CVE Database

36304+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-57456
7.8 HIGH

Vim is an open source, command line text editor. Prior to 9.2.0699, Vim's Python omni-completion (runtime/autoload/python3complete.vim and the legacy pythoncomplete.vim) executes reconstructed function and class …

Jun 25, 2026
CVE-2026-57455
7.8 HIGH

Vim is an open source, command line text editor. Prior to 9.2.0698, the single-byte branch of spell_soundfold_sofo() in src/spell.c translates a word through a spell …

Jun 25, 2026
CVE-2026-55895
7.8 HIGH

Vim is an open source, command line text editor. Prior to 9.2.0663, a Vimscript code injection vulnerability exists in s:NetrwLocalRmFile() in the netrw plugin (runtime/pack/dist/opt/netrw/autoload/netrw.vim) …

Jun 25, 2026
CVE-2026-55693
7.8 HIGH

Vim is an open source, command line text editor. Prior to 9.2.0653, the tree_count_words() function in src/spellfile.c fills in the word-count fields of a spell-file …

Jun 25, 2026
CVE-2026-55477
7.2 HIGH

3X-UI is a web control panel for managing Xray-core servers. Prior to 3.3.1, an authenticated administrator can abuse the database import functionality to achieve arbitrary …

Jun 25, 2026
CVE-2026-12844
7.5 HIGH

List::SomeUtils::XS versions before 0.59 for Perl have a heap buffer overflow in the pairwise function. pairwise() collects the values returned by the block into a …

Jun 25, 2026
CVE-2026-57435
7.5 HIGH

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri’s CRuby native extension could leave a Ruby …

Jun 25, 2026
CVE-2026-57434
7.5 HIGH

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri contains a bug when calling certain methods …

Jun 25, 2026
CVE-2026-57236
8.2 HIGH

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, calling Document#encoding= with an invalid encoding (e.g., a …

Jun 25, 2026
CVE-2026-57235
8.2 HIGH

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::NodeSet#[] (and its alias #slice) checked the requested …

Jun 25, 2026
CVE-2026-46735
7.8 HIGH

Dell Display and Peripheral Manager (DDPM Mac), versions prior to 2.3, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command …

Jun 25, 2026
CVE-2026-56122
7.5 HIGH

Winstone Servlet Engine through 0.9.10 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by sending HTTP GET requests with dot-dot-slash …

Jun 25, 2026
CVE-2026-56071
7.1 HIGH

Unauthenticated Cross Site Scripting (XSS) in Forminator <= 1.53.1 versions.

Jun 25, 2026
CVE-2026-56054
7.7 HIGH

Subscriber Arbitrary File Deletion in JS Help Desk <= 3.1.1 versions.

Jun 25, 2026
CVE-2026-56053
8.8 HIGH

Subscriber PHP Object Injection in EventPrime <= 4.3.4.1 versions.

Jun 25, 2026
CVE-2026-56051
7.1 HIGH

Unauthenticated Cross Site Scripting (XSS) in TablePress <= 3.3.1 versions.

Jun 25, 2026
CVE-2026-56049
8.5 HIGH

Contributor Remote Code Execution (RCE) in Post Snippets <= 4.0.19 versions.

Jun 25, 2026
CVE-2026-56042
7.1 HIGH

Customer Cross Site Scripting (XSS) in Advanced Order Export For WooCommerce <= 4.0.9 versions.

Jun 25, 2026
CVE-2026-56014
7.1 HIGH

Unauthenticated Cross Site Scripting (XSS) in Master Slider <= 3.11.2 versions.

Jun 25, 2026
CVE-2026-56006
7.1 HIGH

Unauthenticated Cross Site Scripting (XSS) in H5P <= 1.17.6 versions.

Jun 25, 2026
CVE-2026-56005
7.1 HIGH

Subscriber Cross Site Scripting (XSS) in WP Activity Log <= 5.6.3.1 versions.

Jun 25, 2026
CVE-2026-54848
8.3 HIGH

Insertion of Sensitive Information Into Sent Data vulnerability in Saad Iqbal APIExperts Square for WooCommerce allows Retrieve Embedded Sensitive Data. This issue affects APIExperts Square …

Jun 25, 2026
CVE-2026-54845
8.1 HIGH

Unauthenticated Local File Inclusion in MDTF <= 1.3.8 versions.

Jun 25, 2026
CVE-2026-54844
7.5 HIGH

Unauthenticated Broken Access Control in CheckView Automated Testing <= 2.1.0 versions.

Jun 25, 2026
CVE-2026-54842
8.1 HIGH

Missing Authorization vulnerability in Royal Plugins Royal MCP allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Royal MCP: from n/a through 1.4.25.

Jun 25, 2026
CVE-2026-54841
7.5 HIGH

Unauthenticated Sensitive Data Exposure in Vitepos <= 3.4.2 versions.

Jun 25, 2026
CVE-2026-54838
8.5 HIGH

Subscriber SQL Injection in WC Vendors Marketplace <= 2.6.8 versions.

Jun 25, 2026
CVE-2026-54830
7.5 HIGH

Unauthenticated Broken Access Control in Five Star Restaurant Reservations <= 2.7.19 versions.

Jun 25, 2026
CVE-2026-54829
7.5 HIGH

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Jacob N. Breetvelt WP Photo Album Plus allows Blind SQL Injection. …

Jun 25, 2026
CVE-2026-54828
7.5 HIGH

Unauthenticated Broken Access Control in Motors <= 1.4.109 versions.

Jun 25, 2026
CVE-2026-54822
8.5 HIGH

Subscriber SQL Injection in SALESmanago & Leadoo <= 3.11.2 versions.

Jun 25, 2026
CVE-2026-54821
7.4 HIGH

Subscriber Sensitive Data Exposure in Visual Link Preview <= 2.3.1 versions.

Jun 25, 2026
CVE-2026-49506
7.2 HIGH

Dell Wyse Management Suite, versions prior to WMS 5.5 HF1, contain an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability. A …

Jun 25, 2026
CVE-2026-47151
7.1 HIGH

In EmberZNet v9.0.2 and earlier, malformed ClearWeekdaySchedule messages can trigger out-of-bounds writes into Door Lock schedule state. The size and location of this data is …

Jun 25, 2026
CVE-2026-47150
7.1 HIGH

In EmberZNet v9.0.2 and earlier, malformed IAS Zone enrollment messages can trigger an out-of-bounds state-table write and terminate the process. The size and location of …

Jun 25, 2026
CVE-2026-47147
7.1 HIGH

In EmberZNet v9.0.2 and earlier, malformed OTA requests can drive the OTA server parser into out-of-bounds reads. A limited amount of data from RAM is …

Jun 25, 2026
CVE-2026-46734
7.3 HIGH

Dell Display and Peripheral Manager (DDPM Mac), versions prior to 2.3, contain an Improper Certificate Validation vulnerability. A low privileged attacker with local access could …

Jun 25, 2026
CVE-2026-46733
7.8 HIGH

Dell Display and Peripheral Manager (DDPM Windows), versions prior to 2.3, contain an Improper Access Control vulnerability. A low privileged attacker with local access could …

Jun 25, 2026
CVE-2026-27366
7.5 HIGH

Unauthenticated Broken Access Control in MainWP Child <= 6.1.1 versions.

Jun 25, 2026
CVE-2026-33612
7.5 HIGH

A malicious authoritative server can send a crafted zone via the ZoneToCache function that leads to cache poisoning.

Jun 25, 2026
CVE-2026-53277
8.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Take the SRCU lock for page table walks in fault injection and AT …

Jun 25, 2026
CVE-2026-53276
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ISO: Fix a use-after-free of the hci_conn pointer In iso_sock_rebind_bc(), the bis pointer is …

Jun 25, 2026
CVE-2026-53275
8.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: ipv6: mcast: Fix use-after-free when processing MLD queries When processing an MLD query, a pointer …

Jun 25, 2026
CVE-2026-53273
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: tee: optee: prevent use-after-free when the client exits before the supplicant Commit 70b0d6b0a199 ("tee: optee: …

Jun 25, 2026
CVE-2026-53270
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: ipvs: clear the svc scheduler ptr early on edit ip_vs_edit_service() while unbinding the old scheduler …

Jun 25, 2026
CVE-2026-53268
8.2 HIGH

In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack_irc: fix possible out-of-bounds read When parsing fails after we've matched the command string …

Jun 25, 2026
CVE-2026-53267
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_ct: bail out on template ct in get eval I noticed this issue while …

Jun 25, 2026
CVE-2026-53266
8.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: netfilter: bridge: make ebt_snat ARP rewrite writable The ebtables SNAT target keeps the Ethernet source …

Jun 25, 2026
CVE-2026-53265
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: dm cache policy smq: check allocation under invalidate lock commit 2d1f7b65f5de ("dm cache policy smq: …

Jun 25, 2026
CVE-2026-53264
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: net/sched: act_api: use RCU with deferred freeing for action lifecycle When NEWTFILTER and DELFILTER are …

Jun 25, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.