CVE Database

36709+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-40925
8.3 HIGH

WWBN AVideo is an open source video platform. In versions 29.0 and prior, `objects/configurationUpdate.json.php` (also routed via `/updateConfig`) persists dozens of global site settings from …

Apr 21, 2026
CVE-2026-40905
8.1 HIGH

LinkAce is a self-hosted archive to collect website links. Prior to 2.5.4, a password reset poisoning vulnerability was identified in the application due to improper …

Apr 21, 2026
CVE-2026-40895
7.5 HIGH

follow-redirects is an open source, drop-in replacement for Node's `http` and `https` modules that automatically follows redirects. Prior to 1.16.0, when an HTTP request follows …

Apr 21, 2026
CVE-2026-35251
7.5 HIGH

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.2.6. Difficult to exploit vulnerability allows …

Apr 21, 2026
CVE-2026-35246
7.5 HIGH

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.2.6. Difficult to exploit vulnerability allows …

Apr 21, 2026
CVE-2026-35245
7.5 HIGH

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.2.6. Easily exploitable vulnerability allows unauthenticated …

Apr 21, 2026
CVE-2026-35243
7.8 HIGH

Vulnerability in the Oracle Application Development Framework (ADF) product of Oracle Fusion Middleware (component: ADF Faces). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. …

Apr 21, 2026
CVE-2026-35242
7.5 HIGH

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.2.6. Difficult to exploit vulnerability allows …

Apr 21, 2026
CVE-2026-35231
7.5 HIGH

Vulnerability in the Oracle Financial Services Transaction Filtering product of Oracle Financial Services Applications (component: User Interface). The supported version that is affected is 8.1.2.8.0. …

Apr 21, 2026
CVE-2026-35230
7.5 HIGH

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.2.6. Difficult to exploit vulnerability allows …

Apr 21, 2026
CVE-2026-35229
7.5 HIGH

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.30 and 21.3-21.21. Easily exploitable vulnerability allows unauthenticated attacker …

Apr 21, 2026
CVE-2026-34320
7.5 HIGH

Vulnerability in the Oracle Financial Services Customer Screening product of Oracle Financial Services Applications (component: User Interface). The supported version that is affected is 8.1.2.8.0. …

Apr 21, 2026
CVE-2026-34310
7.5 HIGH

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Platform). Supported versions that are affected are 8.0.7.9, 8.0.8.7 …

Apr 21, 2026
CVE-2026-34309
8.1 HIGH

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Security). Supported versions that are affected are 8.61-8.62. Easily exploitable vulnerability allows low privileged …

Apr 21, 2026
CVE-2026-34305
7.5 HIGH

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that are affected are 12.2.1.4.0, 14.1.1.0.0, 14.1.2.0.0 and 15.1.1.0.0. …

Apr 21, 2026
CVE-2026-34297
7.5 HIGH

Vulnerability in the Oracle HCM Common Architecture product of Oracle E-Business Suite (component: Knowledge Integration). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability …

Apr 21, 2026
CVE-2026-34292
7.2 HIGH

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability …

Apr 21, 2026
CVE-2026-34291
8.7 HIGH

Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Difficult to exploit …

Apr 21, 2026
CVE-2026-34290
7.5 HIGH

Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware (component: Core). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability …

Apr 21, 2026
CVE-2026-34282
7.5 HIGH

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are …

Apr 21, 2026
CVE-2026-22016
7.5 HIGH

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are …

Apr 21, 2026
CVE-2026-22011
7.6 HIGH

Vulnerability in the Oracle Applications DBA product of Oracle E-Business Suite (component: ADPatch). Supported versions that are affected are 12.2.3-12.2.15. Difficult to exploit vulnerability allows …

Apr 21, 2026
CVE-2026-22010
7.5 HIGH

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Platform). Supported versions that are affected are 8.0.7.9, 8.0.8.7 …

Apr 21, 2026
CVE-2026-21997
8.5 HIGH

Vulnerability in the Oracle Life Sciences Empirica Signal product of Oracle Life Science Applications (component: Common Core). Supported versions that are affected are 9.2.1-9.2.3. Easily …

Apr 21, 2026
CVE-2025-70420
8.8 HIGH

A SQL injection vulnerability exists in Genesys Latitude v25.1.0.420 that allows an authenticated attacker to execute arbitrary SQL queries against the backend database. The vulnerability …

Apr 21, 2026
CVE-2026-6819
8.8 HIGH

HKUDS OpenHarness prior to PR #156 remediation exposes plugin lifecycle commands including /plugin install, /plugin enable, /plugin disable, and /reload-plugins to remote senders by default. …

Apr 21, 2026
CVE-2026-40909
8.7 HIGH

WWBN AVideo is an open source video platform. In versions 29.0 and prior, the locale save endpoint (`locale/save.php`) constructs a file path by directly concatenating …

Apr 21, 2026
CVE-2026-40890
7.5 HIGH

The package `github.com/gomarkdown/markdown` is a Go library for parsing Markdown text and rendering as HTML. Processing a malformed input containing a < character that is …

Apr 21, 2026
CVE-2026-40885
8.8 HIGH

goshs is a SimpleHTTPServer written in Go. From 2.0.0-beta.4 to 2.0.0-beta.5, goshs leaks file-based ACL credentials through its public collaborator feed when the server is …

Apr 21, 2026
CVE-2026-40883
8.1 HIGH

goshs is a SimpleHTTPServer written in Go. From 2.0.0-beta.4 to 2.0.0-beta.5, goshs contains a cross-site request forgery issue in its state-changing HTTP GET routes. An …

Apr 21, 2026
CVE-2026-40881
7.5 HIGH

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.0 and zebra-network version 5.0.1, when deserializing addr or addrv2 messages, which …

Apr 21, 2026
CVE-2026-40880
8.1 HIGH

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.1 and zebra-consensus version 5.0.2, a logic error in Zebra's transaction verification …

Apr 21, 2026
CVE-2026-40879
7.5 HIGH

Nest is a framework for building scalable Node.js server-side applications. Prior to 11.1.19, when an attacker sends many small, valid JSON messages in one TCP …

Apr 21, 2026
CVE-2026-40876
8.8 HIGH

goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.6, goshs contains an SFTP root escape caused by prefix-based path validation. An authenticated SFTP user …

Apr 21, 2026
CVE-2026-40871
7.2 HIGH

mailcow: dockerized is an open source groupware/email suite based on docker. Versions prior to 2026-03b have a second-order SQL injection vulnerability in the quarantine_category field …

Apr 21, 2026
CVE-2026-40870
7.5 HIGH

Decidim is a participatory democracy framework. Starting in version 0.0.1 and prior to versions 0.30.5 and 0.31.1, the root level `commentable` field in the API …

Apr 21, 2026
CVE-2026-40869
7.5 HIGH

Decidim is a participatory democracy framework. Starting in version 0.19.0 and prior to versions 0.30.5 and 0.31.1, a vulnerability allows any registered and authenticated user …

Apr 21, 2026
CVE-2026-33813
7.5 HIGH

Parsing a WEBP image with an invalid, large size panics on 32-bit platforms.

Apr 21, 2026
CVE-2026-40868
8.1 HIGH

Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to 1.16.4, kyverno’s apiCall servicecall helper implicitly injects Authorization: Bearer ... using …

Apr 21, 2026
CVE-2026-40614
8.8 HIGH

PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, there is a buffer overflow when decoding Opus …

Apr 21, 2026
CVE-2026-40613
7.5 HIGH

Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.10.0, the STUN/TURN attribute parsing functions in coturn perform unsafe pointer …

Apr 21, 2026
CVE-2026-41192
7.1 HIGH

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, the reply and draft flows trust client-supplied encrypted attachment IDs. Any …

Apr 21, 2026
CVE-2026-40611
8.8 HIGH

Let's Encrypt client and ACME library written in Go (Lego). Prior to 4.34.0, the webroot HTTP-01 challenge provider in lego is vulnerable to arbitrary file …

Apr 21, 2026
CVE-2026-40599
7.1 HIGH

ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to 5.0.5, ClearanceKit incorrectly treats a process with an empty Team ID …

Apr 21, 2026
CVE-2026-40588
8.1 HIGH

blueprintUE is a tool to help Unreal Engine developers. Prior to 4.2.0, the password change form at /profile/{slug}/edit/ does not include a current_password field and …

Apr 21, 2026
CVE-2026-41191
7.1 HIGH

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, `MailboxesController::updateSave()` persists `chat_start_new` outside the allowed-field filter. A user with only …

Apr 21, 2026
CVE-2026-41190
7.1 HIGH

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, when `APP_SHOW_ONLY_ASSIGNED_CONVERSATIONS` is enabled, direct conversation view correctly blocks users who …

Apr 21, 2026
CVE-2026-41189
7.1 HIGH

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, customer-thread editing is authorized through `ThreadPolicy::edit()`, which checks mailbox access but …

Apr 21, 2026
CVE-2026-40591
7.1 HIGH

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.214, the phone-conversation creation flow accepts attacker-controlled `customer_id`, `name`, `to_email`, and `phone` …

Apr 21, 2026
CVE-2026-40589
7.6 HIGH

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.214, a low-privileged agent can edit a visible customer and add an …

Apr 21, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.