CVE Database

108577+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-52757
4.4 MEDIUM

Ghidra before 12.1 contains a heap-use-after-free vulnerability in the decompiler's HighVariable::merge() function during the variable merging pass. Attackers can trigger this vulnerability by crafting a …

Jun 10, 2026
CVE-2026-52756
4.8 MEDIUM

Ghidra before 12.2 contains an unauthenticated path traversal vulnerability in the IsfServer that accepts TCP connections and passes client-supplied namespace strings directly to filesystem operations …

Jun 10, 2026
CVE-2026-52755
7.8 HIGH

Ghidra before 12.0.4 contains a path traversal vulnerability in the theme import functionality that allows attackers to write files outside the intended theme directory. Attackers …

Jun 10, 2026
CVE-2026-52754
8.8 HIGH

Ghidra before 12.1 contains an authentication bypass vulnerability in PKIAuthenticationModule.authenticate() that allows any user with a valid CA-signed certificate to impersonate other users by presenting …

Jun 10, 2026
CVE-2026-52753
5.5 MEDIUM

Ghidra before 12.0.3 contains an out-of-memory vulnerability in the rust_demangle function that allocates unbounded output buffers without size limits. Attackers can craft malicious Rust symbol …

Jun 10, 2026
CVE-2026-52752
7.8 HIGH

Ghidra before 12.0.2 contains a path traversal vulnerability in the extension installer that fails to validate ZIP entry names during extraction. Attackers can craft malicious …

Jun 10, 2026
CVE-2026-52751
8.8 HIGH

Ghidra before 12.1 contains an unsafe deserialization vulnerability in client-side Shared-Project RMI connection code that allows unauthenticated remote code execution. Attackers can craft a malicious …

Jun 10, 2026
CVE-2026-52750
7.8 HIGH

Ghidra before 12.1 contains a command injection vulnerability in URL annotation handling on Windows where cmd.exe metacharacters are not properly escaped. Attackers can execute arbitrary …

Jun 10, 2026
CVE-2026-49498
8.8 HIGH

Ghidra 11.0 before 12.1 contains a SQL injection vulnerability in the changePassword() method of PostgresFunctionDatabase that fails to escape double quotes in usernames interpolated into …

Jun 10, 2026
CVE-2026-49497
3.3 LOW

Ghidra before 12.1 contains a path traversal vulnerability in SameDirDebugInfoProvider that fails to validate filenames from ELF binary .gnu_debuglink sections before constructing file paths. Attackers …

Jun 10, 2026
CVE-2026-49496
6.1 MEDIUM

Ghidra before 12.1 contains a heap-use-after-free vulnerability in SleighBuilder::generatePointerAdd caused by iterator invalidation when PcodeCacher::allocateInstruction reallocates the issued vector. Attackers can trigger memory corruption by …

Jun 10, 2026
CVE-2026-49495
5.5 MEDIUM

Ghidra 10.2 before 12.1 contains an uncontrolled resource consumption vulnerability in ExportTrie.parseTrie() that lacks cycle detection when traversing Mach-O binary export tries. A crafted Mach-O …

Jun 10, 2026
CVE-2026-49069
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPZOOM Portfolio allows Reflected XSS. This issue affects WPZOOM Portfolio: from n/a through …

Jun 10, 2026
CVE-2025-71330
7.5 HIGH

image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted …

Jun 10, 2026
CVE-2025-71329
7.5 HIGH

image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted …

Jun 10, 2026
CVE-2024-58350
2.9 LOW

Ghidra before 11.2 contains a use after free vulnerability in the Sleigh backend caused by undefined static initialization order of the SleighArchitecture::translators and XmlArchitectureCapability singletons. …

Jun 10, 2026
CVE-2026-24067
8.4 HIGH

Slate Digital Connect 1.37.0 for macOS installs a privileged helper tool, com.slatedigital.connect.privileged.helper.tool, which exposes the XPC service com.slatedigital.connect.privileged.helper.tool2. The helper validates connecting XPC clients by …

Jun 10, 2026
CVE-2026-24066
8.4 HIGH

Slate Digital Connect 1.37.0 for macOS installs a privileged helper tool, com.slatedigital.connect.privileged.helper.tool, which exposes the XPC service com.slatedigital.connect.privileged.helper.tool2. The helper validates connecting XPC clients by …

Jun 10, 2026
CVE-2026-11859

An HTML injection vulnerability in the "fetch links" email sent by Thinkst Applied Research Canarytokens, enabling Interface Manipulation, Cross-Site Scripting (XSS) in emails clients that …

Jun 10, 2026
CVE-2026-3018
7.5 HIGH

The Newsletters plugin for WordPress is vulnerable to time-based SQL Injection via the ‘wpmlsubscriber_id’ parameter in all versions up to, and including, 4.13 due to …

Jun 10, 2026
CVE-2026-11853
6.5 MEDIUM

Debusine is an integrated solution to build, distribute and maintain a Debian-based distribution. Debian source packages (.dsc) and upload artifacts (.changes) are manifest files that …

Jun 10, 2026
CVE-2026-11852
6.5 MEDIUM

Debusine is an integrated solution to build, distribute and maintain a Debian-based distribution. Files managed by debusine are organized into artifacts. The endpoints that create …

Jun 10, 2026
CVE-2025-6254
9.8 CRITICAL

The Doctreat Core plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.6.8. This is due to the doctreat_process_registration() …

Jun 10, 2026
CVE-2026-9019
6.4 MEDIUM

The Easy Image Collage plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'grid[properties][borderColor]' and 'grid[images][N][attachment_url]' Parameters in all versions up to, and including, …

Jun 10, 2026
CVE-2026-8853
4.4 MEDIUM

The MW WP Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'memo' parameter in all versions up to, and including, 5.1.3 …

Jun 10, 2026
CVE-2026-8613
6.4 MEDIUM

The aThemes Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'title_tag' Widget Setting in all versions up to, and including, …

Jun 10, 2026
CVE-2026-10721

Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection via unserialize() calls in the in Permission, Cache, and Search components. An unauthenticated attacker may …

Jun 10, 2026
CVE-2026-9067
9.1 CRITICAL

The Schema & Structured Data for WP & AMP WordPress plugin before 1.60 does not check user capabilities on its frontend AJAX file-upload handlers and …

Jun 10, 2026
CVE-2026-9060
3.5 LOW

The Store Locator WordPress plugin before 1.6.6 does not sanitize and escape one of its settings before storing it and outputting it on the Store …

Jun 10, 2026
CVE-2026-8071
8.8 HIGH

The Anti-Spam by CleanTalk. Spam protection WordPress plugin before 6.79 does not properly sanitize content within a custom shortcode used in its email-encoding feature, allowing …

Jun 10, 2026
CVE-2026-3326
8.6 HIGH

The Xstore WordPress theme before 9.7.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action …

Jun 10, 2026
CVE-2026-29116

A vulnerability has been found in some Dahua products could allow an unauthenticated remote attacker to send a specially crafted packet, triggering an exception that …

Jun 10, 2026
CVE-2026-29115

A vulnerability has been found in some Dahua products could allow an authenticated remote attacker to send a specially crafted packet, triggering an exception that …

Jun 10, 2026
CVE-2026-29114

A vulnerability has been found in some Dahua products. An attacker may obtain the device’s CA root certificate. If that CA is installed and trusted …

Jun 10, 2026
CVE-2026-11815

An attacker who intercepts and tampers with traffic between the client application and the API Gateway server could potentially deserialize arbitrary objects. This vulnerability could …

Jun 10, 2026
CVE-2026-10846

NLnet Labs ldns 1.2.0 up to and including versions 1.9.0, when used in applications as (stub) resolver over UDP, lacks matching the query destination address …

Jun 10, 2026
CVE-2026-26241
9.1 CRITICAL

A buffer overflow vulnerability has been reported to affect File Station 5. The remote attackers can then exploit the vulnerability to modify memory or crash …

Jun 10, 2026
CVE-2026-26240
9.1 CRITICAL

A buffer overflow vulnerability has been reported to affect File Station 5. The remote attackers can then exploit the vulnerability to modify memory or crash …

Jun 10, 2026
CVE-2026-11837
7.3 HIGH

A local privilege escalation vulnerability was found in the ansible.posix authorized_key module. The module's keyfile() function uses os.chown() instead of os.lchown() and opens files without …

Jun 10, 2026
CVE-2025-8444
6.4 MEDIUM

The Animation Addons for Elementor – GSAP Powered Elementor Addons & Website Templates plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the …

Jun 10, 2026
CVE-2026-26239
8.1 HIGH

A buffer overflow vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the …

Jun 10, 2026
CVE-2026-26237
7.5 HIGH

A missing authorization vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to access unauthorized data or perform unauthorized …

Jun 10, 2026
CVE-2026-24724
8.1 HIGH

An incorrect authorization vulnerability has been reported to affect File Station 6. If a remote attacker gains a user account, they can then exploit the …

Jun 10, 2026
CVE-2026-24720
6.5 MEDIUM

An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 6. If a remote attacker gains a user account, …

Jun 10, 2026
CVE-2026-24719
7.2 HIGH

A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then …

Jun 10, 2026
CVE-2026-24717
6.5 MEDIUM

A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then …

Jun 10, 2026
CVE-2026-24716
7.2 HIGH

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can …

Jun 10, 2026
CVE-2026-22899
6.5 MEDIUM

A NULL pointer dereference vulnerability has been reported to affect File Station 6. If a remote attacker gains a user account, they can then exploit …

Jun 10, 2026
CVE-2026-22893
7.2 HIGH

A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then …

Jun 10, 2026
CVE-2025-66281
7.2 HIGH

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to launch …

Jun 10, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.