CVE Database

108577+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-47173

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.3, a normal user can create a ticket …

Jun 11, 2026
CVE-2026-47172

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.3, the repository has a privileged deploy workflow …

Jun 11, 2026
CVE-2026-47171

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.3, a normal user can create a reminder …

Jun 11, 2026
CVE-2026-47170
7.7 HIGH

Garlic-Hub manages digital signage network — devices, content, and playlists — from a single self-hosted interface. Prior to version 1.1, authenticated users can cause the …

Jun 11, 2026
CVE-2026-47169

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.3, a user with Manage Server / ManageGuild, …

Jun 11, 2026
CVE-2026-47167
5.3 MEDIUM

Vim is an open source, command line text editor. Prior to version 9.2.0496, a code injection vulnerability exists in s:stepmatch() in the cucumber filetype plugin …

Jun 11, 2026
CVE-2026-47163

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.1, any guild member who can invoke slash …

Jun 11, 2026
CVE-2026-47162
8.8 HIGH

Vim is an open source, command line text editor. Prior to version 9.2.0495, a Vimscript code injection vulnerability exists in s:NetrwBookHistSave() in the netrw plugin …

Jun 11, 2026
CVE-2026-46519
8.8 HIGH

mcp-server-kubernetes is a Model Context Protocol server for Kubernetes cluster management. Prior to version 3.6.0, mcp-server-kubernetes exposes three environment variables (ALLOW_ONLY_READONLY_TOOLS, ALLOW_ONLY_NON_DESTRUCTIVE_TOOLS, ALLOWED_TOOLS) documented as …

Jun 11, 2026
CVE-2026-45178

Idira Secrets Manager Self-Hosted versions 13.8.0 and lower exhibit improper access control within internal cluster endpoints. A remote, authenticated attacker possessing standard node-level credentials could …

Jun 11, 2026
CVE-2026-45177

Idira Secrets Manager SaaS Edge versions prior to 1.8 exhibit improper access control within its internal authentication components. A remote, unauthenticated attacker could exploit this …

Jun 11, 2026
CVE-2026-45176

Idira Endpoint Privilege Manager Agent versions prior to 26.5 exhibit improper access control within high-privileged agent components. A local, low-privileged attacker could exploit this by …

Jun 11, 2026
CVE-2026-11774
7.6 HIGH

An integer overflow flaw was found in the SASL I/O layer of 389 Directory Server (389-ds-base). In sasl_io_start_packet(), adding sizeof(uint32_t) to a crafted SASL packet …

Jun 11, 2026
CVE-2025-46315
7.5 HIGH

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.1. An app may be able to access protected user …

Jun 11, 2026
CVE-2025-46313
5.5 MEDIUM

A logging issue was addressed with improved data redaction. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive …

Jun 11, 2026
CVE-2025-46308
5.3 MEDIUM

An authorization issue was addressed with improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. An app may …

Jun 11, 2026
CVE-2025-46293
5.5 MEDIUM

This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15.4. An app may be able to access protected …

Jun 11, 2026
CVE-2025-43339
5.5 MEDIUM

An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Tahoe 26.1. A malicious app may be able to access …

Jun 11, 2026
CVE-2025-43278
5.5 MEDIUM

This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15.4. An app may be able to access protected …

Jun 11, 2026
CVE-2025-31272
7.8 HIGH

The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4. An app may be able to bypass launch constraint protections …

Jun 11, 2026
CVE-2025-30459
5.5 MEDIUM

A privacy issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.4. An app may be able to access …

Jun 11, 2026
CVE-2025-30431
5.5 MEDIUM

The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. A malicious app may …

Jun 11, 2026
CVE-2025-24284
8.8 HIGH

This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in macOS Sequoia 15.4. An app may be able to …

Jun 11, 2026
CVE-2025-24268
5.5 MEDIUM

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.4. An app …

Jun 11, 2026
CVE-2025-24165
5.5 MEDIUM

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may …

Jun 11, 2026
CVE-2026-49261
10.0 CRITICAL

MariaDB server is a community developed fork of MySQL server. Versions 10.6.1 through 10.6.26, 10.11.1 through 10.11.17, 11.4.1 through 11.4.11, 11.8.1 through 11.8.7, and 12.3.1 …

Jun 11, 2026
CVE-2026-48546
7.3 HIGH

KanaDojo before 0.1.18 contains a sandbox escape vulnerability that allows an attacker to execute arbitrary code by exploiting the explicit passing of the global require …

Jun 11, 2026
CVE-2026-47157
6.5 MEDIUM

aiograpi is an asynchronous Instagram API for Python. aiograpi versions before 0.9.10 accepted server-supplied signup challenge paths and used them to build request URLs before …

Jun 11, 2026
CVE-2026-46698
5.3 MEDIUM

Fediverse Embeds embeds fediverse posts on WordPress sites. Prior to version 1.5.9, Fediverse Embeds registered the unauthenticated AJAX action wp_ajax_nopriv_ftf_get_site_info (includes/Site_Info.php) that verified a nonce …

Jun 11, 2026
CVE-2026-46697
7.5 HIGH

Fediverse Embeds embeds fediverse posts on WordPress sites. Prior to version 1.5.8, Fediverse Embeds registered an unauthenticated REST route ftf/media-proxy (includes/Media_Proxy.php) with permission_callback => __return_true …

Jun 11, 2026
CVE-2026-3329

A remote unauthenticated attacker may be able to conduct credential-guessing attacks against user accounts in Sonatype Nexus Repository via authentication endpoints.

Jun 11, 2026
CVE-2026-11986
4.9 MEDIUM

A flaw was found in the admin-ui-ext component of Keycloak, which provides extended administrative user interface capabilities. The issue occurs because certain bulk role-removal endpoints …

Jun 11, 2026
CVE-2026-49982
8.2 HIGH

tmp is a temporary file and directory creator for node.js. In version 0.2.6, the _assertPath guard added to tmp rejects only string values that contain …

Jun 11, 2026
CVE-2026-44705
8.2 HIGH

tmp is a temporary file and directory creator for node.js. Prior to 0.2.6, the tmp npm package contains a path traversal vulnerability that allows escaping …

Jun 11, 2026
CVE-2026-44496
7.5 HIGH

Axios is a promise based HTTP client for the browser and Node.js. Axios versions before 0.32.0 on the 0.x line and before 1.16.0 on the …

Jun 11, 2026
CVE-2026-44495
7.0 HIGH

Axios is a promise based HTTP client for the browser and Node.js. From 0.19.0 to before 0.31.1 and 1.15.2, Axios contains prototype-pollution gadgets in request …

Jun 11, 2026
CVE-2026-44494
8.7 HIGH

Axios is a promise based HTTP client for the browser and Node.js. From 1.0.0 to before 1.16.0, the Axios library is vulnerable to a Prototype …

Jun 11, 2026
CVE-2026-44492
8.6 HIGH

Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, Axios does not normalise IPv4-mapped IPv6 addresses. When …

Jun 11, 2026
CVE-2026-44490
4.8 MEDIUM

Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, axios exposes two read-side prototype-pollution gadgets. When Object.prototype …

Jun 11, 2026
CVE-2026-44489
3.7 LOW

Axios is a promise based HTTP client for the browser and Node.js. From 1.15.2 to before 1.16.0, nested objects created by utils.merge() (e.g., config.proxy) are …

Jun 11, 2026
CVE-2026-44488
7.5 HIGH

Axios is a promise based HTTP client for the browser and Node.js. Axios versions 1.7.0 through 1.15.x did not enforce configured request and response size …

Jun 11, 2026
CVE-2026-44487
7.5 HIGH

Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, Axios’s Node.js HTTP adapter may forward a Proxy-Authorization …

Jun 11, 2026
CVE-2026-44486
7.5 HIGH

Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, Axios’ Node.js HTTP adapter can leak proxy credentials …

Jun 11, 2026
CVE-2026-11945
6.4 MEDIUM

PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a JSON document and placing malicious code inside a particular …

Jun 11, 2026
CVE-2026-9648
9.1 CRITICAL

The crypton-x509-validation Haskell library fails to enforce X.509 NameConstraints, allowing TLS clients to accept certificates whose Subject Alternative Names fall outside the issuing CA’s permitted …

Jun 11, 2026
CVE-2026-7870
8.8 HIGH

IBM i 7.6, 7.5, 7.4, and 7.3 could allow a user to gain elevated privileges due to an unqualified library call. A malicious actor could …

Jun 11, 2026
CVE-2026-7787
7.5 HIGH

IBM Langflow OSS 1.0.0 through 1.9.1 could allow an authenticated user to read or modify sensitive information by bypassing authentication using insecure direct object references.

Jun 11, 2026
CVE-2026-53777
8.1 HIGH

Perry before 0.5.1159 contains a path traversal vulnerability that allows a malicious build server to write arbitrary content to any location writable by the running …

Jun 11, 2026
CVE-2026-4096
6.5 MEDIUM

IBM DevOps Plan 3.0.0 through 3.0.6 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow …

Jun 11, 2026
CVE-2026-3341
5.4 MEDIUM

IBM Langflow Desktop 1.0.0 through 1.9.2 IBM Langflow is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests …

Jun 11, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.