CVE Database

108856+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-11505
5.0 MEDIUM

A flaw has been found in GL.iNet A1300, AX1800, AXT1800, MT2500, MT3000, MT6000, X3000 and XE3000 4.8.x. This affects an unknown function of the component …

Jun 8, 2026
CVE-2026-11504
8.8 HIGH

A vulnerability was detected in Tenda CX12L 16.03.53.12. The impacted element is the function setSchedWifi of the file /goform/openSchedWifi of the component Wi-Fi Schedule Configuration …

Jun 8, 2026
CVE-2026-9506

This vulnerability exists in Bagisto due to improper validation of user-supplied input in the ImageCacheController component. An unauthenticated remote attacker could exploit this vulnerability by …

Jun 8, 2026
CVE-2026-11503
8.8 HIGH

A security vulnerability has been detected in Tenda CX12L 16.03.53.12. The affected element is the function form_fast_setting_wifi_set of the file /goform/fast_setting_wifi_set of the component Wi-Fi …

Jun 8, 2026
CVE-2026-11502
3.1 LOW

A weakness has been identified in JeecgBoot up to 3.9.2. Impacted is the function HttpServletResponse.sendRedirect of the file jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/ThirdLoginController.java of the component Third-Party Login. This …

Jun 8, 2026
CVE-2026-11501
7.3 HIGH

A security flaw has been discovered in SourceCodester Hospitals Patient Records Management System 1.0. This issue affects some unknown processing of the file /classes/Master.php?f=save_patient. The …

Jun 8, 2026
CVE-2026-11500
5.0 MEDIUM

A vulnerability was identified in Weaviate up to 1.37.7. This vulnerability affects the function validateConfig of the file usecases/auth/authentication/apikey/client.go of the component Static API Key …

Jun 8, 2026
CVE-2024-56123

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Jun 8, 2026
CVE-2024-56122

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Jun 8, 2026
CVE-2024-56121

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Jun 8, 2026
CVE-2024-56120

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Jun 8, 2026
CVE-2026-41724
8.0 HIGH

VMware Cloud Foundation Operations contains multiple stored cross-site scripting vulnerabilities.A malicious actor with privileges to create policies, views or text-widgets may be able to inject …

Jun 8, 2026
CVE-2026-41723
8.0 HIGH

VMware Cloud Foundation Operations contains multiple stored cross-site scripting vulnerabilities.A malicious actor with privileges to create policies, views or text-widgets may be able to inject …

Jun 8, 2026
CVE-2026-41722
8.0 HIGH

VMware Cloud Foundation Operations contains multiple stored cross-site scripting vulnerabilities.A malicious actor with privileges to create policies, views or text-widgets may be able to inject …

Jun 8, 2026
CVE-2026-3238
7.5 HIGH

A flaw was found in Samba’s WINS server component when running as an Active Directory Domain Controller. The WINS protocol handlers for certain request types …

Jun 8, 2026
CVE-2026-11499
9.8 CRITICAL

A vulnerability was determined in Tenda HG7HG9 and HG10 300001138_en_xpon. This affects the function formDOMAINBLK of the file /boaform/formDOMAINBLK. Executing a manipulation of the argument …

Jun 8, 2026
CVE-2026-11498
8.8 HIGH

A vulnerability was found in Tenda HG7HG9 and HG10 300001138_en_xpon. Affected by this issue is the function asp_voip_OtherSet of the file /boaform/voip_other_set of the component …

Jun 8, 2026
CVE-2026-11497
5.3 MEDIUM

A vulnerability has been found in D-Link DCS-5615 1.01.00. Affected by this vulnerability is an unknown functionality of the file /etc/conf.d/boa/boa.conf of the component Boa …

Jun 8, 2026
CVE-2026-11495
6.3 MEDIUM

A vulnerability was detected in CodeAstro Ingredients Stock Management System 1.0. This impacts an unknown function of the file /Ingredients-Stock/add_stock.php. The manipulation of the argument …

Jun 8, 2026
CVE-2026-11494
4.3 MEDIUM

A security vulnerability has been detected in TOTOLINK AC1200 T8 4.1.5cu.8611. This affects an unknown function of the file /etc/vsftpd.conf of the component vsftpd. The …

Jun 8, 2026
CVE-2026-11493
5.0 MEDIUM

A weakness has been identified in Tenda AC15 15.03.05.19. The impacted element is an unknown function of the file /etc_ro/smb.conf of the component Samba. Executing …

Jun 8, 2026
CVE-2026-11492
4.3 MEDIUM

A security flaw has been discovered in D-Link DIR-823G 1.0.2B05. The affected element is an unknown function of the file /etc/vsftpd.conf of the component vsftpd. …

Jun 8, 2026
CVE-2026-11491
2.4 LOW

A vulnerability was identified in CodeAstro Human Resource Management System 1.0. Impacted is an unknown function of the file /notice/All_notice of the component Notice Board …

Jun 8, 2026
CVE-2026-11490
7.3 HIGH

A vulnerability was determined in code-projects Online Music Site 1.0. This issue affects some unknown processing of the file /Frontend/Search.php. This manipulation of the argument …

Jun 8, 2026
CVE-2026-11489
7.3 HIGH

A vulnerability was found in code-projects Online Music Site 1.0. This vulnerability affects unknown code of the file /Administrator/PHP/AdminDeleteAlbum.php. The manipulation of the argument ID …

Jun 8, 2026
CVE-2026-11488
7.3 HIGH

A vulnerability has been found in code-projects Simple Flight Ticket Booking System 1.0. This affects an unknown part of the file checkUser.php of the component …

Jun 8, 2026
CVE-2026-11487
5.3 MEDIUM

A flaw has been found in Neovim up to 0.12.2. Affected by this issue is the function M.read of the file runtime/lua/vim/secure.lua of the component …

Jun 8, 2026
CVE-2026-11486
7.3 HIGH

A vulnerability was detected in SourceCodester Class and Exam Timetabling System 1.0. Affected by this vulnerability is an unknown functionality of the file /archive1.php. Performing …

Jun 8, 2026
CVE-2026-11485
7.3 HIGH

A security vulnerability has been detected in SourceCodester Class and Exam Timetabling System 1.0. Affected is an unknown function of the file /archive2.php. Such manipulation …

Jun 8, 2026
CVE-2026-11484
7.3 HIGH

A weakness has been identified in SourceCodester Class and Exam Timetabling System 1.0. This impacts an unknown function of the file /archive3.php. This manipulation of …

Jun 8, 2026
CVE-2026-11483
7.3 HIGH

A security flaw has been discovered in SourceCodester Class and Exam Timetabling System 1.0. This affects an unknown function of the file /archive4.php. The manipulation …

Jun 8, 2026
CVE-2026-11482
7.3 HIGH

A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0. The impacted element is an unknown function of the file /archive5.php. The manipulation …

Jun 8, 2026
CVE-2026-11481
2.5 LOW

A vulnerability was determined in yoanbernabeu grepai up to 0.35.0. The affected element is the function PostgresStore.LookupByContentHash of the file indexer/chunker.go of the component Postgres …

Jun 8, 2026
CVE-2026-11480
6.3 MEDIUM

A vulnerability was found in Chengdu Everbrite Network Technology BeikeShop up to 1.6.0.22. Impacted is an unknown function of the file beike/Admin/Routes/admin.php of the component …

Jun 8, 2026
CVE-2026-11479
4.2 MEDIUM

A vulnerability has been found in yoanbernabeu grepai 0.35.0. This issue affects some unknown processing of the file indexer/chunker.go of the component Qdrant Backend. Such …

Jun 8, 2026
CVE-2026-11478
3.3 LOW

A flaw has been found in kokke tiny-regex-c up to f2632c6d9ed25272987471cdb8b70395c2460bdb. This vulnerability affects the function matchstar of the file re.c of the component Pattern …

Jun 8, 2026
CVE-2026-11477
4.3 MEDIUM

A vulnerability was detected in hs-web hsweb-framework up to 5.0.1. This affects the function OAuth2Client of the file hsweb-authorization/hsweb-authorization-oauth2/src/main/java/org/hswebframework/web/oauth2/server/OAuth2Client.java of the component OAuth2 Client. The …

Jun 8, 2026
CVE-2026-11476
6.3 MEDIUM

A security vulnerability has been detected in Kushan2k student-management-system up to f16a4ceaddd6729c4b306ed4641cda3176c1ef2a. Affected by this issue is the function edit-admin of the file controllers/AdminController.php of …

Jun 8, 2026
CVE-2026-11475
6.3 MEDIUM

A weakness has been identified in Kushan2k student-management-system up to f16a4ceaddd6729c4b306ed4641cda3176c1ef2a. Affected by this vulnerability is the function getStatus of the file controllers/GradeController.php of the …

Jun 8, 2026
CVE-2024-58349
9.8 CRITICAL

WordPress Theme Travelscape 1.0.3 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by exploiting insufficient validation in the theme's …

Jun 8, 2026
CVE-2024-58348
9.8 CRITICAL

WordPress Background Image Cropper version 1.2 contains a remote code execution vulnerability that allows unauthenticated attackers to upload arbitrary files by accessing the ups.php endpoint. …

Jun 8, 2026
CVE-2023-54352
9.8 CRITICAL

WordPress Seotheme contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by uploading malicious files to the theme directory. …

Jun 8, 2026
CVE-2023-54351
7.2 HIGH

WordPress Sonaar Music Plugin 4.7 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts through the comment functionality. Attackers can …

Jun 8, 2026
CVE-2023-54350
7.5 HIGH

WordPress Augmented-Reality plugin contains a remote code execution vulnerability in the elFinder connector that allows unauthenticated attackers to upload and execute arbitrary PHP files. Attackers …

Jun 8, 2026
CVE-2022-50953
6.2 MEDIUM

WordPress Plugin admin-word-count-column 2.2 contains a local file read vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting null byte injection in the …

Jun 8, 2026
CVE-2021-47984
6.4 MEDIUM

WordPress Plugin WP24 Domain Check 1.6.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input to …

Jun 8, 2026
CVE-2021-47983
6.4 MEDIUM

WordPress Plugin Stripe Payments 2.0.39 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the AcceptStripePayments-settings[currency_code] parameter. Attackers can …

Jun 8, 2026
CVE-2021-47982
6.4 MEDIUM

WordPress Plugin WP-Paginate 2.1.3 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by manipulating the preset parameter. Attackers can …

Jun 8, 2026
CVE-2026-11474
7.3 HIGH

A security flaw has been discovered in Kushan2k student-management-system up to f16a4ceaddd6729c4b306ed4641cda3176c1ef2a. Affected is an unknown function of the file service/RegisterService.php of the component Registration …

Jun 8, 2026
CVE-2026-11473
6.3 MEDIUM

A vulnerability was identified in jflyfox jfinal_cms up to 5.1.0. This impacts the function list of the file AdvicefeedbackController.java. Such manipulation of the argument orderBy …

Jun 8, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.