CVE Database

108577+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-45416
7.5 HIGH

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, SslClientHelloHandler.decode() reads the 24-bit TLS handshake …

Jun 12, 2026
CVE-2026-44894
7.5 HIGH

Netty is a network application framework for development of protocol servers and clients. NoQuicTokenHandler is the tokenHandler used when the application does not set one. …

Jun 12, 2026
CVE-2026-44893
7.5 HIGH

Netty is a network application framework for development of protocol servers and clients. In netty-codec-haproxy prior to versions 4.1.135.Final and 4.2.15.Final, when decoding a PP2_TYPE_SSL …

Jun 12, 2026
CVE-2026-44205

Frappe is a full-stack web application framework. Prior to version 15.106.0, a stored XSS vulnerability in the user profile image section allows an attacker to …

Jun 12, 2026
CVE-2026-41581

Frappe is a full-stack web application framework. Prior to versions 15.106.0 and 16.16.0, there is a possible SQL Injection via get_blog_list. This issue has been …

Jun 12, 2026
CVE-2026-10557
9.8 CRITICAL

The Yarbo Android and iOS applications contain hard-coded MQTT broker credentials that are identical for all users and all devices. These credentials are embedded in …

Jun 12, 2026
CVE-2026-54102

Rejected reason: Reserved but no longer needed.

Jun 12, 2026
CVE-2026-54101

Rejected reason: Reserved but no longer needed.

Jun 12, 2026
CVE-2026-49993
5.7 MEDIUM

Nuxt is an open-source web development framework for Vue.js. In @nuxt/rspack-builder and @nuxt/webpack-builder from versions 3.15.4 to before 3.21.7 and 4.0.0 to before 4.4.7, there …

Jun 12, 2026
CVE-2026-47200
5.3 MEDIUM

Nuxt is an open-source web development framework for Vue.js. In Nuxt versions 3.11.0 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6 and @nuxt/nitro-server versions 3.20.0 …

Jun 12, 2026
CVE-2026-46342
5.4 MEDIUM

Nuxt is an open-source web development framework for Vue.js. In Nuxt versions 3.1.0 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6 and @nuxt/nitro-server versions 3.20.0 …

Jun 12, 2026
CVE-2026-45670
5.4 MEDIUM

Nuxt is an open-source web development framework for Vue.js. In @nuxt/rspack-builder and @nuxt/webpack-builder versions 3.15.4 to before 3.21.6, and 4.0.0-alpha.1 to before 4.4.6, there is …

Jun 12, 2026
CVE-2026-45669
5.4 MEDIUM

Nuxt is an open-source web development framework for Vue.js. From versions 3.4.3 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6, navigateTo() with external: true generates …

Jun 12, 2026
CVE-2026-1836

The system stores the username and password from the login form after submitting the request. This could allow an attacker with access to the platform …

Jun 12, 2026
CVE-2026-12066
7.3 HIGH

A security flaw has been discovered in PbootCMS up to 3.2.12. This vulnerability affects the function retrieve of the file apps/home/controller/MemberController.php of the component Password …

Jun 12, 2026
CVE-2026-12065
1.8 LOW

A vulnerability was identified in Groww Stock, Mutual Fund, Gold App up to 20260805 on Android. This affects an unknown part of the component WebView …

Jun 12, 2026
CVE-2026-11967

MobaXterm Personal Edition (Portable), in its 26.3 version (Build 5154), allows arbitrary code execution by loading a malicious DLL located in the same directory as …

Jun 12, 2026
CVE-2026-11879

MobaXterm Personal Edition (Portable), in its 26.3 version (Build 5154), allows arbitrary code execution by loading malicious DLLs from a temporary directory that is predictable …

Jun 12, 2026
CVE-2017-20240
5.9 MEDIUM

Crypt::PBKDF2 versions before 0.261630 for Perl are vulnerable to timing attacks. These versions use Perl's built-in eq comparison. Discrepancies in timing could be used to …

Jun 12, 2026
CVE-2026-49347

Quest Bot is an opensource Discord Bot. Prior to version 1.1.8, any user who can access the ticket panel can repeatedly create new ticket channels. …

Jun 12, 2026
CVE-2026-48485

Quest Bot is an opensource Discord Bot. Prior to version 1.1.6, the latest release suppresses mentions when creating, unbanning, unwarning, kicking, muting, and unmuting, but …

Jun 12, 2026
CVE-2026-47197

Quest Bot is an opensource Discord Bot. Prior to version 1.1.6, a moderator with the relevant Discord permission bit can use the bot to moderate …

Jun 12, 2026
CVE-2026-47196

Quest Bot is an opensource Discord Bot. Prior to version 1.1.6, the automod add command trims user input but does not reject an empty result. …

Jun 12, 2026
CVE-2026-47195

Quest Bot is an opensource Discord Bot. Prior to version 1.1.6, the purge and slowmode commands check only guild-level permissions on the invoking member. They …

Jun 12, 2026
CVE-2026-9266

A Missing Required Cryptographic Step vulnerability has been identified in Moxa's embedded Linux firmware for industrial computers and controllers. This vulnerability represents an incomplete remediation …

Jun 12, 2026
CVE-2026-11849
9.8 CRITICAL

The iRM-IEI Remote Management developed by IEI Integration Corp has a Hardcoded Credentials vulnerability, allowing unauthenticated remote attackers to exploit hard-coded credentials to gain administrative …

Jun 12, 2026
CVE-2026-11848
5.3 MEDIUM

The iRM-IEI Remote Management developed by IEI Integration Corp has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to exploit a specific functionality to obtain …

Jun 12, 2026
CVE-2026-50645
7.5 HIGH

There is no restriction on the amount of attachment headers that a message can contain when being deserialized by Apache CXF, which can lead to …

Jun 12, 2026
CVE-2026-50634
6.5 MEDIUM

A vulnerability in Apache CXF's JwsJsonContainerRequestFilter can be exploited to cause CXF to process metadata that was not authenticated by the accepted signature. This can …

Jun 12, 2026
CVE-2026-50633
8.1 HIGH

A JNDI Injection vulnerability has been discovered in Apache CXF's JCA integration module, which can allow for code execution, if an attacker is able to …

Jun 12, 2026
CVE-2026-50632
8.1 HIGH

A further incomplete fix for a previous advisory CVE-2026-44417 (Untrusted JMS configuration can lead to RCE) for Apache CXF has been identified, which can allow …

Jun 12, 2026
CVE-2026-50631
7.4 HIGH

A race condition in AbstractOAuthDataProvider allows concurrent requests using the same Refresh Token to bypass single-use semantics and generate multiple valid Access Tokens, when 'recycleRefreshTokens' …

Jun 12, 2026
CVE-2026-50630
6.5 MEDIUM

A CRLF injection vulnerability exists in the OAuth2 AuthorizationUtils class. When constructing the WWW-Authenticate response header, the 'realm' parameter is concatenated without sanitizing Carriage Return …

Jun 12, 2026
CVE-2026-50629
5.3 MEDIUM

The 'clientId' parameter from incoming HTTP requests is directly concatenated into OAuth2 server log warning messages without sanitizing control characters. This allows an attacker to …

Jun 12, 2026
CVE-2026-50628
9.8 CRITICAL

A logic error in OAuthRequestFilter rejects legitimate requests originating from the bound IP address, while blindly allowing requests from any other IP address. Enabling this …

Jun 12, 2026
CVE-2026-50627
9.1 CRITICAL

The JwtAccessTokenValidator class in Apache CXF fails to validate the 'aud' (Audience) claims of incoming JWT access tokens. This allows a JWT issued for one …

Jun 12, 2026
CVE-2026-50623
4.8 MEDIUM

An authentication bypass vulnerability exists in the OAuth2 TokenIntrospectionService in Apache CXF. Due to a missing 'throw' keyword in the security context check, the introspection …

Jun 12, 2026
CVE-2026-49875
9.8 CRITICAL

Apache CXF's EndpointReferenceUtils and W3CMultiSchemaFactory classes construct a SAXParserFactory without the necessary JAXP hardening configurations, enabling out-of-band (OOB) external entity resolution. Users are recommended to …

Jun 12, 2026
CVE-2026-48914
6.7 MEDIUM

A flaw was found in QEMU's virtio-blk device. The issue arises because the device does not properly validate the size of input descriptors before writing …

Jun 12, 2026
CVE-2026-11847
4.3 MEDIUM

The iVEC-IEI Virtualization Edge Computer developed by IEI Integration Corp has a Path Traversal vulnerability, allowing authenticated remote attackers to exploit this vulnerability to create …

Jun 12, 2026
CVE-2026-11846
8.1 HIGH

The iVEC-IEI Virtualization Edge Computer developed by IEI Integration Corp has an Arbitrary File Deletion vulnerability, allowing authenticated remote attackers to exploit this vulnerability to …

Jun 12, 2026
CVE-2026-11845
7.2 HIGH

The iVEC-IEI Virtualization Edge Computer developed by IEI Integration Corp has a OS Command Injection vulnerability, allowing privileged remote attackers to inject arbitrary OS commands …

Jun 12, 2026
CVE-2026-11844
4.9 MEDIUM

The iVEC-IEI Virtualization Edge Computer developed by IEI Integration Corp has a Arbitrary File Read vulnerability, allowing privileged remote attackers to access files outside the …

Jun 12, 2026
CVE-2026-12058

The connection confirmation pop-up of a specific feature in the PcSuite can be bypassed.

Jun 12, 2026
CVE-2026-11535

An unauthorized access vulnerability exists in the PcSuite APP. The vulnerability can be exploited by attackers to Unauthorized access to the victim’s device.

Jun 12, 2026
CVE-2026-9271
5.9 MEDIUM

Vulnerability Title

Jun 12, 2026
CVE-2026-9269
3.5 LOW

The Secure Copy Content Protection and Content Locking WordPress plugin before 5.1.5 does not sanitise and escape some of its settings, which could allow high …

Jun 12, 2026
CVE-2026-12060
6.5 MEDIUM

Heptabase developed by Hepta Platforms has a Exposed Dangerous Method or Function vulnerability, allowing unauthenticated remote attackers to leverage social engineering techniques to trick a …

Jun 12, 2026
CVE-2026-12059
8.8 HIGH

The SSH service of CelloOS developed by Cellopoint has an Improper Access Control vulnerability, allowing authenticated remote attackers to bypass the enforced command restrictions and …

Jun 12, 2026
CVE-2026-45169

Idira Privileged Access Manager (PAM) Self-Hosted Vault versions prior to 15.0.3, 14.6.5, 14.2.7, and 14.0.8 exhibit a validation vulnerability. Under specific circumstances and configuration scenarios, …

Jun 12, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.