CVE Database

108577+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-44892
7.5 HIGH

Netty is a network application framework for development of protocol servers and clients. Prior to version 4.2.15.Final, the default configuration of the `Http3ConnectionHandler` in the …

Jun 12, 2026
CVE-2026-48613
5.9 MEDIUM

SQL injection vulnerability in phpBB profile field migration due to improper handling of user-supplied profile field data during migration, allowing execution of arbitrary SQL queries. …

Jun 12, 2026
CVE-2026-48612
8.0 HIGH

Improper state verification in the OAuth implementation could allow an attacker to manipulate the authentication flow and cause a victim’s account to be linked to …

Jun 12, 2026
CVE-2026-48611
9.8 CRITICAL

Improper authentication checks in the OAuth implementation allow account hijacking even when OAuth is not configured or enabled leading to unauthorized access in default installations.

Jun 12, 2026
CVE-2026-48610
8.1 HIGH

Under certain network configurations, a malicious actor with access to network could exploit an Improper Access Control vulnerability found in certain devices running UniFi OS …

Jun 12, 2026
CVE-2026-47370
9.9 CRITICAL

A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in certain devices running UniFi OS …

Jun 12, 2026
CVE-2026-47369
9.9 CRITICAL

A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in certain devices running UniFi OS …

Jun 12, 2026
CVE-2026-47368
8.6 HIGH

A malicious actor with access to the network could exploit a Path Traversal vulnerability found in certain devices running UniFi OS to obtain data from …

Jun 12, 2026
CVE-2026-47367
9.9 CRITICAL

A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in UID Enterprise Agent to execute …

Jun 12, 2026
CVE-2026-47366
7.2 HIGH

Improper verification of access permissions when modifying permissions through the Administration Control Panel (ACP) allowed an authenticated administrator to grant permissions beyond the level authorized …

Jun 12, 2026
CVE-2026-47365
9.9 CRITICAL

Argument injection vulnerability in WordPress Toolkit before 6.11.0 as used in cPanel & WHM, allows remote authenticated users to bypass cross-tenant authorization and execute arbitrary …

Jun 12, 2026
CVE-2026-20746

Virtual attribute handling in Ping Identity PingDirectory in affected versions allows only authorized users to exhaust java memory heap when recent login history is enabled …

Jun 12, 2026
CVE-2026-9125
6.4 MEDIUM

The Presto Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link_url' parameter of the [presto_player_overlay] shortcode in versions up to, and …

Jun 12, 2026
CVE-2026-45170

Idira Privilege Cloud Connector versions prior 1.1.100504 under specific conditions and configuration scenarios, TLS certificate validation may not be fully enforced. CyberArk Security Bulletin: CA26-17

Jun 12, 2026
CVE-2026-11933
8.8 HIGH

A use-after-free vulnerability exists in MongoDB Server's server-side JavaScript engine when converting BSON documents to JavaScript arrays. An authenticated user with read privileges who is …

Jun 12, 2026
CVE-2026-49482
4.3 MEDIUM

ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - #141, ClipBucket v5 contains an improper neutralization of SQL wildcard characters …

Jun 12, 2026
CVE-2026-10676

Rejected reason: This CVE Record has been rejected by the Zephyr Project CNA. Subsequent analysis determined that the addressed defect is not reachable in any …

Jun 12, 2026
CVE-2026-47238
6.5 MEDIUM

ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - #133, a normal authenticated user can edit another user's video subtitles …

Jun 11, 2026
CVE-2026-45418
8.8 HIGH

ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - #132, any authenticated user who can upload videos can add multiple …

Jun 11, 2026
CVE-2026-45060
9.8 CRITICAL

ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - #129, the actions/progress_video.php endpoint is vulnerable to blind SQL injection. Any …

Jun 11, 2026
CVE-2026-42846
9.8 CRITICAL

ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - #140, ClipBucket's Remote Play feature allows any authenticated user to add …

Jun 11, 2026
CVE-2026-6250
8.1 HIGH

An authenticated format string vulnerability exists in the ONVIF service of Tapo C110 v2 due to improper handling of user-controlled input. Externally controlled data is …

Jun 11, 2026
CVE-2026-49060
9.8 CRITICAL

Incorrect Privilege Assignment vulnerability in Hippoo Mobile App for WooCommerce allows Privilege Escalation. This issue affects Hippoo Mobile App for WooCommerce: from n/a through 1.9.4.

Jun 11, 2026
CVE-2026-45174

Idira Endpoint Privilege Manager Linux Agent versions prior to 26.5 allow a local attacker to potentially compromise the agent daemon initialization. CyberArk Security Bulletin: CA26-19

Jun 11, 2026
CVE-2026-45173

Idira Identity Browser Extension (Chrome, Firefox, and Edge builds) versions prior to 26.8.1 exhibit an origin validation flaw within its internal web-page verification routines. If …

Jun 11, 2026
CVE-2026-45172

Due to incomplete input validation in Idira Privileged Session Manager for SSH (PSMP) versions prior to 15.0.2, 14.6.3, 14.2.5, and 14.0.6, an authenticated, low-privileged user …

Jun 11, 2026
CVE-2026-45171

Incomplete input validation and improperly configured folder permissions within Idira Privileged Session Manager (PSM) versions prior to 15.0.3, 14.6.3, 14.2.5, and 14.0.5, an authenticated, low-privileged …

Jun 11, 2026
CVE-2026-44890
7.5 HIGH

Netty is a network application framework for development of protocol servers and clients. In netty-codec-redis prior to versions 4.1.135.Final and 4.2.15.Final, an attacker can cause …

Jun 11, 2026
CVE-2026-44250
7.5 HIGH

Netty is a network application framework for development of protocol servers and clients. In netty-codec-redis prior to versions 4.1.135.Final and 4.2.15.Final, an attacker can cause …

Jun 11, 2026
CVE-2026-44249
8.1 HIGH

Netty is a network application framework for development of protocol servers and clients. In netty-handler prior to versions 4.1.135.Final and 4.2.15.Final, an attacker can bypass …

Jun 11, 2026
CVE-2026-42653
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in iova.Mihai SliceWP allows Stored XSS. This issue affects SliceWP: from n/a through 1.2.6.

Jun 11, 2026
CVE-2026-42647
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Beardev JoomSport allows Blind SQL Injection. This issue affects JoomSport: from …

Jun 11, 2026
CVE-2026-39494
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WBW Plugins Product Filter by WBW allows Blind SQL Injection. This …

Jun 11, 2026
CVE-2026-12035
8.8 HIGH

Use after free in Views in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker to potentially exploit heap corruption via a crafted …

Jun 11, 2026
CVE-2026-12034
8.3 HIGH

Insufficient validation of untrusted input in Linux Toolkit Theming in Google Chrome on Linux prior to 149.0.7827.115 allowed a remote attacker who had compromised the …

Jun 11, 2026
CVE-2026-12033
5.3 MEDIUM

Out of bounds read in VideoCapture in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the GPU process to obtain potentially …

Jun 11, 2026
CVE-2026-12032
3.1 LOW

Inappropriate implementation in Passwords in Google Chrome on Android prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to bypass site …

Jun 11, 2026
CVE-2026-12031
8.3 HIGH

Inappropriate implementation in Views in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform …

Jun 11, 2026
CVE-2026-12030
8.3 HIGH

Out of bounds write in GPU in Google Chrome on Android prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to …

Jun 11, 2026
CVE-2026-12029
8.3 HIGH

Use after free in Video in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially …

Jun 11, 2026
CVE-2026-12028
8.3 HIGH

Use after free in GPU in Google Chrome on Android prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially …

Jun 11, 2026
CVE-2026-12027
9.6 CRITICAL

Inappropriate implementation in Headless in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox …

Jun 11, 2026
CVE-2026-12026
6.5 MEDIUM

Out of bounds read in Video in Google Chrome on ChromeOS prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to …

Jun 11, 2026
CVE-2026-12025
5.3 MEDIUM

Insufficient validation of untrusted input in Network in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to leak …

Jun 11, 2026
CVE-2026-12024
6.5 MEDIUM

Insufficient policy enforcement in DevTools in Google Chrome prior to 149.0.7827.115 allowed a remote attacker to bypass same origin policy via a crafted HTML page. …

Jun 11, 2026
CVE-2026-12023
8.3 HIGH

Use after free in GPU in Google Chrome on Mac prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially …

Jun 11, 2026
CVE-2026-12022
8.3 HIGH

Race in Safe Browsing in Google Chrome on Mac prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform …

Jun 11, 2026
CVE-2026-12020
8.8 HIGH

Use after free in Autofill in Google Chrome on Mac prior to 149.0.7827.115 allowed a remote attacker to potentially exploit heap corruption via a crafted …

Jun 11, 2026
CVE-2026-12019
8.3 HIGH

Heap buffer overflow in Codecs in Google Chrome on Linux and ChromeOS prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process …

Jun 11, 2026
CVE-2026-12018
8.8 HIGH

Inappropriate implementation in Mojo in Google Chrome on Windows prior to 149.0.7827.115 allowed a local attacker to perform OS-level privilege escalation via a malicious file. …

Jun 11, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.