CVE Database

36709+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-7128
7.3 HIGH

A security vulnerability has been detected in SourceCodester Pharmacy Sales and Inventory System 1.0. This issue affects some unknown processing of the file /ajax.php?action=save_type. Such …

Apr 27, 2026
CVE-2026-7127
7.3 HIGH

A weakness has been identified in SourceCodester Pharmacy Sales and Inventory System 1.0. This vulnerability affects unknown code of the file /ajax.php?action=delete_receiving. This manipulation of …

Apr 27, 2026
CVE-2026-7126
7.3 HIGH

A security flaw has been discovered in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects an unknown part of the file /ajax.php?action=save_category. The manipulation …

Apr 27, 2026
CVE-2026-6265
8.8 HIGH

Insecure preserved inherited permissions vulnerability in Cerberus FTP Server on Windows allows Privilege Escalation.This issue has been resolved in Cerberus FTP Server: 2026.1

Apr 27, 2026
CVE-2026-7040
7.5 HIGH

Text::Minify::XS versions from 0.3.0 before 0.7.8 for Perl have a heap overflow when processing some malformed UTF-8 characters. The minify functions mishandled some malformed UTF-8 …

Apr 27, 2026
CVE-2026-7119
8.8 HIGH

A vulnerability was detected in Tenda HG3 2.0. The impacted element is an unknown function of the file /boaform/formCountrystr. The manipulation of the argument countrystr …

Apr 27, 2026
CVE-2026-5943
7.8 HIGH

Document structural anomalies caused inconsistencies between page element relationships and internal index states. When scripts triggered document modifications, object reference validity was not properly maintained, …

Apr 27, 2026
CVE-2026-5941
7.8 HIGH

Parsing logic flaws cause non-signature data to be misidentified as valid signatures when processing malformed form field hierarchies, leading to invalid memory writes and program …

Apr 27, 2026
CVE-2026-5940
7.8 HIGH

Calling a function that triggers a UI refresh after removing comments via a script may access an invalidated object, leading to program crashes.

Apr 27, 2026
CVE-2026-27172
8.8 HIGH

The ConsulRegistry in the camel-consul component (class org.apache.camel.component.consul.ConsulRegistry and its inner ConsulRegistryUtils.deserialize method) read Java-serialized values from the Consul KV store and passed them to …

Apr 27, 2026
CVE-2026-40858
8.8 HIGH

The camel-infinispan component's ProtoStream-based remote aggregation repository deserializes data read from a remote Infinispan cache using java.io.ObjectInputStream without applying any ObjectInputFilter. An attacker who can …

Apr 27, 2026
CVE-2026-40022
8.2 HIGH

When authentication is enabled on the Apache Camel embedded HTTP server or embedded management server (camel-platform-http-main) and a non-root context path such as /api or …

Apr 27, 2026
CVE-2026-7101
8.8 HIGH

A vulnerability has been found in Tenda F456 1.0.0.5. This affects the function fromWrlclientSet of the file /goform/WrlclientSet of the component httpd. The manipulation leads …

Apr 27, 2026
CVE-2026-7100
8.8 HIGH

A flaw has been found in Tenda F456 1.0.0.5. The impacted element is the function fromNatlimitof of the file /goform/Natlimit of the component httpd. Executing …

Apr 27, 2026
CVE-2026-7099
8.8 HIGH

A vulnerability was detected in Tenda F456 1.0.0.5. The affected element is the function formQuickIndex of the file /goform/QuickIndex of the component httpd. Performing a …

Apr 27, 2026
CVE-2026-7098
8.8 HIGH

A security vulnerability has been detected in Tenda F456 1.0.0.5. Impacted is the function fromDhcpListClient of the file /goform/DhcpListClient of the component httpd. Such manipulation …

Apr 27, 2026
CVE-2026-42379
7.7 HIGH

Insertion of Sensitive Information Into Sent Data vulnerability in WPDeveloper Templately allows Retrieve Embedded Sensitive Data.This issue affects Templately: from n/a through 3.6.1.

Apr 27, 2026
CVE-2026-40473
8.8 HIGH

The camel-mina component's MinaConverter.toObjectInput(IoBuffer) type converter wraps an IoBuffer in a java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. When a Camel route uses camel-mina …

Apr 27, 2026
CVE-2026-40048
7.8 HIGH

The Camel-PQC FileBasedKeyLifecycleManager class deserializes the contents of `<keyId>.key` files in the configured key directory using java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. The …

Apr 27, 2026
CVE-2026-7097
8.8 HIGH

A weakness has been identified in Tenda F456 1.0.0.5. This issue affects the function fromwebExcptypemanFilter of the file /goform/webExcptypemanFilter of the component httpd. This manipulation …

Apr 27, 2026
CVE-2026-7096
8.8 HIGH

A security flaw has been discovered in Tenda HG3 2.0 300003070. This vulnerability affects the function formgponConf of the file /boaform/admin/formgponConf. The manipulation of the …

Apr 27, 2026
CVE-2026-7094
7.3 HIGH

A vulnerability was determined in ShadowCloneLabs GlutamateMCPServers up to e2de73280b01e5d943593dd1aa2c01c5b9112f78. Affected by this issue is some unknown functionality of the file src/puppeteer/index.ts of the component …

Apr 27, 2026
CVE-2026-7088
7.3 HIGH

A weakness has been identified in SourceCodester Pharmacy Sales and Inventory System 1.0. The affected element is an unknown function of the file /ajax.php?action=save_receiving. Executing …

Apr 27, 2026
CVE-2026-7087
7.3 HIGH

A security flaw has been discovered in SourceCodester Pharmacy Sales and Inventory System 1.0. Impacted is an unknown function of the file /ajax.php?action=save_sales. Performing a …

Apr 27, 2026
CVE-2026-7082
8.8 HIGH

A flaw has been found in Tenda F456 1.0.0.5. Affected by this vulnerability is the function formWrlExtraSet of the file /goform/WrlExtraSet of the component httpd. …

Apr 27, 2026
CVE-2026-7081
8.8 HIGH

A vulnerability was detected in Tenda F456 1.0.0.5. Affected is the function fromGstDhcpSetSer of the file /goform/GstDhcpSetSer of the component httpd. Performing a manipulation of …

Apr 27, 2026
CVE-2026-7106
8.8 HIGH

The Highland Software Custom Role Manager plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 1.0.0. This is due to …

Apr 27, 2026
CVE-2026-7080
8.8 HIGH

A security vulnerability has been detected in Tenda F456 1.0.0.5. This impacts the function fromPPTPUserSetting of the file /goform/PPTPUserSetting of the component httpd. Such manipulation …

Apr 27, 2026
CVE-2026-7079
8.8 HIGH

A weakness has been identified in Tenda F456 1.0.0.5. This affects the function fromAdvSetWan of the file /goform/AdvSetWan of the component httpd. This manipulation of …

Apr 27, 2026
CVE-2026-7078
8.8 HIGH

A security flaw has been discovered in Tenda F456 1.0.0.5. The impacted element is the function fromSetIpBind of the file /goform/SetIpBind of the component httpd. …

Apr 27, 2026
CVE-2026-7077
7.3 HIGH

A vulnerability was identified in itsourcecode Courier Management System 1.0. The affected element is an unknown function of the file /edit_parcel.php. The manipulation of the …

Apr 27, 2026
CVE-2026-3006
7.0 HIGH

Successful exploitation of the race condition vulnerability could allow an attacker to trigger a kernel heap overflow, potentially leading to local privilege escalation and granting …

Apr 27, 2026
CVE-2026-7076
7.3 HIGH

A vulnerability was determined in itsourcecode Courier Management System 1.0. Impacted is an unknown function of the file /edit_branch.php. Executing a manipulation of the argument …

Apr 27, 2026
CVE-2026-7075
7.3 HIGH

A vulnerability was found in itsourcecode Construction Management System 1.0. This issue affects some unknown processing of the file /locations.php. Performing a manipulation of the …

Apr 27, 2026
CVE-2026-7074
7.3 HIGH

A vulnerability has been found in itsourcecode Construction Management System 1.0. This vulnerability affects unknown code of the file /execute1.php. Such manipulation of the argument …

Apr 27, 2026
CVE-2026-7073
7.3 HIGH

A flaw has been found in itsourcecode Construction Management System 1.0. This affects an unknown part of the file /execute.php. This manipulation of the argument …

Apr 27, 2026
CVE-2026-7072
7.3 HIGH

A vulnerability was detected in CodePanda Source canteen_management_system 1.0. Affected by this issue is some unknown functionality of the file /api/login.php. The manipulation of the …

Apr 27, 2026
CVE-2026-7070
7.3 HIGH

A weakness has been identified in code-projects Inventory Management System 1.0. Affected is an unknown function of the component Login. Executing a manipulation of the …

Apr 27, 2026
CVE-2026-7069
8.0 HIGH

A security flaw has been discovered in D-Link DIR-825 up to 3.00b32. This impacts the function AddPortMapping of the file upnpsoap.c of the component miniupnpd. …

Apr 27, 2026
CVE-2026-7068
8.8 HIGH

A vulnerability was identified in D-Link DIR-825 3.00b32. This affects the function NMBD_process of the file sserver.c of the component nmbd. Such manipulation leads to …

Apr 27, 2026
CVE-2026-7067
7.3 HIGH

A vulnerability was determined in D-Link DIR-822 A_101. The impacted element is the function system of the file /udhcpcd/dhcpd.c of the component udhcpd DHCP Service. …

Apr 27, 2026
CVE-2026-7066
7.3 HIGH

A vulnerability was found in choieastsea simple-openstack-mcp up to 767b2f4a8154cca344344b9725537a58399e6036. The affected element is the function exec_openstack of the file server.py. The manipulation results in …

Apr 27, 2026
CVE-2026-7065
7.3 HIGH

A vulnerability has been found in BidingCC BuildingAI up to 26.0.1. Impacted is the function uploadRemoteFile of the file packages/core/src/modules/upload/services/file-storage.service.ts of the component Remote Upload …

Apr 27, 2026
CVE-2026-33277
8.8 HIGH

An OS command Injection issue exists in LogonTracer prior to v2.0.0. An arbitrary OS command may be executed by a logged-in user.

Apr 27, 2026
CVE-2026-7064
7.3 HIGH

A flaw has been found in AgentDeskAI browser-tools-mcp up to 1.2.0. This issue affects some unknown processing of the file browser-tools-server/browser-connector.ts. Executing a manipulation can …

Apr 26, 2026
CVE-2026-7063
7.3 HIGH

A vulnerability was detected in code-projects Employee Management System 1.0. This vulnerability affects unknown code of the file /370project/process/eprocess.php of the component Endpoint. Performing a …

Apr 26, 2026
CVE-2026-7062
7.3 HIGH

A security vulnerability has been detected in Intina47 context-sync up to 2.0.0. This affects an unknown part of the file src/git-integration.ts of the component Git …

Apr 26, 2026
CVE-2026-7061
7.3 HIGH

A weakness has been identified in Toowiredd chatgpt-mcp-server up to 0.1.0. Affected by this issue is some unknown functionality of the file src/services/docker.service.ts of the …

Apr 26, 2026
CVE-2026-7060
7.3 HIGH

A vulnerability was determined in liyupi yu-picture up to a053632c41340152bf75b66b3c543d129123d8ec. This impacts the function PageRequest of the file yu-picture-backend/src/main/java/com/yupi/yupicturebackend/service/impl/PictureServiceImpl.java of the component MyBatis-Plus. Executing a …

Apr 26, 2026
CVE-2026-7058
7.3 HIGH

A vulnerability has been found in 666ghj MiroFish up to 0.1.2. The impacted element is the function SimulationIPCClient.send_command of the file backend/app/services/simulation_ipc.py of the component …

Apr 26, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.