kmalloc_nolock() in NMI on UP On UP kernels (!CONFIG_SMP), spin_tryloc… | |
| CVE-2026-49000 | HIGH | 7.0 | 2026-05-27 | An insecure password scheme refers to vulnerabilities arising from improper selection of encryption algorithms, inadequate key management, or flawed code implementation, wh… | |
| CVE-2025-46284 | HIGH | Patched | 7.0 | 2026-05-26 | A race condition was addressed with additional validation. This issue is fixed in macOS Sequoia 15.7, macOS Tahoe 26. An app may be able to gain root privileges. |
| CVE-2026-24200 | HIGH | 7.0 | 2026-05-26 | NVIDIA vGPU software contains a vulnerability in the virtual GPU manager, where an attacker could cause a use-after-free for stack memory. A successful exploit of this vuln… | |
| CVE-2025-71215 | HIGH | 7.0 | 2026-05-21 | A time-of-check time-of-use vulnerability in the Trend Micro Apex One (mac) agent iCore service signature verification could allow a local attacker to escalate privileges o… | |
| CVE-2026-29518 | HIGH | Patched | 7.0 | 2026-05-20 | Rsync versions before 3.4.3 contain a time-of-check to time-of-use (TOCTOU) race condition in daemon file handling that allows attackers to redirect file writes outside int… |
| CVE-2026-45036 | HIGH | Patched | 7.0 | 2026-05-15 | Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.233, Tabby before 1.0.233 automatically confirms ZMODEM protocol detection on all termina… |
| CVE-2026-42825 | HIGH | Patched | 7.0 | 2026-05-12 | Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally. |
| CVE-2026-40410 | HIGH | Patched | 7.0 | 2026-05-12 | Use after free in Windows SMB Client allows an authorized attacker to elevate privileges locally. |
| CVE-2026-35416 | HIGH | Patched | 7.0 | 2026-05-12 | Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. |
| CVE-2026-34345 | HIGH | Patched | 7.0 | 2026-05-12 | Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. |
| CVE-2026-34347 | HIGH | Patched | 7.0 | 2026-05-12 | Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. |
| CVE-2026-34340 | HIGH | Patched | 7.0 | 2026-05-12 | Use after free in Windows Projected File System allows an authorized attacker to elevate privileges locally. |
| CVE-2026-34341 | HIGH | Patched | 7.0 | 2026-05-12 | Double free in Windows Link-Layer Discovery Protocol (LLDP) allows an authorized attacker to elevate privileges locally. |
| CVE-2026-34342 | HIGH | Patched | 7.0 | 2026-05-12 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Print Spooler Components allows an authorized attacker to elevate pri… |
| CVE-2026-33839 | HIGH | Patched | 7.0 | 2026-05-12 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. |
| CVE-2026-34331 | HIGH | Patched | 7.0 | 2026-05-12 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. |
| CVE-2026-7818 | HIGH | Patched | 7.0 | 2026-05-11 | Deserialization of untrusted data (CWE-502) in pgAdmin 4 FileBackedSessionManager. The session manager performed unsafe deserialization of session-file contents (using Pyt… |
| CVE-2026-49141 | HIGH | 7.1 | 2026-06-08 | WACRM prior to commit 73041bf contain an authorization bypass vulnerability in the automation engine that allows authenticated attackers to access and modify contacts belon… | |
| CVE-2026-48507 | HIGH | 7.1 | 2026-06-08 | Snipe-IT is an IT asset/license management system. A vulnerability in versions prior to 8.6.0 allows a non-admin user holding only the granular `users.edit` permission to l… | |
| CVE-2026-46657 | HIGH | 7.1 | 2026-06-08 | Bludit is a content management system. Versions prior to 3.22.0 have a vulnerability in the user management logic that allows deactivated accounts to maintain access via pe… | |
| CVE-2026-34194 | HIGH | 7.1 | 2026-06-08 | Software installed and run as a non-privileged user may conduct improper GPU system calls to cause mismanagement of a mapping state maintained for a sparse memory allocatio… |