CVE Database

36709+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-39454
7.8 HIGH

SKYSEA Client View and SKYMEC IT Manager provided by Sky Co.,LTD. configure the installation folder with improper file access permission settings. A non-administrative user may …

Apr 20, 2026
CVE-2026-6615
7.3 HIGH

A weakness has been identified in TransformerOptimus SuperAGI up to 0.0.14. Affected by this issue is the function Upload of the file superagi/controllers/resources.py of the …

Apr 20, 2026
CVE-2026-5966
8.1 HIGH

ThreatSonar Anti-Ransomware developed by TeamT5 has an Arbitrary File Deletion vulnerability. Authenticated remote attackers with web access can exploit Path Traversal to delete arbitrary files …

Apr 20, 2026
CVE-2026-6606
7.3 HIGH

A weakness has been identified in modelscope agentscope up to 1.0.18. This vulnerability affects the function _process_audio_block of the file src/agentscope/agent/_agent_base.py. Executing a manipulation of …

Apr 20, 2026
CVE-2026-6605
7.3 HIGH

A security flaw has been discovered in modelscope agentscope up to 1.0.18. This affects the function _get_bytes_from_web_url of the file src/agentscope/_utils/_common.py of the component Internal …

Apr 20, 2026
CVE-2026-6604
7.3 HIGH

A vulnerability was identified in modelscope agentscope up to 1.0.18. Affected by this issue is the function _parse_url/prepare_image/openai_audio_to_text of the file src/agentscope/tool/_multi_modality/_openai_tools.py of the component …

Apr 20, 2026
CVE-2026-6603
7.3 HIGH

A vulnerability was determined in modelscope agentscope up to 1.0.18. Affected by this vulnerability is the function execute_python_code/execute_shell_command of the file src/AgentScope/tool/_coding/_python.py. This manipulation causes …

Apr 20, 2026
CVE-2026-6602
7.3 HIGH

A vulnerability was found in rickxy Hospital Management System up to 88a4290d957dc5bdde8a56e5ad451ad14f7f90f4. Affected is an unknown function of the file /backend/admin/his_admin_account.php. The manipulation of the …

Apr 20, 2026
CVE-2026-32965
7.5 HIGH

Initialization of a resource with an insecure default vulnerability exists in SD-330AC and AMC Manager provided by silex technology, Inc. When the affected device is …

Apr 20, 2026
CVE-2026-32955
8.8 HIGH

SD-330AC and AMC Manager provided by silex technology, Inc. contain a stack-based buffer overflow vulnerability in processing the redirect URLs. Arbitrary code may be executed …

Apr 20, 2026
CVE-2026-6596
7.3 HIGH

A security flaw has been discovered in langflow-ai langflow up to 1.1.0. This issue affects the function create_upload_file of the file src/backend/base/Langflow/api/v1/endpoints.py of the component …

Apr 20, 2026
CVE-2026-6595
7.3 HIGH

A vulnerability was identified in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. This vulnerability affects unknown code of the file buslocation.php of the component HTTP …

Apr 20, 2026
CVE-2026-6594
7.3 HIGH

A vulnerability was determined in brikcss merge up to 1.3.0. This affects an unknown part. Executing a manipulation of the argument __proto__/constructor.prototype/prototype can lead to …

Apr 20, 2026
CVE-2026-6582
7.3 HIGH

A flaw has been found in TransformerOptimus SuperAGI up to 0.0.14. Affected by this issue is the function get_vector_db_details of the file superagi/controllers/vector_dbs.py of the …

Apr 19, 2026
CVE-2026-6581
8.8 HIGH

A vulnerability was detected in H3C Magic B1 up to 100R004. Affected by this vulnerability is the function SetMobileAPInfoById of the file /goform/aspForm. Performing a …

Apr 19, 2026
CVE-2026-6580
7.3 HIGH

A security vulnerability has been detected in liangliangyy DjangoBlog up to 2.1.0.0. Affected is an unknown function of the file owntracks/views.py of the component Amap …

Apr 19, 2026
CVE-2026-6577
7.3 HIGH

A vulnerability was identified in liangliangyy DjangoBlog up to 2.1.0.0. The impacted element is an unknown function of the file owntracks/views.py of the component logtracks …

Apr 19, 2026
CVE-2026-6574
7.3 HIGH

A vulnerability has been found in osuuu LightPicture up to 1.2.2. This issue affects some unknown processing of the file /public/install/lp.sql of the component API …

Apr 19, 2026
CVE-2026-6569
7.3 HIGH

A vulnerability was identified in kodcloud KodExplorer up to 4.52. This impacts the function fileGet of the file /app/controller/share.class.php of the component fileGet Endpoint. Such …

Apr 19, 2026
CVE-2026-6568
7.3 HIGH

A vulnerability was determined in kodcloud KodExplorer up to 4.52. This affects the function share.class.php::initShareOld of the file /app/controller/share.class.php of the component Public Share Handler. …

Apr 19, 2026
CVE-2026-6563
8.8 HIGH

A vulnerability has been found in H3C Magic B1 up to 100R004. The affected element is the function SetAPWifiorLedInfoById of the file /goform/aspForm. The manipulation …

Apr 19, 2026
CVE-2026-6562
7.3 HIGH

A flaw has been found in dameng100 muucmf 1.9.5.20260309. Impacted is the function getListByPage of the file /index/Search/index.html. Executing a manipulation of the argument keyword …

Apr 19, 2026
CVE-2026-6560
8.8 HIGH

A security vulnerability has been detected in H3C Magic B0 up to 100R002. This vulnerability affects the function Edit_BasicSSID of the file /goform/aspForm. Such manipulation …

Apr 19, 2026
CVE-2026-32228
7.5 HIGH

UI / API User with asset materialize permission could trigger dags they had no access to. Users are advised to migrate to Airflow version 3.2.0 …

Apr 18, 2026
CVE-2026-30912
7.5 HIGH

In case of SQL errors, exception/stack trace of errors was exposed in API even if "api/expose_stack_traces" was set to false. That could lead to exposing …

Apr 18, 2026
CVE-2026-30898
8.8 HIGH

An example of BashOperator in Airflow documentation suggested a way of passing dag_run.conf in the way that could cause unsanitized user input to be used …

Apr 18, 2026
CVE-2026-25917
7.2 HIGH

Dag Authors, who normally should not be able to execute code in the webserver context could craft XCom payload causing the webserver to execute arbitrary …

Apr 18, 2026
CVE-2026-6518
8.8 HIGH

The CMP – Coming Soon & Maintenance Plugin by NiteoThemes plugin for WordPress is vulnerable to arbitrary file upload and remote code execution in all …

Apr 18, 2026
CVE-2026-40487
8.9 HIGH

Postiz is an AI social media scheduling tool. Prior to version 2.21.6, a file upload validation bypass allows any authenticated user to upload arbitrary HTML, …

Apr 18, 2026
CVE-2026-35582
8.8 HIGH

Emissary is a P2P based data-driven workflow engine. In versions 8.42.0 and below, Executrix.getCommand() is vulnerable to OS command injection because it interpolates temporary file …

Apr 18, 2026
CVE-2026-40350
8.8 HIGH

Movary is a self hosted web app to track and rate a user's watched movies. Prior to version 0.71.1, an ordinary authenticated user can access …

Apr 18, 2026
CVE-2026-35465
7.5 HIGH

SecureDrop Client is a desktop app for journalists to securely communicate with sources and handle submissions on the SecureDrop Workstation. In versions 0.17.4 and below, …

Apr 18, 2026
CVE-2026-40581
8.1 HIGH

ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the family record deletion endpoint (SelectDelete.php) performs permanent, irreversible deletion of family records …

Apr 18, 2026
CVE-2026-40349
8.8 HIGH

Movary is a self hosted web app to track and rate a user's watched movies. Prior to version 0.71.1, an ordinary authenticated user can escalate …

Apr 18, 2026
CVE-2026-40348
7.7 HIGH

Movary is a self hosted web app to track and rate a user's watched movies. Prior to version 0.71.1, an ordinary authenticated user can trigger …

Apr 18, 2026
CVE-2026-40323
7.5 HIGH

SP1 is a zero‑knowledge virtual machine that proves the correct execution of programs compiled for the RISC-V architecture. In versions 6.0.0 through 6.0.2, a soundness …

Apr 18, 2026
CVE-2026-2262
7.5 HIGH

The Easy Appointments plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.12.21 via the `/wp-json/wp/v2/eablocks/ea_appointments/` REST API …

Apr 18, 2026
CVE-2026-40481
7.5 HIGH

monetr is a budgeting application for recurring expenses. In versions 1.12.3 and below, the public Stripe webhook endpoint buffers the entire request body into memory …

Apr 17, 2026
CVE-2026-40474
7.6 HIGH

wger is a free, open-source workout and fitness manager. In versions 2.5 and below, the GymConfigUpdateView declares permission_required = 'config.change_gymconfig' but inherits WgerFormMixin instead of …

Apr 17, 2026
CVE-2026-40352
8.8 HIGH

FastGPT is an AI Agent building platform. In versions prior to 4.14.9.5, the password change endpoint is vulnerable to NoSQL injection. An authenticated attacker can …

Apr 17, 2026
CVE-2026-40321
8.0 HIGH

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.2.2, a user could upload a specially …

Apr 17, 2026
CVE-2026-40527
7.8 HIGH

radare2 prior to commit bc5a890 contains a command injection vulnerability in the afsv/afsvj command path where crafted ELF binaries can embed malicious r2 command sequences …

Apr 17, 2026
CVE-2026-40303
7.5 HIGH

zrok is software for sharing web services, files, and network resources. Prior to version 2.0.1, endpoints.GetSessionCookie parses an attacker-supplied cookie chunk count and calls make([]string, …

Apr 17, 2026
CVE-2026-40286
7.5 HIGH

WeGIA is a web manager for charitable institutions. In versions prior to 3.6.10, a Stored Cross-Site Scripting (XSS) vulnerability was identified in the 'Member Registration' …

Apr 17, 2026
CVE-2026-40285
8.8 HIGH

WeGIA is a web manager for charitable institutions. Versions prior to 3.6.10 contain a SQL injection vulnerability in dao/memorando/UsuarioDAO.php. The cpf_usuario POST parameter overwrites the …

Apr 17, 2026
CVE-2026-40196
8.1 HIGH

HomeBox is a home inventory and organization system. Versions prior to 0.25.0 contain a vulnerability where the defaultGroup ID remained permanently assigned to a user …

Apr 17, 2026
CVE-2026-35603
7.3 HIGH

Claude Code is an agentic coding tool. In versions prior to 2.1.75 on Windows, Claude Code loaded the system-wide default configuration from C:\ProgramData\ClaudeCode\managed-settings.json without validating …

Apr 17, 2026
CVE-2026-35512
8.8 HIGH

xrdp is an open source RDP server. Versions through 0.10.5 have a heap-based buffer overflow in the EGFX (graphics dynamic virtual channel) implementation due to …

Apr 17, 2026
CVE-2026-40461
7.5 HIGH

Anviz CX2 Lite and CX7 are vulnerable to unauthenticated POST requests that modify debug settings (e.g., enabling SSH), allowing unauthorized state changes that can facilitate …

Apr 17, 2026
CVE-2026-40434
8.1 HIGH

Anviz CrossChex Standard lacks source verification in the client/server channel, enabling TCP packet injection by an attacker on the same network to alter or disrupt …

Apr 17, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.