CVE Database

108856+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2019-25723
4.0 MEDIUM

Dräger Perseus A500 software versions 2.00 through 2.02 contains an improper input handling vulnerability that allows external attackers to cause a denial of service by …

Jun 2, 2026
CVE-2019-25722
7.6 HIGH

Dräger SC Monitoring devices (SC 6002XL, SC 6802XL, SC 7000, SC 8000, SC 9000 XL) contain hard-coded plaintext credentials in source code and a denial-of-service …

Jun 2, 2026
CVE-2019-25721
6.5 MEDIUM

Dräger Infinity M300 patient worn monitors with software version VG2.3.1 and earlier contain a network-based denial of service vulnerability that allows network-adjacent attackers to repeatedly …

Jun 2, 2026
CVE-2026-49943
6.3 MEDIUM

CZ.NIC BIRD Internet Routing Daemon through 2.19.0 contains a stack-based buffer overflow in the BGP AS_PATH mask matching implementation in nest/a-path.c. The as_path_match() function uses …

Jun 2, 2026
CVE-2026-42074
9.8 CRITICAL

OpenClaude is an open-source coding-agent command line interface for cloud and local model providers. Prior to version 0.5.1, the dangerouslyDisableSandbox parameter is exposed as part …

Jun 2, 2026
CVE-2026-42073
6.5 MEDIUM

OpenClaude is an open-source coding-agent command line interface for cloud and local model providers. Prior to version 0.5.1, the OpenClaude MCP authentication flow starts a …

Jun 2, 2026
CVE-2026-40715
7.8 HIGH

Dell ThinOS 10, versions prior to ThinOS10 2602_10.0765, contain an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this …

Jun 2, 2026
CVE-2026-40713
6.1 MEDIUM

Dell ThinOS 10, versions prior to ThinOS10 2602_10.0765, contain an Improper Access control vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, …

Jun 2, 2026
CVE-2026-40571

NamelessMC is website software for Minecraft servers. In version 2.2.4, `core/classes/Misc/ProfilePostReactionContext.php` only verifies that the wall post exists and does not enforce blocked/private-profile visibility. This …

Jun 2, 2026
CVE-2026-40314

NamelessMC is website software for Minecraft servers. In version 2.2.4,`core/classes/Misc/ProfilePostReactionContext.php` only verifies that the wall post exists and does not enforce blocked/private-profile visibility. `modules/Core/queries/reactions.php` allows …

Jun 2, 2026
CVE-2026-35447

NamelessMC is website software for Minecraft servers. In version 2.2.4, the profile page (modules/Core/pages/profile.php) processes wall post submissions and replies before verifying whether the viewer …

Jun 2, 2026
CVE-2026-35443

NamelessMC is website software for Minecraft servers. In version 2.2.4, `modules/Forum/classes/ForumPostReactionContext.php` only verifies that the caller can view the forum, but it does not re-enforce …

Jun 2, 2026
CVE-2026-33244
5.4 MEDIUM

React Router is a router for React. In versions 7.5.1 through 7.13.1, when using Framework Mode with pre-rendering enabled, improper neutralization of the HTTP `Location` …

Jun 2, 2026
CVE-2026-24237
7.8 HIGH

NVIDIA NVTabular contains a vulnerability where an attacker could cause improper deserialization of untrusted data. A successful exploit of this vulnerability might lead to code …

Jun 2, 2026
CVE-2026-24221
7.8 HIGH

NVIDIA NVTabular contains a vulnerability where an attacker could cause improper deserialization of untrusted data. A successful exploit of this vulnerability might lead to code …

Jun 2, 2026
CVE-2026-1871
6.5 MEDIUM

TP-Link Tapo C200 v5 contains a stack-based buffer overflow flaw in RTSP authentication handling due to improper validation of Authorization header field lengths, which can …

Jun 2, 2026
CVE-2026-10606
7.3 HIGH

A vulnerability was determined in DedeCMS 5.7.88. The affected element is the function TrimMsg of the file /plus/feedback.php of the component Feedback Handler. Executing a …

Jun 2, 2026
CVE-2026-0611
9.8 CRITICAL

Spacelabs Healthcare Sentinel versions 10.5.x and higher and 11.x.x before 11.6.0 contain an unauthenticated remote code execution vulnerability through a deprecated .NET Remoting HTTP channel …

Jun 2, 2026
CVE-2024-42206
3.1 LOW

HCL iReflection Third party vulnerable and outdated components issue was detected in the web application

Jun 2, 2026
CVE-2026-9590
5.3 MEDIUM

Improper access control in the permission validation component in Devolutions Server 2026.1.19 and earlier allows an authenticated user with entry edit privileges to modify asset …

Jun 2, 2026
CVE-2026-9522
5.4 MEDIUM

Improper access control in the PAM account discovery feature in Devolutions Server 2026.1.19 and earlier allows an authenticated user without administrative privileges to delete network …

Jun 2, 2026
CVE-2026-7299
6.3 MEDIUM

Appsmith’s SQL query editor’s autocomplete functionality fails to sanitize database object names before rendering them in innerHTML, allowing an authenticated Developer to inject persistent XSS …

Jun 2, 2026
CVE-2026-49754

Allocation of Resources Without Limits or Throttling vulnerability in elixir-mint Mint allows attacker-controlled HTTP/2 servers to exhaust memory in a Mint client (HTTP/2 CONTINUATION flood). …

Jun 2, 2026
CVE-2026-49753

Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in elixir-mint Mint allows attacker-controlled HTTP/1 servers to desynchronise response framing on shared connections. Mint's HTTP/1 …

Jun 2, 2026
CVE-2026-48862

Allocation of Resources Without Limits or Throttling vulnerability in elixir-mint Mint allows attacker-controlled HTTP/2 servers to exhaust memory in a Mint client via PUSH_PROMISE flooding. …

Jun 2, 2026
CVE-2026-48861

Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability in elixir-mint Mint allows HTTP Request Splitting and HTTP Request Smuggling. In lib/mint/http1/request.ex, the encode_request_line/2 function splices …

Jun 2, 2026
CVE-2026-47117
9.8 CRITICAL

OpenMed before 1.5.2 contains a remote code execution vulnerability in the PII privacy-filter model loading path. The privacy-filter dispatcher used broad substring matching on the …

Jun 2, 2026
CVE-2026-45686
7.5 HIGH

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From version 0.7.0 to before version 0.9.0, a remotely reachable integer overflow in OBI's …

Jun 2, 2026
CVE-2026-45685
7.5 HIGH

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From version 0.1.0 to before version 0.9.0, malformed MongoDB wire messages can trigger uncaught …

Jun 2, 2026
CVE-2026-45684
4.9 MEDIUM

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From version 0.7.0 to before version 0.9.0, OBI's log enricher mishandles writev buffers by …

Jun 2, 2026
CVE-2026-45683
3.8 LOW

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, the Java TLS ioctl probe reads user-controlled ioctl pointers with …

Jun 2, 2026
CVE-2026-45682
5.1 MEDIUM

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, the custom CappedConcurrentHashMap introduced for Java TLS state tracking never …

Jun 2, 2026
CVE-2026-45681
5.9 MEDIUM

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, the per-CPU message-buffer fallback path uses a 256-byte backup buffer …

Jun 2, 2026
CVE-2026-45680
5.9 MEDIUM

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, OBI replays BPF probe hits into histogram observations by looping …

Jun 2, 2026
CVE-2026-45679
6.5 MEDIUM

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, OBI exports raw Redis error text as the span status …

Jun 2, 2026
CVE-2026-45678
7.5 HIGH

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, the Postgres protocol parser assumes BIND message payloads contain a …

Jun 2, 2026
CVE-2026-45676
5.5 MEDIUM

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, OBI's replacement ELF parser trusts section offsets, counts, and string …

Jun 2, 2026
CVE-2026-45554
5.3 MEDIUM

NiceGUI is a Python-based UI framework. Prior to version 3.12.0, two FastAPI routes that serve per-component static assets in NiceGUI accept a sub-path parameter that …

Jun 2, 2026
CVE-2026-45553
7.5 HIGH

NiceGUI is a Python-based UI framework. Prior to version 3.12.0, ui.restructured_text() renders reStructuredText server-side with Docutils without disabling file insertion directives. When a NiceGUI application …

Jun 2, 2026
CVE-2026-45080

Klaw is a self-service Apache Kafka Topic Management/Governance tool/portal. Prior to version 2.10.4, improper access control allows disclosure of password hash. This issue has been …

Jun 2, 2026
CVE-2026-44367
2.7 LOW

Klaw is a self-service Apache Kafka Topic Management/Governance tool/portal. Prior to version 2.10.4, a vulnerability exists in the user registration and login mechanisms due to …

Jun 2, 2026
CVE-2026-42654
7.1 HIGH

Authentication Bypass Using an Alternate Path or Channel vulnerability in WP Swings Wallet System for WooCommerce allows Password Recovery Exploitation. This issue affects Wallet System …

Jun 2, 2026
CVE-2026-40780
7.5 HIGH

Authentication Bypass Using an Alternate Path or Channel vulnerability in Liquid Web / StellarWP BookIt allows Password Recovery Exploitation. This issue affects BookIt: from n/a …

Jun 2, 2026
CVE-2026-40619
7.8 HIGH

A high security vulnerability affecting Security Center main server installations has been identified. It could allow an attacker with local OS privileges to the main …

Jun 2, 2026
CVE-2026-38978
5.3 MEDIUM

transmission through 4.1.1 was found to have a clickjacking weakness in the browser-facing WebUI and RPC response paths.

Jun 2, 2026
CVE-2026-35718
6.5 MEDIUM

A path traversal vulnerability in the /admin/downloadMedias.cgi endpoint of VIVOTEK INC FD8136-VVTK firmware 0300a allows authenticated attackers to read any file on the device via …

Jun 2, 2026
CVE-2026-35716
6.3 MEDIUM

A stack-based buffer overflow in the motion_privacy.cgi binary in VIVOTEK FD8136 firmware FD8136-VVTK-0300a allows authenticated remote attackers to execute arbitrary code as root via an …

Jun 2, 2026
CVE-2026-34460
5.4 MEDIUM

NamelessMC is website software for Minecraft servers. In versions 2.2.4 and prior, the OAuth callback handling does not validate the state parameter server-side before exchanging …

Jun 2, 2026
CVE-2026-33398

NamelessMC is website software for Minecraft servers. In version 2.2.4, `modules/Forum/pages/forum/get_quotes.php` only checks whether the caller is logged in, then reads a post by attacker-controlled …

Jun 2, 2026
CVE-2026-30652
8.8 HIGH

A remote buffer overflow vulnerability exists in the /cgi-bin/dido/setdo.cgi endpoint of the admin interface of Vivotek FD8136 cameras running firmware version FD8136-VVTK-0300a. This flaw allows …

Jun 2, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.