CVE Database

36609+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-43616
7.1 HIGH

Detect-It-Easy prior to 3.21 contains a path traversal vulnerability that allows attackers to write arbitrary files to the filesystem by crafting malicious archive entries with …

May 4, 2026
CVE-2026-42084
8.1 HIGH

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to versions 6.10.5 and 7.0.0-rc3, …

May 4, 2026
CVE-2026-41471
7.5 HIGH

Easy PayPal Events & Tickets plugin for WordPress before version 1.4 contain an information disclosure vulnerability in the QR code scanning endpoint that allows unauthenticated …

May 4, 2026
CVE-2026-37459
7.5 HIGH

An integer underflow in FRRouting (FRR) stable/10.0 to stable/10.6 allows attackers to cause a Denial of Service (DoS) via supplying a crafted BGP UPDATE message.

May 4, 2026
CVE-2026-32834
7.5 HIGH

Easy PayPal Events & Tickets plugin for WordPress before version 1.4 contains a hardcoded authentication bypass vulnerability in the QR code scanning functionality that allows …

May 4, 2026
CVE-2026-29004
8.1 HIGH

BusyBox before commit 42202bf contains a heap buffer overflow vulnerability in the DHCPv6 client (udhcpc6) DNS_SERVERS option handler in networking/udhcp/d6_dhcpc.c that allows network-adjacent attackers to …

May 4, 2026
CVE-2026-0073
8.8 HIGH

In adbd_tls_verify_cert of auth.cpp, there is a possible bypass of wireless ADB mutual authentication due to a logic error in the code. This could lead …

May 4, 2026
CVE-2026-42440
7.5 HIGH

OOM Denial of Service via Unbounded Array Allocation in Apache OpenNLP AbstractModelReader Versions Affected: before 2.5.9 before 3.0.0-M3 Description: The AbstractModelReader methods getOutcomes(), getOutcomePatterns(), and …

May 4, 2026
CVE-2026-42372
8.8 HIGH

D-Link DIR-605L Hardware Revision A1 (End-of-Life, EOL) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username …

May 4, 2026
CVE-2026-42079
8.6 HIGH

PPTAgent is an agentic framework for reflective PowerPoint generation. Prior to commit 418491a, PPTAgent is vulnerable to arbitrary code execution via Python eval() of LLM-generated …

May 4, 2026
CVE-2026-42075
8.1 HIGH

Evolver is a GEP-powered self-evolving engine for AI agents. Prior to version 1.69.3, a path traversal vulnerability in the skill download (fetch) command allows attackers …

May 4, 2026
CVE-2026-37461
7.5 HIGH

An out-of-bounds read in the ParseIP6Extended function (/bgp/bgp.go) of gobgp v4.3.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted BGP …

May 4, 2026
CVE-2026-29514
8.8 HIGH

NetBox versions 4.3.5 through 4.5.4 contain a remote code execution vulnerability in the RenderTemplateMixin.get_environment_params() method that allows authenticated users with exporttemplate or configtemplate permissions to …

May 4, 2026
CVE-2026-24082
7.8 HIGH

Memory Corruption when copying data from a freed source while executing performance counter deselect operation.

May 4, 2026
CVE-2025-47408
7.8 HIGH

Memory corruption when another driver calls an IOCTL with invalid input/output buffer.

May 4, 2026
CVE-2025-47407
7.8 HIGH

Memory corruption while creating a process on the digital signal processor due to allocation failure at the kernel level.

May 4, 2026
CVE-2025-47405
7.8 HIGH

Memory corruption when processing camera sensor input/output control codes with invalid output buffers.

May 4, 2026
CVE-2026-40563
8.1 HIGH

Description: Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Atlas Apache Atlas exposes a DSL search endpoint that accepts user-supplied query strings. …

May 4, 2026
CVE-2026-36365
7.8 HIGH

An issue in Lymphatus caesium-image-compressor All versions up to and including commit 02da2c6 allows a local attacker to execute arbitrary code via the shutdownMachine and …

May 4, 2026
CVE-2026-29169
7.5 HIGH

A NULL pointer dereference in mod_dav_lock in Apache HTTP Server 2.4.66 and earlier may allow an attacker to crash the server with a malicious request.mod_dav_lock …

May 4, 2026
CVE-2026-23918
8.8 HIGH

Double Free and possible RCE vulnerability in Apache HTTP Server with the HTTP/2 protocol. This issue affects Apache HTTP Server: 2.4.66. Users are recommended to …

May 4, 2026
CVE-2026-6266
8.3 HIGH

A flaw was found in the AAP gateway. The user auto-link strategy, introduced in AAP 2.6, automatically links an external Identity Provider (IDP) identity to …

May 4, 2026
CVE-2025-70069
7.5 HIGH

An issue in Assimp v.6.0.2 allows a remote attacker to cause a denial of service via the FBXConverter.cpp and ConvertMeshMultiMaterial() method

May 4, 2026
CVE-2025-58074
8.8 HIGH

A privilege escalation vulnerability exists during the installation of Norton Secure VPN via the Microsoft Store. A low-privilege user can replace files during the installation …

May 4, 2026
CVE-2026-34059
7.5 HIGH

Buffer Over-read vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes …

May 4, 2026
CVE-2026-24072
8.8 HIGH

An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .htaccess authors to read files with the privileges of …

May 4, 2026
CVE-2026-3120
7.2 HIGH

Improper Control of Generation of Code ('Code Injection') vulnerability in Profelis Information and Consulting Trade and Industry Limited Company SambaBox allows OS Command Injection. This …

May 4, 2026
CVE-2026-7750
8.8 HIGH

A vulnerability was detected in Totolink N300RH 3.2.4-B20220812. This vulnerability affects the function setMacFilterRules of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The …

May 4, 2026
CVE-2026-7749
8.8 HIGH

A security vulnerability has been detected in Totolink N300RH 3.2.4-B20220812. This affects the function setWanConfig of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. …

May 4, 2026
CVE-2026-7748
8.8 HIGH

A weakness has been identified in Totolink N300RH 3.2.4-B20220812. Affected by this issue is the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi of the component POST …

May 4, 2026
CVE-2026-33846
7.5 HIGH

A heap buffer overflow vulnerability exists in the DTLS handshake fragment reassembly logic of GnuTLS. The issue arises in merge_handshake_packet() where incoming handshake fragments are …

May 4, 2026
CVE-2026-7736
7.3 HIGH

A vulnerability was determined in osrg GoBGP up to 4.3.0. Affected by this vulnerability is the function parseRibEntry of the file pkg/packet/mrt/mrt.go. Executing a manipulation …

May 4, 2026
CVE-2026-29199
8.1 HIGH

phpBB before 3.3.16 is vulnerable to Host Header Injection that can lead to password rest link poisoning. When force_server_vars is disabled, the servers hostname may …

May 4, 2026
CVE-2026-7735
7.3 HIGH

A vulnerability was found in osrg GoBGP up to 4.3.0. Affected is the function PathAttributeAigp.DecodeFromBytes of the file pkg/packet/bgp/bgp.go of the component AIGP Attribute Parser. …

May 4, 2026
CVE-2026-7733
7.3 HIGH

A flaw has been found in funadmin up to 7.1.0-rc6. This affects the function UploadService::chunkUpload of the file app/common/service/UploadService.php of the component Frontend Chunked Upload …

May 4, 2026
CVE-2026-7727
7.3 HIGH

A vulnerability was determined in Shandong Hoteam Software PDM Product Data Management System up to 8.3.9. This affects the function GetQueryMachineGridOnePageData of the file /Base/BaseService.asmx/DataService. …

May 4, 2026
CVE-2026-7723
7.3 HIGH

A flaw has been found in PrefectHQ prefect up to 3.6.13. Affected is an unknown function of the file /api/events/in of the component WebSocket Endpoint. …

May 4, 2026
CVE-2026-7717
8.8 HIGH

A vulnerability was determined in Totolink WA300 5.2cu.7112_B20190227. This issue affects the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Executing …

May 4, 2026
CVE-2026-7371
7.4 HIGH

Multiple reflected cross-site scripting (xss) vulnerabilities exist in the Web Interface / ssi.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted malicious url can lead …

May 4, 2026
CVE-2026-42366
7.4 HIGH

Multiple reflected cross-site scripting (xss) vulnerabilities exist in the Web Interface / ssi.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted malicious url can lead …

May 4, 2026
CVE-2026-42365
8.6 HIGH

A guessable session cookie vulnerability exists in the Web Interface functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted series of HTTP requests can lead to …

May 4, 2026
CVE-2026-7711
7.3 HIGH

A weakness has been identified in MindsDB up to 26.01. This impacts the function exec of the file mindsdb/integrations/handlers/byom_handler/proc_wrapper.py of the component Engine Handler. Executing …

May 4, 2026
CVE-2026-7710
7.3 HIGH

A security flaw has been discovered in YunaiV yudao-cloud up to 3.8.0. This affects the function doFilterInternal of the file JwtAuthenticationTokenFilter.java of the component Ruoyi-Vue-Pro. …

May 4, 2026
CVE-2026-7703
7.3 HIGH

A flaw has been found in AV Stumpfl Pixera Two Media Server up to 25.2 R2. Impacted is an unknown function of the component Websocket …

May 3, 2026
CVE-2026-7698
7.3 HIGH

A vulnerability was identified in Tiandy Easy7 Integrated Management Platform 7.17.0. Affected by this vulnerability is an unknown functionality of the file /Easy7/rest/systemInfo/updateDbBackupInfo. Such manipulation …

May 3, 2026
CVE-2026-7695
7.3 HIGH

A vulnerability has been found in Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform 1.3.0. This affects an unknown function of the file …

May 3, 2026
CVE-2026-7694
7.3 HIGH

A flaw has been found in Acrel Electrical ECEMS Enterprise Microgrid Energy Efficiency Management System 1.3.0. The impacted element is an unknown function of the …

May 3, 2026
CVE-2026-7685
8.8 HIGH

A vulnerability was detected in Edimax BR-6208AC up to 1.02. Affected is an unknown function of the file /goform/setWAN. Performing a manipulation of the argument …

May 3, 2026
CVE-2026-7684
8.8 HIGH

A security vulnerability has been detected in Edimax BR-6428nC up to 1.16. This impacts an unknown function of the file /goform/setWAN. Such manipulation of the …

May 3, 2026
CVE-2026-5063
7.2 HIGH

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via POST parameter key names in the submit_nex_form() …

May 3, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.