Search

Expected end of text, found '.' (at char 13), (line:1, col:14)
Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (340572 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-6170 2 Redhat, Xmlsoft 5 Enterprise Linux, Jboss Core Services, Openshift and 2 more 2026-03-24 2.5 Low
A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.
CVE-2025-2399 1 Mitsubishi Electric 20 Cnc C80 Series C80, Cnc E70 Series E70, Cnc E80 Series E80 and 17 more 2026-03-24 5.9 Medium
Improper Validation of Specified Index, Position, or Offset in Input vulnerability in Mitsubishi Electric CNC M800V Series M800VW and M800VS, M80V Series M80V and M80VW, M800 Series M800W and M800S, M80 Series M80 and M80W, E80 Series E80, C80 Series C80, M700V Series M750VW, M720VW, 730VW, M720VS, M730VS, and M750VS, M70V Series M70V, E70 Series E70, and Software Tools NC Trainer2 and NC Trainer2 plus allows a remote attacker to cause an out-of-bounds read, resulting in a denial-of-service condition by sending specially crafted packets to TCP port 683.
CVE-2026-33060 1 Ondata 1 Ckan-mcp-server 2026-03-24 5.3 Medium
CKAN MCP Server is a tool for querying CKAN open data portals. Versions prior to 0.4.85 provide tools including ckan_package_search and sparql_query that accept a base_url parameter, making HTTP requests to arbitrary endpoints without restriction. A CKAN portal client has no legitimate reason to contact cloud metadata or internal network services. There is no URL validation on base_url parameter. No private IP blocking (RFC 1918, link-local 169.254.x.x), no cloud metadata blocking. The sparql_query and ckan_datastore_search_sql tools also accept arbitrary base URLs and expose injection surfaces. An attack can lead to internal network scanning, cloud metadata theft (IAM credentials via IMDS at 169.254.169.254), potential SQL/SPARQL injection via unsanitized query parameters. Attack requires prompt injection to control the base_url parameter. This issue has been fixed in version 0.4.85.
CVE-2026-3549 1 Wolfssl 1 Wolfssl 2026-03-24 N/A
Heap Overflow in TLS 1.3 ECH parsing. An integer underflow existed in ECH extension parsing logic when calculating a buffer length, which resulted in writing beyond the bounds of an allocated buffer. Note that in wolfSSL, ECH is off by default, and the ECH standard is still evolving.
CVE-2026-32912 2026-03-23 N/A
This CVE ID has been rejected.
CVE-2026-32911 2026-03-23 N/A
This CVE ID has been rejected.
CVE-2026-32910 2026-03-23 N/A
This CVE ID has been rejected.
CVE-2026-32909 2026-03-23 N/A
This CVE ID has been rejected.
CVE-2026-32908 2026-03-23 N/A
This CVE ID has been rejected.
CVE-2026-32907 2026-03-23 N/A
This CVE ID has been rejected.
CVE-2026-32904 2026-03-23 N/A
This CVE ID has been rejected.
CVE-2026-32903 2026-03-23 N/A
This CVE ID has been rejected.
CVE-2026-32902 2026-03-23 N/A
This CVE ID has been rejected.
CVE-2026-32901 2026-03-23 N/A
This CVE ID has been rejected.
CVE-2026-32900 2026-03-23 N/A
This CVE ID has been rejected.
CVE-2026-32066 2026-03-23 N/A
This CVE ID has been rejected.
CVE-2026-32047 2026-03-23 N/A
This CVE ID has been rejected.
CVE-2026-32012 2026-03-23 N/A
This CVE ID has been rejected.
CVE-2026-28483 2026-03-23 N/A
This CVE ID has been rejected.
CVE-2026-28455 2026-03-23 N/A
This CVE ID has been rejected.