CVE Database

108856+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-36786
7.5 HIGH

Shenzhen Tenda Technology Co., Ltd Tenda FH451 V1.0.0.9 was discovered to contain a stack overflow in the list1 parameter of the fromDhcpListClient function. This vulnerability …

Jun 8, 2026
CVE-2026-34356
7.5 HIGH

Heap-based Buffer Overflow vulnerability in Apache HTTP Server with malicious backend servers and ProxyPassReverseCookie* This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users …

Jun 8, 2026
CVE-2026-34355
7.5 HIGH

A buffer overflow in mod_proxy_html in Apache HTTP Server 2.4.67 and earlier allows an attack by an untrusted backend. Users are recommended to upgrade to …

Jun 8, 2026
CVE-2026-34194
7.1 HIGH

Software installed and run as a non-privileged user may conduct improper GPU system calls to cause mismanagement of a mapping state maintained for a sparse …

Jun 8, 2026
CVE-2026-29170
6.1 MEDIUM

A cross-site scripting vulnerability exists in mod_proxy_ftp's HTML directory list generation in Apache HTTP Server 2.4.67 and earlier when listing FTP directory contents either via …

Jun 8, 2026
CVE-2026-29167
9.8 CRITICAL

Use After Free vulnerability in Apache HTTP Server with mod_ldap in per-directory configuration This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are …

Jun 8, 2026
CVE-2026-22164
7.5 HIGH

Software installed and run as a non-privileged user may conduct improper GPU system calls to corrupt kernel heap memory. By creating resources of certain types …

Jun 8, 2026
CVE-2026-11529
6.3 MEDIUM

A vulnerability was determined in designcomputer mysql-mcp-server up to 0.2.2. The impacted element is the function read_resource of the file src/mysql_mcp_server/server.py of the component mysql …

Jun 8, 2026
CVE-2026-11528
8.8 HIGH

A vulnerability was found in Tenda AC18 15.03.05.05. The affected element is the function sub_45304 of the file /goform/getRebootStatus of the component Web Management Interface. …

Jun 8, 2026
CVE-2026-11524
8.8 HIGH

A vulnerability has been found in Tenda W20E 15.11.0.6. Impacted is the function modifyWifiFilterRules of the file /goform/modifyWifiFilterRules of the component Web Management Interface. The …

Jun 8, 2026
CVE-2026-11523
8.8 HIGH

A flaw has been found in Tenda W20E 15.11.0.6. This issue affects the function formPortalAuth of the file /goform/PortalAuth of the component Web Management Interface. …

Jun 8, 2026
CVE-2026-11522
8.8 HIGH

A vulnerability was detected in Tenda W20E 15.11.0.6. This vulnerability affects the function formSetPortMirror of the file /goform/setPortMirror. Performing a manipulation of the argument portMirrorMirroredPorts …

Jun 8, 2026
CVE-2025-71315

In the Linux kernel, the following vulnerability has been resolved: drm/vkms: Convert to DRM's vblank timer Replace vkms' vblank timer with the DRM implementation. The …

Jun 8, 2026
CVE-2020-37248
6.5 MEDIUM

OfflineIMAP before 8.0.3 trusts the server with their STARTTLS capability prior to authentication, which allows STRIPTLS/man-in-the-middle attacks, taking over the connection and extracting account credentials …

Jun 8, 2026
CVE-2026-49235
7.5 HIGH

When Routinator encounters a file via RRDP using a specifically crafted Document Type Definition, Routinator crashes.

Jun 8, 2026
CVE-2026-49234
7.5 HIGH

When sending a specifically crafted non-UTF-8 string as select-asn query parameter to the /api/v1/origins endpoint, Routinator crashes. This only affects users who allow API access …

Jun 8, 2026
CVE-2026-49233
7.5 HIGH

Routinator does not properly check the module component of rsync URIs, which are used to create the file system paths for the Routinator cache. This …

Jun 8, 2026
CVE-2026-49232

Routinator exits on any error when accepting incoming HTTP or RTR connections, including ones it can recover from such as running out of file descriptors. …

Jun 8, 2026
CVE-2026-43974

Unexpected Status Code or Return Value vulnerability in ninenines gun (gun_http module) allows a malicious HTTP server to force the client into raw protocol mode …

Jun 8, 2026
CVE-2026-43973

Uncontrolled Resource Consumption vulnerability in ninenines gun (gun_http module) allows a malicious server to exhaust client memory via unbounded HTTP/1.1 response buffering. In gun_http:handle/5, three …

Jun 8, 2026
CVE-2026-43972

Origin Validation Error vulnerability in ninenines gun (gun_http2 module) allows cross-origin cookie injection via unvalidated HTTP/2 PUSH_PROMISE authority. In gun_http2:push_promise_frame/7, the :authority pseudo-header from an …

Jun 8, 2026
CVE-2026-36789
7.5 HIGH

Shenzhen Tenda Technology Co., Ltd Tenda AC1206 v15.03.06.23 was discovered to contain multiple stack overflows in the fromGstDhcpSetSer function via the username and password parameters. …

Jun 8, 2026
CVE-2026-25558
4.8 MEDIUM

QloApps through 1.7.0 contains a stored cross-site scripting vulnerability in the admin file manager that allows authenticated administrators to inject malicious JavaScript by uploading crafted …

Jun 8, 2026
CVE-2026-11521
6.3 MEDIUM

A security vulnerability has been detected in Mohammed-eid35 bank-management-system-springboot up to 7b9bcc65ad7df3db29af71aed9bb500e5f24d948. This affects an unknown part of the file src/main/java/com/alien/bank/management/system/controller/TransactionController.java of the component Transaction …

Jun 8, 2026
CVE-2026-11520
3.5 LOW

A weakness has been identified in SourceCodester Inventory System 1.0. Affected by this issue is some unknown functionality of the file header.php. This manipulation causes …

Jun 8, 2026
CVE-2026-11519
6.3 MEDIUM

A security flaw has been discovered in SourceCodester Inventory System 1.0. Affected by this vulnerability is an unknown functionality of the file /Product_Inventory/api/users_handler.php of the …

Jun 8, 2026
CVE-2026-11518
4.3 MEDIUM

A vulnerability was identified in SourceCodester Inventory System 1.0. Affected is an unknown function of the file /users.php of the component User Management Page. The …

Jun 8, 2026
CVE-2026-11517
8.8 HIGH

A vulnerability was determined in UTT HiPER 2610G up to 3.0.0-171107. This impacts the function strcpy of the file /goform/formConfigDnsFilterGlobal. Executing a manipulation of the …

Jun 8, 2026
CVE-2026-11516
5.5 MEDIUM

A vulnerability was found in UTT HiPER 2610G up to 3.0.0-171107. This affects the function strcpy of the file /goform/formNatStaticMap. Performing a manipulation of the …

Jun 8, 2026
CVE-2026-9549
4.8 MEDIUM

Stored cross-site scripting in the service discovery active check output in Checkmk <2.5.0p5, <2.4.0p31, <2.3.0p48, and all 2.2.0 versions allows an administrator who can configure …

Jun 8, 2026
CVE-2026-8833
5.4 MEDIUM

Improper neutralization of HTML-encoded characters in the URL validation function in Checkmk <2.5.0p5, <2.4.0p31, <2.3.0p48, and all 2.2.0 versions allows an authenticated user to bypass …

Jun 8, 2026
CVE-2026-8078
4.8 MEDIUM

Stored cross-site scripting in the global settings change log in Checkmk <2.5.0p5, <2.4.0p31, <2.3.0p48, and all 2.2.0 versions allows an administrator who can change global …

Jun 8, 2026
CVE-2026-7765
5.3 MEDIUM

Incorrect authorization in the User Messages dashboard widget in Checkmk <2.5.0p5 causes the message-fetching endpoints to return the dashboard creator's messages rather than the viewer's, …

Jun 8, 2026
CVE-2026-7186
5.4 MEDIUM

Stored cross-site scripting in the URL dashboard widget in Checkmk <2.5.0p5, <2.4.0p31, <2.3.0p48, and all 2.2.0 versions allows a user with dashboard editing permissions to …

Jun 8, 2026
CVE-2026-11577
7.2 HIGH

A flaw was found in Keycloak. A limited administrator can exploit an improper access control vulnerability in the POST /admin/realms/{realm}/partialImport endpoint. This allows them to …

Jun 8, 2026
CVE-2026-11515
5.3 MEDIUM

A vulnerability has been found in SourceCodester Barangay Resident Profiling and Information Management System 1.0. The impacted element is an unknown function of the file …

Jun 8, 2026
CVE-2026-11514
6.3 MEDIUM

A flaw has been found in itsourcecode Hospital Management System 1.0. The affected element is an unknown function of the file /addpatient.php. This manipulation of …

Jun 8, 2026
CVE-2026-11513
6.3 MEDIUM

A vulnerability was detected in itsourcecode Hospital Management System 1.0. Impacted is an unknown function of the file /adminaccount.php. The manipulation of the argument Date …

Jun 8, 2026
CVE-2026-11512
4.3 MEDIUM

A security vulnerability has been detected in itsourcecode Hospital Management System 1.0. This issue affects some unknown processing of the file /billing.php. The manipulation of …

Jun 8, 2026
CVE-2026-11511
3.5 LOW

A weakness has been identified in Bolt CMS up to 3.7.5. This vulnerability affects unknown code of the file src/Storage/Field/Type/TextType.php of the component HTML Attribute …

Jun 8, 2026
CVE-2026-50752
7.4 HIGH

A weakness in the certificate validation logic of the deprecated IKEv1 key exchange may allow an unauthenticated attacker positioned as a man-in-the-middle to bypass certificate …

Jun 8, 2026
CVE-2026-50751
9.3 CRITICAL KEV

A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IKEv1 key exchange allows an unauthenticated remote attacker to bypass user …

Jun 8, 2026
CVE-2026-47430

## Summary The iOS implementation of `cordova-plugin-inappbrowser` passes the `id` field from a `WKScriptMessage` body to `commandDelegate sendPluginResult:callbackId:` with no format validation (`CDVWKInAppBrowser.m:560–574`). Any web …

Jun 8, 2026
CVE-2026-3011
6.4 MEDIUM

The Recipe Card Blocks Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the recipe block's 'summary' and 'notes' attributes in all versions …

Jun 8, 2026
CVE-2026-11569
5.4 MEDIUM

A flaw was found in Quay. The filedrop endpoint accepts any mime type without validation, allowing an authenticated user with repository write access to upload …

Jun 8, 2026
CVE-2026-11510
6.3 MEDIUM

A security flaw has been discovered in CodeAstro Leave Management System 1.0. This affects an unknown part of the file /admin/add_leave.php. Performing a manipulation of …

Jun 8, 2026
CVE-2026-11509
6.3 MEDIUM

A vulnerability was identified in CodeAstro Leave Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/search_staff_for_updation.php. Such manipulation of …

Jun 8, 2026
CVE-2026-11508
6.3 MEDIUM

A vulnerability was determined in CodeAstro Leave Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/search_staff_to_assign_pc.php. This manipulation of …

Jun 8, 2026
CVE-2026-11507
6.3 MEDIUM

A vulnerability was found in CodeAstro Leave Management System 1.0. Affected is an unknown function of the file /admin/delete_leave_type.php. The manipulation of the argument leave_type …

Jun 8, 2026
CVE-2026-11506
6.3 MEDIUM

A vulnerability has been found in CodeAstro Leave Management System 1.0. This impacts an unknown function of the file /admin/search_staff_for_deletion.php. The manipulation of the argument …

Jun 8, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.