CVE Database

4399+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-56369
3.7 LOW

ImageMagick before 7.1.2-22 contains an information disclosure vulnerability in the PasskeyEncipherImage method due to AES-CTR nonce reuse. Attackers can exploit nonce reuse in the cipher …

Jun 30, 2026
CVE-2026-56365
3.7 LOW

ImageMagick before 7.1.2-19 contains a memory leak vulnerability in the PNG encoder when writing MNG images. Attackers can trigger the encoder failure condition to exhaust …

Jun 30, 2026
CVE-2026-56364
1.9 LOW

ImageMagick before 7.1.2-13 contains a memory leak vulnerability in LoadOpenCLDeviceBenchmark() function when parsing malformed OpenCL device profile XML files with unclosed device elements. Attackers with …

Jun 30, 2026
CVE-2026-56363
3.3 LOW

ImageMagick before 7.1.2-22 contains a division by zero vulnerability in binomial kernel processing that allows attackers to cause denial of service. An attacker can supply …

Jun 30, 2026
CVE-2026-56361
3.3 LOW

ImageMagick before 7.1.2-19 contains an off-by-one error in morphology validation allowing out-of-bounds heap buffer reads. Attackers can trigger heap buffer overflow by providing incorrect morphology …

Jun 30, 2026
CVE-2026-54696
3.7 LOW

Ruby JSON is a JSON implementation for Ruby. Versions 2.9.0 through 2.19.8 are vulnerable to heap buffer overflow when the JSON generator is provided with …

Jun 30, 2026
CVE-2026-13982
3.1 LOW

Incorrect security UI in Passwords in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform UI spoofing …

Jun 30, 2026
CVE-2026-13963
3.1 LOW

Inappropriate implementation in DevTools in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to …

Jun 30, 2026
CVE-2026-13955
3.3 LOW

Insufficient validation of untrusted input in CustomTabs in Google Chrome on Android prior to 150.0.7871.47 allowed a local attacker to perform UI spoofing via a …

Jun 30, 2026
CVE-2026-13948
3.1 LOW

Insufficient policy enforcement in Extensions in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to perform …

Jun 30, 2026
CVE-2026-13945
3.1 LOW

Insufficient policy enforcement in Extensions in Google Chrome on Linux prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension …

Jun 30, 2026
CVE-2026-13944
3.1 LOW

Inappropriate implementation in DataTransfer in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI …

Jun 30, 2026
CVE-2026-13942
3.3 LOW

Inappropriate implementation in Video Capture in Google Chrome on ChromeOS prior to 150.0.7871.47 allowed a local attacker to perform UI spoofing via a crafted HTML …

Jun 30, 2026
CVE-2026-13939
3.1 LOW

Insufficient validation of untrusted input in WebShare in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process …

Jun 30, 2026
CVE-2026-9836
3.5 LOW

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information disclosure vulnerability.

Jun 30, 2026
CVE-2026-58371
3.1 LOW

SeaweedFS before 4.30 reflects the callback query parameter verbatim into responses served with Content-Type application/javascript in the shared writeJson helper (weed/server/common.go), with no callback-name validation, …

Jun 30, 2026
CVE-2026-10654
3.1 LOW

A race condition in the Zephyr Bluetooth Classic RFCOMM host stack (subsys/bluetooth/host/classic/rfcomm.c) mishandles a simultaneous bidirectional session disconnect. When the local device has initiated a …

Jun 30, 2026
CVE-2026-13758
3.7 LOW

CryptX versions before 0.088_001 for Perl compare AEAD authentication tags in non-constant time in the streaming decrypt_done path. The decrypt_done($tag) form compares it against the …

Jun 29, 2026
CVE-2026-57946
3.7 LOW

Invidious before version 2.20260626.0 contains a broken access control vulnerability that allows unauthenticated attackers to retrieve private playlist contents by accessing the RSS feed playlist …

Jun 29, 2026
CVE-2026-13746
3.6 LOW

Improper neutralization of local CLI parameters in Snowflake CLI versions prior to 3.19 allowed unintended SQL execution. A user could trigger this issue by supplying …

Jun 29, 2026
CVE-2026-13587
3.7 LOW

A vulnerability was found in seladb PcapPlusPlus 25.05. The affected element is the function parse_by_block_type of the file light_pcapng.c of the component LightPcapNg Parser. Performing …

Jun 29, 2026
CVE-2026-13574
3.3 LOW

A vulnerability was determined in llvm llvm-project up to 22.1.6. This impacts the function GCRelocateInst::getBasePtr in the library llvm/lib/IR/IntrinsicInst.cpp of the component Bitcode File Handler. …

Jun 29, 2026
CVE-2026-13573
3.3 LOW

A vulnerability was found in llvm llvm-project up to 22.1.6. This affects the function llvm::StringMap::insert in the library /lib/IR/ValueSymbolTable.cpp of the component ValueSymbolTable Module. The …

Jun 29, 2026
CVE-2026-13570
3.5 LOW

A vulnerability was detected in SourceCodester Inventory Management System 1.0. Impacted is an unknown function of the file /api/users_handler.php of the component User Registration Endpoint. …

Jun 29, 2026
CVE-2026-13558
3.5 LOW

A security flaw has been discovered in CodeAstro Complaint Management System 1.0. This issue affects some unknown processing of the file /report/addreport of the component …

Jun 29, 2026
CVE-2025-0824
3.7 LOW

Lack of validation for firmware update in Hitachi Hitachi Virtual Storage Platform One Block 23, 24, 26, 28. This issue affects Hitachi Virtual Storage Platform …

Jun 29, 2026
CVE-2026-13523
3.3 LOW

A weakness has been identified in GPAC up to 26.02.0. This affects an unknown part of the file src/utils/base_encoding.c of the component ISOBMFF Parser. Executing …

Jun 29, 2026
CVE-2026-13514
2.4 LOW

A weakness has been identified in Chess Play and Learn App up to 4.9.42 on Android. This issue affects some unknown processing of the file …

Jun 29, 2026
CVE-2026-13511
3.1 LOW

A vulnerability was determined in VoltAgent up to 2.1.17. Affected by this issue is the function handleGetMemoryConversation of the file packages/server-core/src/handlers/memory.handlers.ts of the component Memory …

Jun 28, 2026
CVE-2026-13510
3.7 LOW

A vulnerability was found in SimStudioAI sim up to 0.6.92. Affected by this vulnerability is an unknown functionality in the library apps/sim/lib/core/security/deployment.ts of the component …

Jun 28, 2026
CVE-2026-13504
3.5 LOW

A vulnerability has been found in code-projects Project Management System 1.0. This vulnerability affects unknown code of the file /mail.php of the component Mail Compose …

Jun 28, 2026
CVE-2026-13493
3.1 LOW

A flaw has been found in AIDC-AI ComfyUI-Copilot up to 2.0.28. This issue affects some unknown processing of the file backend/controller/conversation_api.py of the component Workflow …

Jun 28, 2026
CVE-2026-13491
3.7 LOW

A vulnerability was detected in 78 xiaozhi-esp32 up to 2.2.6. This vulnerability affects the function Application::GetInstance of the file main/protocols/mqtt_protocol.cc of the component MQTT Goodbye …

Jun 28, 2026
CVE-2026-13490
3.7 LOW

A security vulnerability has been detected in glpi-project glpi 11.0.5/11.0.6/11.0.7. This affects the function Document::canViewFile of the file front/document.send.php of the component Document Handler. Such …

Jun 28, 2026
CVE-2026-13489
3.1 LOW

A weakness has been identified in 78 xiaozhi-esp32 up to 2.2.6. Affected by this issue is the function ParseMessage of the file main/mcp_server.cc of the …

Jun 28, 2026
CVE-2026-13483
3.1 LOW

A flaw has been found in arc53 DocsGPT up to 0.18.0. The affected element is the function encrypt_credentials of the file application/security/encryption.py of the component …

Jun 28, 2026
CVE-2026-13482
3.7 LOW

A vulnerability was detected in skypilot-org skypilot up to 0.12.0. Impacted is the function username.encode of the file sky/users/server.py of the component User ID Handler. …

Jun 28, 2026
CVE-2026-58052
3.3 LOW

7-Zip for Windows through 26.02 fails to preserve the Mark-of-the-Web when extracting a crafted RAR5 archive, because its guard that suppresses an archive-supplied Zone.Identifier stream …

Jun 28, 2026
CVE-2026-3472
3.5 LOW

Mattermost versions 10.11.x <= 10.11.18, 11.6.x <= 11.6.3, 11.5.x <= 11.5.6 fail to properly apply markdown image rendering restrictions to AI bot tool result posts, …

Jun 26, 2026
CVE-2026-57926
2.6 LOW

In JetBrains YouTrack before 2026.2.16593 the websandbox bridge was vulnerable to a prototype pollution attack

Jun 26, 2026
CVE-2026-57922
3.1 LOW

In JetBrains YouTrack before 2026.2.16593 project settings disclosure via the MCP was possible

Jun 26, 2026
CVE-2026-48936
3.3 LOW

A flaw in Node.js Permission API can cause a local server to be started (via a Unix domain socket), even without the `--allow-net` permission. This …

Jun 26, 2026
CVE-2026-48935
3.3 LOW

A flaw in Node.js Permission API can cause a file metadata to be modified even on a path that was set as read-only with e.g. …

Jun 26, 2026
CVE-2026-13322
3.8 LOW

A flaw was found in KubeVirt's downward metrics virtio-serial server. The server reads guest requests using textproto.Reader.ReadLine(), which buffers input indefinitely until a newline character …

Jun 26, 2026
CVE-2026-57522
3.5 LOW

Bitwarden Server before 2026.5.0 contains a JSON injection vulnerability in IntegrationTemplateProcessor.ReplaceTokens(), which substitutes user-controlled values into event-integration templates without JSON encoding. When an organization has …

Jun 25, 2026
CVE-2026-48940
3.4 LOW

A Joomla user with K2 "create item" rights (Author tier by default) can submit an article whose `embedVideo` POST field contains a raw `<script>` tag; …

Jun 25, 2026
CVE-2026-57588
3.3 LOW

A SQL injection vulnerability in Nessus allows an attacker to craft a malicious scan result file that, when imported by a privileged user, injects malicious …

Jun 25, 2026
CVE-2026-57234
2.6 LOW

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, the NONET parse option, which Nokogiri turns on …

Jun 25, 2026
CVE-2026-12755
2.7 LOW

Improper input validation in the PAM AD discovery endpoints in Devolutions Server 2026.2.4.0 through 2026.2.7.0 allows an authenticated user with the UserGroupsView permission to coerce …

Jun 25, 2026
CVE-2026-42004
3.7 LOW

An attacker can send a crafted EDNS OPT record that will be ignored by DNSdist’s filtering rules, but will be rewritten as a valid OPT …

Jun 25, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.