CVE Database

36709+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-40586
7.5 HIGH

blueprintUE is a tool to help Unreal Engine developers. Prior to 4.2.0, the login form handler performs no throttling of any kind. Failed authentication attempts …

Apr 21, 2026
CVE-2026-40585
7.4 HIGH

blueprintUE is a tool to help Unreal Engine developers. Prior to 4.2.0, when a password reset is initiated, a 128-character CSPRNG token is generated and …

Apr 21, 2026
CVE-2026-40584
7.5 HIGH

RansomLook is a tool to monitor Ransomware groups and markets and extract their victims. Prior to 1.9.0, the API in the affected application improperly filters …

Apr 21, 2026
CVE-2026-40583
8.2 HIGH

UltraDAG is a minimal DAG-BFT blockchain in Rust. In version 0.1, a non-council attacker can submit a signed SmartOp::Vote transaction that passes signature, nonce, and …

Apr 21, 2026
CVE-2026-40568
8.5 HIGH

FreeScout is a free self-hosted help desk and shared mailbox. Versions prior to 1.8.213 have a stored cross-site scripting (XSS) vulnerability in the mailbox signature …

Apr 21, 2026
CVE-2026-40161
7.7 HIGH

Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. From 1.0.0 to 1.10.0, the Tekton Pipelines git resolver in API mode sends the system-configured …

Apr 21, 2026
CVE-2026-38834
7.3 HIGH

Tenda W30E V2.0 V16.01.0.21 was found to contain a command injection vulnerability in the do_ping_action function via the hostName parameter. This vulnerability allows attackers to …

Apr 21, 2026
CVE-2026-24189
8.2 HIGH

NVIDIA CUDA-Q contains a vulnerability in an endpoint, where an unauthenticated attacker could cause an out-of-bounds read by sending a maliciously crafted request. A successful …

Apr 21, 2026
CVE-2026-24177
7.7 HIGH

NVIDIA KAI Scheduler contains a vulnerability where an attacker could access API endpoints without authorization. A successful exploit of this vulnerability might lead to information …

Apr 21, 2026
CVE-2026-37748
7.2 HIGH

Visitor Management System 1.0 by sanjay1313 is vulnerable to Unrestricted File Upload in vms/php/admin_user_insert.php and vms/php/update_1.php. The move_uploaded_file() function is called without any MIME type, …

Apr 21, 2026
CVE-2026-5789
7.8 HIGH

Vulnerability related to an unquoted search path in CivetWeb v1.16. This vulnerability allows a local attacker to execute arbitrary code with elevated privileges by placing …

Apr 21, 2026
CVE-2026-31019
8.8 HIGH

In the Website module of Dolibarr ERP & CRM 22.0.4 and below, the application uses blacklist-based filtering to restrict dangerous PHP functions related to system …

Apr 21, 2026
CVE-2026-31018
8.8 HIGH

In Dolibarr ERP & CRM <= 22.0.4, PHP code detection and editing permission enforcement in the Website module is not applied consistently to all input …

Apr 21, 2026
CVE-2025-14362
7.3 HIGH

The login limit is not enforced on the SFTP service of Fortra's GoAnywhere MFT prior to 7.10.0 if the Web User attempting to be logged …

Apr 21, 2026
CVE-2026-6784
7.5 HIGH

Memory safety bugs present in Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume that with enough …

Apr 21, 2026
CVE-2026-6782
7.5 HIGH

Information disclosure in the IP Protection component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.

Apr 21, 2026
CVE-2026-6781
7.5 HIGH

Denial-of-service in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.

Apr 21, 2026
CVE-2026-6780
7.5 HIGH

Denial-of-service in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.

Apr 21, 2026
CVE-2026-6776
7.8 HIGH

Incorrect boundary conditions in the WebRTC: Networking component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

Apr 21, 2026
CVE-2026-6773
7.5 HIGH

Denial-of-service due to integer overflow in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.

Apr 21, 2026
CVE-2026-6772
7.5 HIGH

Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and …

Apr 21, 2026
CVE-2026-6769
8.8 HIGH

Privilege escalation in the Debugger component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

Apr 21, 2026
CVE-2026-6766
7.5 HIGH

Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

Apr 21, 2026
CVE-2026-6761
8.8 HIGH

Privilege escalation in the Networking component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

Apr 21, 2026
CVE-2026-6759
7.5 HIGH

Use-after-free in the Widget: Cocoa component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

Apr 21, 2026
CVE-2026-6758
7.5 HIGH

Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.

Apr 21, 2026
CVE-2026-6756
7.5 HIGH

Mitigation bypass in Firefox for Android. This vulnerability was fixed in Firefox 150.

Apr 21, 2026
CVE-2026-6754
7.5 HIGH

Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

Apr 21, 2026
CVE-2026-6753
7.3 HIGH

Incorrect boundary conditions in the WebRTC component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

Apr 21, 2026
CVE-2026-6752
7.3 HIGH

Incorrect boundary conditions in the WebRTC component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

Apr 21, 2026
CVE-2026-6751
7.3 HIGH

Uninitialized memory in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

Apr 21, 2026
CVE-2026-6750
8.8 HIGH

Privilege escalation in the Graphics: WebRender component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

Apr 21, 2026
CVE-2026-6749
7.5 HIGH

Information disclosure due to uninitialized memory in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird …

Apr 21, 2026
CVE-2026-6747
7.5 HIGH

Use-after-free in the WebRTC component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

Apr 21, 2026
CVE-2026-6746
7.5 HIGH

Use-after-free in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird …

Apr 21, 2026
CVE-2026-40520
7.2 HIGH

FreePBX api module version 17.0.8 and prior contain a command injection vulnerability in the initiateGqlAPIProcess() function where GraphQL mutation input fields are passed directly to …

Apr 21, 2026
CVE-2026-41039
7.5 HIGH

This vulnerability exists in Quantum Networks router due to improper access control and insecure default configuration in the web-based management interface. An unauthenticated attacker could …

Apr 21, 2026
CVE-2026-41038
8.8 HIGH

This vulnerability exists in Quantum Networks router due to lack of enforcement of strong password policies in the web-based management interface. An attacker on the …

Apr 21, 2026
CVE-2026-6553
7.5 HIGH

Changing backend users' passwords via the user settings module results in storing the cleartext password in the uc and user_settings fields of the be_users database …

Apr 21, 2026
CVE-2026-41037
8.8 HIGH

This vulnerability exists in Quantum Networks router due to missing rate limiting and CAPTCHA protection for failed login attempts in the web-based management interface. An …

Apr 21, 2026
CVE-2026-41036
8.8 HIGH

This vulnerability exists in Quantum Networks router due to inadequate sanitization of user-supplied input in the management CLI interface. An authenticated remote attacker could exploit …

Apr 21, 2026
CVE-2026-39467
7.2 HIGH

Deserialization of Untrusted Data vulnerability in MetaSlider Responsive Slider by MetaSlider allows Object Injection.This issue affects Responsive Slider by MetaSlider: from n/a through 3.106.0.

Apr 21, 2026
CVE-2026-31368
7.8 HIGH

AiAssistant is affected by type privilege bypass, successful exploitation of this vulnerability may affect service availability.

Apr 21, 2026
CVE-2026-40497
8.1 HIGH

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, FreeScout's `Helper::stripDangerousTags()` removes `<script>`, `<form>`, `<iframe>`, `<object>` but does NOT strip …

Apr 21, 2026
CVE-2026-40250
7.1 HIGH

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.4.0 through …

Apr 21, 2026
CVE-2026-40244
7.1 HIGH

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.4.0 through …

Apr 21, 2026
CVE-2026-39973
7.1 HIGH

Apktool is a tool for reverse engineering Android APK files. In versions 3.0.0 and 3.0.1, a path traversal vulnerability in `brut/androlib/res/decoder/ResFileDecoder.java` allows a maliciously crafted …

Apr 21, 2026
CVE-2026-39866
8.8 HIGH

Lawnchair is a free, open-source home app for Android. Prior to commit fcba413f55dd47f8a3921445252849126c6266b2, command injection in release_update.yml workflow dispatch input allows arbitrary code execution. Commit …

Apr 21, 2026
CVE-2026-39386
8.8 HIGH

Neko is a a self-hosted virtual browser that runs in Docker and uses WebRTC In versions 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1, any authenticated …

Apr 21, 2026
CVE-2026-39320
7.5 HIGH

Signal K Server is a server application that runs on a central hub in a boat. Versions prior to 2.25.0 are vulnerable to an unauthenticated …

Apr 21, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.