CWE-166 CVEs and Security Vulnerabilities

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Export CSV

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2026-22732	1 Spring	1 Spring Security	2026-04-02	9.1 Critical
When applications specify HTTP response headers for servlet applications using Spring Security, there is the possibility that the HTTP Headers will not be written. This issue affects Spring Security Servlet applications using lazy (default) writing of HTTP Headers: : from 5.7.0 through 5.7.21, from 5.8.0 through 5.8.23, from 6.3.0 through 6.3.14, from 6.4.0 through 6.4.14, from 6.5.0 through 6.5.8, from 7.0.0 through 7.0.3.
CVE-2026-21218	3 Apple, Linux, Microsoft	4 Macos, Linux Kernel, .net and 1 more	2026-03-16	7.5 High
Improper handling of missing special element in .NET allows an unauthorized attacker to perform spoofing over a network.
CVE-2024-38091	1 Microsoft	23 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 20 more	2026-02-10	7.5 High
Microsoft WS-Discovery Denial of Service Vulnerability

Page 1 of 1.