CVE Database

109206+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-48187
5.7 MEDIUM

An uncontrolled allocation of resources without limits or throttling in the e-mail handling in OTRS allows excessive allocation which may lead to the abortion of …

Jun 1, 2026
CVE-2026-20456
5.5 MEDIUM

In wlan STA driver, there is a possible system crash due to a missing bounds check. This could lead to local denial of service with …

Jun 1, 2026
CVE-2026-20455
7.8 HIGH

In geniezone, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if …

Jun 1, 2026
CVE-2026-20454
6.4 MEDIUM

In geniezone, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege if a …

Jun 1, 2026
CVE-2026-20453
6.7 MEDIUM

In geniezone, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if …

Jun 1, 2026
CVE-2026-20452
8.0 HIGH

In wlan AP driver, there is a possible memory corruption due to a heap buffer overflow. This could lead to remote (proximal/adjacent) code execution with …

Jun 1, 2026
CVE-2026-10221
7.3 HIGH

A vulnerability was identified in NousResearch hermes-agent up to 0.12.0. Affected by this vulnerability is the function _compress_context of the file run_agent.py. The manipulation leads …

Jun 1, 2026
CVE-2026-10220
7.3 HIGH

A vulnerability was determined in NousResearch hermes-agent up to 2026.4.30. Affected is the function _serve_plugin_skill/skill_view of the file tools/skills_tool.py. Executing a manipulation can lead to …

Jun 1, 2026
CVE-2026-10219
7.3 HIGH

A vulnerability was found in nextlevelbuilder GoClaw up to 3.11.3. This impacts the function FsBridge.WriteFile of the file internal/sandbox/fsbridge.go of the component write_file Tool. Performing …

Jun 1, 2026
CVE-2026-10218
5.4 MEDIUM

A vulnerability has been found in nextlevelbuilder GoClaw up to 3.11.3. This affects the function auth of the file internal/http/evolution_handlers.go. Such manipulation leads to improper …

Jun 1, 2026
CVE-2026-10217
6.3 MEDIUM

A flaw has been found in nextlevelbuilder GoClaw up to 3.11.3. The impacted element is the function handleSave of the file internal/http/tts_config.go of the component …

Jun 1, 2026
CVE-2026-10216
3.7 LOW

A vulnerability was detected in unitedbyai droidclaw up to 0.5.3. The affected element is an unknown function of the file server/src/routes/pairing.ts of the component claim …

Jun 1, 2026
CVE-2026-10215
4.3 MEDIUM

A security vulnerability has been detected in Dolibarr ERP CRM up to 23.0.1. Impacted is the function checkUserAccessToObject of the file htdocs/holiday/class/api_holidays.class.php of the component …

Jun 1, 2026
CVE-2026-10214
7.3 HIGH

A weakness has been identified in zhayujie chatgpt-on-wechat up to 2.0.8. This issue affects the function _get_safety_warning of the file agent/tools/bash/bash.py of the component Bash …

Jun 1, 2026
CVE-2026-10213
5.4 MEDIUM

A security flaw has been discovered in AstrBotDevs AstrBot 4.23.6. This vulnerability affects unknown code of the file /api/skills/delete of the component API Endpoint. Performing …

Jun 1, 2026
CVE-2026-10212
6.3 MEDIUM

A vulnerability was identified in AstrBotDevs AstrBot 4.24.2. This affects the function astr_main_agent of the file astrbot/core/astr_main_agent.py. Such manipulation of the argument session_id leads to …

Jun 1, 2026
CVE-2026-10211
6.3 MEDIUM

A vulnerability was determined in AstrBotDevs AstrBot 4.23.6. Affected by this issue is the function _normalize_rw_path of the file astrbot/core/tools/computer_tools/fs.py. This manipulation causes incorrect authorization. …

Jun 1, 2026
CVE-2026-10210
6.3 MEDIUM

A vulnerability was found in AstrBotDevs AstrBot 4.23.6. Affected by this vulnerability is the function _sanitize_prompt_description of the file astrbot/core/skills/skill_manager.py. The manipulation results in injection. …

Jun 1, 2026
CVE-2026-10209
6.3 MEDIUM

A vulnerability has been found in code-projects Online Hospital Management System 1.0. Affected is an unknown function of the file appointmentdetail.php of the component Appointment …

Jun 1, 2026
CVE-2026-10208
7.3 HIGH

A flaw has been found in code-projects Online Hospital Management System 1.php. This impacts the function login_user of the file login_1.php. Executing a manipulation of …

Jun 1, 2026
CVE-2026-10206
8.8 HIGH

A vulnerability was detected in D-Link DI-8400 up to 16.07.26A1. This affects an unknown function of the file /dbsrv.asp. Performing a manipulation of the argument …

Jun 1, 2026
CVE-2026-10205
6.3 MEDIUM

A security vulnerability has been detected in Metasoft 美特软件 MetaCRM 6.4.0. The impacted element is an unknown function of the file develop/systparam/softlogo/upload.jsp. Such manipulation leads …

Jun 1, 2026
CVE-2026-10204
6.3 MEDIUM

A weakness has been identified in OFCMS 1.1.3. The affected element is the function Query of the file \ofcms-admin\src\main\java\com\ofsoft\cms\admin\controller\system\SysUserController.java of the component JSON Query Interface. …

Jun 1, 2026
CVE-2026-10203
6.3 MEDIUM

A security flaw has been discovered in OFCMS 1.1.3. Impacted is the function Query of the file \ofcms-admin\src\main\java\com\ofsoft\cms\admin\controller\system\SystemParamController.java of the component JSON Query Interface. The …

Jun 1, 2026
CVE-2026-10202
6.3 MEDIUM

A vulnerability was identified in OFCMS 1.1.3. This issue affects the function Query of the file \ofcms-admin\src\main\java\com\ofsoft\cms\admin\controller\system\SystemDictController.java of the component JSON Query Interface. The manipulation …

Jun 1, 2026
CVE-2026-10201
3.3 LOW

A vulnerability was determined in Assimp up to 6.0.4. This vulnerability affects the function FBXExporter::WriteObjects of the file FBXExporter.cpp of the component UV Channel Handler. …

Jun 1, 2026
CVE-2026-10200
5.3 MEDIUM

A vulnerability was found in Assimp up to 6.0.4. This affects the function glTFCommon::CopyValue in the library glTFCommon.h of the component 4x4 Matrix Parser. Performing …

May 31, 2026
CVE-2026-10199
3.3 LOW

A vulnerability has been found in Assimp up to 6.0.4. Affected by this issue is the function glTF2::LazyDict in the library glTF2Asset.h. Such manipulation of …

May 31, 2026
CVE-2026-10198
3.3 LOW

A flaw has been found in Assimp up to 6.0.4. Affected by this vulnerability is the function Assimp::glTFImporter::ImportMeshes of the file glTFImporter.cpp of the component …

May 31, 2026
CVE-2026-48210
5.7 MEDIUM

An improper default configuration in OTRS 2026.3.1 causes ticket article forwarding actions to enforce the “Is visible for customer” flag by default and prevent users …

May 31, 2026
CVE-2026-10197
3.3 LOW

A vulnerability was detected in Assimp up to 6.0.4. Affected is the function glTF2Importer::ImportEmbeddedTextures in the library code/AssetLib/glTF2/glTF2Importer.cpp of the component TF File Handler. The …

May 31, 2026
CVE-2026-8796
8.1 HIGH

Sereal::Decoder versions before 5.005 for Perl allow heap out-of-bounds read via crafted input. In Perl/Decoder/srl_decoder.c, srl_read_object() and srl_read_hash() process a COPY tag, a back-reference whose …

May 31, 2026
CVE-2026-10194
6.3 MEDIUM

A weakness has been identified in OFFIS DCMTK 3.7.0. This affects the function DcmQueryRetrieveIndexDatabaseHandle::deleteOldestImages of the file dcmqrdb/libsrc/dcmqrdbi.cc of the component dcmqrscp. Executing a manipulation …

May 31, 2026
CVE-2026-10193
6.3 MEDIUM

A security flaw has been discovered in OFCMS up to 1.1.3. The impacted element is the function Query of the file ofcms-admin\src\main\java\com\ofsoft\cms\admin\controller\ComnController.java of the component …

May 31, 2026
CVE-2026-10192
8.8 HIGH

A vulnerability was identified in Tenda W12 3.0.0.7(4763). The affected element is the function set_local_time_0 of the file /bin/httpd. Such manipulation of the argument Time …

May 31, 2026
CVE-2026-10191
8.8 HIGH

A vulnerability was determined in Tenda W12 3.0.0.7(4763). Impacted is the function cgiWifiMacFilterSet of the file /bin/httpd. This manipulation of the argument wifiMacFilterSet.macList.mac causes stack-based …

May 31, 2026
CVE-2026-10190
6.5 MEDIUM

A vulnerability was found in Tenda W12 3.0.0.7(4763). This issue affects the function cgiSysWebTimeoutSet of the file /bin/httpd of the component Web Management Interface. The …

May 31, 2026
CVE-2026-10189
8.8 HIGH

A vulnerability has been found in Tenda W12 3.0.0.7(4763). This vulnerability affects the function cgiSysTimeInfoSet of the file /bin/httpd. The manipulation of the argument sec …

May 31, 2026
CVE-2026-10188
8.8 HIGH

A flaw has been found in Tenda W12 3.0.0.7(4763). This affects the function cgistaKickOff of the file /bin/httpd. Executing a manipulation of the argument staMac …

May 31, 2026
CVE-2026-10187
9.8 CRITICAL

A vulnerability was detected in Totolink N300RH 6.1c.1353_B20190305. Affected by this issue is the function setWiFiBasicConfig of the file wireless.so of the component Web Management …

May 31, 2026
CVE-2026-10186
7.3 HIGH

A security vulnerability has been detected in code-projects Online Hospital Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /patient.php. …

May 31, 2026
CVE-2026-10185
7.3 HIGH

A weakness has been identified in SourceCodester Hospitals Patient Records Management System 1.0. Affected is an unknown function of the file /classes/Users.php?f=save. This manipulation of …

May 31, 2026
CVE-2026-10184
7.3 HIGH

A security flaw has been discovered in SourceCodester Hospitals Patient Records Management System 1.0. This impacts an unknown function of the file /classes/Users.php?f=delete. The manipulation …

May 31, 2026
CVE-2026-10183
8.8 HIGH

A vulnerability was identified in TRENDnet TEW-432BRP 3.10B20. This affects the function formWlanSetup of the file /goform/formWlanSetup. The manipulation of the argument enrollee leads to …

May 31, 2026
CVE-2026-10182
6.3 MEDIUM

A vulnerability was determined in TRENDnet TEW-432BRP 3.10B20. The impacted element is the function formWlanSetup of the file /goform/formWlanSetup. Executing a manipulation of the argument …

May 31, 2026
CVE-2026-49490
8.1 HIGH

OpenCATS from version 0.9.1a contains an SQL injection vulnerability in DataGrid filter handling that allows authenticated attackers to inject SQL through crafted filters targeting the …

May 31, 2026
CVE-2026-49489
8.5 HIGH

OpenCATS through 0.9.7.4 contains a sql injection vulnerability in the sortDirection parameter of the DataGrid component that allows authenticated users to extract database contents. Attackers …

May 31, 2026
CVE-2026-10181
8.8 HIGH

A vulnerability was found in TRENDnet TEW-432BRP 3.10B20. The affected element is the function formSysCmd of the file /goform/formSysCmd. Performing a manipulation of the argument …

May 31, 2026
CVE-2026-10180
6.3 MEDIUM

A vulnerability has been found in TRENDnet TEW-432BRP 3.10B20. Impacted is the function formSysCmd of the file /goform/formSysCmd. Such manipulation of the argument sysCmd leads …

May 31, 2026
CVE-2026-10179
8.8 HIGH

A flaw has been found in TRENDnet TEW-432BRP 3.10B20. This issue affects the function formSetWlanEncrypt of the file /goform/formSetWlanEncrypt. This manipulation of the argument webpage …

May 31, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.