CVE Database

108577+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-53430

Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in elixir-grpc grpc (GRPC.Compressor.Gzip, GRPC.Message modules) allows a denial of service via a gzip decompression bomb. …

Jun 15, 2026
CVE-2026-48854

Allocation of Resources Without Limits or Throttling vulnerability in elixir-grpc grpc allows unauthenticated attackers to exhaust the BEAM's memory and crash the server by streaming …

Jun 15, 2026
CVE-2026-48853

Deserialization of Untrusted Data and Allocation of Resources Without Limits or Throttling vulnerabilities in elixir-grpc grpc allow unauthenticated attackers to crash the BEAM node via …

Jun 15, 2026
CVE-2026-48723
7.8 HIGH

The browserstack-cypress-cli is BrowserStack's CLI which allows users to run Cypress tests on BrowserStack. Versions prior to 1.36.4 are vulnerable to OS command injection via …

Jun 15, 2026
CVE-2026-48599

Authorization Bypass Through User-Controlled Key vulnerability in elixir-grpc grpc allows authenticated attackers to access or modify resources belonging to other users by smuggling a conflicting …

Jun 15, 2026
CVE-2026-12205
9.1 CRITICAL

Crypt::DSA versions before 1.21 for Perl reused the nonce across signatures, leading to private-key recovery. Crypt::DSA::sign caches the per-signature nonce material in the Key object …

Jun 15, 2026
CVE-2026-5064

Potential security vulnerabilities have been identified in the HP One Agent for certain HP PC products, which might allow for escalation of privilege and/or denial …

Jun 15, 2026
CVE-2026-48714
9.1 CRITICAL

i18next-http-middleware is a middleware to be used with Node.js web frameworks like express or Fastify and also for Deno. In versions prior to 3.9.7, the …

Jun 15, 2026
CVE-2026-48713
9.1 CRITICAL

Versions prior to 2.6.6 are vulnerable to prototype pollution via crafted missing-key strings when used to persist missing translation keys (e.g. via i18next-http-middleware's missingKeyHandler exposed …

Jun 15, 2026
CVE-2026-48157
6.1 MEDIUM

Slim is a PHP micro framework that enables users to write simple web applications and APIs. In versions 4.4.0 through 4.15, if an application uses …

Jun 15, 2026
CVE-2026-48017
8.8 HIGH

DbGate is cross-platform database manager. In versions 7.1.8 and prior, the POST /runners/load-reader endpoint in DbGate accepts a functionName parameter that is directly interpolated into …

Jun 15, 2026
CVE-2026-12087
9.1 CRITICAL

Socket versions before 2.041 for Perl have an out-of-bounds heap read. In Socket.xs, pack_ip_mreq_source() checks the length of its source argument before the argument is …

Jun 15, 2026
CVE-2026-11832
9.1 CRITICAL

Dancer2::Plugin::Auth::OAuth versions before 0.22 for Perl default to a predictable nonce. The default nonce was generated using an MD5 hash of the epoch time, which …

Jun 15, 2026
CVE-2026-9691
9.8 CRITICAL

Unauthenticated PHP Object Injection in Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms <= 1.1.1 versions.

Jun 15, 2026
CVE-2026-52703
9.6 CRITICAL

Unauthenticated Path Traversal in FastDup <= 2.7.2 versions.

Jun 15, 2026
CVE-2026-52702
7.1 HIGH

Unauthenticated Cross Site Scripting (XSS) in SEO Redirection <= 9.17 versions.

Jun 15, 2026
CVE-2026-52700
8.5 HIGH

Subscriber SQL Injection in WCMultiShipping <= 3.0.2 versions.

Jun 15, 2026
CVE-2026-52699
7.5 HIGH

Unauthenticated Insecure Direct Object References (IDOR) in VikRentCar <= 1.4.5 versions.

Jun 15, 2026
CVE-2026-52697
8.5 HIGH

Subscriber SQL Injection in Taskbuilder <= 5.0.7 versions.

Jun 15, 2026
CVE-2026-52695
7.5 HIGH

Unauthenticated Sensitive Data Exposure in ABC Crypto Checkout <= 1.8.2 versions.

Jun 15, 2026
CVE-2026-52694
7.5 HIGH

Unauthenticated Sensitive Data Exposure in Signature Add-On for WooCommerce <= 2.0 versions.

Jun 15, 2026
CVE-2026-52693
9.3 CRITICAL

Unauthenticated SQL Injection in eCommerce Product Catalog <= 3.5.5 versions.

Jun 15, 2026
CVE-2026-52692
7.5 HIGH

Unauthenticated Sensitive Data Exposure in Affiliates Manager <= 2.9.50 versions.

Jun 15, 2026
CVE-2026-49781
9.8 CRITICAL

Unauthenticated PHP Object Injection in OttoKit <= 1.1.27 versions.

Jun 15, 2026
CVE-2026-49780
8.8 HIGH

Customer Privilege Escalation in Dokan <= 5.0.2 versions.

Jun 15, 2026
CVE-2026-49776
9.3 CRITICAL

Unauthenticated SQL Injection in GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites <= 2.32.6 versions.

Jun 15, 2026
CVE-2026-49775
6.5 MEDIUM

Unauthenticated Broken Access Control in Welcart e-Commerce <= 2.11.28 versions.

Jun 15, 2026
CVE-2026-49773
6.5 MEDIUM

Subscriber Cross Site Scripting (XSS) in FV Flowplayer Video Player < 7.5.51.7212 versions.

Jun 15, 2026
CVE-2026-49770
9.8 CRITICAL

Unauthenticated PHP Object Injection in WP Travel Engine <= 6.7.12 versions.

Jun 15, 2026
CVE-2026-49769
9.8 CRITICAL

Unauthenticated PHP Object Injection in wpForo Forum <= 3.1.0 versions.

Jun 15, 2026
CVE-2026-49768
9.8 CRITICAL

Unauthenticated PHP Object Injection in Happyforms <= 1.26.13 versions.

Jun 15, 2026
CVE-2026-49766
9.9 CRITICAL

Subscriber Arbitrary File Deletion in WP User Manager <= 2.9.16 versions.

Jun 15, 2026
CVE-2026-49765
9.8 CRITICAL

Unauthenticated PHP Object Injection in Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms <= 1.1.8 versions.

Jun 15, 2026
CVE-2026-49764
9.8 CRITICAL

Unauthenticated Broken Authentication in RegistrationMagic <= 6.0.8.6 versions.

Jun 15, 2026
CVE-2026-49763
9.8 CRITICAL

Unauthenticated PHP Object Injection in Integration for Contact Form 7 HubSpot <= 1.3.7 versions.

Jun 15, 2026
CVE-2026-49112
7.5 HIGH

Unauthenticated Path Traversal in Shared Files <= 1.7.64 versions.

Jun 15, 2026
CVE-2026-49110
7.5 HIGH

Unauthenticated Broken Authentication in Upsell Order Bump Offer for WooCommerce <= 3.1.4 versions.

Jun 15, 2026
CVE-2026-49109
9.8 CRITICAL

Unauthenticated PHP Object Injection in Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms <= 1.4.3 versions.

Jun 15, 2026
CVE-2026-49106
9.8 CRITICAL

Unauthenticated PHP Object Injection in Integration for Contact Form 7 and Constant Contact <= 1.1.6 versions.

Jun 15, 2026
CVE-2026-49105
9.8 CRITICAL

Unauthenticated PHP Object Injection in WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms <= 1.1.4 versions.

Jun 15, 2026
CVE-2026-49104
9.8 CRITICAL

Unauthenticated PHP Object Injection in Integration for Keap/infusionsoft and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms <= 1.2.1 versions.

Jun 15, 2026
CVE-2026-49085
9.8 CRITICAL

Unauthenticated PHP Object Injection in WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms <= 1.1.4 versions.

Jun 15, 2026
CVE-2026-49083
7.5 HIGH

Contributor Privilege Escalation in LatePoint <= 5.5.1 versions.

Jun 15, 2026
CVE-2026-49082
7.4 HIGH

Subscriber Sensitive Data Exposure in Chatway Live Chat &#8211; AI Chatbot, Customer Support, FAQ &amp; Helpdesk Customer Service &amp; Chat Buttons <= 1.4.8 versions.

Jun 15, 2026
CVE-2026-49078
7.5 HIGH

Unauthenticated Other Vulnerability Type in WP Travel Engine <= 6.7.10 versions.

Jun 15, 2026
CVE-2026-49070
7.5 HIGH

Unauthenticated Broken Access Control in Knit Pay <= 9.4.0.0 versions.

Jun 15, 2026
CVE-2026-49068
7.5 HIGH

Subscriber Sensitive Data Exposure in Coupon Affiliates <= 7.8.1 versions.

Jun 15, 2026
CVE-2026-49067
9.3 CRITICAL

Unauthenticated SQL Injection in Advanced 301 and 302 Redirect <= 1.6.9 versions.

Jun 15, 2026
CVE-2026-49066
7.5 HIGH

Unauthenticated Sensitive Data Exposure in Conekta Payment Gateway <= 6.0.0 versions.

Jun 15, 2026
CVE-2026-49065
8.2 HIGH

Unauthenticated Broken Access Control in Hippoo Mobile App for WooCommerce <= 1.9.5 versions.

Jun 15, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.