CVE Database

9215+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-46703
9.6 CRITICAL

Boxlite is a sandbox service that allows users to create lightweight virtual machines (Boxes) and launch OCI containers within them to run untrusted code. Prior …

Jun 10, 2026
CVE-2026-46695
10.0 CRITICAL

Boxlite is a sandbox service that allows users to create lightweight virtual machines (Boxes) and launch OCI containers within them to run untrusted code. Prior …

Jun 10, 2026
CVE-2026-50638
9.1 CRITICAL

Metrics::Any::Adapter::DogStatsd versions before 0.04 for Perl does not protect against metric injections. The statsd protocol (and extensions such as dogstatsd) allow mutiple metrics,separated by newlines, …

Jun 10, 2026
CVE-2026-50566
9.9 CRITICAL

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, a tenant with environments.fission.io …

Jun 10, 2026
CVE-2026-50564
9.9 CRITICAL

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, Fission's Environment CRD exposes …

Jun 10, 2026
CVE-2026-50563
9.9 CRITICAL

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, Fission's Container Executor path …

Jun 10, 2026
CVE-2026-50545
9.9 CRITICAL

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, the Environment.spec.runtime.podSpec / spec.builder.podSpec …

Jun 10, 2026
CVE-2026-46614
9.8 CRITICAL

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.23.0, the Fission router registers …

Jun 10, 2026
CVE-2026-20253
9.8 CRITICAL KEV

In Splunk Enterprise 10.2 versions below 10.2.4 and 10 versions below 10.0.7, an unauthenticated user could create or truncate arbitrary files through a PostgreSQL sidecar …

Jun 10, 2026
CVE-2026-53476
9.6 CRITICAL

A flaw was found in assisted-migration-agent. An unauthenticated attacker, located on the same local area network (LAN), can exploit a path traversal vulnerability. By crafting …

Jun 10, 2026
CVE-2026-53475
9.3 CRITICAL

A flaw was found in assisted-migration-agent. The application hardcodes insecure Transport Layer Security (TLS) connections when communicating with vCenter. This vulnerability allows a Man-in-the-Middle (MITM) …

Jun 10, 2026
CVE-2026-53474
9.6 CRITICAL

A flaw was found in migration-planner. A remote authenticated attacker could exploit this vulnerability by uploading a specially crafted RVTools .xlsx file. Due to improper …

Jun 10, 2026
CVE-2026-53471
9.6 CRITICAL

A flaw was found in migration-planner. The agent-API middleware processes JSON Web Tokens (JWTs) for authentication, but its UpdateSourceInventory and UpdateAgentStatus handlers fail to validate …

Jun 10, 2026
CVE-2026-53470
9.6 CRITICAL

A flaw was found in migration-planner. An authenticated attacker could exploit an improper access control vulnerability in the `/api/v1/sources/{id}/image-url` endpoint. This flaw allows the attacker …

Jun 10, 2026
CVE-2026-53469
9.1 CRITICAL

A flaw was found in migration-planner. An authenticated user can exploit this vulnerability by sending a DELETE request to the /api/v1/sources route, which lacks proper …

Jun 10, 2026
CVE-2026-45558
9.9 CRITICAL

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, the HAProxy section-save endpoints (POST /api/service/haproxy/<server_id>/section/<section_type> and …

Jun 10, 2026
CVE-2026-45556
9.9 CRITICAL

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, POST /waf/<service>/<server_ip>/rule/<rule_id>/save accepts a config_file_name form field …

Jun 10, 2026
CVE-2026-45552
9.9 CRITICAL

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, the install blueprint declares only bp.before_request → …

Jun 10, 2026
CVE-2026-45550
9.1 CRITICAL

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, PUT /smon/check (app/routes/smon/routes.py:117-138) gates only on roxywi_common.check_user_group_for_flask() …

Jun 10, 2026
CVE-2025-6254
9.8 CRITICAL

The Doctreat Core plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.6.8. This is due to the doctreat_process_registration() …

Jun 10, 2026
CVE-2026-9067
9.1 CRITICAL

The Schema & Structured Data for WP & AMP WordPress plugin before 1.60 does not check user capabilities on its frontend AJAX file-upload handlers and …

Jun 10, 2026
CVE-2026-26241
9.1 CRITICAL

A buffer overflow vulnerability has been reported to affect File Station 5. The remote attackers can then exploit the vulnerability to modify memory or crash …

Jun 10, 2026
CVE-2026-26240
9.1 CRITICAL

A buffer overflow vulnerability has been reported to affect File Station 5. The remote attackers can then exploit the vulnerability to modify memory or crash …

Jun 10, 2026
CVE-2025-66276
9.8 CRITICAL

QuTS hero is not affected. We have already fixed the vulnerability in the following version: QTS 5.2.7.3256 build 20250913 and later

Jun 10, 2026
CVE-2026-45328
9.3 CRITICAL

ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.4 and 6.0, the esp_tee component exposes secure-service wrappers in esp_secure_services.c and esp_secure_services_iram.c …

Jun 10, 2026
CVE-2026-48303
10.0 CRITICAL

Adobe Campaign Classic (ACC) versions 7.4.3 build 9394 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in …

Jun 9, 2026
CVE-2026-47938
10.0 CRITICAL

Adobe Campaign Classic (ACC) versions 7.4.3 build 9394 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could result in privilege escalation. …

Jun 9, 2026
CVE-2026-47928
9.6 CRITICAL

ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of …

Jun 9, 2026
CVE-2026-36727
9.1 CRITICAL

An insecure authentication vulnerability in the /api/social-sign-in endpoint of bookcars v8.3 allows attackers to bypass authentication via a forged JWT token.

Jun 9, 2026
CVE-2026-36721
9.8 CRITICAL

A lack of cryptographic signature verification in the validateAccessToken function of bookcars v8.3 allows attackers to bypass authentication via a forged JWT token.

Jun 9, 2026
CVE-2026-30141
9.8 CRITICAL

An issue was discovered in bitbank2 AnimatedGIF v2.2.0. A buffer overflow in the DecodeLZW function allows remote attackers to cause a denial of service (crash) …

Jun 9, 2026
CVE-2026-10045
9.8 CRITICAL

Shenzhen Kangda Xin Intelligent Network Technology Company's router, model DR300, version 2.1.2.121, contains hardcoded login credentials and has telnet enabled by default on WAN and …

Jun 9, 2026
CVE-2026-34691
9.3 CRITICAL

Adobe Experience Manager Forms JEE versions LTS SP1, 6.5.24.0 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by …

Jun 9, 2026
CVE-2026-49841
9.8 CRITICAL

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. …

Jun 9, 2026
CVE-2026-49840
9.1 CRITICAL

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. …

Jun 9, 2026
CVE-2026-47643
9.8 CRITICAL

External control of file name or path in Azure Stack Edge allows an unauthorized attacker to execute code over a network.

Jun 9, 2026
CVE-2026-47291
9.8 CRITICAL

Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute code over a network.

Jun 9, 2026
CVE-2026-47281
9.6 CRITICAL

Improper input validation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network.

Jun 9, 2026
CVE-2026-45657
9.8 CRITICAL

Use after free in Windows Kernel allows an unauthorized attacker to execute code over a network.

Jun 9, 2026
CVE-2026-45602
9.1 CRITICAL

No cwe for this issue in Windows DHCP Server allows an unauthorized attacker to perform tampering over a network.

Jun 9, 2026
CVE-2026-44815
9.8 CRITICAL

Stack-based buffer overflow in Windows DHCP Client allows an unauthorized attacker to execute code over a network.

Jun 9, 2026
CVE-2026-42904
9.6 CRITICAL

Heap-based buffer overflow in Windows TCP/IP allows an unauthorized attacker to elevate privileges over an adjacent network.

Jun 9, 2026
CVE-2026-38615
9.8 CRITICAL

DedeCMS V5.7.118 is vulnerable to Command Execution in file_manage_control.php.

Jun 9, 2026
CVE-2026-34182
9.1 CRITICAL

Issue Summary: Cryptographic Message Services (CMS) processing fails to perform sufficient input validation on the cipher and tag length fields of AuthEnvelopedData containers, leading to …

Jun 9, 2026
CVE-2026-26142
9.8 CRITICAL

Deserialization of untrusted data in Nuance PowerScribe allows an unauthorized attacker to execute code over a network.

Jun 9, 2026
CVE-2026-8025
9.8 CRITICAL

Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in MOSK Information Technologies Ltd. CBS Platform allows SQL Injection. This issue …

Jun 9, 2026
CVE-2026-25089
9.8 CRITICAL

A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, …

Jun 9, 2026
CVE-2026-10523
9.9 CRITICAL

An Authentication Bypass vulnerability (CWE-288) in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated attacker to create arbitrary administrative accounts …

Jun 9, 2026
CVE-2026-10520
10.0 CRITICAL KEV

An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-level remote code …

Jun 9, 2026
CVE-2026-7486
9.8 CRITICAL

Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Netcad Software Inc. E-İmar allows SQL Injection. This issue affects E-İmar: …

Jun 9, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.