CVE Database

109206+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-10058
4.8 MEDIUM

ITS Intelligent SCADA System developed by ITP Technology has a Stored Cross-Site Scripting vulnerability, allowing privileged remote attackers to inject persistent JavaScript codes that are …

May 29, 2026
CVE-2026-10057
4.8 MEDIUM

ITS Intelligent SCADA System developed by ITP Technology has a Stored Cross-Site Scripting vulnerability, allowing privileged remote attackers to inject persistent JavaScript codes that are …

May 29, 2026
CVE-2026-10056
7.5 HIGH

CORS misconfiguration in the REST API of Network Optix Nx Witness VMS before version 6.1.2, when running in the default Standard security mode, on Linux …

May 29, 2026
CVE-2026-10052
4.1 MEDIUM

A flaw was found in the Quay config-tool's LDAP and SMTP validation functions. An attacker with config editor access can exploit these functions, which make …

May 29, 2026
CVE-2026-10039
4.9 MEDIUM

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to generic SQL Injection via the 'order' parameter in all versions up to, and including, …

May 29, 2026
CVE-2026-9243
6.4 MEDIUM

The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'carousel_direction' parameter of the Carousel Anything widget in versions …

May 29, 2026
CVE-2026-4776
7.1 HIGH

An SQL injection vulnerability exists in Mautic's API contact filtering mechanism. Due to insufficient recursive sanitization of nested query parameters, an authenticated API user can …

May 29, 2026
CVE-2026-49322
4.3 MEDIUM

Weak authentication in the Wireless Control Module (WCM) of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker with read …

May 29, 2026
CVE-2026-3655
9.8 CRITICAL

The OTP Login With Phone Number, OTP Verification plugin for WordPress is vulnerable to authentication bypass in versions 1.8.50 through 1.8.60. This is due to …

May 29, 2026
CVE-2025-11262
7.2 HIGH

The Link Whisper Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user_id parameter in all versions up to, and including, 0.9.0 …

May 29, 2026
CVE-2026-9714
6.4 MEDIUM

The Simple Divi Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter of the [showmodule] shortcode in versions up to, …

May 29, 2026
CVE-2026-9493
6.5 MEDIUM

Service Center developed by BankPro E-Service Technology has an Insecure Direct Object Reference vulnerability, allowing authenticated remote attackers to modify the parameter of a specific …

May 29, 2026
CVE-2026-8732
9.8 CRITICAL

The WP Maps Pro plugin for WordPress is vulnerable to Privilege Escalation via Administrator Account Creation in all versions up to, and including, 6.1.0. This …

May 29, 2026
CVE-2026-6324
4.8 MEDIUM

A flaw was found in libsoup. A remote attacker could exploit an unsigned to signed conversion error in the `soup_body_input_stream_read_chunked()` function by sending a malicious …

May 29, 2026
CVE-2026-6275
6.4 MEDIUM

The StatCounter – Free Real Time Visitor Stats plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.1.1 This …

May 29, 2026
CVE-2025-14042
6.4 MEDIUM

The Automotive Car Dealership Business WordPress Theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Project Details' custom field in Portfolio Items in …

May 29, 2026
CVE-2025-11993
8.8 HIGH

The WooCommerce Infinite Scroll and Ajax Pagination plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.8 via …

May 29, 2026
CVE-2026-2128
5.3 MEDIUM

The Breeze plugin for WordPress is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor in all versions up to, and including, 2.5.2 This …

May 29, 2026
CVE-2026-8995
4.3 MEDIUM

The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to and including …

May 29, 2026
CVE-2026-7430
4.4 MEDIUM

The Post Snippets plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.0.19. This is due to insufficient …

May 29, 2026
CVE-2026-8070

Incorrect permission assignment for a critical resource in Armoury Crate allows a local user to bypass the driver’s validation mechanism, resulting in unauthorized read and …

May 29, 2026
CVE-2026-7480

An Incorrect Permission Assignment for Critical Resource vulnerability in ASUS System Control Interface allows a local user to elevate privileges to SYSTEM and execute arbitrary …

May 29, 2026
CVE-2026-6892
5.0 MEDIUM

Improper handling of symbolic links in the installer of CUPS Printer Driver for macOS(*) may allow a local attacker with login privileges to exploit a …

May 29, 2026
CVE-2026-6891
5.0 MEDIUM

Improper handling of symbolic links in the installer of My Image Garden for macOS Version 3.6.8 or earlier may allow a local attacker with login …

May 29, 2026
CVE-2026-9999
8.8 HIGH

Inappropriate implementation in ANGLE in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a …

May 28, 2026
CVE-2026-9998
8.3 HIGH

Integer overflow in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox …

May 28, 2026
CVE-2026-9997
8.3 HIGH

Use after free in Input in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a …

May 28, 2026
CVE-2026-9996
6.5 MEDIUM

Out of bounds read in WebRTC in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker to obtain potentially sensitive information from process …

May 28, 2026
CVE-2026-9995
8.8 HIGH

Use after free in WebXR in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted …

May 28, 2026
CVE-2026-9994
8.3 HIGH

Use after free in Core in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially …

May 28, 2026
CVE-2026-9993
8.3 HIGH

Use after free in Views in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a …

May 28, 2026
CVE-2026-9992
8.8 HIGH

Use after free in Network in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted …

May 28, 2026
CVE-2026-9991
3.1 LOW

Inappropriate implementation in Media in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to leak cross-origin …

May 28, 2026
CVE-2026-9990
7.5 HIGH

Use after free in WebAppInstalls in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker who convinced a user to engage in specific …

May 28, 2026
CVE-2026-9989
6.3 MEDIUM

Inappropriate implementation in Media in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to bypass same origin policy via a crafted video file. (Chromium …

May 28, 2026
CVE-2026-9988
8.3 HIGH

Use after free in WebRTC in Google Chrome on Linux prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a …

May 28, 2026
CVE-2026-9987
7.8 HIGH

Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior to 148.0.7778.216 allowed a local attacker to execute arbitrary code via a …

May 28, 2026
CVE-2026-9986
4.2 MEDIUM

Insufficient validation of untrusted input in OptimizationGuide in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to perform …

May 28, 2026
CVE-2026-9985
5.3 MEDIUM

Insufficient validation of untrusted input in Media in Google Chrome on ChromeOS prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process …

May 28, 2026
CVE-2026-9984
8.8 HIGH

Use after free in UI in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted HTML …

May 28, 2026
CVE-2026-9983
8.8 HIGH

Type Confusion in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML …

May 28, 2026
CVE-2026-9982
8.3 HIGH

Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially …

May 28, 2026
CVE-2026-9981
6.5 MEDIUM

Inappropriate implementation in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted …

May 28, 2026
CVE-2026-9980
5.0 MEDIUM

Insufficient validation of untrusted input in Printing in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to bypass …

May 28, 2026
CVE-2026-9979
5.0 MEDIUM

Insufficient validation of untrusted input in Input in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to bypass …

May 28, 2026
CVE-2026-9978
8.8 HIGH

Use after free in Glic in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted …

May 28, 2026
CVE-2026-9977
8.3 HIGH

Insufficient validation of untrusted input in WebShare in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process …

May 28, 2026
CVE-2026-9976
8.8 HIGH

Inappropriate implementation in USB in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security …

May 28, 2026
CVE-2026-9975
8.3 HIGH

Out of bounds read and write in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to …

May 28, 2026
CVE-2026-9974
8.3 HIGH

Out of bounds write in GPU in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform …

May 28, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.