CVE Database

108856+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-41031
8.7 HIGH

A Stored Cross-Site Scripting vulnerability in Vinna Process Monitor Version 4.0 Service Pack 1 (Build 63255) allows an authenticated remote attacker with low privileges to …

Jun 9, 2026
CVE-2026-24349
7.1 HIGH

A vulnerability has been identified in SIMATIC WinCC Unified PC Runtime V16 (All versions), SIMATIC WinCC Unified PC Runtime V17 (All versions), SIMATIC WinCC Unified …

Jun 9, 2026
CVE-2026-10731

SQL injection in the ‘two_steps_auth_code’ parameter processed by the ‘twoStepsAuthVerification’ function within the ‘/user-login’ endpoint. The two-factor authentication (2FA) functionality can be accessed without prior …

Jun 9, 2026
CVE-2025-40808
6.1 MEDIUM

A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions), SIPROTEC …

Jun 9, 2026
CVE-2025-10263
9.1 CRITICAL

Arm C1-Ultra, C1-Premium, Neoverse V3 & V3AE, Neoverse V2, Neoverse V1, Neoverse-N2, Neoverse-N1, Cortex-X925, Cortex-X4, Cortex-X3, Cortex-X2, Cortex-X1 & X1C, Cortex-A710, Cortex-A78, A78AE & A78C, …

Jun 9, 2026
CVE-2026-8677
6.4 MEDIUM

The Prime Elementor Addons – Lightweight Elementor Widgets for Faster Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Widget HTML Tag Settings …

Jun 9, 2026
CVE-2026-8599
6.4 MEDIUM

The MailerPress – Email Marketing, Newsletter, Email Automation & WooCommerce Emails plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Campaign HTML Content Field …

Jun 9, 2026
CVE-2026-8365
8.8 HIGH

The Blocksy theme for WordPress is vulnerable to PHP Object Injection leading to Remote Code Execution via the 'blocksy_meta' REST API field and the V200 …

Jun 9, 2026
CVE-2026-7542
6.5 MEDIUM

The Slider Revolution plugin for WordPress is vulnerable to Sensitive Information Disclosure in versions up to and including 7.0.10. This is due to three compounding …

Jun 9, 2026
CVE-2026-6899
5.6 MEDIUM

Check for certificate revocation only considers the first matching CRL and ignores other valid CRLs of the same CA in the CycloneCrypto cryptographic wrapper of …

Jun 9, 2026
CVE-2026-49818
6.5 MEDIUM

The Apache Airflow Samba provider's `GCSToSambaOperator` joined GCS object names to the SMB destination path without a containment check, so an object named with `../` …

Jun 9, 2026
CVE-2026-46315

In the Linux kernel, the following vulnerability has been resolved: io_uring/waitid: clear waitid info before copying it to userspace IORING_OP_WAITID stores its result fields in …

Jun 9, 2026
CVE-2026-34905
6.5 MEDIUM

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. The unlisted question feature did not …

Jun 9, 2026
CVE-2026-34033
5.4 MEDIUM

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. User-supplied content …

Jun 9, 2026
CVE-2026-34031
6.5 MEDIUM

Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. The server did not sufficiently validate user-supplied …

Jun 9, 2026
CVE-2026-33582
6.5 MEDIUM

Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. A crafted TIFF image could trigger excessive …

Jun 9, 2026
CVE-2026-28262
6.0 MEDIUM

Dell iDRAC Tools, versions prior to 11.4.1.0, contains an Improper Link Resolution Before File Access ('Link Following') vulnerability. A low privileged attacker with local access …

Jun 9, 2026
CVE-2026-25699
6.1 MEDIUM

Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. Timeline-related APIs lacked proper authorization …

Jun 9, 2026
CVE-2026-25688
6.1 MEDIUM

Improper Neutralization of Alternate XSS Syntax vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. AI-generated response content was rendered in the browser …

Jun 9, 2026
CVE-2026-11616
8.8 HIGH

The Events Calendar for GeoDirectory plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 2.3.28. This is due to the …

Jun 9, 2026
CVE-2009-10007
9.1 CRITICAL

Catalyst::Plugin::Authentication versions before 0.10_027 for Perl is susceptible to session fixation attacks. Catalyst::Plugin::Authentication does not automatically change the session id after authentication. An attacker that …

Jun 9, 2026
CVE-2026-9698
9.8 CRITICAL

DBI versions before 1.648 for Perl saved errors in a limited-sized buffer. Error messages that were returned when RaiseError, PrintError or HandleError were set were …

Jun 9, 2026
CVE-2026-5068
7.6 HIGH

A remote, unauthenticated BLE peer can trigger a 2-byte out-of-bounds write in the Bluetooth host during L2CAP LE CoC SDU reassembly. When the application enables …

Jun 9, 2026
CVE-2026-44083
9.8 CRITICAL

An authorization bypass through user-controlled key vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to gain unintended privileges. …

Jun 9, 2026
CVE-2026-41986
2.4 LOW

Logic bypass vulnerability in the file system. Impact: Successful exploitation of this vulnerability may affect availability.

Jun 9, 2026
CVE-2026-41985
5.1 MEDIUM

UAF vulnerability in the package management module. Impact: Successful exploitation of this vulnerability may affect service integrity.

Jun 9, 2026
CVE-2026-41984
5.2 MEDIUM

UAF vulnerability in the package management module. Impact: Successful exploitation of this vulnerability may affect service integrity.

Jun 9, 2026
CVE-2026-41983
4.3 MEDIUM

DoS vulnerability in the browser kernel. Impact: Successful exploitation of this vulnerability may affect availability.

Jun 9, 2026
CVE-2026-41982
6.4 MEDIUM

Race condition vulnerability in the IPC module. Impact: Successful exploitation of this vulnerability may affect availability.

Jun 9, 2026
CVE-2026-41981
5.3 MEDIUM

Out-of-bounds write vulnerability in the IPC module. Impact: Successful exploitation of this vulnerability may affect availability.

Jun 9, 2026
CVE-2026-41977
5.0 MEDIUM

DoS vulnerability in the log service. Impact: Successful exploitation of this vulnerability may affect availability.

Jun 9, 2026
CVE-2026-41976
6.6 MEDIUM

Permission control vulnerability in the audio framework. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Jun 9, 2026
CVE-2026-41974
3.6 LOW

Permission control vulnerability in service notifications. Impact: Successful exploitation of this vulnerability may affect availability.

Jun 9, 2026
CVE-2026-41973
5.9 MEDIUM

Permission control vulnerability in calls. Impact: Successful exploitation of this vulnerability may affect availability.

Jun 9, 2026
CVE-2026-41972
5.4 MEDIUM

Path traversal vulnerability in the SMS app. Impact: Successful exploitation of this vulnerability may affect availability.

Jun 9, 2026
CVE-2025-62858
6.5 MEDIUM

A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then …

Jun 9, 2026
CVE-2026-8981
3.5 LOW

The Custom Block Builder WordPress plugin before 4.3.0 does not consistently check the unfiltered_html capability across all paths that write to its block template code …

Jun 9, 2026
CVE-2026-5067
9.8 CRITICAL

A remote, unauthenticated attacker can trigger memory corruption in Zephyr's HTTP server WebSocket upgrade path by sending a crafted Sec-WebSocket-Key header. The HTTP/1 header parser …

Jun 9, 2026
CVE-2026-4986
5.3 MEDIUM

The WPForms WordPress plugin before 1.10.0.5 does not verify the authenticity of incoming PayPal webhook events before processing them, allowing unauthenticated attackers to forge webhook …

Jun 9, 2026
CVE-2026-41539
6.1 MEDIUM

A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to bypass …

Jun 9, 2026
CVE-2026-11572
8.8 HIGH

Versions of the package degit before 2.8.6, from 3.0.0 and before 3.3.1 are vulnerable to Command Injection due to improper sanitisation of user input for …

Jun 9, 2026
CVE-2026-9662
8.1 HIGH

The Recover Exit For WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to and including 1.0.3. This is due …

Jun 9, 2026
CVE-2026-9185
7.5 HIGH

The 6Storage Rentals plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to and including 2.22.0 via the `userId` …

Jun 9, 2026
CVE-2026-8977
6.4 MEDIUM

The WP GDPR Cookie Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ninja_gdpr_ajax_actions' AJAX action in versions up to, and including, …

Jun 9, 2026
CVE-2026-8940
4.3 MEDIUM

The WP Meta Sort Posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.9. This is due …

Jun 9, 2026
CVE-2026-8910
6.1 MEDIUM

The WP Emoticon Rating plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to …

Jun 9, 2026
CVE-2026-8909
4.3 MEDIUM

The WpMobi plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.0.3. This is due to missing or …

Jun 9, 2026
CVE-2026-8907
6.1 MEDIUM

The WP-Ultimate-Map plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1. This is due to missing nonce validation …

Jun 9, 2026
CVE-2026-8904
4.3 MEDIUM

The FastPicker, an order picker and order management system (oms) for WooCommerce on steroids plugin for WordPress is vulnerable to Cross-Site Request Forgery in all …

Jun 9, 2026
CVE-2026-8902
4.3 MEDIUM

The AJAX Report Comments plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.4. This is due to …

Jun 9, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.