CVE Database

36609+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-7545
7.3 HIGH

A weakness has been identified in SourceCodester Advanced School Management System 1.0. The affected element is an unknown function of the file commonController.php of the …

May 1, 2026
CVE-2026-7519
7.3 HIGH

A vulnerability has been found in Fujian Apex LiveBOS up to 2.0. Impacted is an unknown function of the file /feed/UploadImage.do of the component Endpoint. …

May 1, 2026
CVE-2026-7513
8.8 HIGH

A vulnerability has been found in UTT HiPER 1200GW up to 2.5.3-170306. The impacted element is the function strcpy of the file /goform/formRemoteControl. The manipulation …

May 1, 2026
CVE-2026-7512
8.8 HIGH

A flaw has been found in UTT HiPER 1200GW up to 2.5.3-1703. The affected element is the function strcpy of the file /goform/formUser. Executing a …

May 1, 2026
CVE-2026-5656
7.0 HIGH

Profile import path traversal in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service and possible code execution

May 1, 2026
CVE-2026-5405
7.8 HIGH

RDP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service and possible code execution

May 1, 2026
CVE-2026-5403
7.8 HIGH

SBC codec crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service and possible code execution

May 1, 2026
CVE-2026-7506
7.3 HIGH

A vulnerability has been found in SourceCodester Hotel Management System 1.0. This impacts an unknown function of the file /index.php/reservation/check. Such manipulation of the argument …

Apr 30, 2026
CVE-2026-7505
7.3 HIGH

A flaw has been found in nextlevelbuilder GoClaw and GoClaw Lite up to 3.8.5. This affects an unknown function of the component RPC Handler. This …

Apr 30, 2026
CVE-2026-7551
8.8 HIGH

HKUDS OpenHarness contains a remote code execution vulnerability in the /bridge slash command that allows remote senders accepted by configuration to execute arbitrary operating system …

Apr 30, 2026
CVE-2026-7503
8.8 HIGH

A vulnerability was detected in code-projects for Plugin 4.1.2cu.5137. The impacted element is the function setWiFiMultipleConfig in the library /lib/cste_modules/wireless.so of the file /cgi-bin/cstecgi.cgi. The …

Apr 30, 2026
CVE-2026-6543
8.8 HIGH

IBM Langflow Desktop 1.0.0 through 1.8.4 Langflow allows an attacker to execute arbitrary commands with the privileges of the process running Langflow. This allows reading …

Apr 30, 2026
CVE-2026-6389
8.8 HIGH

IBM Turbonomic prometurbo agent 8.16.0 through 8.17.6 IBM Turbonomic Application Resource Management grants excessive cluster‑wide permissions, including unrestricted read access to all secrets. An attacker …

Apr 30, 2026
CVE-2026-7435
7.2 HIGH

SSCMS v7.4.0 contains a SQL injection vulnerability in the stl:sqlContent tag where the queryString attribute is passed directly to database execution without parameterization or sanitization. …

Apr 30, 2026
CVE-2026-4503
7.5 HIGH

IBM Langflow Desktop 1.0.0 through 1.8.4 Langflow could allow an unauthenticated user to view other users' images due to an indirect object reference through a …

Apr 30, 2026
CVE-2026-40912
8.2 HIGH

Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a high severity authentication bypass vulnerability in …

Apr 30, 2026
CVE-2026-33451
7.8 HIGH

CVE-2026-33451 is an arbitrary read/write vulnerability in the Secure Access Windows client prior to 14.50. Attackers with local control of the Windows client can send …

Apr 30, 2026
CVE-2026-33449
7.5 HIGH

CVE-2026-33449 is a buffer overflow in a message handling function of the Secure Access client prior to 14.50. Attackers with control of a modified server …

Apr 30, 2026
CVE-2025-56568
7.5 HIGH

Assertion failure vulnerability in the PCO (Protocol Configuration Options) parser in the SMF (Session Management Function) component of Open5GS before v2.7.5 allows remote attackers to …

Apr 30, 2026
CVE-2025-46115
7.5 HIGH

An issue in open5gs v.2.7.3 allows a remote attacker to cause a denial of service via a crafted PDU Session Modification Request

Apr 30, 2026
CVE-2026-7461
7.2 HIGH

Improper neutralization of inputs used in an OS command in the FSx Windows File Server volume mounting component in Amazon ECS Agent on Windows before …

Apr 30, 2026
CVE-2026-40904
8.1 HIGH

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew …

Apr 30, 2026
CVE-2026-40601
7.5 HIGH

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew …

Apr 30, 2026
CVE-2026-40600
8.1 HIGH

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew …

Apr 30, 2026
CVE-2026-40595
7.5 HIGH

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew …

Apr 30, 2026
CVE-2026-36765
8.8 HIGH

An XML external entity (XXE) vulnerability in the /designer/loadReport endpoint of SpringBlade v4.8.0 allows authenticated attackers to execute arbitrary code via injecting a crafted payload.

Apr 30, 2026
CVE-2026-36762
8.8 HIGH

An issue in the fileEntityId parameter in the /a/file/upload endpoint of JeeSite v5.15.1 allows authenticated attackers with file upload permissions to execute a path traversal …

Apr 30, 2026
CVE-2026-33845
7.5 HIGH

A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow during reassembly and resulting …

Apr 30, 2026
CVE-2025-51846
7.5 HIGH

CryptPad 2025.3.1 allows unbounded WebSocket frame flood. A remote, unauthenticated attacker can significantly degrade or deny service for all users of a CryptPad instance. Fixed …

Apr 30, 2026
CVE-2022-50992
7.5 HIGH

Weaver (Fanwei) E-cology 9.5 versions prior to 10.52 contain an arbitrary file read vulnerability in the XmlRpcServlet interface at the XML-RPC endpoint that allows unauthenticated …

Apr 30, 2026
CVE-2026-5174
7.7 HIGH

Improper input validation vulnerability in Progress Software MOVEit Automation allows Privilege Escalation. This issue affects MOVEit Automation: from 2025.1.0 before 2025.1.5, from 2025.0.0 before 2025.0.9, …

Apr 30, 2026
CVE-2026-36960
8.8 HIGH

A Cross-Site Request Forgery (CSRF) vulnerability exists in the web management interface of the U-SPEED N300 Rounter V1.0.0. The device does not implement CSRF protection …

Apr 30, 2026
CVE-2026-36340
8.1 HIGH

An issue in Krayin CRM v.2.1.5 and fixed in v.2.1.6 allows a remote attacker to execute arbitrary code via the compose email function

Apr 30, 2026
CVE-2026-36959
7.5 HIGH

U-SPEED N300 router V1.0.0 does not implement rate limiting or account lockout protections on the /api/login endpoint. This allows an attacker on the local network …

Apr 30, 2026
CVE-2026-36958
7.5 HIGH

A denial-of-service vulnerability exists in the U-SPEED N300 V1.0.0 wireless router. By sending a large number of concurrent HTTP requests to random or non-existent endpoints …

Apr 30, 2026
CVE-2026-36957
7.5 HIGH

Dbit N300 T1 Pro Easy Setup Wireless Wi-Fi Router V1.0.0 is vulnerable to Denial of Service via the boa web server URI handler. By initiating …

Apr 30, 2026
CVE-2026-36956
8.8 HIGH

A Cross-Site Request Forgery (CSRF) vulnerability exists in the web management interface of the Dbit N300 T1 Pro wireless router V1.0.0. The router fails to …

Apr 30, 2026
CVE-2026-7246
7.2 HIGH

Pallets Click, versions 8.3.2 and below, contain a command injection vulnerability in the click.edit() function, allowing attackers to pass arbitrary OS commands from an unprivileged …

Apr 30, 2026
CVE-2026-2892
7.5 HIGH

The Otter Blocks plugin for WordPress is vulnerable to Purchase Verification Bypass in all versions up to, and including, 3.1.4. This is due to the …

Apr 30, 2026
CVE-2026-7402
8.1 HIGH

Improper Control of Interaction Frequency vulnerability in MeWare Software Development Inc. PDKS allows Flooding. This issue affects PDKS: from V16.20200313 before VMYR_3.5.2025117.

Apr 30, 2026
CVE-2026-7399
8.1 HIGH

Authorization bypass through User-Controlled key vulnerability in MeWare Software Development Inc. PDKS allows Privilege Abuse. This issue affects PDKS: from V16.20200313 before VMYR_3.5.2025117.

Apr 30, 2026
CVE-2025-14576
7.8 HIGH

Insufficient validation of node IDs in Qt SVG module allows arbitrary QML/JavaScript code injection when loading malicious SVG files through the VectorImage component in Qt …

Apr 30, 2026
CVE-2024-13971
7.5 HIGH

Unauthenticated attackers can exploit a weakness in the XML parser functionality of Lobster_pro prior to version 4.12.6-GA. This allows them to obtain read access to …

Apr 30, 2026
CVE-2026-41882
7.4 HIGH

In JetBrains IntelliJ IDEA before 2024.3.7.1, 2025.1.7.1, 2025.2.6.2, 2025.3.4.1, 2026.1.1 reading arbitrary local files was possible via built-in web server

Apr 30, 2026
CVE-2026-31693
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: cifs: some missing initializations on replay In several places in the code, we have a …

Apr 30, 2026
CVE-2026-31787
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: xen/privcmd: fix double free via VMA splitting privcmd_vm_ops defines .close (privcmd_close), but neither .may_split nor …

Apr 30, 2026
CVE-2026-31786
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: Buffer overflow in drivers/xen/sys-hypervisor.c The build id returned by HYPERVISOR_xen_version(XENVER_build_id) is neither NUL terminated nor …

Apr 30, 2026
CVE-2026-42800
7.4 HIGH

NULL pointer dereference vulnerability in ASR1903 in ASR Lapwing_Linux on Linux (ims_client modules) allows Pointer Manipulation. This vulnerability is associated with program files sip/utils/src/sipuri.c.

Apr 30, 2026
CVE-2026-42799
7.4 HIGH

Out-of-bounds read vulnerability in ASR Kestrel (nr_fw modules) allows Overflow Buffers. This vulnerability is associated with program files Code/Nr/nr_fw/RA/src/NrPwrCtrl.C. This issue affects Kestrel: before 2026/02/10.

Apr 30, 2026
CVE-2026-42512
8.1 HIGH

As dhclient is building an environment to pass to dhclient-script, it may need to resize the array of string pointers. The code which expands the …

Apr 30, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.