CVE Database

108042+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-13371

An authenticated administrator can trigger a denial-of-service condition in the Fireware Management Web UI by sending malformed or crafted data to the put_data endpoint, which …

Jul 3, 2026
CVE-2026-13368

WatchGuard Fireware OS contains a race condition leading to a use-after-free vulnerability in LDAP authentication for the Mobile User VPN with IKEv2. A remote unauthenticated …

Jul 3, 2026
CVE-2026-13084

A null pointer dereference vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to create a denial-of-service (DoS) condition by sending specially crafted …

Jul 3, 2026
CVE-2026-13079

A local privilege escalation vulnerability in the WatchGuard Mobile VPN with SSL client for Windows allows a local attacker to escalate their privileges to NT …

Jul 3, 2026
CVE-2026-13054

A path traversal vulnerability in the WatchGuard Fireware OS Management Web UI allows a privileged authenticated attacker to write arbitrary files on the Firebox's filesystem. …

Jul 3, 2026
CVE-2026-13053

An Out-of-bounds Write vulnerability in WatchGuard Fireware OS's CLI could allow an authenticated privileged user to execute arbitrary code via a specially crafted CLI command. …

Jul 3, 2026
CVE-2026-13050

An Out-of-bounds Write vulnerability in WatchGuard Fireware OS networkd process could allow an authenticated privileged user to execute arbitrary code via a specially crafted requests …

Jul 3, 2026
CVE-2026-57100
9.9 CRITICAL

Server-side request forgery (ssrf) in Microsoft Entra Provisioning Service (SyncFabric) allows an authorized attacker to elevate privileges over a network.

Jul 2, 2026
CVE-2026-54998
8.8 HIGH

Incorrect authorization in Microsoft Exchange Online allows an authorized attacker to elevate privileges over a network.

Jul 2, 2026
CVE-2026-45499
9.9 CRITICAL

Server-side request forgery (ssrf) in Azure OpenAI allows an authorized attacker to elevate privileges over a network.

Jul 2, 2026
CVE-2026-41106
9.3 CRITICAL

Url redirection to untrusted site ('open redirect') in M365 Copilot allows an unauthorized attacker to elevate privileges over a network.

Jul 2, 2026
CVE-2026-26145
4.8 MEDIUM

Improper access control in Azure Synapse allows an authorized attacker to elevate privileges over a network.

Jul 2, 2026
CVE-2026-50722
8.1 HIGH

Libreswan, via the function RSA_authenticate_hash_signature_pkcs1_1_5_rsa(), did not correctly verify the DER encoding of the ASN.1 digest when the IKEv2 AUTH payload was encoded using RSASSA-PKCS1-v1_5 …

Jul 2, 2026
CVE-2026-50721
8.1 HIGH

Libreswan, via the function RSA_authenticate_hash_signature_raw_rsa(), did not correctly verify the length of the authentication hash when the SIG payload of an IKEv1 packet was encoded …

Jul 2, 2026
CVE-2026-12413
7.5 HIGH

An invalidly formatted IKEv2 fragment causes the Libreswan pluto daemon to crash and restart. Continued exploitation would cause a denial of service. The function reassemble_v2_incoming_fragments() …

Jul 2, 2026
CVE-2026-58460
7.7 HIGH

react-native-receive-sharing-intent contains a path traversal vulnerability that allows a co-resident malicious application to write files outside the intended cache directory by supplying a crafted _display_name …

Jul 2, 2026
CVE-2026-52830
9.4 CRITICAL

fast-mcp-telegram is a Telegram MCP Server. Prior to 0.19.1, fast-mcp-telegram validates HTTP Bearer tokens by joining the raw token string into a session-file path. The …

Jul 2, 2026
CVE-2026-52192
7.5 HIGH

An issue in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service via the gohead/sub_445C5C component

Jul 2, 2026
CVE-2026-52191
7.5 HIGH

Buffer Overflow vulnerability in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service via the gohead/sub_444C8C component

Jul 2, 2026
CVE-2026-52189
7.5 HIGH

Buffer Overflow vulnerability in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service via the gohead/sub_487330 component

Jul 2, 2026
CVE-2026-52188
6.5 MEDIUM

Buffer Overflow vulnerability in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service via the gohead//sub_497498 component

Jul 2, 2026
CVE-2026-38972
7.8 HIGH

Notepad3 through 6.25.822.1 contains a DLL search-order hijacking vulnerability in the About-dialog code path in src/Notepad3.c. The application calls LoadLibrary(L"MSFTEDIT.DLL") with a bare DLL name, …

Jul 2, 2026
CVE-2026-38971
9.1 CRITICAL

ardupilot through Plane-4.6.3 was found to contain an out-of-bounds read issue in libraries/GCS_MAVLink/GCS_serial_control.cpp in GCS_MAVLINK::handle_serial_control().

Jul 2, 2026
CVE-2026-38970
7.5 HIGH

pdfcpu through v0.11.1 contains an uncontrolled-recursion denial-of-service issue in pkg/pdfcpu/model/parse.go. The parser descends recursively through nested PDF objects, including arrays, via ParseObjectContext() and parseArray() without …

Jul 2, 2026
CVE-2026-38969
7.5 HIGH

ruby webrick through v1.9.2 WEBrick reparses trailer Content-Length into canonical request state, enabling request smuggling.

Jul 2, 2026
CVE-2026-38968
9.8 CRITICAL

ntopng through 6.6 is vulnerable to Predictable Session Identifier which can lead to Session Hijacking. HTTP session identifiers in src/HTTPserver.cpp use weak time-seeded pseudo-randomness during …

Jul 2, 2026
CVE-2026-59102
5.4 MEDIUM

Forgejo before 15.0.3 contains a stored cross-site scripting vulnerability that allows authenticated attackers to execute arbitrary JavaScript in other users' browsers by setting a full …

Jul 2, 2026
CVE-2026-59101
5.8 MEDIUM

AutoBangumi before 3.2.8 contains a server-side request forgery (SSRF) vulnerability that allows unauthenticated remote attackers to probe internal network services by supplying arbitrary host values …

Jul 2, 2026
CVE-2026-59100
5.0 MEDIUM

LobeChat through 2.2.9 contains a broken object level authorization vulnerability that allows authenticated attackers to access and modify other users' chat-group agent data by supplying …

Jul 2, 2026
CVE-2026-59099
9.1 CRITICAL

Apereo CAS 7.3.0 before 8.0.0-RC6 contains a cryptographic vulnerability that allows remote unauthenticated attackers to recover plaintext conversation state by exploiting AES-GCM initialization vector reuse …

Jul 2, 2026
CVE-2026-59098
6.5 MEDIUM

LobeChat through 2.2.9 contains a broken access control vulnerability in the retrieval-augmented-generation semantic search functionality that allows authenticated attackers to access other users' data by …

Jul 2, 2026
CVE-2026-59097
5.3 MEDIUM

Taiga before 6.10.2 contains a missing authorization vulnerability that allows unauthenticated remote attackers to create default due-date records in any project by exploiting unprotected POST …

Jul 2, 2026
CVE-2026-59096
7.5 HIGH

Dapr Sentry's OIDC discovery endpoint derives the issuer and jwks_uri of the /.well-known/openid-configuration document from the request Host, honoring an attacker-controlled X-Forwarded-Host header without validation …

Jul 2, 2026
CVE-2026-59095
7.7 HIGH

LobeChat before 2.2.10-canary.18 contains a server-side request forgery vulnerability that allows authenticated attackers to direct internal HTTP requests to arbitrary URLs by supplying user-controlled input …

Jul 2, 2026
CVE-2026-59094
7.5 HIGH

Pathway through 0.31.1, fixed in commit d09722e, document store applies a caller-supplied glob pattern to indexed document paths using a hand-written recursive matcher that branches …

Jul 2, 2026
CVE-2026-59093
8.8 HIGH

Weaviate before 1.38.0 does not verify that a principal performing an RBAC role assignment holds the permissions granted by the assigned role. The assignRoleToUser and …

Jul 2, 2026
CVE-2026-59092
7.7 HIGH

JuiceFS through 1.3.1, fixed in commit a46979c, contains an authentication bypass vulnerability that allows unauthenticated remote attackers to access sensitive debug and metrics endpoints by …

Jul 2, 2026
CVE-2026-58580
5.9 MEDIUM

LobeChat through 2.2.9 server-database deployments are vulnerable to broken object-level authorization in MessageModel. The updateMessagePlugin, updatePluginState, updatePluginError, updateTTS and updateTranslate methods filter target rows by …

Jul 2, 2026
CVE-2026-58579
5.4 MEDIUM

RAGFlow before 0.26.3 stores an agent pipeline (DSL) node name without sanitization: the agent update endpoint normalizes the submitted DSL via normalize_dsl, which only performs …

Jul 2, 2026
CVE-2026-58578
6.5 MEDIUM

LobeChat before version 2.2.10-canary.15 contains a regular expression denial of service (ReDoS) vulnerability that allows authenticated attackers to block the Node.js event loop by supplying …

Jul 2, 2026
CVE-2026-58467
7.5 HIGH

Cockpit CMS before release 364 contains a path traversal and local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files or execute PHP …

Jul 2, 2026
CVE-2026-58466
9.8 CRITICAL

AutoBangumi before 3.2.8 contains a hard-coded default credentials vulnerability that allows unauthenticated attackers to authenticate as the administrator by using the publicly known default credentials …

Jul 2, 2026
CVE-2026-58381
6.1 MEDIUM

A flaw was found in GIMP's PSP file format parser. A double-free condition occurs in the read_layer_block() function when processing a specially crafted PSP file. …

Jul 2, 2026
CVE-2026-52187
7.5 HIGH

Buffer Overflow vulnerability in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service via the gohead/sub_483ba0 component

Jul 2, 2026
CVE-2025-71385
6.1 MEDIUM

Netdata before 2.3.1 reflects the user-supplied love query parameter of the api/v2/ilove.svg and api/v3/ilove.svg endpoints verbatim into the generated SVG document (into a text element) …

Jul 2, 2026
CVE-2026-7311
8.1 HIGH

The TinyPNG – JPEG, PNG & WebP image compression plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in …

Jul 2, 2026
CVE-2026-58465
7.5 HIGH

Eclipse Wakaama before snapshot/2026-05-26 contains an unbounded memory allocation vulnerability in the CoAP Block1 handler within coap/block.c that allows unauthenticated remote attackers to exhaust server …

Jul 2, 2026
CVE-2026-13743

CubeSpace CW0057 Reaction Wheel firmware versions prior to 5.0.20 are vulnerable to an Improper Verification of Cryptographic Signature vulnerability. This could allow an attacker with …

Jul 2, 2026
CVE-2026-8699

A stored Cross-Site Scripting (XSS) vulnerability has been identified in the web-based management interface of Archer C5 v6.8 routers, due to insufficient server-side validation and …

Jul 2, 2026
CVE-2026-55952

The Erlang/OTP ssl application does not validate that the PSK identity list and binder list carried in a TLS 1.3 ClientHello pre-shared key extension have …

Jul 2, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.