CVE Database

108577+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-50869
9.8 CRITICAL

An issue in the api/plugin.php component of Bludit v3.19.0 allows attackers to execute a directory traversal via supplying a crafted request.

Jun 15, 2026
CVE-2026-49954
7.2 HIGH

Discuz! X5.0 releases 20260320 through 20260610 contain a local file inclusion vulnerability that allows authenticated administrators to execute arbitrary code by importing a specially crafted …

Jun 15, 2026
CVE-2026-49953
6.5 MEDIUM

Discuz! X5.0 releases 20260320 through 20260610 contains a CAPTCHA bypass vulnerability that allows unauthenticated remote attackers to defeat challenge controls by exploiting limited complexity and …

Jun 15, 2026
CVE-2026-49952
9.1 CRITICAL

Discuz! X5.0 releases 20260320 through 20260501 contains an authentication bypass vulnerability that allows unauthenticated remote attackers to gain unauthorized access to database backup and restore …

Jun 15, 2026
CVE-2026-48114
9.8 CRITICAL

Metacat is data repository software that helps researchers preserve, share, and discover data. Versions 2.0.0 and and above contain an unauthenticated SQL injection in the …

Jun 15, 2026
CVE-2026-47835
8.6 HIGH

In Spring AI Vector Stores, special characters could be used to force the execution of arbitrary queries in Elasticsearch, OpenSearch, and GemFire VectorDB. Affected components: …

Jun 15, 2026
CVE-2026-45390
9.1 CRITICAL

In OCaml-tar before 3.4.0, a crafted archive with ../ path segments in its name allows escaping the current working directory. This is not desired behavior, …

Jun 15, 2026
CVE-2026-45389
7.4 HIGH

In OCaml-TLS before 2.1.0, the server implementation does insufficient checks of the certificate provided by the client (when doing client authentication), which allows impersonation with …

Jun 15, 2026
CVE-2026-45388
9.1 CRITICAL

In OCaml-TLS before 2.1.0, the client implementation does insufficient checks of the certificate provided by the server, which allows impersonation with certificates that are not …

Jun 15, 2026
CVE-2026-41708
7.5 HIGH

In Spring Cloud Sleuth, it is possible for a user to provide specially crafted calls that may cause a denial-of-service (DoS) condition. The application is …

Jun 15, 2026
CVE-2026-39197
6.5 MEDIUM

An issue in the /util/http/prelude.rs endpoint of Datadog, Inc Vector v0.54.0 allows attackers to cause a Denial of Service (DoS) via a crafted request or …

Jun 15, 2026
CVE-2026-39196
9.8 CRITICAL

Datadog, Inc Vector v0.54.0 was discovered to contain a SQL injection vulnerability in the set_uri_query parameter in the KeyPartitioner::partition function. This vulnerability allows attackers to …

Jun 15, 2026
CVE-2026-39118
8.4 HIGH

An issue in Iru, Inc Kandji Agent before v.4.7.5(5374) allows a local attacker to escalate privileges via a client validation gap to invoke restricted agent …

Jun 15, 2026
CVE-2026-39007
7.5 HIGH

An issue in Observeinc's Observe v.2026-01-28 and before allows a remote attacker to obtain sensitive information via the CSV Log export component.

Jun 15, 2026
CVE-2026-39006
9.8 CRITICAL

An issue in SNMP4J-Agent 3.8.3 allows a remote attacker to execute arbitrary code via the snmp4jCfgStoragePath component.

Jun 15, 2026
CVE-2026-38812
9.8 CRITICAL

RuoYi v4.8.2 is vulnerable to SQL Injection via the /tool/gen/createTable endpoint. The issue affects the code generation module and may allow an authenticated attacker with …

Jun 15, 2026
CVE-2026-38329
9.8 CRITICAL

Bludit CMS before version 3.18.4 allows Remote Code Execution (RCE) via the API Plugin. The POST /api/files/{key} endpoint in bl-plugins/api/plugin.php fails to perform authorization checks …

Jun 15, 2026
CVE-2026-38065
9.8 CRITICAL

Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_ims_on_with_apn via the ims_apn parameter.

Jun 15, 2026
CVE-2026-38064
9.8 CRITICAL

Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_dial_call via the dialNumber parameter.

Jun 15, 2026
CVE-2026-38063
9.8 CRITICAL

Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_radio_on_with_ia_apn via the ia parameter.

Jun 15, 2026
CVE-2026-38062
9.8 CRITICAL

Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_set_rat_mode via the ratMode parameter.

Jun 15, 2026
CVE-2026-38061
9.8 CRITICAL

Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_set_volume via the volume parameter.

Jun 15, 2026
CVE-2026-38060
9.8 CRITICAL

Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_unlock_sim via the pin parameter.

Jun 15, 2026
CVE-2026-37216
6.1 MEDIUM

Ruoyi 4.8.2 is vulnerable to Cross Site Scripting (XSS) at the interface /system/notice/add.

Jun 15, 2026
CVE-2026-36933
6.8 MEDIUM

An issue in Boyleep K11, y108 firmware v.2.3.0.11291 allows a physically proximate attacker to execute arbitrary code via the factory test feature.

Jun 15, 2026
CVE-2026-36670
8.8 HIGH

A Time-Based Blind SQL Injection vulnerability in the alias_management module of OpenSIPS Control Panel (opensips-cp) prior to version 9.3.3 allows authenticated attackers to execute arbitrary …

Jun 15, 2026
CVE-2026-36537
9.8 CRITICAL

ThingsBoard v4.3.0.1 is vulnerable to an authentication bypass during the OAuth authorization code exchange. The application improperly trusts user-supplied identity data within the user parameter …

Jun 15, 2026
CVE-2026-36521
6.1 MEDIUM

PublicCMS V5.202506.d has a Cross Site Scripting (XSS) vulnerability in the site configuration management module.

Jun 15, 2026
CVE-2026-36213
7.8 HIGH

An issue in Microvirt MEmu Android Emulator 9.2.7.0 allows a local attacker to escalate privileges via the MemuService.exe component.

Jun 15, 2026
CVE-2026-30121
9.1 CRITICAL

remotion-dev remotion v4.0.409 was discovered to contain an arbitrary file write vulnerability.

Jun 15, 2026
CVE-2026-30120
9.8 CRITICAL

remotion-dev remotion v4.0.409 was discovered to contain a remote code execution (RCE) vulnerability.

Jun 15, 2026
CVE-2026-11931
5.5 MEDIUM

Incorrect default permissions in Kiro IDE on macOS and Linux before version 0.11.133 could expose the authentication token cache file to other local users or …

Jun 15, 2026
CVE-2025-70102
6.3 MEDIUM

A NULL pointer dereference occurs in Roy Marples NetworkConfiguration/dhcpcd 10.3.0 while parsing configuration options. In parse_option() (src/if-options.c:1886), the code performs a member access on a …

Jun 15, 2026
CVE-2025-68713
8.0 HIGH

An issue was discovered in Rakuten Send Anywhere (File Transfer) for Android (com.estmob.android.sendanywhere) 23.2.9. The vulnerability allows untrusted applications (with no permissions) to force arbitrary …

Jun 15, 2026
CVE-2025-56814
7.8 HIGH

A code injection vulnerability in the wxExecute() function of OpenCPN v5.12.0 allows attackers to execute arbitrary code via embedding shell metacharacters.

Jun 15, 2026
CVE-2025-55663
5.5 MEDIUM

A segmentation violation in the Track_SetStreamDescriptor function (isomedia/track.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted …

Jun 15, 2026
CVE-2025-55661
5.5 MEDIUM

A heap buffer overflow in the Opus audio stream parser component of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via …

Jun 15, 2026
CVE-2025-55660
5.5 MEDIUM

A stack overflow in the gf_opus_read_length function (media_tools/av_parsers.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted …

Jun 15, 2026
CVE-2025-55652
5.5 MEDIUM

A heap buffer overflow in the gf_isom_vp_config_new function (isomedia/avc_ext.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a …

Jun 15, 2026
CVE-2025-55650
5.5 MEDIUM

A heap use-after-free in the gf_node_get_tag function (scenegraph/base_scenegraph.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted …

Jun 15, 2026
CVE-2025-55649
5.5 MEDIUM

A NULL pointer dereference in the gf_media_map_esd function (media_tools/isom_tools.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a …

Jun 15, 2026
CVE-2025-55648
5.5 MEDIUM

A heap buffer overflow in the gf_opus_parse_packet_header function (media_tools/av_parsers.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a …

Jun 15, 2026
CVE-2025-55647
5.5 MEDIUM

An Out-of-Memory in the mp4_mux_cenc_insert_pssh function (filters/mux_isom.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 …

Jun 15, 2026
CVE-2025-55645
5.5 MEDIUM

A heap buffer overflow in the gf_cenc_set_pssh function (isomedia/drm_sample.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a …

Jun 15, 2026
CVE-2025-55644
5.5 MEDIUM

A heap use-after-free in the gf_node_get_tag function (scenegraph/base_scenegraph.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted …

Jun 15, 2026
CVE-2025-55643
5.5 MEDIUM

A NULL pointer dereference in the TrackWriter handling component (filters/mux_isom.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying …

Jun 15, 2026
CVE-2025-55642
6.5 MEDIUM

GPAC MP4Box v2.4 was discovered to contain a floating point exception in the avidmx_process function (isomedia/isom_write.c).

Jun 15, 2026
CVE-2025-55641
5.5 MEDIUM

A NULL pointer dereference in the gf_isom_copy_sample_info function (isomedia/isom_write.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a …

Jun 15, 2026
CVE-2026-8358

LibreOffice Calc can import tracked changes from a spreadsheet document. A heap buffer overflow existed when a document reused the same change identifier for two …

Jun 15, 2026
CVE-2026-8357

LibreOffice Calc compiles cell formulas when opening a spreadsheet. A heap buffer overflow existed when compiling a very long formula made up of many opening …

Jun 15, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.