Export limit exceeded: 361170 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 12489 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 11864 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (11864 CVEs found)

Export CSV
CVE Vendors Products Updated CVSS v3.1
CVE-2021-46921 1 Linux 1 Linux Kernel 2025-05-04 5.5 Medium
In the Linux kernel, the following vulnerability has been resolved: locking/qrwlock: Fix ordering in queued_write_lock_slowpath() While this code is executed with the wait_lock held, a reader can acquire the lock without holding wait_lock. The writer side loops checking the value with the atomic_cond_read_acquire(), but only truly acquires the lock when the compare-and-exchange is completed successfully which isn’t ordered. This exposes the window between the acquire and the cmpxchg to an A-B-A problem which allows reads following the lock acquisition to observe values speculatively before the write lock is truly acquired. We've seen a problem in epoll where the reader does a xchg while holding the read lock, but the writer can see a value change out from under it. Writer | Reader -------------------------------------------------------------------------------- ep_scan_ready_list() | |- write_lock_irq() | |- queued_write_lock_slowpath() | |- atomic_cond_read_acquire() | | read_lock_irqsave(&ep->lock, flags); --> (observes value before unlock) | chain_epi_lockless() | | epi->next = xchg(&ep->ovflist, epi); | | read_unlock_irqrestore(&ep->lock, flags); | | | atomic_cmpxchg_relaxed() | |-- READ_ONCE(ep->ovflist); | A core can order the read of the ovflist ahead of the atomic_cmpxchg_relaxed(). Switching the cmpxchg to use acquire semantics addresses this issue at which point the atomic_cond_read can be switched to use relaxed semantics. [peterz: use try_cmpxchg()]
CVE-2024-20692 1 Microsoft 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more 2025-05-03 5.7 Medium
Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability
CVE-2024-21423 1 Microsoft 1 Edge Chromium 2025-05-03 4.8 Medium
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
CVE-2024-26162 1 Microsoft 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more 2025-05-03 8.8 High
Microsoft ODBC Driver Remote Code Execution Vulnerability
CVE-2024-26163 1 Microsoft 1 Edge Chromium 2025-05-03 4.7 Medium
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
CVE-2024-28903 1 Microsoft 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more 2025-05-03 6.7 Medium
Secure Boot Security Feature Bypass Vulnerability
CVE-2024-28919 1 Microsoft 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more 2025-05-03 6.7 Medium
Secure Boot Security Feature Bypass Vulnerability
CVE-2024-28921 1 Microsoft 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more 2025-05-03 6.7 Medium
Secure Boot Security Feature Bypass Vulnerability
CVE-2024-28920 1 Microsoft 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more 2025-05-03 7.8 High
Secure Boot Security Feature Bypass Vulnerability
CVE-2024-26250 1 Microsoft 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more 2025-05-03 6.7 Medium
Secure Boot Security Feature Bypass Vulnerability
CVE-2024-20665 1 Microsoft 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more 2025-05-03 6.1 Medium
BitLocker Security Feature Bypass Vulnerability
CVE-2024-20669 1 Microsoft 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more 2025-05-03 6.7 Medium
Secure Boot Security Feature Bypass Vulnerability
CVE-2024-30043 1 Microsoft 1 Sharepoint Server 2025-05-03 6.5 Medium
Microsoft SharePoint Server Information Disclosure Vulnerability
CVE-2024-30041 1 Microsoft 1 Bing Search 2025-05-03 5.4 Medium
Microsoft Bing Search Spoofing Vulnerability
CVE-2024-30050 1 Microsoft 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more 2025-05-03 5.4 Medium
Windows Mark of the Web Security Feature Bypass Vulnerability
CVE-2022-43985 1 Apache 1 Airflow 2025-05-02 6.1 Medium
In Apache Airflow versions prior to 2.4.2, there was an open redirect in the webserver's `/confirm` endpoint.
CVE-2022-40230 1 Ibm 1 Mq Appliance 2025-05-02 6.5 Medium
"IBM MQ Appliance 9.2 CD, 9.2 LTS, 9.3 CD, and LTS 9.3 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 235532."
CVE-2022-37911 1 Arubanetworks 2 Arubaos, Sd-wan 2025-05-02 3.8 Low
Due to improper restrictions on XML entities multiple vulnerabilities exist in the command line interface of ArubaOS. A successful exploit could allow an authenticated attacker to retrieve files from the local system or cause the application to consume system resources, resulting in a denial of service condition.
CVE-2022-32609 2 Google, Mediatek 32 Android, Mt6762, Mt6768 and 29 more 2025-05-02 6.4 Medium
In vcu, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07203410; Issue ID: ALPS07203410.
CVE-2022-28763 1 Zoom 3 Meetings, Rooms For Conference Rooms, Virtual Desktop Infrastructure 2025-05-02 8.8 High
The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.12.2 is susceptible to a URL parsing vulnerability. If a malicious Zoom meeting URL is opened, the malicious link may direct the user to connect to an arbitrary network address, leading to additional attacks including session takeovers.