CVE Database

108577+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-8356

LibreOffice can import presentations in the legacy binary PPT format. A stack buffer overflow existed when importing a colour-replacement record. Two fixed-size colour tables were …

Jun 15, 2026
CVE-2026-6047

LibreOffice can import documents in the OOXML format (DOCX). A heap buffer overflow existed when replaying deferred parser events for a text box element. A …

Jun 15, 2026
CVE-2026-6045

LibreOffice can import EMF+ graphics, which may be embedded in documents. A heap buffer overflow existed when importing an EMF+ gradient brush. The number of …

Jun 15, 2026
CVE-2026-6040

A heap use-after-free existed when importing the blank-width characters of an ODF number format. A position value read from the document was not checked against …

Jun 15, 2026
CVE-2026-6039

LibreOffice can import drawings in the DXF format used by CAD software. A heap buffer overflow existed when importing a DXF polyline. The point count …

Jun 15, 2026
CVE-2026-49294
6.1 MEDIUM

Valhalla is an open source routing engine and accompanying libraries for use with OpenStreetMap data. Versions 3.6.3 and prior are vulnerable to reflected cross-site scripting …

Jun 15, 2026
CVE-2026-47777
7.5 HIGH

Mastodon is a free, open-source social network server based on ActivityPub. In versions there is a missing condition in the check if remote accounts consented …

Jun 15, 2026
CVE-2026-20262
6.5 MEDIUM KEV

A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker to create a file or …

Jun 15, 2026
CVE-2026-9863
7.5 HIGH

Fortra BoKS Manager contains an OS command injection vulnerability in the client upgrade and patch tooling for legacy tar-based client installations. A malicious or compromised …

Jun 15, 2026
CVE-2026-9862
9.8 CRITICAL

Fortra's Core Privileged Access Manager (BoKS) contains an OS command injection vulnerability in the boks_autoregisterd service. A remote attacker with network access to the service …

Jun 15, 2026
CVE-2026-9595
5.3 MEDIUM

Impact: When a user-configured proxy on webpack-dev-server has a broad context (e.g. /) and ws: true, it also intercepts the dev server's own HMR WebSocket …

Jun 15, 2026
CVE-2026-8683
6.5 MEDIUM

Mattermost Desktop App versions <=6.1 5.5.13.0 fail to account for attempting to open extremely long URLs in the Mattermost Desktop App which allows a malicious …

Jun 15, 2026
CVE-2026-5038
5.3 MEDIUM

Impact: multer versions 2.0.0-alpha.1 through 2.1.1 and 3.0.0-alpha.1 are vulnerable to a Denial of Service when using diskStorage. Aborted or malformed multipart uploads leave orphaned …

Jun 15, 2026
CVE-2026-10634
4.8 MEDIUM

Zephyr's native TCP stack iterates the global connection list in net_tcp_foreach() (subsys/net/ip/tcp.c) using the SYS_SLIST_FOR_EACH_CONTAINER_SAFE macro, which caches a pointer to the next list node. …

Jun 15, 2026
CVE-2025-15659
6.5 MEDIUM

Contributor Cross Site Scripting (XSS) in Elizaibots <= 1.0.2 versions.

Jun 15, 2026
CVE-2025-15658
5.9 MEDIUM

Administrator Cross Site Scripting (XSS) in WP Emmet <= 0.3.4 versions.

Jun 15, 2026
CVE-2026-6517
6.3 MEDIUM

Mattermost Desktop App versions <=6.1 5.5.13.0 fail to restrict the allow list of domains to which NTLM credentials were forwarded to in the Mattermost Desktop …

Jun 15, 2026
CVE-2026-5242
8.8 HIGH

Improper neutralization of formula elements in a CSV file vulnerability in MIA Technology Inc. Pizzy Library allows Code Injection. This issue affects Pizzy Library: from …

Jun 15, 2026
CVE-2026-5233
7.1 HIGH

Improper Control of Interaction Frequency vulnerability in MIA Technology Inc. Pizzy Library allows Flooding. This issue affects Pizzy Library: from 1.0.0.26250 before 1.3.9.26250.

Jun 15, 2026
CVE-2026-5230
7.1 HIGH

Improper Access Control, Missing Authorization vulnerability in MIA Technology Inc. Pizzy Library allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Pizzy Library: …

Jun 15, 2026
CVE-2026-5079
7.5 HIGH

Impact: multer versions 1.0.0 through 2.1.1 and 3.0.0-alpha.1 are vulnerable to a Denial of Service via deeply nested field names in multipart form data. The …

Jun 15, 2026
CVE-2026-52704
10.0 CRITICAL

Improper Control of Generation of Code ('Code Injection') vulnerability in Edgar Rojas WooCommerce PDF Invoice Builder allows Remote Code Inclusion. This issue affects WooCommerce PDF …

Jun 15, 2026
CVE-2026-49111
8.8 HIGH

Incorrect Privilege Assignment vulnerability in ThemeGrill Masteriyo - LMS allows Privilege Escalation. This issue affects Masteriyo - LMS: from n/a through 2.2.0.

Jun 15, 2026
CVE-2026-49064
7.5 HIGH

Insertion of Sensitive Information Into Sent Data vulnerability in Stiofan GetPaid allows Retrieve Embedded Sensitive Data. This issue affects GetPaid: from n/a through 2.8.49.

Jun 15, 2026
CVE-2026-49062
8.8 HIGH

Authentication Bypass Using an Alternate Path or Channel vulnerability in WP Engine Faust.Js allows Password Recovery Exploitation. This issue affects Faust.Js: from n/a through 1.8.7.

Jun 15, 2026
CVE-2026-48969
6.5 MEDIUM

Subscriber Broken Access Control in Really Simple SSL <= 9.5.9 versions.

Jun 15, 2026
CVE-2025-64215
6.5 MEDIUM

Missing Authorization vulnerability in StylemixThemes MasterStudy LMS Pro allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects MasterStudy LMS Pro: from n/a before …

Jun 15, 2026
CVE-2019-25746
7.1 HIGH

WordPress Sliced Invoices 3.8.2 contains an authenticated SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'post' …

Jun 15, 2026
CVE-2018-25437
7.5 HIGH

WordPress CherryFramework Themes 3.1.4 contains an information disclosure vulnerability that allows unauthenticated attackers to download sensitive backup files by accessing the download_backup.php endpoint. Attackers can …

Jun 15, 2026
CVE-2018-25436
9.8 CRITICAL

WordPress Plugin Baggage Freight Shipping Australia 0.1.0 contains an unrestricted file upload vulnerability that allows unauthenticated attackers to upload arbitrary files by exploiting the upload-package.php …

Jun 15, 2026
CVE-2016-20084
7.2 HIGH

WordPress appointment-booking-calendar 1.1.24 contains multiple privilege escalation vulnerabilities that allow unauthenticated attackers to modify calendar settings and inject persistent cross-site scripting payloads through the admin.php …

Jun 15, 2026
CVE-2016-20083
5.3 MEDIUM

WordPress More Fields Plugin 2.1 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions by disabling CSRF token validation. Attackers can …

Jun 15, 2026
CVE-2016-20082
6.2 MEDIUM

WordPress Plugin Abtest contains a local file inclusion vulnerability that allows unauthenticated attackers to include arbitrary files by manipulating the action parameter. Attackers can send …

Jun 15, 2026
CVE-2016-20081
7.5 HIGH

WordPress Plugin HB Audio Gallery Lite 1.0.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary files by manipulating the file_path parameter. …

Jun 15, 2026
CVE-2016-20080
6.2 MEDIUM

WordPress Brandfolder plugin version 3.0 and earlier contains a local file inclusion vulnerability in callback.php that allows unauthenticated attackers to include arbitrary files by manipulating …

Jun 15, 2026
CVE-2016-20079
6.2 MEDIUM

WordPress Dharma Booking 2.28.3 and earlier contains a local file inclusion vulnerability that allows unauthenticated attackers to include arbitrary files by manipulating the gateway parameter. …

Jun 15, 2026
CVE-2016-20078
6.2 MEDIUM

WordPress IMDb Profile Widget 1.0.8 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the url parameter. Attackers …

Jun 15, 2026
CVE-2016-20077
6.2 MEDIUM

WordPress Plugin Photocart Link 1.6 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting insufficient input validation in …

Jun 15, 2026
CVE-2016-20076
7.5 HIGH

WordPress Simple-Backup 2.7.11 contains multiple vulnerabilities that allow unauthenticated attackers to delete arbitrary files and download sensitive files by manipulating the delete_backup_file and download_backup_file parameters …

Jun 15, 2026
CVE-2016-20075
8.8 HIGH

WordPress Ultimate Product Catalog 3.8.6 contains an arbitrary file upload vulnerability that allows authenticated users with contributor, editor, author, or administrator roles to upload malicious …

Jun 15, 2026
CVE-2016-20074
4.3 MEDIUM

WordPress Lazy Content Slider Plugin 3.4 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions by crafting malicious HTML forms. Attackers …

Jun 15, 2026
CVE-2016-20073
8.2 HIGH

Answer My Question 1.3 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code …

Jun 15, 2026
CVE-2016-20072
8.2 HIGH

BBS e-Franchise 1.1.1 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through …

Jun 15, 2026
CVE-2016-20071
8.2 HIGH

The 404 Redirection Manager plugin version 1.0 for WordPress contains an unauthenticated SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by …

Jun 15, 2026
CVE-2016-20070
6.4 MEDIUM

WordPress Booking Calendar Contact Form 1.0.23 contains privilege escalation and stored cross-site scripting vulnerabilities that allow authenticated users to modify plugin options and inject malicious …

Jun 15, 2026
CVE-2016-20069
8.2 HIGH

WordPress Booking Calendar Contact Form 1.0.23 contains an unauthenticated blind SQL injection vulnerability in the shortcode function that fails to sanitize the calendar parameter before …

Jun 15, 2026
CVE-2016-20068
8.2 HIGH

WordPress Booking Calendar Contact Form version 1.0.23 contains an unauthenticated blind SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting …

Jun 15, 2026
CVE-2016-20067
4.3 MEDIUM

WordPress CP Polls 1.0.8 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions on behalf of authenticated users. Attackers can craft …

Jun 15, 2026
CVE-2016-20066
7.2 HIGH

WordPress CP Polls 1.0.8 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through unsanitized file upload functionality. Attackers can upload …

Jun 15, 2026
CVE-2026-5482

Responsive FileManager's allows an unauthenticated attacker to upload files of any type and extension without restriction using dialog.php endpoint, leading to Remote Code Execution. This …

Jun 15, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.