CVE Database

109206+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-44285
7.7 HIGH

FastGPT is an AI Agent building platform. Prior to 4.15.0-beta1, a Server-Side Request Forgery (SSRF) vulnerability allows an authenticated attacker to bypass the global isInternalAddress …

May 29, 2026
CVE-2026-42500
5.3 MEDIUM

Decoding a paletted BMP file with an out-of-range palette index results in a panic when accessing pixels in the invalid image.

May 29, 2026
CVE-2026-34127
4.8 MEDIUM

A stored cross-site scripting (XSS) vulnerability has been identified in the web management interface of TP-Link's TL-SG108PE v5 switch due to improper sanitation of the …

May 29, 2026
CVE-2026-9051
9.1 CRITICAL

There is an authentication bypass vulnerability in the NI SystemLink Enterprise Dashboard application that may allow an unauthenticated remote attacker to bypass authentication controls leading …

May 29, 2026
CVE-2026-49386
6.5 MEDIUM

In JetBrains YouTrack before 2026.1.13570 improper access control allowed enumeration of restricted issues and articles on Planning Canvas

May 29, 2026
CVE-2026-49385
6.5 MEDIUM

In JetBrains YouTrack before 2026.1.13570 improper access control allowed low-privileged users to modify service accounts

May 29, 2026
CVE-2026-49384
6.1 MEDIUM

In JetBrains PyCharm before 2025.3.4 stored XSS in Jupyter notebook Markdown cells was possible

May 29, 2026
CVE-2026-49383
3.3 LOW

In JetBrains IntelliJ IDEA before 2026.1 xXE in the UI Designer form parser was possible

May 29, 2026
CVE-2026-49382
4.5 MEDIUM

In JetBrains IntelliJ IDEA before 2026.1 code execution was possible via template injection in the Copyright plugin

May 29, 2026
CVE-2026-49381
3.4 LOW

In JetBrains TeamCity before 2026.1 stored XSS on the SAML login page was possible

May 29, 2026
CVE-2026-49380
3.1 LOW

In JetBrains TeamCity before 2026.1 open redirect in the SAML plugin was possible

May 29, 2026
CVE-2026-49379
6.5 MEDIUM

In JetBrains TeamCity before 2026.1 credentials could be exposed in thread names

May 29, 2026
CVE-2026-49378
4.3 MEDIUM

In JetBrains TeamCity before 2026.1 credentials parameters were exposed via parameter autocompletion

May 29, 2026
CVE-2026-49377
4.3 MEDIUM

In JetBrains TeamCity before 2025.11.2 exposure of sensitive data via default agent parameters

May 29, 2026
CVE-2026-49376
6.5 MEDIUM

In JetBrains TeamCity before 2026.1 insufficient username validation in the SAML plugin

May 29, 2026
CVE-2026-49375
6.1 MEDIUM

In JetBrains TeamCity before 2026.1, 2025.11.5 reflected XSS was possible on the repository download page

May 29, 2026
CVE-2026-49374
7.6 HIGH

In JetBrains TeamCity before 2026.1 improper permission checks exposed build configuration parameters

May 29, 2026
CVE-2026-49373
7.1 HIGH

In JetBrains TeamCity before 2026.1 remote code execution was possible via Perforce connection settings

May 29, 2026
CVE-2026-49372
7.5 HIGH

In JetBrains TeamCity before 2026.1, 2025.11.5 unauthenticated SSRF via build status was possible

May 29, 2026
CVE-2026-49371
7.1 HIGH

In JetBrains TeamCity before 2026.1.1 reflected XSS in the keyword filter was possible

May 29, 2026
CVE-2026-49370
3.4 LOW

In JetBrains YouTrack before 2026.1.13162 information disclosure was possible on fetchApp requests

May 29, 2026
CVE-2026-49369
4.3 MEDIUM

In JetBrains YouTrack before 2026.1.13162 information disclosure was possible on Users and Groups pages

May 29, 2026
CVE-2026-49368
8.7 HIGH

In JetBrains YouTrack before 2026.1.13162 stored XSS in project notification templates was possible

May 29, 2026
CVE-2026-49367
8.0 HIGH

In JetBrains IntelliJ IDEA before 2026.1.1 command execution was possible via the guest user account

May 29, 2026
CVE-2026-49366
7.8 HIGH

In JetBrains IntelliJ IDEA before 2026.1.1 command injection was possible via filename completion

May 29, 2026
CVE-2026-47745
6.5 MEDIUM

Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, the admin tables for PaymentMethods, Currencies and Carriers exposed inline toggles and per-record actions (enable, …

May 29, 2026
CVE-2026-47744
9.9 CRITICAL

Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, two distinct authorization defects in the team settings allowed any authenticated panel user to take …

May 29, 2026
CVE-2026-47742
6.5 MEDIUM

Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, Sub-form Livewire components used in the product editor (Edit, Inventory, Seo, Shipping, Files) had no …

May 29, 2026
CVE-2026-47741
5.9 MEDIUM

Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, CreateOrderFromCartAction::execute previously created the Order row before checking and incrementing the discount's total_use counter. Under …

May 29, 2026
CVE-2026-47740
8.1 HIGH

Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, Multiple Filament actions on the admin Order detail and Order shipments table were callable by …

May 29, 2026
CVE-2026-46372
8.5 HIGH

SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. …

May 29, 2026
CVE-2026-46344
5.3 MEDIUM

liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. Prior to 0.16.0, an out-of-bounds read has been identified in the XMSS …

May 29, 2026
CVE-2026-44652

SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. …

May 29, 2026
CVE-2026-44651

SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. …

May 29, 2026
CVE-2026-44650
9.1 CRITICAL

SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. …

May 29, 2026
CVE-2026-44649
9.8 CRITICAL

SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. …

May 29, 2026
CVE-2026-44648
7.5 HIGH

SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. …

May 29, 2026
CVE-2026-44611
5.4 MEDIUM

Danelec MacGregor Voyage Data Recorder passwords are stored with a hashing method which limits password length and is susceptible to brute force attacks.

May 29, 2026
CVE-2026-44518
5.3 MEDIUM

liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. Prior to 0.16.0, an out-of-bounds read has been identified in the XMSS …

May 29, 2026
CVE-2026-42951
5.4 MEDIUM

An authenticated user can download a backup of the Danelec MacGregor Voyage Data Recorder device which includes account data and password hashes.

May 29, 2026
CVE-2026-42941
8.3 HIGH

The Danelec MacGregor Voyage Data Recorder device includes a default username and password, with no enforced password change.

May 29, 2026
CVE-2026-42929
8.3 HIGH

Danelec MacGregor Voyage Data Recorder includes default accounts with hard-coded credentials.

May 29, 2026
CVE-2026-40425
5.7 MEDIUM

The administrator account for the Danelec MacGregor Voyage Data Recorder web interface can directly edit sensitive files related to authentication, potentially changing the root password.

May 29, 2026
CVE-2026-7786
9.8 CRITICAL

Jinan USR IOT Technology Limited (PUSR) USR-W610 RS232/485 to Wi-Fi/Ethernet Converter device firmware contains plaintext administrative credentials embedded in the firmware image. These credentials can …

May 29, 2026
CVE-2026-6824
8.4 HIGH

A stored cross-site scripting (XSS) vulnerability exists in certain 1xxx series NVR devices due to insufficient sanitization of user-supplied input in specific functional modules. Attackers …

May 29, 2026
CVE-2026-5768
8.8 HIGH

The Frontier X2 device allows unauthenticated BLE read/write access to critical GATT characteristics without enforcing pairing authentication or authorization. This allows attackers within BLE range …

May 29, 2026
CVE-2026-5386
9.1 CRITICAL

The affected KMW CCTV Security Cameras are vulnerable to a critical unauthenticated password reset. This flaw allows an attacker to remotely reset the administrator password …

May 29, 2026
CVE-2026-47179
7.7 HIGH

Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.19.4, ProjectService.GetProjectFileContent returns the contents of any Docker Compose include directive …

May 29, 2026
CVE-2026-47125
8.8 HIGH

Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.19.2, the PUT /api/environments/{id}/templates/variables endpoint, which writes the system-wide .env.global file …

May 29, 2026
CVE-2026-45668

Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. Prior to 0.102.2, a malicious ZIP archive imported with …

May 29, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.