Export limit exceeded: 339878 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 339878 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Expected end of text, found ':' (at char 32), (line:1, col:33)
Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (339878 CVEs found)

Export CSV
CVE Vendors Products Updated CVSS v3.1
CVE-2026-3549 1 Wolfssl 1 Wolfssl 2026-03-24 N/A
Heap Overflow in TLS 1.3 ECH parsing. An integer underflow existed in ECH extension parsing logic when calculating a buffer length, which resulted in writing beyond the bounds of an allocated buffer. Note that in wolfSSL, ECH is off by default, and the ECH standard is still evolving.
CVE-2026-3579 1 Wolfssl 1 Wolfssl 2026-03-24 5.9 Medium
wolfSSL 5.8.4 on RISC-V RV32I architectures lacks a constant-time software implementation for 64-bit multiplication. The compiler-inserted __muldi3 subroutine executes in variable time based on operand values. This affects multiple SP math functions (sp_256_mul_9, sp_256_sqr_9, etc.), leading to a timing side-channel that may expose sensitive cryptographic data.
CVE-2026-32912 2026-03-23 N/A
This CVE ID has been rejected.
CVE-2026-32911 2026-03-23 N/A
This CVE ID has been rejected.
CVE-2026-32910 2026-03-23 N/A
This CVE ID has been rejected.
CVE-2026-32909 2026-03-23 N/A
This CVE ID has been rejected.
CVE-2026-32908 2026-03-23 N/A
This CVE ID has been rejected.
CVE-2026-32907 2026-03-23 N/A
This CVE ID has been rejected.
CVE-2026-32904 2026-03-23 N/A
This CVE ID has been rejected.
CVE-2026-32903 2026-03-23 N/A
This CVE ID has been rejected.
CVE-2026-32902 2026-03-23 N/A
This CVE ID has been rejected.
CVE-2026-32901 2026-03-23 N/A
This CVE ID has been rejected.
CVE-2026-32900 2026-03-23 N/A
This CVE ID has been rejected.
CVE-2026-32066 2026-03-23 N/A
This CVE ID has been rejected.
CVE-2026-32047 2026-03-23 N/A
This CVE ID has been rejected.
CVE-2026-32012 2026-03-23 N/A
This CVE ID has been rejected.
CVE-2026-28483 2026-03-23 N/A
This CVE ID has been rejected.
CVE-2026-28455 2026-03-23 N/A
This CVE ID has been rejected.
CVE-2026-22173 2026-03-23 N/A
This CVE ID has been rejected.
CVE-2026-33476 2 B3log, Siyuan 2 Siyuan, Siyuan 2026-03-23 7.5 High
SiYuan is a personal knowledge management system. Prior to version 3.6.2, the Siyuan kernel exposes an unauthenticated file-serving endpoint under `/appearance/*filepath.` Due to improper path sanitization, attackers can perform directory traversal and read arbitrary files accessible to the server process. Authentication checks explicitly exclude this endpoint, allowing exploitation without valid credentials. Version 3.6.2 fixes this issue.