108856+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.
Dräger Perseus A500 software versions 2.00 through 2.02 contains an improper input handling vulnerability that allows external attackers to cause a denial of service by …
Dräger SC Monitoring devices (SC 6002XL, SC 6802XL, SC 7000, SC 8000, SC 9000 XL) contain hard-coded plaintext credentials in source code and a denial-of-service …
Dräger Infinity M300 patient worn monitors with software version VG2.3.1 and earlier contain a network-based denial of service vulnerability that allows network-adjacent attackers to repeatedly …
CZ.NIC BIRD Internet Routing Daemon through 2.19.0 contains a stack-based buffer overflow in the BGP AS_PATH mask matching implementation in nest/a-path.c. The as_path_match() function uses …
OpenClaude is an open-source coding-agent command line interface for cloud and local model providers. Prior to version 0.5.1, the dangerouslyDisableSandbox parameter is exposed as part …
OpenClaude is an open-source coding-agent command line interface for cloud and local model providers. Prior to version 0.5.1, the OpenClaude MCP authentication flow starts a …
Dell ThinOS 10, versions prior to ThinOS10 2602_10.0765, contain an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this …
Dell ThinOS 10, versions prior to ThinOS10 2602_10.0765, contain an Improper Access control vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, …
NamelessMC is website software for Minecraft servers. In version 2.2.4, `core/classes/Misc/ProfilePostReactionContext.php` only verifies that the wall post exists and does not enforce blocked/private-profile visibility. This …
NamelessMC is website software for Minecraft servers. In version 2.2.4,`core/classes/Misc/ProfilePostReactionContext.php` only verifies that the wall post exists and does not enforce blocked/private-profile visibility. `modules/Core/queries/reactions.php` allows …
NamelessMC is website software for Minecraft servers. In version 2.2.4, the profile page (modules/Core/pages/profile.php) processes wall post submissions and replies before verifying whether the viewer …
NamelessMC is website software for Minecraft servers. In version 2.2.4, `modules/Forum/classes/ForumPostReactionContext.php` only verifies that the caller can view the forum, but it does not re-enforce …
React Router is a router for React. In versions 7.5.1 through 7.13.1, when using Framework Mode with pre-rendering enabled, improper neutralization of the HTTP `Location` …
NVIDIA NVTabular contains a vulnerability where an attacker could cause improper deserialization of untrusted data. A successful exploit of this vulnerability might lead to code …
NVIDIA NVTabular contains a vulnerability where an attacker could cause improper deserialization of untrusted data. A successful exploit of this vulnerability might lead to code …
TP-Link Tapo C200 v5 contains a stack-based buffer overflow flaw in RTSP authentication handling due to improper validation of Authorization header field lengths, which can …
A vulnerability was determined in DedeCMS 5.7.88. The affected element is the function TrimMsg of the file /plus/feedback.php of the component Feedback Handler. Executing a …
Spacelabs Healthcare Sentinel versions 10.5.x and higher and 11.x.x before 11.6.0 contain an unauthenticated remote code execution vulnerability through a deprecated .NET Remoting HTTP channel …
HCL iReflection Third party vulnerable and outdated components issue was detected in the web application
Improper access control in the permission validation component in Devolutions Server 2026.1.19 and earlier allows an authenticated user with entry edit privileges to modify asset …
Improper access control in the PAM account discovery feature in Devolutions Server 2026.1.19 and earlier allows an authenticated user without administrative privileges to delete network …
Appsmith’s SQL query editor’s autocomplete functionality fails to sanitize database object names before rendering them in innerHTML, allowing an authenticated Developer to inject persistent XSS …
Allocation of Resources Without Limits or Throttling vulnerability in elixir-mint Mint allows attacker-controlled HTTP/2 servers to exhaust memory in a Mint client (HTTP/2 CONTINUATION flood). …
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in elixir-mint Mint allows attacker-controlled HTTP/1 servers to desynchronise response framing on shared connections. Mint's HTTP/1 …
Allocation of Resources Without Limits or Throttling vulnerability in elixir-mint Mint allows attacker-controlled HTTP/2 servers to exhaust memory in a Mint client via PUSH_PROMISE flooding. …
Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability in elixir-mint Mint allows HTTP Request Splitting and HTTP Request Smuggling. In lib/mint/http1/request.ex, the encode_request_line/2 function splices …
OpenMed before 1.5.2 contains a remote code execution vulnerability in the PII privacy-filter model loading path. The privacy-filter dispatcher used broad substring matching on the …
OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From version 0.7.0 to before version 0.9.0, a remotely reachable integer overflow in OBI's …
OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From version 0.1.0 to before version 0.9.0, malformed MongoDB wire messages can trigger uncaught …
OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From version 0.7.0 to before version 0.9.0, OBI's log enricher mishandles writev buffers by …
OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, the Java TLS ioctl probe reads user-controlled ioctl pointers with …
OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, the custom CappedConcurrentHashMap introduced for Java TLS state tracking never …
OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, the per-CPU message-buffer fallback path uses a 256-byte backup buffer …
OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, OBI replays BPF probe hits into histogram observations by looping …
OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, OBI exports raw Redis error text as the span status …
OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, the Postgres protocol parser assumes BIND message payloads contain a …
OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, OBI's replacement ELF parser trusts section offsets, counts, and string …
NiceGUI is a Python-based UI framework. Prior to version 3.12.0, two FastAPI routes that serve per-component static assets in NiceGUI accept a sub-path parameter that …
NiceGUI is a Python-based UI framework. Prior to version 3.12.0, ui.restructured_text() renders reStructuredText server-side with Docutils without disabling file insertion directives. When a NiceGUI application …
Klaw is a self-service Apache Kafka Topic Management/Governance tool/portal. Prior to version 2.10.4, improper access control allows disclosure of password hash. This issue has been …
Klaw is a self-service Apache Kafka Topic Management/Governance tool/portal. Prior to version 2.10.4, a vulnerability exists in the user registration and login mechanisms due to …
Authentication Bypass Using an Alternate Path or Channel vulnerability in WP Swings Wallet System for WooCommerce allows Password Recovery Exploitation. This issue affects Wallet System …
Authentication Bypass Using an Alternate Path or Channel vulnerability in Liquid Web / StellarWP BookIt allows Password Recovery Exploitation. This issue affects BookIt: from n/a …
A high security vulnerability affecting Security Center main server installations has been identified. It could allow an attacker with local OS privileges to the main …
transmission through 4.1.1 was found to have a clickjacking weakness in the browser-facing WebUI and RPC response paths.
A path traversal vulnerability in the /admin/downloadMedias.cgi endpoint of VIVOTEK INC FD8136-VVTK firmware 0300a allows authenticated attackers to read any file on the device via …
A stack-based buffer overflow in the motion_privacy.cgi binary in VIVOTEK FD8136 firmware FD8136-VVTK-0300a allows authenticated remote attackers to execute arbitrary code as root via an …
NamelessMC is website software for Minecraft servers. In versions 2.2.4 and prior, the OAuth callback handling does not validate the state parameter server-side before exchanging …
NamelessMC is website software for Minecraft servers. In version 2.2.4, `modules/Forum/pages/forum/get_quotes.php` only checks whether the caller is logged in, then reads a post by attacker-controlled …
A remote buffer overflow vulnerability exists in the /cgi-bin/dido/setdo.cgi endpoint of the admin interface of Vivotek FD8136 cameras running firmware version FD8136-VVTK-0300a. This flaw allows …
Free website and port scanning — find vulnerabilities before attackers do.