CVE Database

36500+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-36734
8.8 HIGH

EDIMAX BR-6428nS V3 1.15 is vulnerable to Command Injection. An authenticated attacker with access to the network can submit crafted input to the WLAN configuration …

May 11, 2026
CVE-2026-2614
7.5 HIGH

A vulnerability in the `_create_model_version()` handler of `mlflow/server/handlers.py` in mlflow/mlflow versions 3.9.0 and earlier allows an unauthenticated remote attacker to read arbitrary files from the …

May 11, 2026
CVE-2022-4988
7.3 HIGH

Alien::FreeImage versions through 1.001 for Perl contains several vulnerable libraries. Alien::FreeImage contains version 3.17.0 of the FreeImage library from 2017, which has known vulnerabilities such …

May 11, 2026
CVE-2026-45224
7.1 HIGH

Crabbox before 0.9.0 contains a path traversal vulnerability in the Islo provider's workspace path resolution that allows attackers to supply absolute or relative paths that …

May 11, 2026
CVE-2026-45223
8.8 HIGH

Crabbox before 0.9.0 contains an authentication bypass vulnerability in the coordinator user-token verification path where the verifyUserToken() function fails to reject payloads containing an admin …

May 11, 2026
CVE-2026-8305
7.3 HIGH

A vulnerability was detected in OpenClaw up to 2026.1.24. The impacted element is the function handleBlueBubblesWebhookRequest of the file extensions/bluebubbles/src/monitor.ts of the component bluebubbles Webhook. …

May 11, 2026
CVE-2026-5172
7.3 HIGH

A buffer overflow in dnsmasq’s extract_addresses() function allows an attacker to trigger a heap out-of-bounds read and crash by exploiting a malformed DNS response, enabling …

May 11, 2026
CVE-2026-4892
8.4 HIGH

A heap-based out-of-bounds write vulnerability in the DHCPv6 implementation of dnsmasq allows local attackers to execute arbitrary code with root privileges via a crafted DHCPv6 …

May 11, 2026
CVE-2026-4890
7.5 HIGH

A Denial of Service (DoS) vulnerability in the DNSSEC validation of dnsmasq allows remote attackers to cause a denial of service via a crafted DNS …

May 11, 2026
CVE-2026-45006
8.8 HIGH

OpenClaw before 2026.4.23 contains an improper access control vulnerability in the gateway tool's config.apply and config.patch operations that allows compromised models to write unsafe configuration …

May 11, 2026
CVE-2026-45004
7.8 HIGH

OpenClaw before 2026.4.23 contains an arbitrary code execution vulnerability in the bundled plugin setup resolver that loads setup-api.js from process.cwd() during provider setup metadata resolution. …

May 11, 2026
CVE-2026-45001
7.1 HIGH

OpenClaw before 2026.4.20 contains a guard bypass vulnerability in the agent-facing gateway config.patch and config.apply endpoints that fails to protect operator-trusted settings including sandbox policy, …

May 11, 2026
CVE-2026-44995
7.3 HIGH

OpenClaw before 2026.4.20 contains an improper environment variable validation vulnerability in MCP stdio server configuration that allows attackers to execute arbitrary code. Malicious workspace configurations …

May 11, 2026
CVE-2026-44413
8.2 HIGH

In JetBrains TeamCity before 2026.1 2025.11.5 authenticated users could expose server API to unauthorised access

May 11, 2026
CVE-2026-43640
8.1 HIGH

Bitwarden Server prior to v2026.4.1 does not require master-password re-authentication when retrieving or rotating an organization's SCIM API key, allowing an authenticated user with SCIM …

May 11, 2026
CVE-2026-43639
8.0 HIGH

Bitwarden Server prior to v2026.4.0 contains a missing authorization vulnerability that allows a provider service user to add an arbitrary organization to their provider via …

May 11, 2026
CVE-2026-42860
8.5 HIGH

The Open edx Enterprise Service app provides enterprise features to the Open edX platform. From 7.0.2 to 7.0.4, the sync_provider_data endpoint in SAMLProviderDataViewSet fetches SAML …

May 11, 2026
CVE-2026-42858
8.5 HIGH

Open edX Platform enables the authoring and delivery of online learning at any scale. The sync_provider_data endpoint in SAMLProviderDataViewSet allows authenticated Enterprise Admin users to …

May 11, 2026
CVE-2026-42315
8.1 HIGH

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, when passing a folder name in the set_package_data() API function call …

May 11, 2026
CVE-2026-42313
8.3 HIGH

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the set_config_value() API method (@permission(Perms.SETTINGS)) in src/pyload/core/api/__init__.py gates security-sensitive options behind …

May 11, 2026
CVE-2026-41431
8.0 HIGH

Zen is a firefox-based browser. Prior to 1.19.9b, Zen Browser ships a Mozilla Application Resource (MAR) updater (org.mozilla.updater) that has had all MAR signature verification …

May 11, 2026
CVE-2026-3609
7.8 HIGH

Wellbia's XIGNCODE3 xhunter1.sys kernel driver Privilege Escalation Vulnerability provides access to IRP_MJ_REITS command interface, which allows any user process to request a PROCESS_ALL_ACCESS. Cross reference …

May 11, 2026
CVE-2026-38568
8.1 HIGH

HireFlow v1.2 is vulnerable to Incorrect Access Control. The application does not enforce object-level authorization on the /candidate/<id> and /interview/<id> endpoints. The route handlers retrieve …

May 11, 2026
CVE-2026-38566
8.1 HIGH

HireFlow v1.2 does not implement CSRF token validation on any state-changing POST endpoint. All forms (password change at /profile, candidate deletion at /candidates/delete/<id>, feedback submission …

May 11, 2026
CVE-2026-36983
7.3 HIGH

D-Link DCS-932L v2.18.01 is vulnerable to Command Injection in the function sub_42EF14 of the file /bin/alphapd. The manipulation of the argument LightSensorControl leads to command …

May 11, 2026
CVE-2026-36962
7.3 HIGH

SQL Injection in MuuCMF T6 v1.9.4.20260115 allows an unauthenticated attacker to compromise the entire database, achieve unauthorized administrative access, and potentially gain remote code execution …

May 11, 2026
CVE-2026-30635
8.1 HIGH

Command injection vulnerability in automagik-genie 2.5.27 MCP Server allows attackers to execute arbitrary commands via the view_task (aka view) in the readTranscriptFromCommit function in dist/mcp/server.js …

May 11, 2026
CVE-2026-2393
7.1 HIGH

A Server-Side Request Forgery (SSRF) vulnerability exists in MLflow versions prior to 3.9.0. The `_create_webhook()` function in `mlflow/server/handlers.py` accepts a user-controlled `url` parameter without validation, …

May 11, 2026
CVE-2026-2291
7.3 HIGH

dnsmasqs extract_name() function can be abused to cause a heap buffer overflow, allowing an attacker to inject false DNS cache entries, which could result in …

May 11, 2026
CVE-2026-44738
7.7 HIGH

Grav is a file-based Web platform. Prior to 2.0.0-rc.2, the Twig sandbox allow-list permits any user with the admin.pages role to call config.toArray() from within …

May 11, 2026
CVE-2026-42843
8.8 HIGH

Grav API Plugin is a RESTful API for Grav CMS that provides full headless access to your site's content, media, configuration, users, and system management. …

May 11, 2026
CVE-2026-42603
8.8 HIGH

OWASP BLT is a QA testing and vulnerability disclosure platform that encompasses websites, apps, git repositories, and more. Prior to 2.1.2, .github/workflows/pre-commit-fix.yaml uses pull_request_target (privileged …

May 11, 2026
CVE-2026-33362
8.6 HIGH

In Meari IoT SDK builds embedded in CloudEdge 5.5.0 (build 220), Arenti 1.8.1 (build 220), and white-label Android apps <= 1.8.x (latest observed), multiple security-critical …

May 11, 2026
CVE-2026-33361
7.5 HIGH

In Meari IoT SDK image handling (libmrplayer.so) as observed in CloudEdge 5.5.0 (build 220), Arenti 1.8.1 (build 220), and related white-label apps (<= 1.8.x), baby …

May 11, 2026
CVE-2026-33359
7.5 HIGH

In Meari IoT Cloud alert image storage on Alibaba OSS (latest observed; storage service version not disclosed), motion snapshots are retrievable without authentication, signed URLs, …

May 11, 2026
CVE-2026-33357
7.5 HIGH

In Meari client applications embedding "com.meari.sdk" (including CloudEdge 5.5.0 build 220, Arenti 1.8.1 build 220, and related white-label <= 1.8.x), the integrated call path to …

May 11, 2026
CVE-2026-33356
7.7 HIGH

In Meari IoT Cloud MQTT Broker deployments running EMQX 4.x, any authenticated low-privilege account can subscribe to global wildcard topics and receive telemetry from devices …

May 11, 2026
CVE-2026-31254
7.3 HIGH

The flash-attention project thru commit e724e2588cbe754beb97cf7c011b5e7e34119e62 (2025-13-04) contains a code injection vulnerability (CWE-94) in its training script. The script registers the Python eval() function as …

May 11, 2026
CVE-2026-31253
7.3 HIGH

The flash-attention training framework thru commit e724e2588cbe754beb97cf7c011b5e7e34119e62 (2025-13-04) contains an insecure deserialization vulnerability (CWE-502) in its checkpoint loading mechanism. The load_checkpoint() function in checkpoint.py and …

May 11, 2026
CVE-2026-31251
7.3 HIGH

CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e (2025-30-21) contains an insecure deserialization vulnerability (CWE-502) in its gRPC server component. When the server starts, it loads the speech synthesis …

May 11, 2026
CVE-2026-31250
7.3 HIGH

CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e (2025-30-21) contains an insecure deserialization vulnerability (CWE-502) in its average_model.py model averaging tool. The script loads PyTorch checkpoint files (epoch_*.pt) for …

May 11, 2026
CVE-2026-31249
7.3 HIGH

CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e (2025-30-21) contains an insecure deserialization vulnerability (CWE-502) in its make_parquet_list.py data processing tool. The script loads PyTorch .pt files (utterance embeddings, …

May 11, 2026
CVE-2026-31248
7.5 HIGH

Docling's METS GBS backend is vulnerable to XML Entity Expansion (XXE) attacks thru 2.61.0. The backend extracts and validates XML files from .tar.gz archives using …

May 11, 2026
CVE-2026-7819
8.1 HIGH

Symbolic-link path traversal (CWE-61, CWE-22) in pgAdmin 4 File Manager. check_access_permission used os.path.abspath, which resolves '..' but does not resolve symbolic links, while the subsequent …

May 11, 2026
CVE-2026-7818
7.0 HIGH

Deserialization of untrusted data (CWE-502) in pgAdmin 4 FileBackedSessionManager. The session manager performed unsafe deserialization of session-file contents (using Python's standard object-serialization module) before performing …

May 11, 2026
CVE-2026-7816
8.8 HIGH

OS command injection (CWE-78) vulnerability in pgAdmin 4 Import/Export query export. User-supplied input was interpolated directly into a psql \copy metacommand template without sanitization. An …

May 11, 2026
CVE-2026-7815
8.8 HIGH

SQL injection vulnerability in pgAdmin 4 Maintenance Tool. Four user-supplied JSON fields (buffer_usage_limit, vacuum_parallel, vacuum_index_cleanup, reindex_tablespace) were concatenated directly into the rendered VACUUM/ANALYZE/REINDEX command and …

May 11, 2026
CVE-2026-42612
8.5 HIGH

Grav is a file-based Web platform. Prior to 2.0.0-beta.2, a stored Cross-Site Scripting (XSS) vulnerability in getgrav/grav allows publisher-level accounts to execute arbitrary JavaScript. The …

May 11, 2026
CVE-2026-42611
8.9 HIGH

Grav is a file-based Web platform. Prior to 2.0.0-beta.2, a low-privileged (with the ability to create a page) user can cause XSS with the injection …

May 11, 2026
CVE-2026-42609
8.1 HIGH

Grav is a file-based Web platform. Prior to 2.0.0-beta.2, a business logic vulnerability in the Grav Admin Panel allows a low-privileged user (with only user …

May 11, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.