CVE Database

108577+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-40998
8.2 HIGH

Jaxp13XPathTemplate evaluated XPath expressions for StreamSource and SAXSource inputs using a code path that parsed attacker-controlled XML with the JDK's default DocumentBuilderFactory behavior instead of …

Jun 11, 2026
CVE-2026-40997
5.3 MEDIUM

Several Spring WS integration paths with Spring Security could surface detailed account state (for example locked or disabled user semantics) to remote SOAP clients through …

Jun 11, 2026
CVE-2026-40996
4.8 MEDIUM

Wss4jSecurityInterceptor defaulted allowRSA15KeyTransportAlgorithm to true, overriding Apache WSS4J's safer default for validation RequestData. Inbound WS-Security decryption could therefore accept RSA PKCS#1 v1.5 (rsa-1_5) encrypted key …

Jun 11, 2026
CVE-2026-40995
5.4 MEDIUM

X509AuthenticationProvider could issue a fully authenticated X509AuthenticationToken when a presented certificate mapped to UserDetails, without applying Spring Security's standard account lifecycle checks (disabled, locked, expired, …

Jun 11, 2026
CVE-2026-40994
8.2 HIGH

Wss4jSecurityInterceptor initialized its BSP (WS-I Basic Security Profile) compliance flag so that inbound validation disabled WSS4J BSP enforcement on RequestData. Services that validate WS-Security on …

Jun 11, 2026
CVE-2026-40992
5.0 MEDIUM

Spring Boot's Mail auto-configuration does not enable hostname verification. Applications that set the relevant JavaMail property, such as spring.mail.properties.mail.smtp.ssl.checkserveridentity=true, are not affected. Affected versions: Spring …

Jun 11, 2026
CVE-2026-40987
7.1 HIGH

A malicious or compromised FTP/SFTP/SMB server can write arbitrary files anywhere on the client filesystem (outside the configured local-directory) with attacker-controlled content. Affected versions: Spring …

Jun 11, 2026
CVE-2026-40986
4.8 MEDIUM

Spring Web Flow's JavaScript RemotingHandler renders the body of an error response as HTML even when the response is not "text/html", which can result in …

Jun 11, 2026
CVE-2026-10795
8.1 HIGH

The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.26.4 via the …

Jun 11, 2026
CVE-2026-40985
6.4 MEDIUM

Applications that configure the WebFlowELExpressionParser are vulnerable to the use of malicious Unified EL expressions. Affected versions: Spring Web Flow 4.0.0; 3.0.0 through 3.0.1; 2.5.0 …

Jun 11, 2026
CVE-2026-35273
9.8 CRITICAL KEV

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Updates Environment Management). Supported versions that are affected are 8.61 and 8.62. Easily exploitable …

Jun 11, 2026
CVE-2026-2827
4.7 MEDIUM

The Open User Map PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'oum_location_notification' parameter in versions up to, and including, 1.4.31 …

Jun 11, 2026
CVE-2026-53465
6.2 MEDIUM

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-25, a crafted multi-frame can result in a heap …

Jun 10, 2026
CVE-2026-53464
4.0 MEDIUM

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-25, when providing invalid options to the wand option …

Jun 10, 2026
CVE-2026-53463
4.3 MEDIUM

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-50 and 7.1.2-25, when passing incorrect arguments in the …

Jun 10, 2026
CVE-2026-53462
5.9 MEDIUM

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-50 and 7.1.2-25, when an allocation fails in CheckPrimitiveExtent …

Jun 10, 2026
CVE-2026-53461
7.5 HIGH

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-50 and 7.1.2-25, an incorrect loop in the ICON …

Jun 10, 2026
CVE-2026-53460
7.5 HIGH

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-50 and 7.1.2-25, a missing check for maximum memory …

Jun 10, 2026
CVE-2026-52726
7.5 HIGH

Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.23.2 and prior to version 1.2.5, `dulwich.porcelain.submodule_update`, and by extension …

Jun 10, 2026
CVE-2026-50223
8.8 HIGH

Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz allows a low-privileged authenticated user with Content/DataResource editing privileges to perform template injection …

Jun 10, 2026
CVE-2026-49219
5.5 MEDIUM

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-24, an incorrect parsing of the filename …

Jun 10, 2026
CVE-2026-49218
7.5 HIGH

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-24, a missing check in the DCM …

Jun 10, 2026
CVE-2026-48994
5.9 MEDIUM

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-24, a missing check of a return …

Jun 10, 2026
CVE-2026-48734
5.5 MEDIUM

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-49 and 7.1.2-24, a crafted MVG file could result …

Jun 10, 2026
CVE-2026-48733
4.7 MEDIUM

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-49 and 7.1.2-24, an infinite loop in the subimage-search …

Jun 10, 2026
CVE-2026-48724
5.5 MEDIUM

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-24, when using an image with mask the Floyd-Steinberg …

Jun 10, 2026
CVE-2026-47734
5.7 MEDIUM

Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.1.0 and prior to version 1.2.5, a client with push …

Jun 10, 2026
CVE-2026-47712
3.3 LOW

Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.24.0 and prior to version 1.2.5, dulwich.porcelain.format_patch(outdir=...) derives each patch …

Jun 10, 2026
CVE-2026-47342
8.8 HIGH

A privilege escalation vulnerability in Apache OFBiz allows a low-privileged authenticated user to obtain higher privileges This issue affects Apache OFBiz: before 24.09.07. Users are …

Jun 10, 2026
CVE-2026-47213
6.5 MEDIUM

Boxlite is a sandbox service that allows users to create lightweight virtual machines (Boxes) and launch OCI containers within them to run untrusted code. In …

Jun 10, 2026
CVE-2026-47166
5.7 MEDIUM

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, an attacker who can connect to …

Jun 10, 2026
CVE-2026-47165
4.1 MEDIUM

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, the distributed pixel cache was originally …

Jun 10, 2026
CVE-2026-46703
9.6 CRITICAL

Boxlite is a sandbox service that allows users to create lightweight virtual machines (Boxes) and launch OCI containers within them to run untrusted code. Prior …

Jun 10, 2026
CVE-2026-46695
10.0 CRITICAL

Boxlite is a sandbox service that allows users to create lightweight virtual machines (Boxes) and launch OCI containers within them to run untrusted code. Prior …

Jun 10, 2026
CVE-2026-46693
4.1 MEDIUM

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, an attacker who can connect to …

Jun 10, 2026
CVE-2026-46692
4.1 MEDIUM

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, an attacker who can connect to …

Jun 10, 2026
CVE-2026-46645
4.3 MEDIUM

SQLAdmin is a flexible Admin interface for SQLAlchemy models. Prior to version 0.25.1, the ajax_lookup endpoint in application.py bypasses the is_accessible() access control check that …

Jun 10, 2026
CVE-2026-46559
4.0 MEDIUM

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, an incorrect check in the JP2 …

Jun 10, 2026
CVE-2026-46557
6.2 MEDIUM

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-23, due to a missing depth check a stack …

Jun 10, 2026
CVE-2026-46521
5.5 MEDIUM

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, when using LZMA compression in the …

Jun 10, 2026
CVE-2026-44693
8.8 HIGH

Pi-hole FTL is the core engine of the Pi-hole network-level advertisement and tracker blocker. Prior to version 6.6.1, Pi-hole FTL contains a race condition vulnerability …

Jun 10, 2026
CVE-2026-42568
4.3 MEDIUM

Yamcs is a mission control framework. Prior to versions 5.13.0 and 5.12.7, an LDAP injection vulnerability exists in `org.yamcs.security.LdapAuthModule` when constructing search filters. The username …

Jun 10, 2026
CVE-2026-42563

Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.24.0 and prior to version 1.2.5, Dulwich's `ProcessMergeDriver` substitutes the …

Jun 10, 2026
CVE-2026-42558
7.6 HIGH

Xibo is an open source digital signage platform with a web content management system and Windows display player software. Prior to 4.4.2, a vulnerability chain …

Jun 10, 2026
CVE-2026-42305
8.8 HIGH

Dulwich is a pure-Python implementation of the Git file formats and protocols. Versions starting with 0.10.0 and prior to 1.2.5 have an arbitrary file write …

Jun 10, 2026
CVE-2024-21944
5.3 MEDIUM

Improper input validation for DIMM serial presence detect (SPD) metadata could allow an attacker with physical access, ring0 access on a system with a non-compliant …

Jun 10, 2026
CVE-2026-53742
5.4 MEDIUM

Simple Link Directory through 9.0.4 echoes embed shortcode attributes into HTML data attributes without escaping in the embedder template. Attackers with contributor access can craft …

Jun 10, 2026
CVE-2026-53741
5.4 MEDIUM

Simple Link Directory through 9.0.4 interpolates the sld_no_results_found option into a JavaScript string literal without encoding. Because sanitize_text_field leaves quotes intact, a stored payload breaks …

Jun 10, 2026
CVE-2026-53740
5.4 MEDIUM

Yoast Duplicate Post through 4.6 inserts an unescaped post title and permalink into the Classic Editor scheduled republish notice. Attackers can schedule a republish copy …

Jun 10, 2026
CVE-2026-53739
4.3 MEDIUM

Yoast Duplicate Post through 4.6 contains a cross-site request forgery vulnerability in the duplicate_post_dismiss_notice handler, which verifies no nonce or capability. Attackers can trick any …

Jun 10, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.