CVE Database

36609+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-39457
7.8 HIGH

When exchanging data over a socket, libnv uses select(2) to wait for data to arrive. However, it does not verify whether the provided socket descriptor …

Apr 30, 2026
CVE-2026-35547
8.1 HIGH

When processing the header of an incoming message, libnv failed to properly validate the message size. The lack of validation allows a malicious program to …

Apr 30, 2026
CVE-2026-22070
7.1 HIGH

ColorOS Assistant has an unauthenticated start-download channel, leading to file path traversal.

Apr 30, 2026
CVE-2026-7164
7.5 HIGH

Incorrect packet validation allowed unbounded recursion parsing SCTP chunk parameters. This can eventually result in a stack overflow and panic. Remote attackers can craft packets …

Apr 30, 2026
CVE-2026-7270
7.8 HIGH

An operator precedence bug in the kernel results in a scenario where a buffer overflow causes attacker-controlled data to overwrite adjacent execve(2) argument buffers. The …

Apr 30, 2026
CVE-2026-5402
8.8 HIGH

TLS protocol dissector heap overflow in Wireshark 4.6.0 to 4.6.4 allows denial of service and possible code execution

Apr 30, 2026
CVE-2026-42511
8.1 HIGH

The BOOTP file field is written to the lease file without escaping embedded double-quotes, allowing injection of arbitrary dhclient.conf directives. When the lease file is …

Apr 30, 2026
CVE-2024-39847
7.5 HIGH

Unauthenticated attackers can exploit a weakness in the XML parser functionality of the SOAP endpoints in 4D server. This allows them to obtain read access …

Apr 30, 2026
CVE-2025-13030
7.1 HIGH

All versions of the package django-mdeditor are vulnerable to Missing Authentication for Critical Function in the image upload endpoint. An attacker can upload malicious files …

Apr 30, 2026
CVE-2026-7470
8.8 HIGH

A flaw has been found in Tenda 4G300 US_4G300V1.0Mt_V1.01.42_CN_TDC01. Affected is the function sub_427C3C of the file /goform/SafeMacFilter. This manipulation of the argument page causes …

Apr 30, 2026
CVE-2026-7468
7.3 HIGH

A security vulnerability has been detected in 1024-lab smart-admin up to 3.30.0. This affects an unknown function of the file /smart-admin-api/druid/index.html of the component Demo …

Apr 30, 2026
CVE-2026-7446
7.3 HIGH

A vulnerability was detected in VetCoders mcp-server-semgrep 1.0.0. This affects the function analyze_results/filter_results/export_results/compare_results/scan_directory/create_rule of the file src/index.ts of the component MCP Interface. The manipulation of …

Apr 30, 2026
CVE-2026-7443
7.3 HIGH

A weakness has been identified in BurtTheCoder mcp-dnstwist up to 1.0.4. Affected by this vulnerability is the function fuzz_domain of the file src/index.ts of the …

Apr 29, 2026
CVE-2026-7420
8.8 HIGH

A security flaw has been discovered in UTT HiPER 1250GW up to 3.2.7-210907-180535. Impacted is the function strcpy of the file route/goform/ConfigAdvideo. The manipulation of …

Apr 29, 2026
CVE-2026-7419
8.8 HIGH

A vulnerability was identified in UTT HiPER 1250GW up to 3.2.7-210907-180535. This issue affects the function strcpy of the file route/goform/formTaskEdit_ap. The manipulation of the …

Apr 29, 2026
CVE-2026-7418
8.8 HIGH

A vulnerability was determined in UTT HiPER 1250GW up to 3.2.7-210907-180535. This vulnerability affects the function strcpy of the file route/goform/NTP. Executing a manipulation of …

Apr 29, 2026
CVE-2026-7417
7.3 HIGH

A vulnerability was found in Algovate xhs-mcp 0.8.11. This affects the function xhs_publish_content of the file src/server/mcp.server.ts of the component MCP Interface. Performing a manipulation …

Apr 29, 2026
CVE-2026-7416
7.3 HIGH

A vulnerability was found in PolarVista xcode-mcp-server 1.0.0. This issue affects the function build_project/run_tests of the file src/index.ts of the component MCP Interface. The manipulation …

Apr 29, 2026
CVE-2026-7404
7.3 HIGH

A weakness has been identified in getsimpletool mcpo-simple-server up to 0.2.0. Affected is the function delete_shared_prompt of the file src/mcpo_simple_server/services/prompt_manager/base_manager.py. This manipulation of the argument …

Apr 29, 2026
CVE-2025-50328
7.3 HIGH

A vulnerability in B1 Free Archiver v1.5.86 allows files extracted from downloaded archives to bypass Windows Mark of the Web (MotW) protections. When an archive …

Apr 29, 2026
CVE-2026-7426
8.1 HIGH

Insufficient validation of the prefix length field in IPv6 Router Advertisement processing in FreeRTOS-Plus-TCP before V4.2.6 and V4.4.1 allows an adjacent network actor to cause …

Apr 29, 2026
CVE-2026-7400
7.3 HIGH

A security vulnerability has been detected in geekgod382 filesystem-mcp-server 1.0.0. This issue affects the function is_path_allowed of the file server.py of the component read_file_tool/write_file_tool. Such …

Apr 29, 2026
CVE-2026-34965
8.8 HIGH

Cockpit CMS contains an authenticated remote code execution vulnerability in the /cockpit/collections/save_collection endpoint that allows authenticated attackers with collection management privileges to inject arbitrary PHP …

Apr 29, 2026
CVE-2018-25315
8.4 HIGH

Alloksoft Video joiner 4.6.1217 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string in the License …

Apr 29, 2026
CVE-2018-25314
8.4 HIGH

Allok soft WMV to AVI MPEG DVD WMV Converter 4.6.1217 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying …

Apr 29, 2026
CVE-2018-25309
7.2 HIGH

MyBB Recent threads 17.0 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts by creating threads with crafted subject lines. Attackers …

Apr 29, 2026
CVE-2018-25308
8.8 HIGH

BuddyPress Xprofile Custom Fields Type 2.6.3 contains a remote code execution vulnerability that allows authenticated users to delete arbitrary files by manipulating unescaped POST parameters. …

Apr 29, 2026
CVE-2018-25307
8.4 HIGH

SysGauge Pro 4.6.12 contains a local buffer overflow vulnerability in the Register function that allows local attackers to overwrite the structured exception handler by supplying …

Apr 29, 2026
CVE-2018-25304
8.4 HIGH

Free Download Manager 2.0 Built 417 contains a local buffer overflow vulnerability in the URL import functionality that allows attackers to trigger a structured exception …

Apr 29, 2026
CVE-2018-25303
8.4 HIGH

Allok Video to DVD Burner 2.6.1217 contains a stack-based buffer overflow vulnerability in the License Name field that allows local attackers to execute arbitrary code …

Apr 29, 2026
CVE-2018-25302
7.8 HIGH

Allok AVI to DVD SVCD VCD Converter 4.0.1217 contains a structured exception handling (SEH) based buffer overflow vulnerability that allows local attackers to execute arbitrary …

Apr 29, 2026
CVE-2018-25301
8.4 HIGH

Easy MPEG to DVD Burner 1.7.11 contains a structured exception handling (SEH) local buffer overflow vulnerability that allows local attackers to execute arbitrary code by …

Apr 29, 2026
CVE-2018-25300
8.2 HIGH

XATABoost CMS 1.0.0 contains a union-based SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the id parameter. …

Apr 29, 2026
CVE-2018-25299
8.4 HIGH

Prime95 29.4b8 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by exploiting structured exception handling (SEH) mechanisms. Attackers can inject …

Apr 29, 2026
CVE-2026-7466
8.8 HIGH

AgentFlow contains an arbitrary code execution vulnerability that allows attackers to execute local Python pipeline files by supplying a user-controlled pipeline_path parameter to the POST …

Apr 29, 2026
CVE-2026-7424
8.1 HIGH

Integer underflow in the DHCPv6 sub-option parser in FreeRTOS-Plus-TCP before V4.4.1 and V4.2.6 allows an adjacent network actor to corrupt the device's IPv6 address assignment, …

Apr 29, 2026
CVE-2026-7398
7.3 HIGH

A weakness has been identified in florensiawidjaja BioinfoMCP up to 7ada7918b9e515604d3c0ae264d3a9af10bf6e54. This vulnerability affects the function Upload of the file bioinfo_mcp_platform/app.py of the component Upload …

Apr 29, 2026
CVE-2026-5712
8.0 HIGH

This vulnerability impacts all versions of IdentityIQ and allows an authenticated identity that is the requestor or assignee of a work item to edit the …

Apr 29, 2026
CVE-2026-0204
8.0 HIGH

A vulnerability in the access control mechanism of SonicOS may allow certain management interface functions to be accessible under specific conditions.

Apr 29, 2026
CVE-2026-7389
7.3 HIGH

A security vulnerability has been detected in EyouCMS up to 1.7.9. The affected element is the function GetSortData of the file application/common.php. The manipulation of …

Apr 29, 2026
CVE-2026-7386
7.3 HIGH

A flaw has been found in fatbobman mail-mcp-bridge up to 1.3.3. Affected is an unknown function of the file src/mail_mcp_server.py. Executing a manipulation of the …

Apr 29, 2026
CVE-2026-6849
8.8 HIGH

Improper neutralization of special elements used in an OS command ('OS command injection') vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus OS My Computer …

Apr 29, 2026
CVE-2026-42198
7.5 HIGH

pgjdbc is an open source postgresql JDBC Driver. From version 42.2.0 to before version 42.7.11, pgjdbc is vulnerable to a client-side denial of service during …

Apr 29, 2026
CVE-2026-38991
8.8 HIGH

Cockpit 2.13.5 and earlier is affected by a misconfiguration within the Bucket component _isFileTypeAllowed function where a specially crafted filename bypasses an extension filter. This …

Apr 29, 2026
CVE-2026-37555
7.5 HIGH

An issue was discovered in libsndfile 1.2.2 IMA ADPCM codec. The AIFF code path (line 241) was fixed with (sf_count_t) cast, but the WAV code …

Apr 29, 2026
CVE-2026-30769
7.8 HIGH

An issue in the TVicPort64.sys component of EnTech Taiwan TVicPort Product v4.0, File v5.2.1.0 allows attackers to escalate privileges via sending crafted IOCTL 0x80002008 requests.

Apr 29, 2026
CVE-2026-7384
7.3 HIGH

A vulnerability was detected in ezequiroga mcp-bases 357ca19c7a49a9b9cb2ef639b366f03aba8bea39/c630b8ab0f970614d42da8e566e9c0d15a16414c. This impacts the function search_papers of the file research_server.py. Performing a manipulation of the argument topic results …

Apr 29, 2026
CVE-2026-7111
8.4 HIGH

Text::CSV_XS versions before 1.62 for Perl have a use-after-free when registered callbacks extend the Perl argument stack, which may enable type confusion or memory corruption. …

Apr 29, 2026
CVE-2026-5161
8.8 HIGH

Improper link resolution before file access ('link following') vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus About allows Symlink Attack. This issue affects Pardus …

Apr 29, 2026
CVE-2026-5141
8.8 HIGH

Improper Privilege Management, Improper Access Control, Incorrect privilege assignment vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Software Center allows Hijacking a privileged process. …

Apr 29, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.