CVE Database

108856+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-48570
7.8 HIGH

In multiple functions of PipTaskOrganizer.java, there is a possible way to launch an activity from the background due to a confused deputy. This could lead …

Jun 1, 2026
CVE-2025-32348
7.8 HIGH

In multiple locations, there is a possible background activity launch due to a missing permission check. This could lead to local escalation of privilege with …

Jun 1, 2026
CVE-2025-26418
7.8 HIGH

In setUserDisclaimerAcknowledged of CarDevicePolicyService.java, there is a possible way to bypass the user dialog when adding an account to a managed device due to a …

Jun 1, 2026
CVE-2025-22426
7.8 HIGH

In many functions of ComputerEngine.java, there is a possible way to access URIs across users due to a logic error in the code. This could …

Jun 1, 2026
CVE-2025-22424
7.8 HIGH

In multiple locations, there is a possible way to reveal images across users due to improper input validation. This could lead to local escalation of …

Jun 1, 2026
CVE-2019-25716
6.5 MEDIUM

Dräger Infinity Delta, Delta XL, and Kappa patient monitors contain a denial-of-service vulnerability that allows remote attackers to cause the monitor to reboot by sending …

Jun 1, 2026
CVE-2018-25435
5.3 MEDIUM

ZeusCart 4.0 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions on behalf of victims by crafting malicious requests. Attackers can …

Jun 1, 2026
CVE-2018-25434
8.2 HIGH

WP AutoSuggest 0.24 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the wpas_keys parameter. …

Jun 1, 2026
CVE-2018-25433
8.2 HIGH

Joomla Component JE Photo Gallery 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting malicious SQL code through …

Jun 1, 2026
CVE-2018-25432
8.4 HIGH

Arm Whois 3.11 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by overwriting the structured exception handler. Attackers can craft …

Jun 1, 2026
CVE-2018-25431
7.1 HIGH

No-Cms 1.0 contains an SQL injection vulnerability in the order_by parameter of the manage_privilege export endpoint that allows authenticated attackers to manipulate database queries. Attackers …

Jun 1, 2026
CVE-2018-25430
7.1 HIGH

Paroiciel 11.20 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the eGeqIdEquipe parameter. Attackers …

Jun 1, 2026
CVE-2018-25429
7.1 HIGH

Paroiciel 11.20 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the zProIdPro parameter. Attackers …

Jun 1, 2026
CVE-2018-25428
8.2 HIGH

Paroiciel 11.20 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the tRecIdListe parameter. Attackers …

Jun 1, 2026
CVE-2018-25427
9.8 CRITICAL

Arm Whois 3.11 contains a stack-based buffer overflow vulnerability that allows remote attackers to execute arbitrary code by supplying oversized input to the IP address …

Jun 1, 2026
CVE-2026-5419
3.7 LOW

A flaw was found in gnutls. The PKCS#7 padding check, performed during decryption, was not constant-time. This timing side-channel could allow a remote attacker to …

Jun 1, 2026
CVE-2026-49433
5.0 MEDIUM

The DeepAI endpoint 'https://api.deepai.org/change_user_email' accepts POST requests without any CSRF protection. If an attacker can trick a logged-in user into clicking a malicious link, the …

Jun 1, 2026
CVE-2026-49140
4.3 MEDIUM

Nanobot prior to version 0.2.1 contains a denial of service vulnerability in the Matrix channel media download handler that allows authenticated room members to exhaust …

Jun 1, 2026
CVE-2026-49139

Nanobot prior to version 0.2.1 contains a server-side request forgery vulnerability in the Microsoft Teams channel handler that allows remote attackers to exfiltrate Bot Framework …

Jun 1, 2026
CVE-2026-49138
5.0 MEDIUM

Nanobot prior to version 0.2.1 contains a server-side request forgery vulnerability in the web_fetch tool that allows remote attackers to reach internal or private network …

Jun 1, 2026
CVE-2026-49136
7.5 HIGH

Banana Slides through 0.4.0, patched in commit e8bc490, contains a path traversal vulnerability in the generate_image() function within the AI service backend that allows unauthenticated …

Jun 1, 2026
CVE-2026-49135
7.1 HIGH

CodexBar prior to 0.32.0 contains an insecure temporary file handling vulnerability that allows local attackers to access sensitive credentials or tamper with build artifacts by …

Jun 1, 2026
CVE-2026-49134
7.1 HIGH

CodexBar prior to 0.32.0 contains a privilege escalation vulnerability in the CLI installer that allows local attackers to execute arbitrary commands as root by exploiting …

Jun 1, 2026
CVE-2026-37234
8.2 HIGH

FlexRIC v2.0.0 allows a single SCTP connection to bind multiple xapp_ids by sending multiple E42_SETUP_REQUESTs. On disconnect, only the first registered xapp_id's resources are cleaned …

Jun 1, 2026
CVE-2026-24751
8.2 HIGH

Kiteworks is a private data network (PDN). Prior to version 9.3.0, a reflected XSS vulnerability in Kiteworks Secure Data Forms could allow an external attacker …

Jun 1, 2026
CVE-2026-10289
4.3 MEDIUM

A security flaw has been discovered in code-projects Hotel and Tourism Reservation System 1.0. Impacted is an unknown function of the file /ht/tour.php. Performing a …

Jun 1, 2026
CVE-2026-10288
7.3 HIGH

A vulnerability was identified in code-projects Hotel and Tourism Reservation System 1.0. This issue affects the function password_verify of the file /admin/login.php of the component …

Jun 1, 2026
CVE-2026-10287
7.3 HIGH

A vulnerability was determined in SourceCodester SEO Meta Tag Extractor 1.0. This vulnerability affects the function get_headers of the file /index.php. This manipulation of the …

Jun 1, 2026
CVE-2026-10286
6.3 MEDIUM

A vulnerability was found in CodeAstro Payroll System 1.0. This affects an unknown part of the file /home_employee.php. The manipulation of the argument emp_id results …

Jun 1, 2026
CVE-2026-10285
5.4 MEDIUM

A vulnerability has been found in DevaslanPHP project-management up to 2.0.0-beta1. Affected by this issue is the function KanbanScrumHelper::recordUpdated of the file app/Helpers/KanbanScrumHelper.php of the …

Jun 1, 2026
CVE-2026-10284
5.4 MEDIUM

A flaw has been found in DevaslanPHP project-management up to 2.0.0-beta1. Affected by this vulnerability is the function editComment/doDeleteComment of the file app/Filament/Resources/TicketResource/Pages/ViewTicket.php of the …

Jun 1, 2026
CVE-2025-70099
7.5 HIGH

A NULL pointer dereference in the ext4_dir_en_get_name_len function in include/ext4_dir.h of lwext4 1.0.0 allows attackers to cause a denial of service by supplying a specially …

Jun 1, 2026
CVE-2021-46747

Insufficient granularity of access control in ASP (AMD Secure Processor) may allow an attacker with an untrusted user space application to map sensitive SMN (System …

Jun 1, 2026
CVE-2026-9614
8.8 HIGH

An Improper Access Control vulnerability in Ivanti Neurons for ITSM (cloud and on-premises) allows a remote authenticated attacker to gain administrative access.

Jun 1, 2026
CVE-2026-9330
8.5 HIGH

IBM WebSphere Application Server 9.0, and 8.5 is affected by an improper validation of user-supplied data during deserialization using the SAML Web Single Sign-On component. …

Jun 1, 2026
CVE-2026-9319
9.0 CRITICAL

IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to potential remote code execution due to deserialization of untrusted data via JAX-WS endpoints with WS-Security.

Jun 1, 2026
CVE-2026-9311
9.0 CRITICAL

IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to remote code execution caused by the bypass of security controls.

Jun 1, 2026
CVE-2026-8644
9.1 CRITICAL

IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to identity spoofing.

Jun 1, 2026
CVE-2026-7770
8.8 HIGH

IBM i Access Family 1.1.5.0 through 1.1.9.12 IBM i Access Client Solutions (ACS) is vulnerable to remote code execution when configured to listen for requests …

Jun 1, 2026
CVE-2026-49121
8.1 HIGH

AI Tensor Engine for ROCm (AITER) through 0.1.14 contains an unauthenticated remote code execution vulnerability in the MessageQueue.recv() function within shm_broadcast.py that allows unauthenticated remote …

Jun 1, 2026
CVE-2026-47294
8.0 HIGH

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Jun 1, 2026
CVE-2026-45810
6.8 MEDIUM

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 31.0.0 to before 31.0.12, and 32.0.0 to before 32.0.3, a missing check …

Jun 1, 2026
CVE-2026-45729
4.3 MEDIUM

Thor Vector Graphics (ThorVG) is a production-ready vector graphics engine. Prior to version 1.0.5, a null pointer dereference in SvgLoader::run() allows any caller that passes …

Jun 1, 2026
CVE-2026-45727

CloakBrowser is a tool to bypass bot detection tests. Prior to version 0.3.28, the cloakserve CDP multiplexer uses the user-supplied fingerprint query parameter directly as …

Jun 1, 2026
CVE-2026-45722
7.1 HIGH

Nextcloud is an open source content collaboration platform. From versions 0.9.0 to before 0.9.7, and 1.0.0 to before 1.0.2, a missing sanitization in the Tables …

Jun 1, 2026
CVE-2026-45691
5.9 MEDIUM

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, a pre-2FA session …

Jun 1, 2026
CVE-2026-45690
5.9 MEDIUM

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, an authentication bypass …

Jun 1, 2026
CVE-2026-45545
8.2 HIGH

Nextcloud is an open source content collaboration platform. From versions 0.7.0 to before 0.7.7, 0.8.0 to before 0.8.10, 0.9.0 to before 0.9.8, and 1.0.0 to …

Jun 1, 2026
CVE-2026-45544
4.3 MEDIUM

Nextcloud is an open source content collaboration platform. From version 0.8.0 to before version 1.0.4, the view filter criteria is exposed to users with read-only …

Jun 1, 2026
CVE-2026-45543
5.3 MEDIUM

Nextcloud is an open source content collaboration platform. From version 4.3.0 to before version 5.2.7, a removed collaborator retains unauthorized read access to uploaded respondent …

Jun 1, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.