CVE Database

9215+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-58466
9.8 CRITICAL

AutoBangumi before 3.2.8 contains a hard-coded default credentials vulnerability that allows unauthenticated attackers to authenticate as the administrator by using the publicly known default credentials …

Jul 2, 2026
CVE-2026-44935
9.9 CRITICAL

Missing validation of "valuesFrom" references in Helm Deployer of SUSE Rancher Fleet 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.15 …

Jul 2, 2026
CVE-2024-14037
9.8 CRITICAL

Redsea Cloud eHR contains an arbitrary file upload vulnerability that allows unauthenticated attackers to achieve remote code execution by uploading malicious files through the PtFjk.mob …

Jul 2, 2026
CVE-2022-50973
9.8 CRITICAL

Yonyou KSOA 9.0 contains an unauthenticated arbitrary file upload vulnerability in the com.sksoft.bill.ImageUpload servlet that allows unauthenticated attackers to upload arbitrary files by submitting a …

Jul 2, 2026
CVE-2026-58455
9.8 CRITICAL

Dockwatch through 0.6.567 contains an unauthenticated OS command injection vulnerability that allows remote attackers to execute arbitrary shell commands by exploiting a missing exit() after …

Jul 2, 2026
CVE-2026-56004
10.0 CRITICAL

A shellcode injection in the mercurial handler of the obs tar_scm source service before version 0.12.4 could be used by attackers able to provide a …

Jul 2, 2026
CVE-2026-55116
9.0 CRITICAL

A malicious actor with access to the network and under certain network configurations could exploit an Improper Access Control vulnerability found in certain devices running …

Jul 2, 2026
CVE-2026-55115
9.9 CRITICAL

A malicious actor with access to the network and low privileges could exploit a Server-Side Request Forgery (SSRF) in UniFi Protect Application to escalate privileges …

Jul 2, 2026
CVE-2026-54402
9.9 CRITICAL

A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in UniFi OS to execute a …

Jul 2, 2026
CVE-2026-54400
9.1 CRITICAL

A malicious actor with access to the network and high privileges could exploit an Improper Access Control vulnerability found in UniFi Access Application to escalate …

Jul 2, 2026
CVE-2026-50748
9.9 CRITICAL

A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in UniFi Access Application to execute …

Jul 2, 2026
CVE-2026-50747
9.9 CRITICAL

A malicious actor with access to the network and low privileges could exploit a series of authenticated SQL Injection vulnerabilities found in UniFi Talk Application …

Jul 2, 2026
CVE-2026-50746
10.0 CRITICAL

A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi Connect Application to execute a Command Injection …

Jul 2, 2026
CVE-2026-4767
9.8 CRITICAL

Missing authentication for critical function vulnerability in TR7 Cyber ​​Defense Inc. WAF-ASP allows Authentication Abuse. This issue affects WAF-ASP: from v1.0.324.900 before v1.4.0.117.

Jul 2, 2026
CVE-2026-5524
9.8 CRITICAL

The Divi Form Builder plugin for WordPress is vulnerable to Arbitrary File Upload leading to Remote Code Execution in all versions up to and including …

Jul 2, 2026
CVE-2026-57683
9.3 CRITICAL

Unauthenticated SQL Injection in WP Fast Total Search <= 1.80.280 versions.

Jul 2, 2026
CVE-2026-57679
9.3 CRITICAL

Unauthenticated SQL Injection in GeekyBot <= 1.2.5 versions.

Jul 2, 2026
CVE-2026-57677
9.8 CRITICAL

Unauthenticated PHP Object Injection in Novalnet Payment Gateway for WooCommerce <= 12.10.3 versions.

Jul 2, 2026
CVE-2026-57625
9.6 CRITICAL

Unauthenticated Cross Site Scripting (XSS) in Admin and Site Enhancements (ASE) Pro <= 8.8.5 versions.

Jul 2, 2026
CVE-2026-57624
10.0 CRITICAL

Unauthenticated Remote Code Execution (RCE) in Blocksy Companion Pro <= 2.1.46 versions.

Jul 2, 2026
CVE-2026-57623
9.0 CRITICAL

Unauthenticated Arbitrary Code Execution in W3 Total Cache <= 2.9.4 versions.

Jul 2, 2026
CVE-2026-57621
9.8 CRITICAL

Unauthenticated PHP Object Injection in Booktics <= 1.0.21 versions.

Jul 2, 2026
CVE-2026-27436
9.1 CRITICAL

Editor Arbitrary Code Execution in Five Star Business Profile and Schema <= 2.3.19 versions.

Jul 2, 2026
CVE-2026-27419
9.9 CRITICAL

Subscriber Arbitrary File Upload in Zegen <= 1.1.9 versions.

Jul 2, 2026
CVE-2026-14425
9.6 CRITICAL

Use after free in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML …

Jul 1, 2026
CVE-2026-14424
9.6 CRITICAL

Use after free in Dawn in Google Chrome on Mac prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a …

Jul 1, 2026
CVE-2026-14423
9.6 CRITICAL

Type Confusion in Tint in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. …

Jul 1, 2026
CVE-2026-14420
9.6 CRITICAL

Out of bounds read and write in Dawn in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via …

Jul 1, 2026
CVE-2026-14419
9.6 CRITICAL

Use after free in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML …

Jul 1, 2026
CVE-2026-14417
9.6 CRITICAL

Use after free in Dawn in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML …

Jul 1, 2026
CVE-2026-14416
9.6 CRITICAL

Out of bounds read in Dawn in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted …

Jul 1, 2026
CVE-2026-14411
9.6 CRITICAL

Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a …

Jul 1, 2026
CVE-2026-14405
9.6 CRITICAL

Uninitialized Use in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML …

Jul 1, 2026
CVE-2026-14398
9.6 CRITICAL

Use after free in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML …

Jul 1, 2026
CVE-2026-14397
9.6 CRITICAL

Out of bounds write in ANGLE in Google Chrome on Mac prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via …

Jul 1, 2026
CVE-2026-14392
9.6 CRITICAL

Out of bounds write in Tint in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted …

Jul 1, 2026
CVE-2026-14390
9.6 CRITICAL

Use after free in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML …

Jul 1, 2026
CVE-2026-14387
9.6 CRITICAL

Integer overflow in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. …

Jul 1, 2026
CVE-2026-14382
9.6 CRITICAL

Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a …

Jul 1, 2026
CVE-2026-52186
9.8 CRITICAL

SQL Injection vulnerability in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to execute arbitrary code via the gohead/sub_463bbc component

Jul 1, 2026
CVE-2026-58457
9.8 CRITICAL

Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02) contains an unauthenticated OS command injection vulnerability that allows network-adjacent attackers to execute arbitrary shell commands by …

Jul 1, 2026
CVE-2026-53492
9.6 CRITICAL

containerd is an open-source container runtime. In Versions prior to 2.3.2, 2.2.5 and 2.1.9, the CRI implementation improperly trusts Container Device Interface (CDI) annotations found …

Jul 1, 2026
CVE-2026-51947
9.8 CRITICAL

An issue in Pivotal CRM 6.6.4.08 and systems using patch-ghi-15381-cwe-502-20251225.zip (fixed in Pivotal CRM 6.6.5.10 and Patch_CWE502_20260316.zip) allows a remote attacker to execute arbitrary code …

Jul 1, 2026
CVE-2026-50195
9.9 CRITICAL

containerd is an open-source container runtime. Versions prior to 2.3.2, 2.2.5 and 2.1.9 contain a vulnerability in the CRI checkpoint import process where it fails …

Jul 1, 2026
CVE-2026-50160
10.0 CRITICAL

Hoppscotch is an API development ecosystem. In self-hosted deployments of hoppscotch-backend from version 2026.4.1 and earlier, the unauthenticated POST /v1/onboarding/config endpoint is vulnerable to mass …

Jul 1, 2026
CVE-2026-58521
9.8 CRITICAL

Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in The Wikimedia Foundation Mediawiki - Cargo Extension allows SQL Injection. This …

Jul 1, 2026
CVE-2026-58453
9.8 CRITICAL

JAIOTlink C492A-W6 Wi-Fi IP cameras running firmware 4.8.30.57701411 contain a hard-coded credentials vulnerability that allows network-adjacent attackers to gain unauthorized access by using the default …

Jul 1, 2026
CVE-2026-34117
9.8 CRITICAL

Guardian language-system passes the id GET parameter directly into a PHP exec() call in text_to_subtitles.php (line 19) without sanitization: exec(\"php jobs/text_to_subtitles.php \".$login_session.\" \".$_GET['id'].\" ...\"). No …

Jul 1, 2026
CVE-2026-34116
9.8 CRITICAL

Guardian language-system passes the id GET parameter directly into a PHP exec() call in transcribe.php (line 15) without sanitization: exec(\"php jobs/transcribe.php \".$login_session.\" \".$_GET['id'].\" ...\"). No …

Jul 1, 2026
CVE-2026-34115
9.8 CRITICAL

Guardian language-system passes the id GET parameter directly into a PHP exec() call in transcribe_amazon.php (line 15) without sanitization: exec(\"php jobs/transcribe_amazon.php \".$login_session.\" \".$_GET['id'].\" ...\"). No …

Jul 1, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.