CVE Database

108856+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-41032
7.5 HIGH

It is possible for an unauthenticated adjacent attacker to download log files of the controller, which may disclose some restricted information.

Jun 3, 2026
CVE-2025-15656
8.8 HIGH

Incorrect Privilege Assignment vulnerability in Mojoomla School Management allows Privilege Escalation. This issue affects School Management: from n/a through 93.2.0.

Jun 3, 2026
CVE-2025-15655
7.6 HIGH

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mojoomla School Management allows SQL Injection. This issue affects School Management: …

Jun 3, 2026
CVE-2025-14774
7.4 HIGH

Incorrect Authorization vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24.

Jun 3, 2026
CVE-2025-14773
8.0 HIGH

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24.

Jun 3, 2026
CVE-2025-14772
8.8 HIGH

Authorization bypass through User-Controlled key vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24.

Jun 3, 2026
CVE-2025-14771
9.9 CRITICAL

Files or directories accessible to external parties vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24.

Jun 3, 2026
CVE-2026-4035
7.7 HIGH

A vulnerability in mlflow/mlflow versions prior to 3.11.0 allows for the resolution of environment variables in AI Gateway secrets, which can be exploited to exfiltrate …

Jun 3, 2026
CVE-2025-15654
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fox-themes Prague allows Reflected XSS. This issue affects Prague: from n/a through 2.2.8.

Jun 3, 2026
CVE-2026-5078
5.3 MEDIUM

Impact: The morgan logging middleware's :remote-user token extracts the Basic auth username from the Authorization request header and writes it to the log stream without …

Jun 3, 2026
CVE-2026-50052

In Vinyl Cache before 9.0.1 and Varnish Cache before 9.0.3, a deficiency in HTTP/2 request parsing can be exploited to launch a backend request desync …

Jun 3, 2026
CVE-2026-50031
7.5 HIGH

ipmi-oem in FreeIPMI before 1.6.18 has exploitable buffer overflows on response messages. The Intelligent Platform Management Interface (IPMI) specification defines a set of interfaces for …

Jun 3, 2026
CVE-2026-10705
3.1 LOW

A flaw has been found in dask up to 3.0. Affected by this issue is the function nunique_approx of the file dask/dataframe/hyperloglog.py of the component …

Jun 3, 2026
CVE-2026-10704
7.3 HIGH

A vulnerability was detected in SourceCodester Pizzafy E-Commerce System 1.0. Affected by this vulnerability is the function Login of the file /admin/admin_class_novo.php of the component …

Jun 3, 2026
CVE-2026-10703
6.3 MEDIUM

A security vulnerability has been detected in EIPStackGroup OpENer up to 2.3.0. Affected is the function CreateMessageRouterRequestStructure of the file cipmessagerouter.c of the component SendRRData …

Jun 3, 2026
CVE-2026-9516
7.5 HIGH

Cpanel::JSON::XS versions before 4.41 for Perl allow denial of service via UTF-8 BOM prefixed input when a decode filter callback throws. To skip a leading …

Jun 3, 2026
CVE-2026-9334
7.3 HIGH

Cpanel::JSON::XS versions before 4.41 for Perl allow type confusion via duplicate object keys when dupkeys_as_arrayref is enabled. decode_hv() collapses duplicate object keys into an array …

Jun 3, 2026
CVE-2026-10694
7.3 HIGH

A vulnerability was detected in SourceCodester Online Food Ordering System 2.0. Affected by this issue is the function include of the file /index.php. The manipulation …

Jun 3, 2026
CVE-2026-10693
6.3 MEDIUM

A security vulnerability has been detected in SourceCodester Online Boat Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the component Administrative …

Jun 3, 2026
CVE-2026-9732
4.3 MEDIUM

The EmergencyWP – Dead Man's switch & legacy deliverance plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, …

Jun 3, 2026
CVE-2026-7421
4.4 MEDIUM

The Passeum Ticketing plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.0. This is due to the …

Jun 3, 2026
CVE-2026-10692
4.3 MEDIUM

A weakness has been identified in johnhuang316 code-index-mcp up to 2.14.0. Affected is the function is_safe_regex_pattern of the component search_code_advanced. Executing a manipulation of the …

Jun 3, 2026
CVE-2026-10691
4.3 MEDIUM

A security flaw has been discovered in wonderwhy-er DesktopCommanderMCP up to 0.2.38. This impacts an unknown function of the file src/search-manager.ts of the component start_search. …

Jun 3, 2026
CVE-2026-10690
6.3 MEDIUM

A vulnerability was identified in wonderwhy-er DesktopCommanderMCP 0.2.37. This affects the function readFileFromUrl of the file src/tools/filesystem.ts of the component read_file. Such manipulation of the …

Jun 3, 2026
CVE-2026-44654
8.1 HIGH

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, a shared-agent editor can delete file records …

Jun 2, 2026
CVE-2026-44653
6.5 MEDIUM

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, users with only `VIEW` access to an …

Jun 2, 2026
CVE-2026-42507
5.3 MEDIUM

When returning errors, functions in the net/textproto package would include its input as part of the error. This might allow an attacker to inject misleading …

Jun 2, 2026
CVE-2026-42504
7.5 HIGH

Decoding a maliciously-crafted MIME header containing many invalid encoded-words can consume excessive CPU.

Jun 2, 2026
CVE-2026-41412
4.9 MEDIUM

alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to version 2.0-M5-2606, the alf.io extension sandbox injects a …

Jun 2, 2026
CVE-2026-40108

GLPI is a free asset and IT management software package. In versions 11.0.0 through 11.0.6, a technician can store an XSS payload in a ITIL …

Jun 2, 2026
CVE-2026-35482
8.0 HIGH

alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to version 2.0-M5-2606, a sandbox escape vulnerability in the …

Jun 2, 2026
CVE-2026-32625
9.6 CRITICAL

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, the Model Context Protocol (MCP) server integration …

Jun 2, 2026
CVE-2026-31942
7.1 HIGH

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.7.6, an Insecure Direct Object Reference (IDOR) vulnerability …

Jun 2, 2026
CVE-2026-27145
6.5 MEDIUM

(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same …

Jun 2, 2026
CVE-2026-25861
5.9 MEDIUM

QloApps through 1.7.0, fixed in commit 64e9722, contains a weak cryptographic algorithm vulnerability that allows attackers to compromise user credentials by exploiting the use of …

Jun 2, 2026
CVE-2026-10719

Out of bounds write in openSeaChest’s --showSupportedFormats in Seagate’s openSeaChest v25.05.3 on all supported platforms allows for writing 1 extra byte outside of allocated memory …

Jun 2, 2026
CVE-2026-10718

Out of bounds write in openSeaChest’s Trim/Unmap operation in Seagate’s openSeaChest v26.03.0 on all supported platforms allows for writing extra memory describing a range of …

Jun 2, 2026
CVE-2026-10717

Out of bounds write and reads in openSeaChest’s --showSCSIDefects in Seagate’s openSeaChest v25.05.3 on all supported platforms allows for writing defect information out of bounds …

Jun 2, 2026
CVE-2026-10688
5.5 MEDIUM

A vulnerability was determined in ahujasid blender-mcp up to 7636d13bded82eca58eb93c3f4cd8708dfdfbe8b. The impacted element is the function execute_blender_code of the file /src/blender_mcp/server.py. This manipulation of the …

Jun 2, 2026
CVE-2026-10662
6.3 MEDIUM

A vulnerability was found in ahujasid blender-mcp up to 7636d13bded82eca58eb93c3f4cd8708dfdfbe8b. The affected element is the function requests.get of the file src/blender_mcp/server.py of the component ZIP …

Jun 2, 2026
CVE-2026-8936

Fixed a VM panic caused by unbounded recursion in the grpcfuse kernel module when a container created deeply nested directories on a bind-mounted host folder …

Jun 2, 2026
CVE-2026-42029

Rejected reason: This CVE is a duplicate of another CVE.

Jun 2, 2026
CVE-2026-35212
6.1 MEDIUM

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Versions prior to 7.260227.0 are vulnerable to XSS in the rendering …

Jun 2, 2026
CVE-2026-10661
4.3 MEDIUM

A vulnerability has been found in ahujasid blender-mcp up to 7636d13bded82eca58eb93c3f4cd8708dfdfbe8b. Impacted is the function Open of the file src/blender_mcp/server.py. The manipulation of the argument …

Jun 2, 2026
CVE-2026-10650
5.3 MEDIUM

A flaw has been found in warmcat libwebsockets up to 4.5.8. This issue affects the function lws_ssh_parse_plaintext of the file plugins/protocol_lws_ssh_base/sshd.c of the component SSH …

Jun 2, 2026
CVE-2025-15653
6.8 MEDIUM

Dräger Zeus Infinity Empowered (Zeus IE) and Zeus RS C500 anesthesia workstations contain a local security vulnerability that allows unauthorized individuals with physical access to …

Jun 2, 2026
CVE-2024-14036
7.5 HIGH

Dräger Core 1.0.5 and Dräger M540 Converter Service 1.0.9 contain a denial of service vulnerability that allows network-adjacent attackers to trigger high CPU load by …

Jun 2, 2026
CVE-2022-4992
8.6 HIGH

Dräger Infinity Acute Care System and Standalone Infinity M540 patient monitors versions VG4.1.1, VG4.0.3, and lower (with VG4.2 partially affected) contain a network message handling …

Jun 2, 2026
CVE-2021-4481
8.2 HIGH

Dräger Protector Software prior to version 6.4.2 contains a local privilege escalation vulnerability due to insecure file system permissions that allows local attackers to execute …

Jun 2, 2026
CVE-2021-4480
8.2 HIGH

Dräger Protector Software prior to version 6.4.2 contains a local privilege escalation vulnerability due to insecure file system permissions that allows local attackers to execute …

Jun 2, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.