CVE Database

108577+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2016-20063
7.1 HIGH

Single Personal Message 1.0.3 contains an SQL injection vulnerability that allows authenticated users to execute arbitrary SQL queries by injecting malicious code through the message …

Jun 9, 2026
CVE-2016-20062
8.2 HIGH

Simply Poll 1.4.1 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the …

Jun 9, 2026
CVE-2026-49742

Backend users with file download permissions were able to download files from the fallback storage of the file abstraction layer (FAL) via the Media Module. …

Jun 9, 2026
CVE-2026-49741

Backend users with write access to the form_definition database table were able to directly create, update, or delete form definition records via DataHandler, bypassing the …

Jun 9, 2026
CVE-2026-49740

TYPO3's cache frontend (VariableFrontend) and persistent key-value store (Registry) deserialized PHP payloads without integrity validation or class restrictions. An attacker with write access to the …

Jun 9, 2026
CVE-2026-49738

The path allowance check in GeneralUtility::isAllowedAbsPath() performed a plain string prefix comparison without requiring a directory separator boundary, causing a path like /var/www/html-other/secret.yaml to be …

Jun 9, 2026
CVE-2026-47352

Authenticated backend users were able to retrieve file metadata via several Backend API routes without proper permission checks, allowing access to files outside their permitted …

Jun 9, 2026
CVE-2026-47351

Backend users were able to insert arbitrary records and files into the TYPO3 clipboard without proper read permission checks, which allowed users to gather information …

Jun 9, 2026
CVE-2026-47350

Backend users were able to move records to a different page without having edit permissions on the source page. This issue affects TYPO3 CMS versions …

Jun 9, 2026
CVE-2026-47349

Backend users with access to the Recycler module were able to restore soft-deleted records on pages or for tables they were not authorized to modify. …

Jun 9, 2026
CVE-2026-47348

Editors with access to create or modify page content were able to include HTML markup in page titles that were stored in the search index …

Jun 9, 2026
CVE-2026-47347

Applications that use GeneralUtility::sanitizeLocalUrl to allow only local URLs are vulnerable to open redirect attacks if the URL is used after it has passed the …

Jun 9, 2026
CVE-2026-47346

Backend users with file write permissions were able to upload form definition files with mixed-case extensions (e.g., .FORM.YAML) to bypass the Form Framework's upload restriction. …

Jun 9, 2026
CVE-2026-47343

Non-privileged backend users with file mount access were able to perform write operations (move, delete, rename) on folders representing the root of an active file …

Jun 9, 2026
CVE-2026-11607

Backend users with access to the Form Framework were able to use files not ending in .form.yaml as form definitions, which were processed without denying …

Jun 9, 2026
CVE-2026-52902
4.7 MEDIUM

A path traversal vulnerability was found in awxkit, the CLI tool for AWX. The YAML !include directive does not sanitize file paths, allowing an attacker …

Jun 9, 2026
CVE-2026-4058
4.3 MEDIUM

The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin for WordPress is vulnerable to unauthorized modification of data due …

Jun 9, 2026
CVE-2026-46749
7.5 HIGH

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6). The affected application uses a password hashing implementation with a …

Jun 9, 2026
CVE-2026-46748
8.8 HIGH

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6). The affected system includes a binary that is configured with …

Jun 9, 2026
CVE-2026-46747
4.3 MEDIUM

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6). The affected application does not properly sanitize path input in …

Jun 9, 2026
CVE-2026-46746
8.8 HIGH

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6). The application does not properly sanitize user input in the …

Jun 9, 2026
CVE-2026-41031
8.7 HIGH

A Stored Cross-Site Scripting vulnerability in Vinna Process Monitor Version 4.0 Service Pack 1 (Build 63255) allows an authenticated remote attacker with low privileges to …

Jun 9, 2026
CVE-2026-24349
7.1 HIGH

A vulnerability has been identified in SIMATIC WinCC Unified PC Runtime V16 (All versions), SIMATIC WinCC Unified PC Runtime V17 (All versions), SIMATIC WinCC Unified …

Jun 9, 2026
CVE-2026-10731

SQL injection in the ‘two_steps_auth_code’ parameter processed by the ‘twoStepsAuthVerification’ function within the ‘/user-login’ endpoint. The two-factor authentication (2FA) functionality can be accessed without prior …

Jun 9, 2026
CVE-2025-40808
6.1 MEDIUM

A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions), SIPROTEC …

Jun 9, 2026
CVE-2025-10263
9.1 CRITICAL

Arm C1-Ultra, C1-Premium, Neoverse V3 & V3AE, Neoverse V2, Neoverse V1, Neoverse-N2, Neoverse-N1, Cortex-X925, Cortex-X4, Cortex-X3, Cortex-X2, Cortex-X1 & X1C, Cortex-A710, Cortex-A78, A78AE & A78C, …

Jun 9, 2026
CVE-2026-8677
6.4 MEDIUM

The Prime Elementor Addons – Lightweight Elementor Widgets for Faster Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Widget HTML Tag Settings …

Jun 9, 2026
CVE-2026-8599
6.4 MEDIUM

The MailerPress – Email Marketing, Newsletter, Email Automation & WooCommerce Emails plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Campaign HTML Content Field …

Jun 9, 2026
CVE-2026-8365
8.8 HIGH

The Blocksy theme for WordPress is vulnerable to PHP Object Injection leading to Remote Code Execution via the 'blocksy_meta' REST API field and the V200 …

Jun 9, 2026
CVE-2026-7542
6.5 MEDIUM

The Slider Revolution plugin for WordPress is vulnerable to Sensitive Information Disclosure in versions up to and including 7.0.10. This is due to three compounding …

Jun 9, 2026
CVE-2026-6899
5.6 MEDIUM

Check for certificate revocation only considers the first matching CRL and ignores other valid CRLs of the same CA in the CycloneCrypto cryptographic wrapper of …

Jun 9, 2026
CVE-2026-49818
6.5 MEDIUM

The Apache Airflow Samba provider's `GCSToSambaOperator` joined GCS object names to the SMB destination path without a containment check, so an object named with `../` …

Jun 9, 2026
CVE-2026-46315

In the Linux kernel, the following vulnerability has been resolved: io_uring/waitid: clear waitid info before copying it to userspace IORING_OP_WAITID stores its result fields in …

Jun 9, 2026
CVE-2026-34905
6.5 MEDIUM

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. The unlisted question feature did not …

Jun 9, 2026
CVE-2026-34033
5.4 MEDIUM

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. User-supplied content …

Jun 9, 2026
CVE-2026-34031
6.5 MEDIUM

Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. The server did not sufficiently validate user-supplied …

Jun 9, 2026
CVE-2026-33582
6.5 MEDIUM

Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. A crafted TIFF image could trigger excessive …

Jun 9, 2026
CVE-2026-28262
6.0 MEDIUM

Dell iDRAC Tools, versions prior to 11.4.1.0, contains an Improper Link Resolution Before File Access ('Link Following') vulnerability. A low privileged attacker with local access …

Jun 9, 2026
CVE-2026-25699
6.1 MEDIUM

Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. Timeline-related APIs lacked proper authorization …

Jun 9, 2026
CVE-2026-25688
6.1 MEDIUM

Improper Neutralization of Alternate XSS Syntax vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. AI-generated response content was rendered in the browser …

Jun 9, 2026
CVE-2026-11616
8.8 HIGH

The Events Calendar for GeoDirectory plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 2.3.28. This is due to the …

Jun 9, 2026
CVE-2009-10007
9.1 CRITICAL

Catalyst::Plugin::Authentication versions before 0.10_027 for Perl is susceptible to session fixation attacks. Catalyst::Plugin::Authentication does not automatically change the session id after authentication. An attacker that …

Jun 9, 2026
CVE-2026-9698
9.8 CRITICAL

DBI versions before 1.648 for Perl saved errors in a limited-sized buffer. Error messages that were returned when RaiseError, PrintError or HandleError were set were …

Jun 9, 2026
CVE-2026-5068
7.6 HIGH

A remote, unauthenticated BLE peer can trigger a 2-byte out-of-bounds write in the Bluetooth host during L2CAP LE CoC SDU reassembly. When the application enables …

Jun 9, 2026
CVE-2026-44083
9.8 CRITICAL

An authorization bypass through user-controlled key vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to gain unintended privileges. …

Jun 9, 2026
CVE-2026-41986
2.4 LOW

Logic bypass vulnerability in the file system. Impact: Successful exploitation of this vulnerability may affect availability.

Jun 9, 2026
CVE-2026-41985
5.1 MEDIUM

UAF vulnerability in the package management module. Impact: Successful exploitation of this vulnerability may affect service integrity.

Jun 9, 2026
CVE-2026-41984
5.2 MEDIUM

UAF vulnerability in the package management module. Impact: Successful exploitation of this vulnerability may affect service integrity.

Jun 9, 2026
CVE-2026-41983
4.3 MEDIUM

DoS vulnerability in the browser kernel. Impact: Successful exploitation of this vulnerability may affect availability.

Jun 9, 2026
CVE-2026-41982
6.4 MEDIUM

Race condition vulnerability in the IPC module. Impact: Successful exploitation of this vulnerability may affect availability.

Jun 9, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.