CVE Database

108042+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-55950

Time-of-check Time-of-use (TOCTOU) race condition vulnerability in Erlang/OTP ssl (dtls_packet_demux module) allows an unauthenticated remote attacker to crash all active DTLS sessions on a listener. …

Jul 2, 2026
CVE-2026-54891

Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability in Erlang/OTP ssl (tls_gen_connection module) allows a network-positioned attacker to inject unauthenticated plaintext …

Jul 2, 2026
CVE-2026-54887

Use of Default Cryptographic Key vulnerability in Erlang/OTP ssl (DTLS server) allows predictable DTLS cookie computation during the startup window, enabling source address verification bypass. …

Jul 2, 2026
CVE-2026-54886

Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Erlang OTP ssh (ssh_sftpd module) allows an authenticated SFTP user to render an SFTP channel permanently …

Jul 2, 2026
CVE-2026-53422

Observable Response Discrepancy vulnerability in Erlang OTP ssh (ssh_sftpd module) allows an authenticated SFTP user to enumerate the existence of files and directories outside the …

Jul 2, 2026
CVE-2026-50282

Craft CMS is a content management system (CMS). Versions 5.0.0-RC1 and above, prior to 5.9.21 and versions 4.0.0-RC1 and above prior to 4.17.14 contain an …

Jul 2, 2026
CVE-2026-50281

Craft CMS is a content management system (CMS). Versions 5.7.0 and above, prior to 5.9.21 contain a mass-assignment flaw in the bulk-duplicate element action. An …

Jul 2, 2026
CVE-2026-44935
9.9 CRITICAL

Missing validation of "valuesFrom" references in Helm Deployer of SUSE Rancher Fleet 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.15 …

Jul 2, 2026
CVE-2024-58352
7.5 HIGH

Landray OA contains an unauthenticated HQL injection vulnerability that allows unauthenticated attackers to query arbitrary Hibernate entity classes by injecting malicious HQL syntax into the …

Jul 2, 2026
CVE-2024-14037
9.8 CRITICAL

Redsea Cloud eHR contains an arbitrary file upload vulnerability that allows unauthenticated attackers to achieve remote code execution by uploading malicious files through the PtFjk.mob …

Jul 2, 2026
CVE-2022-50973
9.8 CRITICAL

Yonyou KSOA 9.0 contains an unauthenticated arbitrary file upload vulnerability in the com.sksoft.bill.ImageUpload servlet that allows unauthenticated attackers to upload arbitrary files by submitting a …

Jul 2, 2026
CVE-2026-58455
9.8 CRITICAL

Dockwatch through 0.6.567 contains an unauthenticated OS command injection vulnerability that allows remote attackers to execute arbitrary shell commands by exploiting a missing exit() after …

Jul 2, 2026
CVE-2026-44941
8.4 HIGH

A relative path traversal in the "keyhint" option in repomd.xml parsing of libzypp before 17.38.12 can be used by attackers able to supply a malicious …

Jul 2, 2026
CVE-2026-9272

In Progress Flowmon ADS versions prior to 12.5.6 and 13.0.5, a vulnerability exists whereby an adversary who is authenticated as a low-privileged user in the …

Jul 2, 2026
CVE-2026-8079
7.3 HIGH

In Progress Flowmon versions prior to 12.5.9 and 13.0.11, a vulnerability exists whereby an authenticated low-privileged user may craft a request during the PDF generation …

Jul 2, 2026
CVE-2026-56842
7.5 HIGH

A malicious actor with access to the network and under certain conditions could exploit an Incorrect Authorization vulnerability found in UniFi Network Application to persist …

Jul 2, 2026
CVE-2026-56841
8.8 HIGH

A malicious actor with access to the network and low privileges could exploit an authenticated SQL Injection vulnerability found in UniFi Protect Application to escalate …

Jul 2, 2026
CVE-2026-56004
10.0 CRITICAL

A shellcode injection in the mercurial handler of the obs tar_scm source service before version 0.12.4 could be used by attackers able to provide a …

Jul 2, 2026
CVE-2026-55119
8.1 HIGH

A malicious actor with access to the network and low privileges could exploit an Improper Access Control vulnerability found in UniFi Talk Application to escalate …

Jul 2, 2026
CVE-2026-55118
8.3 HIGH

A malicious actor with access to the network,low privileges and under certain conditions could exploit an Improper Access Control vulnerability found in UniFi Network Application …

Jul 2, 2026
CVE-2026-55117
8.6 HIGH

A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi Access Application to access files on the host …

Jul 2, 2026
CVE-2026-55116
9.0 CRITICAL

A malicious actor with access to the network and under certain network configurations could exploit an Improper Access Control vulnerability found in certain devices running …

Jul 2, 2026
CVE-2026-55115
9.9 CRITICAL

A malicious actor with access to the network and low privileges could exploit a Server-Side Request Forgery (SSRF) in UniFi Protect Application to escalate privileges …

Jul 2, 2026
CVE-2026-55114
8.8 HIGH

A malicious actor with access to the network and low privileges could exploit an Improper Access Control vulnerability found in UniFi Network Application to escalate …

Jul 2, 2026
CVE-2026-55113
7.5 HIGH

A malicious actor with access to the network could exploit a Server-Side Request Forgery (SSRF) vulnerability found in UniFi Talk Application to execute a Denial …

Jul 2, 2026
CVE-2026-55112
7.5 HIGH

A malicious actor with access to the network and low privileges and under certain conditions could exploit an Improper Access Control vulnerability found in UniFi …

Jul 2, 2026
CVE-2026-55111
7.5 HIGH

A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi Protect Floodlight devices to access files on the …

Jul 2, 2026
CVE-2026-55110
7.5 HIGH

A malicious actor who lures an authenticated user to a malicious page could exploit a Cross-Origin Resource Sharing (CORS) misconfiguration found in UniFi OS to …

Jul 2, 2026
CVE-2026-54409
7.5 HIGH

A malicious actor with access to the network and under certain conditions could exploit an Improper Initialization vulnerability found in UniFi Protect Application to bypass …

Jul 2, 2026
CVE-2026-54408
8.6 HIGH

A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi Protect Application to bypass authentication for data …

Jul 2, 2026
CVE-2026-54407
8.6 HIGH

A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi Protect Application to bypass authentication in certain …

Jul 2, 2026
CVE-2026-54406
8.7 HIGH

A malicious actor with access to the network and high privileges could exploit a Path Traversal vulnerability found in self-hosted instances of UniFi Network Application …

Jul 2, 2026
CVE-2026-54405
7.5 HIGH

A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi Network Application to execute a Denial of …

Jul 2, 2026
CVE-2026-54404
8.8 HIGH

A malicious actor with access to the network and low privileges could exploit a series of authenticated SQL Injection vulnerabilities found in UniFi OS to …

Jul 2, 2026
CVE-2026-54403
8.6 HIGH

A malicious actor with access to the network could exploit a Path Traversal vulnerability found in certain devices running UniFi OS to bypass authentication of …

Jul 2, 2026
CVE-2026-54402
9.9 CRITICAL

A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in UniFi OS to execute a …

Jul 2, 2026
CVE-2026-54401
7.7 HIGH

A malicious actor with access to the network and low privileges could exploit a Server-Side Request Forgery (SSRF) to escalate privileges within such UniFi OS …

Jul 2, 2026
CVE-2026-54400
9.1 CRITICAL

A malicious actor with access to the network and high privileges could exploit an Improper Access Control vulnerability found in UniFi Access Application to escalate …

Jul 2, 2026
CVE-2026-53358

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: use chan timer to close channels in cleanup_listen() l2cap_chan_close() removes the channel from …

Jul 2, 2026
CVE-2026-53357

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: fix UAF in l2cap_sock_cleanup_listen() vs l2cap_conn_del() bt_accept_dequeue() unlinks a not-yet-accepted child from the parent …

Jul 2, 2026
CVE-2026-50748
9.9 CRITICAL

A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in UniFi Access Application to execute …

Jul 2, 2026
CVE-2026-50747
9.9 CRITICAL

A malicious actor with access to the network and low privileges could exploit a series of authenticated SQL Injection vulnerabilities found in UniFi Talk Application …

Jul 2, 2026
CVE-2026-50746
10.0 CRITICAL

A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi Connect Application to execute a Command Injection …

Jul 2, 2026
CVE-2026-12168
7.8 HIGH

An improper validation vulnerability for driver `GFAC_Sys_x64.sys` in Little Orbit GFAC allows a local attacker to escalate privileges to SYSTEM and execute arbitrary code in …

Jul 2, 2026
CVE-2026-12167
7.8 HIGH

The Minifilter communication port for driver `GFAC_Sys_x64.sys` in Little Orbit GFAC allows a local attacker to access privileged driver functionality via a communication interface that …

Jul 2, 2026
CVE-2026-12166
5.5 MEDIUM

A NULL pointer dereference vulnerability for driver `GFAC_Sys_x64.sys` in Little Orbit GFAC allows a local attacker to cause a denial of service via crafted requests …

Jul 2, 2026
CVE-2026-4767
9.8 CRITICAL

Missing authentication for critical function vulnerability in TR7 Cyber ​​Defense Inc. WAF-ASP allows Authentication Abuse. This issue affects WAF-ASP: from v1.0.324.900 before v1.4.0.117.

Jul 2, 2026
CVE-2026-5524
9.8 CRITICAL

The Divi Form Builder plugin for WordPress is vulnerable to Arbitrary File Upload leading to Remote Code Execution in all versions up to and including …

Jul 2, 2026
CVE-2026-58653
4.3 MEDIUM

PraisonAI before 0.1.7 fails to validate that project_id in issue create and update request bodies belongs to the URL workspace. An attacker can create issues …

Jul 2, 2026
CVE-2026-58652
7.5 HIGH

luci-app-travelmate (and the travelmate package) contain a privilege-escalation flaw: a LuCI/rpcd session holding the luci-app-travelmate write ACL is granted config-wide UCI write access to the …

Jul 2, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.