CVE Database

108856+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-25879
9.8 CRITICAL

Langroid is a framework for building large-language-model-powered applications. Prior to version 0.63.0, SQLChatAgent executes SQL produced by an LLM, which is influenceable by prompt injection. …

Jun 1, 2026
CVE-2026-25277
8.8 HIGH

Memory corruption while using Strongbox due to buffer overflow.

Jun 1, 2026
CVE-2026-25276
8.8 HIGH

Memory corruption while using Strongbox due to missing bounds check.

Jun 1, 2026
CVE-2026-25260
7.8 HIGH

Memory Corruption when accessing shared buffers without validation of concurrent user-mode input modifications.

Jun 1, 2026
CVE-2026-25259
7.8 HIGH

Memory corruption while processing multiple IOCTL command for escape operations.

Jun 1, 2026
CVE-2026-25258
7.8 HIGH

Memory corruption while processing IOCTL calls for escape operations.

Jun 1, 2026
CVE-2026-24782
7.6 HIGH

Kiteworks is a private data network (PDN). Prior to version 9.3.0,ultiple SQL Injection vulnerabilities in Kiteworks Secure Data Forms could be exploited by an authenticated …

Jun 1, 2026
CVE-2026-24761
3.7 LOW

Kiteworks is a private data network (PDN). Prior to version 9.3.0, an Insecure Direct Object Reference (IDOR) vulnerability in Kiteworks Secure Data Forms allows an …

Jun 1, 2026
CVE-2026-24756
4.3 MEDIUM

Kiteworks is a private data network (PDN). Prior to version 9.3.0, an Insecure Direct Object Reference (IDOR) vulnerability in Kiteworks Secure Data Forms allows an …

Jun 1, 2026
CVE-2026-24755
5.4 MEDIUM

Kiteworks is a private data network (PDN). Prior to version 9.3.0, an Insecure Direct Object Reference (IDOR) vulnerability in Kiteworks Secure Data Forms allows an …

Jun 1, 2026
CVE-2026-24754
5.4 MEDIUM

Kiteworks is a private data network (PDN). Prior to version 9.3.0, a stored XSS vulnerability in Kiteworks Secure Data Forms could allow an authenticated attacker …

Jun 1, 2026
CVE-2026-24753
6.5 MEDIUM

Kiteworks is a private data network (PDN). Prior to version 9.3.0, an Insecure Direct Object Reference (IDOR) vulnerability in Kiteworks Secure Data Forms allows an …

Jun 1, 2026
CVE-2026-24752
8.2 HIGH

Kiteworks is a private data network (PDN). Prior to version 9.3.0, a reflected XSS vulnerability in Kiteworks Secure Data Forms could allow an external attacker …

Jun 1, 2026
CVE-2026-24092
7.2 HIGH

Memory Corruption when processing fastboot commands to set display mode.

Jun 1, 2026
CVE-2026-24091
7.2 HIGH

Memory corruption while processing fastboot commands with improperly formatted input.

Jun 1, 2026
CVE-2026-24090
7.1 HIGH

Cryptographic issue while processing partition table entries allows unauthorized modification of boot flow.

Jun 1, 2026
CVE-2026-24089
7.2 HIGH

Memory corruption while processing fastboot commands with invalid input.

Jun 1, 2026
CVE-2026-24088
8.2 HIGH

Cryptographic Issue while processing a specific partition which allows unauthorized write access to load a customized bootloader.

Jun 1, 2026
CVE-2026-24087
7.2 HIGH

Memory corruption while processing fastboot OEM commands.

Jun 1, 2026
CVE-2026-24085
7.2 HIGH

Memory Corruption when processing display command line information due to improper initialization of a variable.

Jun 1, 2026
CVE-2026-10300
3.7 LOW

A security vulnerability has been detected in SGLang 0.5.10.post1. Impacted is an unknown function of the file python/sglang/srt/lora/lora_manager.py of the component Inference HTTP Endpoint. Such …

Jun 1, 2026
CVE-2026-10299
3.8 LOW

A weakness has been identified in code-projects Online Hospital Management System 1.0. This issue affects some unknown processing of the file viewdoctortimings.php. This manipulation of …

Jun 1, 2026
CVE-2026-10298
3.3 LOW

A security flaw has been discovered in ggml-org whisper.cpp up to 1.8.2. This vulnerability affects the function whisper_model_load of the file ggml/src/ggml.c. The manipulation results …

Jun 1, 2026
CVE-2026-10297
6.3 MEDIUM

A vulnerability was identified in itsourcecode Fees Management System 1.0. This affects an unknown part of the file /manage_course.php. The manipulation of the argument ID …

Jun 1, 2026
CVE-2026-10296
6.3 MEDIUM

A vulnerability was determined in itsourcecode Fees Management System 1.0. Affected by this issue is some unknown functionality of the file /ajax.php. Executing a manipulation …

Jun 1, 2026
CVE-2026-10295
3.3 LOW

A vulnerability was found in SourceCodester Customer Review App 1.0. Affected by this vulnerability is the function add_review/save_review/get_all_reviews of the file review_app.py. Performing a manipulation …

Jun 1, 2026
CVE-2025-59614
6.7 MEDIUM

Memory Corruption when sending random number generator command with insufficient output buffer size.

Jun 1, 2026
CVE-2025-59613
6.7 MEDIUM

Memory Corruption when output buffer size is smaller than input buffer size during data copying operation.

Jun 1, 2026
CVE-2025-59612
6.7 MEDIUM

Memory corruption in windows drivers while sending incorrect trusted application request

Jun 1, 2026
CVE-2025-59611
6.7 MEDIUM

Memory corruption in diagnostic services due to absence of input validation

Jun 1, 2026
CVE-2025-59610
6.4 MEDIUM

Memory Corruption when processing IOCTL requests with mismatched API versions due to concurrent modification of user-space buffer.

Jun 1, 2026
CVE-2025-59609
5.5 MEDIUM

Information Disclosure when processing advertisement frames with malformed MBSSID elements of insufficient length.

Jun 1, 2026
CVE-2025-59606
7.8 HIGH

Memory Corruption when writing to invalid memory locations occurs due to heap memory exhaustion during secure data initialization.

Jun 1, 2026
CVE-2025-59605
7.8 HIGH

Memory Corruption when processing device identifier strings that exceed the expected maximum length.

Jun 1, 2026
CVE-2025-59604
7.8 HIGH

Memory Corruption when running a memory copy operation due to invalid writes caused by a null pointer.

Jun 1, 2026
CVE-2025-59601
6.5 MEDIUM

Information Disclosure when resetting device to factory default settings through powerline interface allows unauthorized access to device configuration.

Jun 1, 2026
CVE-2019-25718
8.4 HIGH

Dräger Infinity Explorer C700 contains a privilege escalation vulnerability that allows attackers to break out of kiosk mode and access the underlying operating system through …

Jun 1, 2026
CVE-2026-49491
8.2 HIGH

Pixa Bank 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to extract sensitive data by injecting SQL code into the 'rib' parameter. Attackers …

Jun 1, 2026
CVE-2026-40965
10.0 CRITICAL

Cloud Foundry UAA versions v76.12.0 through v78.12.0 are vulnerable to a private key exposure. The server contains a vulnerability where EC (Elliptic Curve) private keys …

Jun 1, 2026
CVE-2026-40964
7.5 HIGH

Authentication Bypass in cf-auth-proxy in Cloud Foundry Foundation all installations allows an unauthenticated remote attacker to gain read access to every log and metric for …

Jun 1, 2026
CVE-2026-28586
3.3 LOW

In multiple functions of AppOpsService.java, there is a possible missing permission check due to a permissions bypass. This could lead to local information disclosure with …

Jun 1, 2026
CVE-2026-28581
4.0 MEDIUM

In fixInitiatingUserIfNecessary of CallIntentProcessor.java, there is a possible way to make an emergency call due to a logic error in the code. This could lead …

Jun 1, 2026
CVE-2026-28580
7.8 HIGH

In multiple functions, there is a possible desync in persistence due to an incorrect bounds check. This could lead to local escalation of privilege with …

Jun 1, 2026
CVE-2026-28578
5.5 MEDIUM

In multiple functions of DevicePolicyManagerService.java, there is a possible desync from persistence due to improper input validation. This could lead to local denial of service …

Jun 1, 2026
CVE-2026-28577
7.8 HIGH

In addWindow of WindowManagerService.java, there is a possible tapjacking issue due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no …

Jun 1, 2026
CVE-2026-10294
4.3 MEDIUM

A vulnerability has been found in PackageKit up to 1.3.5. Affected is the function g_file_test of the file src/pk-transaction.c of the component API. Such manipulation …

Jun 1, 2026
CVE-2026-10293
8.8 HIGH

A flaw has been found in UTT HiPER 1200GW up to 2.5.3-170306. This impacts the function strcpy of the file /goform/formFireWall. This manipulation of the …

Jun 1, 2026
CVE-2026-10292
8.8 HIGH

A vulnerability was detected in UTT HiPER 1200GW up to 2.5.3-170306. This affects the function strcpy of the file /goform/formTaskEdit. The manipulation results in stack-based …

Jun 1, 2026
CVE-2026-10291
4.3 MEDIUM

A security vulnerability has been detected in Enderfga claw-orchestrator up to 3.7.0. The impacted element is the function validateRegex of the file claw-orchestrator/src/embedded-server.ts of the …

Jun 1, 2026
CVE-2026-10290
7.3 HIGH

A weakness has been identified in code-projects Hotel and Tourism Reservation System 1.0. The affected element is an unknown function of the file tour.php of …

Jun 1, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.