Search

4,158 results

Severity:CRITICAL HIGH MEDIUM LOW|Ecosystem:npm PyPI Maven Debian Alpine|⚠ In KEV only

MEDIUM6.5CVE-2026-2340EPSS 0.03%A flaw was found in Samba’s vfs_worm module.5/27/2026
HIGH7.1CVE-2026-1933EPSS 0.03%A flaw was found in Samba’s handling of NTFS-style reparse points on shares configured with read only = yes.5/27/2026
HIGH8.0CVE-2026-3012EPSS 0.01%A flaw was found in Samba’s certificate auto-enrollment Group Policy handling.5/27/2026
HIGH8.2CVE-2026-5260EPSS 0.19%A flaw was found in libgnutls.5/26/2026
MEDIUM5.3CVE-2026-42015EPSS 0.20%A flaw was found in gnutls.5/26/2026
HIGH8.2CVE-2026-42013EPSS 0.04%A flaw was found in gnutls.5/26/2026
HIGH7.1CVE-2026-42012EPSS 0.03%A flaw was found in gnutls.5/26/2026
HIGH8.5CVE-2026-4480EPSS 0.16%A flaw was found in the Samba printing subsystem.5/26/2026
MEDIUM5.3CVE-2026-5223EPSS 0.07%Cargo incorrectly handled symlinks inside of crate tarballs downloaded from third-party registries, allowing a malicious crate to override…5/25/2026
MEDIUM6.5CVE-2026-5222EPSS 0.03%Cargo between 1.68 and 1.96 incorrectly normalized the URLs of third-party registries using the sparse index protocol.5/25/2026
—CVE-2026-9256EPSS 0.24%NGINX ngx_http_rewrite_module vulnerability5/22/2026
MEDIUM5.3CVE-2026-5950EPSS 0.14%An unbounded resend loop vulnerability exists in the BIND 9 resolver state machine during bad-server handling, enabling a remote unauthenti…5/20/2026
MEDIUM5.9CVE-2026-5947EPSS 0.04%Undefined behavior may result due to a race condition leading to a use-after-free violation.5/20/2026
HIGH7.5CVE-2026-5946EPSS 0.07%Multiple flaws have been identified in `named` related to the handling of DNS messages whose CLASS is not Internet (`IN`) — for example, `C…5/20/2026
CRITICAL9.8CVE-2026-3593EPSS 0.04%A use-after-free vulnerability exists within the DNS-over-HTTPS implementation.5/20/2026
MEDIUM5.3CVE-2026-3592EPSS 0.02%BIND resolvers are vulnerable to an amplified resource consumption/exhaustion attack.5/20/2026
HIGH7.5CVE-2026-3039EPSS 0.09%BIND servers that are configured to use TKEY-based authentication via GSS-API tokens are vulnerable to excessive memory consumption when re…5/20/2026
—CVE-2026-29518EPSS 0.01%Rsync versions before 3.4.3 contain a time-of-check to time-of-use (TOCTOU) race condition in daemon file handling that allows attackers to…5/20/2026
HIGH7.8CVE-2026-41054EPSS 0.00%In `src/havegecmd.c`, the `socket_handler` function performs a credential check on the abstract UNIX socket (`\0/sys/entropy/haveged`).5/20/2026
LOW3.7CVE-2026-45232EPSS 0.04%Rsync versions before 3.4.3 contain an off-by-one out-of-bounds stack write vulnerability in the establish_proxy_connection() function in s…5/20/2026
MEDIUM5.5CVE-2026-43620EPSS 0.02%Rsync version 3.4.2 and prior contain a receiver-side out-of-bounds array read vulnerability in recv_files() in receiver.c that allows a ma…5/20/2026
MEDIUM6.3CVE-2026-43619EPSS 0.01%Rsync version 3.4.2 and prior contain symlink race condition vulnerabilities in path-based system calls including chmod, lchown, utimes, re…5/20/2026
HIGH8.1CVE-2026-43618EPSS 0.06%Rsync version 3.4.2 and prior contain an integer overflow vulnerability in the compressed-token decoder where a 32-bit signed counter is no…5/20/2026
MEDIUM4.8CVE-2026-43617EPSS 0.01%Rsync version 3.4.2 and prior contain an authorization bypass vulnerability in the rsync daemon's hostname-based access control list enforc…5/20/2026
HIGH7.8CVE-2026-23558EPSS 0.01%The adjustments made for XSA-379 as well as those subsequently becoming XSA-387 still left a race window, when a HVM or PVH guest does a gr…5/19/2026

Page 1 of 167Next →