CVE Database

108577+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-41697
4.8 MEDIUM

Spring Data Relational does not properly escape binding values of externally-controlled input when using StringMatcher (STARTING, ENDING, or CONTAINING) in Query By Example (QBE). An …

Jun 10, 2026
CVE-2026-41696
5.9 MEDIUM

Spring Data MongoDB repository query methods annotated with @Query that use regex parameter binding perform insufficient validation of the bound parameter. An attacker can supply …

Jun 10, 2026
CVE-2026-41695
7.5 HIGH

Spring Data Commons applications may be vulnerable to denial of service through resource exhaustion when attacker-controlled property path strings are passed to MappingContext property path …

Jun 10, 2026
CVE-2026-41694
3.7 LOW

Since Spring Security SAML decrypts SAML Responses as well as elements of SAML LogoutRequests and LogoutResponses without requiring a valid signature, attackers may be able …

Jun 10, 2026
CVE-2026-41008
6.1 MEDIUM

Spring Security Authorization Server's authorization endpoint performs insufficient validation of the request_uri parameter. An attacker can craft a malicious authorization request containing an invalid request_uri …

Jun 10, 2026
CVE-2026-41003
7.6 HIGH

An attacker able to influence values in RelyingPartyRegistration may be able to run arbitrary code on HTML forms generated by Spring Security filters. Affected versions: …

Jun 10, 2026
CVE-2026-40993
7.3 HIGH

An attacker with write permissions to the database table managed by JdbcAssertingPartyMetadataRepository (saml2_asserting_party_metadata) may be able to store malicious serialized payloads in the columns containing …

Jun 10, 2026
CVE-2026-40991
5.9 MEDIUM

When using spring-restdocs-webtestclient or spring-restdocs-restassured to document a remote API accessed over HTTP, an attacker who compromises the API or tricks the user into documenting …

Jun 10, 2026
CVE-2026-40988
7.5 HIGH

An application using spring-security-saml2-service-provider and the REDIRECT binding for SAML 2.0 Login or Logout may be vulnerable to a denial of service by way of …

Jun 10, 2026
CVE-2026-9754
6.5 MEDIUM

An authenticated user with the read role may read limited amounts of uninitialized stack memory via specially-crafted issuances of the filemd5 command

Jun 9, 2026
CVE-2026-9753
8.1 HIGH

The $_internalApplyOplogUpdate aggregation pipeline stage can be used to execute a document diff containing a malformed binary diff to return memory out-of-bounds or crash the …

Jun 9, 2026
CVE-2026-9752
6.5 MEDIUM

An authorized user could trigger a server crash by running a query with a 2dsphere index on a field that stores a GeoJSON GeometryCollection containing …

Jun 9, 2026
CVE-2026-9751
5.5 MEDIUM

The ldapQueryPassword parameter, when set through the runtime setParameter command, will log the new password to the mongod.log file in plain text.

Jun 9, 2026
CVE-2026-9750
6.5 MEDIUM

An authenticated user can cause a MongoDB server to crash or return incorrect results by creating documents that interfere with internal metadata processing during query …

Jun 9, 2026
CVE-2026-9749
6.5 MEDIUM

This issue can occur when running an aggregation pipeline that uses the internal $exchange stage configured with key-range partitioning and order-preserving delivery. If a single …

Jun 9, 2026
CVE-2026-9748
6.5 MEDIUM

The $_internalConvertBucketIndexStats stage used PauseExecution as a way to signal "skip this document" when an index stats conversion failed. But PauseExecution is not a general …

Jun 9, 2026
CVE-2026-9747
6.5 MEDIUM

Adding fromRouter:true and runtimeConstants.userRoles could cause aggregations to crash mongodb server.

Jun 9, 2026
CVE-2026-9746
6.5 MEDIUM

When using $changestreams and $_requestReshardingResumeToken with the exchange option the server hits an invariant which causes the server to crash. There are no special privileges …

Jun 9, 2026
CVE-2026-9743
6.5 MEDIUM

In MongoDB Server 8.0, an aggregation stage can leave its _subPipeline field null during processing of certain pipelines. If a getMore is subsequently issued on …

Jun 9, 2026
CVE-2026-9742
7.5 HIGH

When OIDC authentication is enabled in configuration, clients may set specific values in the "mechanism" parameter of the "authenticate" command that lead to server crash. …

Jun 9, 2026
CVE-2026-9741
6.5 MEDIUM

A bug in query analysis processing of the $vectorSearch aggregation stage for Queryable Encryption (QE) or Client-Side Field Level Encryption (CSFLE) results in literal values …

Jun 9, 2026
CVE-2026-9740
7.5 HIGH

A vulnerability in MongoDB Server's BSON validation logic allows an unauthenticated user to crash the mongod process by sending a specially crafted message. The BSON …

Jun 9, 2026
CVE-2026-9735
5.5 MEDIUM

MongoDB server may log authentication parameters, including credentials, to the server log during SASL authentication. When connection health metric logging is enabled, the full authentication …

Jun 9, 2026
CVE-2026-46433
6.5 MEDIUM

lldpd is an implementation of IEEE 802.1ab (LLDP). Prior to version 1.0.22, lldpd_decode() in src/daemon/lldpd.c strips 802.1Q VLAN tags from received Ethernet frames by calling …

Jun 9, 2026
CVE-2026-46374
7.5 HIGH

SQLFluff is a modular SQL linter and auto-formatter with support for multiple dialects and templated code. Prior to version 4.2.0, in deployments where untrusted users …

Jun 9, 2026
CVE-2026-46373
7.5 HIGH

SQLFluff is a modular SQL linter and auto-formatter with support for multiple dialects and templated code. Prior to version 4.1.0, in deployments where untrusted users …

Jun 9, 2026
CVE-2026-44963

A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user.

Jun 9, 2026
CVE-2026-10238

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Jun 9, 2026
CVE-2026-47905
6.2 MEDIUM

CAI Content Credentials versions [email protected], c2pa-v0.80.1 and earlier are affected by an Uncontrolled Resource Consumption vulnerability. An attacker could exploit this vulnerability to exhaust system …

Jun 9, 2026
CVE-2026-47904
6.2 MEDIUM

CAI Content Credentials versions [email protected], c2pa-v0.80.1 and earlier are affected by an Uncontrolled Resource Consumption vulnerability. An attacker could exploit this vulnerability to exhaust system …

Jun 9, 2026
CVE-2026-47903
6.2 MEDIUM

CAI Content Credentials versions [email protected], c2pa-v0.80.1 and earlier are affected by an Improper Input Validation vulnerability. An attacker could exploit this vulnerability to crash the …

Jun 9, 2026
CVE-2026-47902
6.2 MEDIUM

CAI Content Credentials versions [email protected], c2pa-v0.80.1 and earlier are affected by an Uncontrolled Resource Consumption vulnerability. An attacker could exploit this vulnerability to exhaust system …

Jun 9, 2026
CVE-2026-34713
7.5 HIGH

CAI Content Credentials versions [email protected], c2pa-v0.80.1 and earlier are affected by an Uncontrolled Resource Consumption vulnerability. An attacker could exploit this vulnerability to exhaust system …

Jun 9, 2026
CVE-2026-34712
7.5 HIGH

CAI Content Credentials versions [email protected], c2pa-v0.80.1 and earlier are affected by an Improper Input Validation vulnerability. An attacker could exploit this vulnerability to crash the …

Jun 9, 2026
CVE-2026-34711
7.5 HIGH

CAI Content Credentials versions [email protected], c2pa-v0.80.1 and earlier are affected by an Integer Overflow or Wraparound vulnerability. An attacker could exploit this vulnerability to crash …

Jun 9, 2026
CVE-2026-34657
5.5 MEDIUM

CAI Content Credentials versions [email protected], c2pa-v0.80.1 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that …

Jun 9, 2026
CVE-2026-34417
6.1 MEDIUM

OSCAL-GUI contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser by injecting malicious content through the …

Jun 9, 2026
CVE-2026-25860
6.1 MEDIUM

OpenClinic GA 5.351.19 contains a reflected cross-site scripting vulnerability in the DICOM image upload handler that allows attackers to execute arbitrary JavaScript in a victim's …

Jun 9, 2026
CVE-2026-48303
10.0 CRITICAL

Adobe Campaign Classic (ACC) versions 7.4.3 build 9394 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in …

Jun 9, 2026
CVE-2026-48292
7.8 HIGH

Format Plugins versions 1.1.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of …

Jun 9, 2026
CVE-2026-48291
7.8 HIGH

Format Plugins versions 1.1.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of …

Jun 9, 2026
CVE-2026-47961
5.5 MEDIUM

Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could …

Jun 9, 2026
CVE-2026-47960
7.4 HIGH

ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could lead to arbitrary file …

Jun 9, 2026
CVE-2026-47959
7.8 HIGH

Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context …

Jun 9, 2026
CVE-2026-47955
7.8 HIGH

Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context …

Jun 9, 2026
CVE-2026-47952
7.8 HIGH

Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context …

Jun 9, 2026
CVE-2026-47938
10.0 CRITICAL

Adobe Campaign Classic (ACC) versions 7.4.3 build 9394 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could result in privilege escalation. …

Jun 9, 2026
CVE-2026-47937
7.4 HIGH

Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an Uncontrolled Search Path Element vulnerability that could result in arbitrary code execution in the …

Jun 9, 2026
CVE-2026-47933
4.8 MEDIUM

ColdFusion versions 2023.19, 2025.8 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject …

Jun 9, 2026
CVE-2026-47932
8.8 HIGH

ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result …

Jun 9, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.