CVE Database

108856+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-36176
7.1 HIGH

GNCC GP5 v7.1.76 was discovered to store pre-signed Backblaze B2 upload URLs (PUT requests) in plaintext to the serial console. This allows physically-proximate attackers to …

Jun 4, 2026
CVE-2026-36175
6.8 MEDIUM

An issue in the U-Boot component of GNCC GP5 v7.1.76 allows physically-proximate attackers to bypass authentication and gain root access via interrupting the boot sequence …

Jun 4, 2026
CVE-2026-36174
4.6 MEDIUM

GNCC GP5 v7.1.76 was discovered to store sensitive wireless network information in plaintext during routine operations to the serial console. This issue allows physically-proximate attackers …

Jun 4, 2026
CVE-2026-35906
9.6 CRITICAL

An undocumented debug CGI endpoint in T3 Technology CPE models T625Pro v1.0.07, T6825G v1.0.03 allows unauthenticated attackers to execute arbitrary system commands as root via …

Jun 4, 2026
CVE-2026-35905
9.8 CRITICAL

T3 Technology CPE models T625Pro v1.0.07, T6825G v1.0.03, and T7281 v1.0.03 were discovered to contain a hardcoded password for root access under the "superadmin" account.

Jun 4, 2026
CVE-2026-35904
9.8 CRITICAL

Incorrect access control in the web management interface of T3 Technology CPE models T625Pro v1.0.07, T6825G v1.0.03, and T7281 v1.0.03 allows unauthorized attackers to enable …

Jun 4, 2026
CVE-2026-28318
7.5 HIGH KEV

SolarWinds Serv-U is susceptible to specially crafted POST requests that crash the Serv-U service without authentication using Content-Encoding: deflate. Mitigation steps are provided to secure …

Jun 4, 2026
CVE-2026-10864
4.3 MEDIUM

A vulnerability in the MISP dashboard widgets allowed an authenticated user to manipulate the fields option and influence which fields were returned by the New …

Jun 4, 2026
CVE-2026-10863
8.1 HIGH

A security issue was fixed in the correlations over-correlation endpoint where the order query parameter was accepted from user-controlled named request parameters. This allowed an …

Jun 4, 2026
CVE-2026-10860
6.5 MEDIUM

A logic error in the MISP CRUD component delete handler allowed validation failures to be bypassed when requests used the HTTP DELETE method. Due to …

Jun 4, 2026
CVE-2026-10812
3.6 LOW

A vulnerability was detected in zilliztech GPTCache up to 0.1.44. Affected by this issue is the function BufferedReader.peek of the file gptcache/processor/pre.py of the component …

Jun 4, 2026
CVE-2026-10811
6.3 MEDIUM

A security vulnerability has been detected in itsourcecode Fees Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /receipt.php. Such …

Jun 4, 2026
CVE-2026-8762

Rejected reason: After analysis, the originally reported behaviour was determined not to constitute a security vulnerability. The findings were parser-strictness defects without an exploitable framing-disagreement …

Jun 4, 2026
CVE-2026-8037
9.6 CRITICAL

OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an un-authenticated attacker to execute arbitrary commands on the LoadMaster appliance …

Jun 4, 2026
CVE-2026-45433

This vulnerability exists in GX Earth 2022 ONT models due to the presence of hardcoded RSA private key within the device firmware. A remote attacker …

Jun 4, 2026
CVE-2026-43926

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, the password reset confirmation endpoint `/client/reset-password-confirm/:hash` is handled by a non-API …

Jun 4, 2026
CVE-2026-40605

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Prior to version 2.17.1, a path traversal vulnerability in the cache deletion …

Jun 4, 2026
CVE-2026-10861
6.1 MEDIUM

An open redirect vulnerability existed in MISP UsersController::routeafterlogin() because the value stored in the pre_login_requested_url session key was used as the post-login redirect destination without …

Jun 4, 2026
CVE-2026-10856
6.1 MEDIUM

A URL validation flaw in the MISP dashboard button widget allowed a crafted relative-looking URL to be accepted as a local path while being interpreted …

Jun 4, 2026
CVE-2026-10855
4.3 MEDIUM

An authorization flaw existed in the MISP Event Template Importer overwrite workflow. When importing an event template in overwrite mode, the application checked whether a …

Jun 4, 2026
CVE-2026-10854
4.3 MEDIUM

A visibility control issue in the event template creation workflow allowed non-site-admin users to access private galaxies belonging to other organisations. The event template builder …

Jun 4, 2026
CVE-2026-10810
4.3 MEDIUM

A weakness has been identified in itsourcecode Fees Management System up to 1.0. Affected is an unknown function of the file /navbar.php. This manipulation of …

Jun 4, 2026
CVE-2026-10809
6.3 MEDIUM

A security flaw has been discovered in itsourcecode Fees Management System 1.0. This impacts an unknown function of the file /manage_user.php. The manipulation of the …

Jun 4, 2026
CVE-2026-10808
6.3 MEDIUM

A vulnerability was identified in itsourcecode Fees Management System 1.0. This affects an unknown function of the file /manage_student.php. The manipulation of the argument ID …

Jun 4, 2026
CVE-2026-10807
6.3 MEDIUM

A vulnerability was determined in mjperpinosa stumasy. The impacted element is an unknown function of the file application/PHP/objects/profiles/change_profile_image.php. Executing a manipulation of the argument pr_profile_image …

Jun 4, 2026
CVE-2026-10806
6.3 MEDIUM

A vulnerability was found in mjperpinosa stumasy. The affected element is an unknown function of the file application/PHP/objects/updates/add_post.php. Performing a manipulation of the argument up_file_to_post …

Jun 4, 2026
CVE-2025-62338
3.3 LOW

HCL BigFix Cloud Lifecycle Management is affected by lack of input validation. This low-level flaw allows unauthorized access and may lead to information exposure.

Jun 4, 2026
CVE-2025-59874
8.1 HIGH

HCL Hive Telco Observability is affected by a Required directives missing from the CSP issue is detected in keycloak component of the web application. Missing …

Jun 4, 2026
CVE-2025-46638
7.5 HIGH

Dell BSAFE SSL-J contains an allocation of resources without limits or throttling vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to a …

Jun 4, 2026
CVE-2019-25745
8.2 HIGH

WordPress Plugin Google Review Slider 6.1 contains a time-based blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code …

Jun 4, 2026
CVE-2019-25744
5.4 MEDIUM

WordPress Popup Builder 3.49 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by breaking out of option tags in …

Jun 4, 2026
CVE-2019-25743
5.4 MEDIUM

WordPress Soliloquy Lite 2.5.6 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by inserting script tags in the post …

Jun 4, 2026
CVE-2019-25742
5.4 MEDIUM

WordPress Theme Zoner Real Estate 4.1.1 contains a persistent cross-site scripting vulnerability that allows authenticated agents to inject malicious scripts through the Address input field …

Jun 4, 2026
CVE-2019-25741
9.8 CRITICAL

Mobatek MobaXterm 12.1 contains a structured exception handling (SEH) based buffer overflow vulnerability in the username field of session files that allows remote attackers to …

Jun 4, 2026
CVE-2019-25740
6.5 MEDIUM

Joomla com_jsjobs 1.2.6 contains an arbitrary file deletion vulnerability that allows authenticated attackers to delete files by manipulating custom userfield parameters. Attackers can send POST …

Jun 4, 2026
CVE-2019-25739
5.4 MEDIUM

GigToDo 1.3 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript and HTML code through the proposal description field. Attackers …

Jun 4, 2026
CVE-2019-25738
9.8 CRITICAL

WordPress Hybrid Composer 1.4.6 contains an unauthenticated settings change vulnerability that allows unauthenticated attackers to modify WordPress options by exploiting the hc_ajax_save_option action. Attackers can …

Jun 4, 2026
CVE-2019-25737
6.1 MEDIUM

Live Chat Unlimited 2.8.3 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts through the chat input field. Attackers can …

Jun 4, 2026
CVE-2019-25736
8.4 HIGH

LabF nfsAxe 3.7 Ping Client contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious payload in the …

Jun 4, 2026
CVE-2019-25735
8.4 HIGH

AllPlayer 7.4 contains a local buffer overflow vulnerability in URL handling that allows attackers to overwrite structured exception handling pointers by supplying an excessively long …

Jun 4, 2026
CVE-2019-25734
4.0 MEDIUM

Contact Form by WD 1.13.1 contains a cross-site request forgery vulnerability combined with local file inclusion that allows unauthenticated attackers to include arbitrary files by …

Jun 4, 2026
CVE-2019-25733
8.4 HIGH

NetShareWatcher 1.5.8.0 contains a structured exception handler buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying malicious input. Attackers can craft …

Jun 4, 2026
CVE-2019-25732
8.2 HIGH

PHP EI-Tube Script 3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the search …

Jun 4, 2026
CVE-2019-25731
6.1 MEDIUM

Zuz Music 2.1 contains a persistent cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious JavaScript by submitting crafted contact form data. Attackers can …

Jun 4, 2026
CVE-2019-25730
8.2 HIGH

Listing Hub CMS 1.0 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id …

Jun 4, 2026
CVE-2019-25729
9.8 CRITICAL

PDF Signer 3.0 contains a server-side template injection vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting PHP commands through the CSRF-TOKEN cookie …

Jun 4, 2026
CVE-2019-25728
8.2 HIGH

Care2x 2.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL commands by manipulating the ck_config cookie parameter. Attackers can inject …

Jun 4, 2026
CVE-2019-25727
9.8 CRITICAL

WordPress Plugin ad manager wd 1.0.11 contains an arbitrary file download vulnerability that allows unauthenticated attackers to download sensitive files by manipulating the path parameter. …

Jun 4, 2026
CVE-2019-25726
8.2 HIGH

All in One Video Downloader 1.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through …

Jun 4, 2026
CVE-2026-4104
9.8 CRITICAL

Authorization bypass through User-Controlled SQL primary key vulnerability in Akmer Informatics Automation Industry and Trade Ltd. Co. TeknoPass allows SQL Injection. This issue affects TeknoPass: …

Jun 4, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.