CVE Database

391+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-12569
KEV

A critical remote code execution (RCE) vulnerability has been reported in PTC Windchill PDMlink and PTC FlexPLM. The vulnerability may be exploited through the deserialization …

Jun 18, 2026
CVE-2026-20262
6.5 MEDIUM KEV

A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker to create a file or …

Jun 15, 2026
CVE-2026-54420
8.5 HIGH KEV

LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM PlugIn before 5.3.2.0) mishandles symlinks provided by a user with FTP or web shell access …

Jun 14, 2026
CVE-2026-48558
10.0 CRITICAL KEV

SimpleHelp versions 5.5.15 and prior and 6.0 pre-release versions contain an authentication bypass vulnerability in the OIDC authentication flow. When OIDC authentication is configured, identity …

Jun 12, 2026
CVE-2026-35273
9.8 CRITICAL KEV

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Updates Environment Management). Supported versions that are affected are 8.61 and 8.62. Easily exploitable …

Jun 11, 2026
CVE-2026-20253
9.8 CRITICAL KEV

In Splunk Enterprise 10.2 versions below 10.2.4 and 10 versions below 10.0.7, an unauthenticated user could create or truncate arbitrary files through a PostgreSQL sidecar …

Jun 10, 2026
CVE-2026-10520
10.0 CRITICAL KEV

An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-level remote code …

Jun 9, 2026
CVE-2026-11645
8.8 HIGH KEV

Out of bounds read and write in V8 in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox …

Jun 9, 2026
CVE-2026-50751
9.3 CRITICAL KEV

A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IKEv1 key exchange allows an unauthenticated remote attacker to bypass user …

Jun 8, 2026
CVE-2026-7473
5.8 MEDIUM KEV

On affected platforms running Arista EOS where a tunnel decapsulation configuration—such as VXLAN (Virtual Extensible LAN), decap-groups, or a GRE (Generic Routing Encapsulation) tunnel interface—is …

Jun 5, 2026
CVE-2026-48907
KEV

A vulnerability in the JCE editor extension for Joomla allows the creation of new editor profiles for unauthenticated users, ultimately resulting in PHP code upload …

Jun 5, 2026
CVE-2026-20245
7.8 HIGH KEV

A vulnerability in the CLI of Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, and Cisco Catalyst SD-WAN Validator, …

Jun 4, 2026
CVE-2026-28318
7.5 HIGH KEV

SolarWinds Serv-U is susceptible to specially crafted POST requests that crash the Serv-U service without authentication using Content-Encoding: deflate. Mitigation steps are provided to secure …

Jun 4, 2026
CVE-2026-20230
8.6 HIGH KEV

A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote …

Jun 3, 2026
CVE-2025-48595
8.4 HIGH KEV

In multiple locations, there is a possible way to achieve code execution due to an integer overflow. This could lead to local escalation of privilege …

Jun 1, 2026
CVE-2026-48027
9.8 CRITICAL KEV

Nx Console is the user interface for Nx & Lerna. On 19 May 2026, a malicious version of Nx Console, 18.95.0, was published at 12:30 …

May 27, 2026
CVE-2026-45247
9.8 CRITICAL KEV

Mirasvit Full Page Cache Warmer for Magento 2 before version 1.11.12 contains a PHP object injection vulnerability that allows unauthenticated attackers to achieve remote code …

May 26, 2026
CVE-2026-45659
8.8 HIGH KEV

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

May 22, 2026
CVE-2026-34910
10.0 CRITICAL KEV

A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection.

May 22, 2026
CVE-2026-34909
10.0 CRITICAL KEV

A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying …

May 22, 2026
CVE-2026-34908
10.0 CRITICAL KEV

A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS devices to make unauthorized changes to …

May 22, 2026
CVE-2026-34926
6.7 MEDIUM KEV

A directory traversal vulnerability in the Apex One (on-premise) server could allow a pre-authenticated local attacker to modify a key table on the server to …

May 21, 2026
CVE-2026-48172
9.8 CRITICAL KEV

LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation (possibly to root), as exploited in the wild in May 2026. Detection is best done via …

May 21, 2026
CVE-2026-9082
9.8 CRITICAL KEV

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Drupal Drupal core allows SQL Injection. This issue affects Drupal core: …

May 20, 2026
CVE-2026-45498
4.0 MEDIUM KEV

Microsoft Defender Denial of Service Vulnerability

May 20, 2026
CVE-2026-41091
7.8 HIGH KEV

Improper link resolution before file access ('link following') in Microsoft Defender allows an authorized attacker to elevate privileges locally.

May 20, 2026
CVE-2026-8398
9.8 CRITICAL KEV

A supply chain attack compromised the official installation packages of DAEMON Tools Lite (Windows versions 12.5.0.2421 through 12.5.0.2434), distributed from the legitimate website daemon-tools.cc between …

May 15, 2026
CVE-2026-42897
8.1 HIGH KEV

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.

May 14, 2026
CVE-2026-20182
10.0 CRITICAL KEV

May 2026: This security advisory provides the details and fix information for a vulnerability that was discovered and fixed after the was disclosed in February …

May 14, 2026
CVE-2026-0257
KEV

Authentication bypass vulnerabilities in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OS® software allows the attacker to bypass security restrictions and establish an …

May 13, 2026
CVE-2026-45321
9.6 CRITICAL KEV

On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84 malicious versions across 42 @tanstack/* packages were published to the npm registry. The publishes were authenticated …

May 12, 2026
CVE-2026-42271
8.8 HIGH KEV

LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1.74.2 to before version 1.83.7, two endpoints …

May 8, 2026
CVE-2026-42208
9.8 CRITICAL KEV

LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1.81.16 to before version 1.83.7, a database …

May 8, 2026
CVE-2026-6973
7.2 HIGH KEV

An Improper Input Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remotely authenticated user with administrative access to achieve remote code …

May 7, 2026
CVE-2026-0300
9.8 CRITICAL KEV

A buffer overflow vulnerability in the User-ID™ Authentication Portal (aka Captive Portal) service of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to execute …

May 6, 2026
CVE-2026-41940
9.8 CRITICAL KEV

cPanel and WHM versions after 11.40 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to …

Apr 29, 2026
CVE-2026-31431
7.8 HIGH KEV

In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the …

Apr 22, 2026
CVE-2025-52691
10.0 CRITICAL KEV

Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload arbitrary files to any location on the mail server, potentially enabling remote code …

Dec 29, 2025
CVE-2025-68645
8.8 HIGH KEV

A Local File Inclusion (LFI) vulnerability exists in the Webmail Classic UI of Zimbra Collaboration (ZCS) 10.0 and 10.1 because of improper handling of user-supplied …

Dec 22, 2025
CVE-2025-68613
9.9 CRITICAL KEV

n8n is an open source workflow automation platform. Versions starting with 0.211.0 and prior to 1.120.4, 1.121.1, and 1.122.0 contain a critical Remote Code Execution …

Dec 19, 2025
CVE-2025-14847
7.5 HIGH KEV

Mismatched length fields in Zlib compressed protocol headers may allow a read of uninitialized heap memory by an unauthenticated client. This issue affects all MongoDB …

Dec 19, 2025
CVE-2025-14733
9.8 CRITICAL KEV

An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to execute arbitrary code. This vulnerability affects both the Mobile User …

Dec 19, 2025
CVE-2025-40602
6.6 MEDIUM KEV

A local privilege escalation vulnerability due to insufficient authorization in the SonicWall SMA1000 appliance management console (AMC).

Dec 18, 2025
CVE-2025-68461
7.2 HIGH KEV

Roundcube Webmail before 1.5.12 and 1.6 before 1.6.12 is prone to a Cross-Site-Scripting (XSS) vulnerability via the animate tag in an SVG document.

Dec 18, 2025
CVE-2025-43529
8.8 HIGH KEV

A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS …

Dec 17, 2025
CVE-2025-20393
10.0 CRITICAL KEV

A vulnerability in the Spam Quarantine feature of Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Email and Web Manager could allow …

Dec 17, 2025
CVE-2025-59374
9.8 CRITICAL KEV

"UNSUPPORTED WHEN ASSIGNED" Certain versions of the ASUS Live Update client were distributed with unauthorized modifications introduced through a supply chain compromise. The modified builds …

Dec 17, 2025
CVE-2025-37164
10.0 CRITICAL KEV

A remote code execution issue exists in HPE OneView.

Dec 16, 2025
CVE-2025-43520
5.5 MEDIUM KEV

A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, …

Dec 12, 2025
CVE-2025-43510
7.8 HIGH KEV

A memory corruption issue was addressed with improved lock state checking. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS …

Dec 12, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.