CVE Database

4399+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-8242
3.7 LOW

A vulnerability was found in Industrial Application Software IAS Canias ERP 8.03. The impacted element is the function doAction of the component Login RMI Interface. …

May 10, 2026
CVE-2026-45186
2.9 LOW

In libexpat before 2.8.1, the computational complexity of attribute name collision checks allows a denial of service via moderately sized crafted XML input.

May 10, 2026
CVE-2026-8232
3.5 LOW

A vulnerability was found in Dotouch XproUPF 2.0.0-release-088aa7c4. This impacts the function vlib_worker_loop in the library /usr/xpro/upf/tools/libs/libvlib.so of the component UPF Process. The manipulation results …

May 10, 2026
CVE-2026-8221
2.4 LOW

A flaw has been found in Devs Palace ERP Online up to 4.0.0. This impacts an unknown function of the file /inventory/item-save. This manipulation causes …

May 10, 2026
CVE-2026-8220
2.4 LOW

A vulnerability was detected in Devs Palace ERP Online up to 4.0.0. This affects an unknown function of the file /inventory/customer-save. The manipulation results in …

May 10, 2026
CVE-2026-8219
2.4 LOW

A security vulnerability has been detected in Devs Palace ERP Online up to 4.0.0. The impacted element is an unknown function of the file /inventory/supplier-save. …

May 10, 2026
CVE-2026-8218
2.4 LOW

A weakness has been identified in Devs Palace ERP Online up to 4.0.0. The affected element is an unknown function of the file /inventory/purchase_return_save. Executing …

May 10, 2026
CVE-2026-45182
2.2 LOW

GrapheneOS before 2026050400 allows attackers to discover the real IP address of a VPN user as a consequence of a registerQuicConnectionClosePayload optimization, because an application …

May 9, 2026
CVE-2026-8196
3.7 LOW

A flaw has been found in JeecgBoot 3.9.1. The impacted element is an unknown function of the file jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/LoginController.java of the component mLogin Endpoint. This …

May 9, 2026
CVE-2026-44987
3.8 LOW

SysReptor is a fully customizable pentest reporting platform. Prior to version 2026.29, users with "User Admin" permissions can change the email addresses of users with …

May 8, 2026
CVE-2026-42195
3.4 LOW

draw.io is a configurable diagramming and whiteboarding application. Prior to version 29.7.9, the draw.io client accepts a ?gitlab= URL parameter that overrides the GitLab server …

May 8, 2026
CVE-2026-32803
3.3 LOW

Dell PowerScale OneFS versions 9.5.0.0 through 9.5.1.6, 9.6.0.0 through 9.7.1.13, 9.8.0.0 through 9.10.1.5 and 9.11.0.0 through 9.12.0.1 contains an Insufficient Logging vulnerability. A low privileged …

May 8, 2026
CVE-2026-44928
2.9 LOW

In uriparser before 1.0.2, the function family EqualsUri can misclassify two unequal URIs as equal.

May 8, 2026
CVE-2026-44927
2.9 LOW

In uriparser before 1.0.2, there is pointer difference truncation to int in various places.

May 8, 2026
CVE-2026-44916
3.0 LOW

In OpenStack Ironic before 35.0.2 (in a certain non-default configuration), instance_info['ks_template'] is rendered without sandboxing.

May 8, 2026
CVE-2026-8136
2.4 LOW

A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects an unknown part of the file /index.php?page=users. Executing a manipulation …

May 8, 2026
CVE-2026-41498
3.3 LOW

Kimai is an open-source time tracking application. Prior to version 2.54.0, the Team API endpoints use #[IsGranted('edit_team')] instead of #[IsGranted('edit', 'team')], causing Symfony TeamVoter to …

May 8, 2026
CVE-2026-8124
3.3 LOW

A security vulnerability has been detected in GPAC up to 26.02.0. This affects the function sidx_box_read of the file src/isomedia/box_code_base.c. The manipulation leads to allocation …

May 8, 2026
CVE-2026-8119
3.3 LOW

A vulnerability was detected in Open5GS up to 2.7.7. Impacted is the function ogs_sbi_stream_find_by_id in the library /lib/sbi/nghttp2-server.c of the component NSSF. Performing a manipulation …

May 8, 2026
CVE-2026-8088
3.3 LOW

A weakness has been identified in OSGeo gdal up to 3.13.0dev-4. The affected element is the function GDfieldinfo of the file frmts/hdf4/hdf-eos/GDapi.c. Executing a manipulation …

May 7, 2026
CVE-2026-8084
3.3 LOW

A vulnerability was determined in OSGeo gdal up to 3.13.0dev-4. This vulnerability affects the function memmove of the file frmts/hdf4/hdf-eos/SWapi.c of the component HDF-EOS Grid …

May 7, 2026
CVE-2026-44603
3.7 LOW

Tor before 0.4.9.7 has an out-of-bounds read by one byte via a malformed BEGIN cell, aka TROVE-2026-007.

May 7, 2026
CVE-2026-44602
3.7 LOW

Tor before 0.4.9.7 has a NULL pointer dereference when a CERT cell is received out of order, aka TROVE-2026-006.

May 7, 2026
CVE-2026-44601
3.7 LOW

Tor before 0.4.9.7, when circuit queue memory pressure exists, can experience a client crash because of a double close of a circuit, aka TROVE-2026-009.

May 7, 2026
CVE-2026-41663
3.5 LOW

Admidio is an open-source user management solution. Prior to version 5.0.9, several administrative operations in Admidio's preferences module (database backup, test email, htaccess generation) fire …

May 7, 2026
CVE-2026-41659
2.7 LOW

Admidio is an open-source user management solution. Prior to version 5.0.9, the member assignment DataTables endpoint (members_assignment_data.php) includes hidden profile fields (BIRTHDAY, STREET, CITY, POSTCODE, …

May 7, 2026
CVE-2026-44600
3.7 LOW

Tor before 0.4.9.7 mishandles accounting of the conflux out-of-order queue during the clearing of a queue, aka TROVE-2026-010.

May 7, 2026
CVE-2026-44599
3.7 LOW

Tor before 0.4.9.7 can attempt or accept BEGIN_DIR via conflux legs, aka TROVE-2026-008.

May 7, 2026
CVE-2026-44597
3.7 LOW

Tor before 0.4.9.7 has an out-of-bounds read when an END, a TRUNCATE, or a TRUNCATED cell lacks a reason in its payload, aka TROVE-2026-011.

May 7, 2026
CVE-2026-8022
3.1 LOW

Inappropriate implementation in MHTML in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who convinced a user to engage in specific UI gestures to …

May 6, 2026
CVE-2026-8017
3.1 LOW

Side-channel information leakage in Media in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium …

May 6, 2026
CVE-2026-7968
3.1 LOW

Insufficient validation of untrusted input in CORS in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass …

May 6, 2026
CVE-2026-7966
3.1 LOW

Insufficient validation of untrusted input in SiteIsolation in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass …

May 6, 2026
CVE-2026-7965
3.1 LOW

Insufficient validation of untrusted input in DevTools in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to leak …

May 6, 2026
CVE-2026-7959
3.1 LOW

Inappropriate implementation in Navigation in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass site isolation via …

May 6, 2026
CVE-2026-7954
3.1 LOW

Race in Shared Storage in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via …

May 6, 2026
CVE-2026-7949
3.1 LOW

Out of bounds read in Skia in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to leak cross-origin …

May 6, 2026
CVE-2026-7945
3.1 LOW

Insufficient validation of untrusted input in COOP in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass …

May 6, 2026
CVE-2026-7944
3.1 LOW

Insufficient validation of untrusted input in Persistent Cache in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to …

May 6, 2026
CVE-2026-7937
3.1 LOW

Insufficient policy enforcement in DevTools in Google Chrome prior to 148.0.7778.96 allowed an attacker who convinced a user to install a malicious extension to bypass …

May 6, 2026
CVE-2026-7909
3.1 LOW

Inappropriate implementation in ServiceWorker in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass site isolation via …

May 6, 2026
CVE-2025-31974
3.9 LOW

HCL BigFix Service Management (SM) is susceptible to a Root File System Not Mounted as Read-Only. An improperly configured root file system may allow unintended …

May 6, 2026
CVE-2026-8028
3.7 LOW

A vulnerability was detected in FlowiseAI Flowise up to 3.0.12. This affects the function verify of the file packages/server/src/enterprise/services/account.service.ts of the component Endpoint. Performing a …

May 6, 2026
CVE-2025-31984
3.7 LOW

HCL BigFix Service Management (SM) is affected by a security misconfiguration due to a missing or insecure “X-Content-Type-Options” header. This could allow browsers to perform …

May 6, 2026
CVE-2025-31983
3.7 LOW

HCL BigFix Service Management (SM) is affected by a security misconfiguration vulnerability due to CSP header. This could allow attackers to inject malicious scripts increasing …

May 6, 2026
CVE-2025-31982
3.7 LOW

HCL BigFix Service Management (SM) had directories that were not linked or publicly visible but could be accessed directly. This could allow an increased risk …

May 6, 2026
CVE-2025-31975
2.6 LOW

HCL BigFix Service Management (SM) is affected by an Information Disclosure – Server Banner issue was identified. Exposed server banners may reveal software versions and …

May 6, 2026
CVE-2025-31959
3.5 LOW

HCL BigFix Service Management (SM) application fails to strip EXIF metadata from uploaded images. This could lead to confidentiality and privacy risks if sensitive location …

May 6, 2026
CVE-2025-31957
2.6 LOW

HHCL BigFix Service Management (SM) is affected by a Cross‑Site Request Forgery (CSRF) vulnerability. This could lead to unauthorized changes or exposure of sensitive data.

May 6, 2026
CVE-2026-8026
3.7 LOW

A security flaw has been discovered in FlowiseAI Flowise up to 3.0.12. Affected is the function Login of the file packages/server/src/enterprise/services/account.service.ts of the component API …

May 6, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.