CVE Database

9215+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-46325
9.8 CRITICAL

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix iova-to-va conversion for MR page sizes != PAGE_SIZE The current implementation incorrectly handles …

Jun 9, 2026
CVE-2026-46316
9.3 CRITICAL

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Drop the translation cache reference only for the erased entry vgic_its_invalidate_cache() walks …

Jun 9, 2026
CVE-2017-20251
9.8 CRITICAL

WordPress Insert PHP plugin versions before 3.3.1 contain a PHP code injection vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by injecting malicious …

Jun 9, 2026
CVE-2025-10263
9.1 CRITICAL

Arm C1-Ultra, C1-Premium, Neoverse V3 & V3AE, Neoverse V2, Neoverse V1, Neoverse-N2, Neoverse-N1, Cortex-X925, Cortex-X4, Cortex-X3, Cortex-X2, Cortex-X1 & X1C, Cortex-A710, Cortex-A78, A78AE & A78C, …

Jun 9, 2026
CVE-2009-10007
9.1 CRITICAL

Catalyst::Plugin::Authentication versions before 0.10_027 for Perl is susceptible to session fixation attacks. Catalyst::Plugin::Authentication does not automatically change the session id after authentication. An attacker that …

Jun 9, 2026
CVE-2026-9698
9.8 CRITICAL

DBI versions before 1.648 for Perl saved errors in a limited-sized buffer. Error messages that were returned when RaiseError, PrintError or HandleError were set were …

Jun 9, 2026
CVE-2026-44083
9.8 CRITICAL

An authorization bypass through user-controlled key vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to gain unintended privileges. …

Jun 9, 2026
CVE-2026-5067
9.8 CRITICAL

A remote, unauthenticated attacker can trigger memory corruption in Zephyr's HTTP server WebSocket upgrade path by sending a crafted Sec-WebSocket-Key header. The HTTP/1 header parser …

Jun 9, 2026
CVE-2026-44748
9.9 CRITICAL

SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed …

Jun 9, 2026
CVE-2026-40128
9.0 CRITICAL

SAP NetWeaver Application Server Java (Web Container) allows an unauthenticated attacker to craft a malicious HTTP logon request that manipulates file inclusion parameters, enabling path …

Jun 9, 2026
CVE-2026-27671
9.8 CRITICAL

Due to improper RFC protocol validation in the SAP Kernel used by the Application Server ABAP of SAP NetWeaver and ABAP Platform, an unauthenticated attacker …

Jun 9, 2026
CVE-2026-11697
9.6 CRITICAL

Insufficient validation of untrusted input in UI in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to potentially perform a sandbox escape via a …

Jun 9, 2026
CVE-2026-11671
9.6 CRITICAL

Use after free in Navigation in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML …

Jun 9, 2026
CVE-2026-11659
9.6 CRITICAL

Integer overflow in UI in Google Chrome on Linux prior to 149.0.7827.103 allowed a remote attacker to potentially perform a sandbox escape via a crafted …

Jun 9, 2026
CVE-2026-11654
9.6 CRITICAL

Use after free in CameraCapture in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to potentially perform a sandbox escape via a …

Jun 9, 2026
CVE-2026-11651
9.6 CRITICAL

Use after free in Network in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted …

Jun 9, 2026
CVE-2026-11638
9.6 CRITICAL

Use after free in Printing in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML …

Jun 9, 2026
CVE-2026-11634
9.6 CRITICAL

Use after free in Gamepad in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker to potentially perform a sandbox escape via a …

Jun 9, 2026
CVE-2026-52778
9.8 CRITICAL

YesWiki is a wiki system written in PHP. Prior to version 4.6.6, an unsafe execution vulnerability exists in the Bazar form field calculator (CalcField.php) of …

Jun 8, 2026
CVE-2026-11393
9.0 CRITICAL

Improper neutralization of triple-quote characters during Python code generation in AgentCore CLI before v0.14.2 might allow an authenticated remote threat actor to execute arbitrary code …

Jun 8, 2026
CVE-2026-46289
9.8 CRITICAL

In the Linux kernel, the following vulnerability has been resolved: lib/scatterlist: fix length calculations in extract_kvec_to_sg Patch series "Fix bugs in extract_iter_to_sg()", v3. Fix bugs …

Jun 8, 2026
CVE-2026-41448
9.4 CRITICAL

AdGuard Home, when started with the --glinet flag, contains an authentication bypass vulnerability that allows unauthenticated attackers to gain full admin access by supplying a …

Jun 8, 2026
CVE-2026-39910
9.8 CRITICAL

STACKIT IaaS API contains a missing authorization check vulnerability that allows authenticated, low-privileged attackers to escalate privileges to full organization compromise by attaching arbitrary service …

Jun 8, 2026
CVE-2026-25555
9.8 CRITICAL

OpenBullet2 through version 0.3.2 contains an authentication bypass vulnerability in the API key authentication middleware that allows unauthenticated attackers to gain admin access by supplying …

Jun 8, 2026
CVE-2026-46442
9.9 CRITICAL

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, POST /api/v1/node-custom-function lacks route-level authorization, …

Jun 8, 2026
CVE-2026-46441
9.6 CRITICAL

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, a mass assignment vulnerability exists …

Jun 8, 2026
CVE-2026-46440
9.1 CRITICAL

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, the checkBasicAuth endpoint validates credentials …

Jun 8, 2026
CVE-2026-44631
9.8 CRITICAL

Buffer Underwrite vulnerability in Apache HTTP Server on crafted regular expressions in the configuration. This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users …

Jun 8, 2026
CVE-2026-42861
9.6 CRITICAL

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, a mass assignment vulnerability exists …

Jun 8, 2026
CVE-2026-42535
9.1 CRITICAL

A path handling issue in mod_dav_fs in Apache 2.4.67 and earlier allows a WebDAV content author to directly manipulate trusted DAV property databases, potentially causing …

Jun 8, 2026
CVE-2026-29167
9.8 CRITICAL

Use After Free vulnerability in Apache HTTP Server with mod_ldap in per-directory configuration This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are …

Jun 8, 2026
CVE-2026-50751
9.3 CRITICAL KEV

A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IKEv1 key exchange allows an unauthenticated remote attacker to bypass user …

Jun 8, 2026
CVE-2026-11499
9.8 CRITICAL

A vulnerability was determined in Tenda HG7HG9 and HG10 300001138_en_xpon. This affects the function formDOMAINBLK of the file /boaform/formDOMAINBLK. Executing a manipulation of the argument …

Jun 8, 2026
CVE-2024-58349
9.8 CRITICAL

WordPress Theme Travelscape 1.0.3 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by exploiting insufficient validation in the theme's …

Jun 8, 2026
CVE-2024-58348
9.8 CRITICAL

WordPress Background Image Cropper version 1.2 contains a remote code execution vulnerability that allows unauthenticated attackers to upload arbitrary files by accessing the ups.php endpoint. …

Jun 8, 2026
CVE-2023-54352
9.8 CRITICAL

WordPress Seotheme contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by uploading malicious files to the theme directory. …

Jun 8, 2026
CVE-2026-45779
9.8 CRITICAL

OpenXDMoD is an open framework for collecting and analyzing HPC metrics. An SQL injection vulnerability exists in Open XDMoD versions prior to 10.0.3 that allows …

Jun 5, 2026
CVE-2026-45777
9.8 CRITICAL

OpenXDMoD is an open framework for collecting and analyzing HPC metrics. Starting in version 9.5.0 and prior to version 11.0.3, an attacker can remotely execute …

Jun 5, 2026
CVE-2026-45758
9.6 CRITICAL

Guardrails AI is a Python framework that helps build AI applications. On May 11, 2026 at approximately 6:00 PM Pacific, an attacker published a malicious …

Jun 5, 2026
CVE-2026-46389
10.0 CRITICAL

UDS Identity Config builds the Keycloak configuration image (realm, plugins, theme, truststore, JARs) consumed by UDS Core's Identity deployment. In versions 0.11.0 through 0.26.0, a …

Jun 5, 2026
CVE-2026-10580
9.8 CRITICAL

The Hippoo Mobile App for WooCommerce plugin for WordPress is vulnerable to Authentication Bypass leading to Administrator Account Takeover in all versions up to and …

Jun 5, 2026
CVE-2026-45750
9.0 CRITICAL

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.3.2, the GET /ssh/file_manager/ssh/resolvePath endpoint in the …

Jun 5, 2026
CVE-2026-45748
9.8 CRITICAL

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. The `POST /ssh/tunnel/connect` endpoint in Termix prior to version 2.3.2 …

Jun 5, 2026
CVE-2026-45746
9.0 CRITICAL

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.3.2, the File Manager functionality in Termix …

Jun 5, 2026
CVE-2026-45744
9.9 CRITICAL

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.3.2, the GET /ssh/file_manager/ssh/resolvePath endpoint in Termix …

Jun 5, 2026
CVE-2026-36500
9.1 CRITICAL

An issue in the cluster-admin:backup-datastore component of Controller v12.0.5 allows attackers to execute a directory traversal via a crafted request.

Jun 5, 2026
CVE-2025-71318
9.8 CRITICAL

NetMan 204 fails to enforce authentication on its administrative pages and command endpoints. A remote, unauthenticated attacker can directly request administrative pages (such as administration.html, …

Jun 5, 2026
CVE-2025-71317
9.8 CRITICAL

NetMan 204 contains a hard-coded backdoor account with the username and password 'eurek' that grants administrative access. A remote, unauthenticated attacker can authenticate through the …

Jun 5, 2026
CVE-2026-9270
9.1 CRITICAL

DataDog::DogStatsd versions through 0.07 for Perl allow metric injections. DataDog::DogStatsd does not properly sanitise input, allowing metric injections of data from untrusted sources. The send_stats …

Jun 5, 2026
CVE-2026-11362
9.8 CRITICAL

DataDog::DogStatsd versions through 0.07 for Perl allow metric injections from event tags. DataDog::DogStatsd does not properly sanitise input, allowing metric injections of data from untrusted …

Jun 5, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.