CVE Database

9215+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-44985
9.6 CRITICAL

Dozzle is a realtime log viewer for docker containers. Prior to 10.5.2, he WebSocket upgrader for the /exec and /attach endpoints uses CheckOrigin: func(r *http.Request) …

May 26, 2026
CVE-2026-9642
9.8 CRITICAL

There is a mitigation bypass / (incomplete fix) for CVE-2025-62582 (Unauthenticated Remote Database Access) An unauthenticated remote attacker can access configured databases in a DIAView …

May 26, 2026
CVE-2026-44451
9.3 CRITICAL

Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the component override system transpiles user-supplied TSX via Sucrase and evaluates it with new Function, …

May 26, 2026
CVE-2026-44450
9.9 CRITICAL

Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the MCP server creation endpoint validates the command field against an allowlist of binary names …

May 26, 2026
CVE-2026-44449
9.1 CRITICAL

Lumiverse is a full-featured AI chat application. Prior to 0.9.7, when the primary toSmbPath(fullPath) call throws, the method falls back to a dirname/basename split and …

May 26, 2026
CVE-2026-44444
9.1 CRITICAL

Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the Spindle extension build pipeline calls bun install without the --ignore-scripts flag before running the …

May 26, 2026
CVE-2026-48689
9.8 CRITICAL

FastNetMon Community Edition through 1.2.9 contains an off-by-one heap-based buffer overflow in the dynamic_binary_buffer_t class (src/dynamic_binary_buffer.hpp). Five methods (append_dynamic_buffer, append_data_as_pointer, append_data_as_object_ptr, memcpy_from_ptr, memcpy_from_object_ptr) use an …

May 26, 2026
CVE-2026-3660
9.8 CRITICAL

IBM Engineering Lifecycle Management 7.0.3, 7.1.0, and 7.2.0 could allow an unauthenticated remote attacker to update server property files that would allow them to gain …

May 26, 2026
CVE-2026-9170
9.8 CRITICAL

IBM HTTP Server 8.5, and 9.0

May 26, 2026
CVE-2026-8633
9.8 CRITICAL

IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5, 9.0 IBM WebSphere Application Server and WebSphere Application Server Liberty are vulnerable to …

May 26, 2026
CVE-2026-7251
9.8 CRITICAL

Eppendorf BioFlo 320 is vulnerable to due to VNC server using a hard-coded password. If a remote attacker knows the network address of any BioFlo …

May 26, 2026
CVE-2026-46624
9.9 CRITICAL

Twenty is an open source CRM. From 1.7.7 through 1.16.7, a critical Remote Code Execution (RCE) vulnerability exists in Twenty CRM via a chained SQL …

May 26, 2026
CVE-2026-44668
9.8 CRITICAL

FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, AccessControlInterceptor, the authentication gate for all Struts2 actions, unconditionally calls invocation.invoke() without checking …

May 26, 2026
CVE-2026-48904
9.8 CRITICAL

An improper access check allows privelege escalation through the com_users group editing webservice endpoint.

May 26, 2026
CVE-2026-48902
9.8 CRITICAL

The password and username reset features created plain http links for https connections if the "Force SSL" flag wasn't explicitly set.

May 26, 2026
CVE-2026-48899
9.8 CRITICAL

An improper access check allows privilege escalation through the com_users batch task.

May 26, 2026
CVE-2026-48898
9.8 CRITICAL

An improper access check allows privilege escalation through the com_users batch task.

May 26, 2026
CVE-2026-48691
9.8 CRITICAL

FastNetMon Community Edition through 1.2.9 contains an integer overflow in the BGP AS_PATH attribute encoder. In src/bgp_protocol.hpp, the IPv4UnicastAnnounce::get_attributes() function computes attribute_length as 'sizeof(bgp_as_path_segment_element_t) + …

May 26, 2026
CVE-2026-45721
9.0 CRITICAL

Algernon is a small self-contained pure-Go web server. Prior to 1.17.7, when Algernon is asked for any URL path that resolves to a directory without …

May 26, 2026
CVE-2026-40383
9.8 CRITICAL

An improper validation of user-supplied input leads to a local file inclusion vulnerability.

May 26, 2026
CVE-2026-35223
9.8 CRITICAL

An improper access check allows unauthorized access to com_config webservice endpoints.

May 26, 2026
CVE-2026-35222
9.8 CRITICAL

Improperly validated order clauses lead to a SQL injection vulnerability in com_tags.

May 26, 2026
CVE-2026-35221
9.8 CRITICAL

Improperly built filter clauses lead to a SQL injection vulnerability in the search query for com_finder.

May 26, 2026
CVE-2026-48687
9.8 CRITICAL

FastNetMon Community Edition through 1.2.9 contains an OS command injection vulnerability in the Juniper router integration plugin. The _log() function in src/juniper_plugin/fastnetmon_juniper.php (lines 117-118) constructs …

May 26, 2026
CVE-2026-48686
9.8 CRITICAL

FastNetMon Community Edition through 1.2.9 contains a stack-based buffer overflow in the BGP NLRI (Network Layer Reachability Information) decoder. The function decode_bgp_subnet_encoding_ipv4_raw() in src/bgp_protocol.cpp reads …

May 26, 2026
CVE-2026-45247
9.8 CRITICAL KEV

Mirasvit Full Page Cache Warmer for Magento 2 before version 1.11.12 contains a PHP object injection vulnerability that allows unauthenticated attackers to achieve remote code …

May 26, 2026
CVE-2026-9543
9.8 CRITICAL

A vulnerability has been found in Totolink N300RH 6.1c.1353_B20190305. Affected is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such …

May 26, 2026
CVE-2026-7374
9.9 CRITICAL

A flaw was found in KubeVirt's virt-handler component. This vulnerability allows an authenticated OpenShift user with edit permissions in a single namespace to exploit improper …

May 26, 2026
CVE-2026-42496
9.1 CRITICAL

Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory. _make_special_file() passes the tar header's linkname to symlink() without …

May 26, 2026
CVE-2026-8376
9.8 CRITICAL

Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds. Perl_study_chunk in regcomp_study.c checked …

May 26, 2026
CVE-2026-42774
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Crocoblock JetEngine allows SQL Injection. This issue affects JetEngine: from n/a …

May 25, 2026
CVE-2026-42773
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in eMagicOne eMagicOne Store Manager allows Blind SQL Injection. This issue affects …

May 25, 2026
CVE-2026-9478
9.8 CRITICAL

A weakness has been identified in Totolink A8000RU 7.1cu.643_b20200521. Impacted is the function setParentalRules of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Executing …

May 25, 2026
CVE-2026-9477
9.8 CRITICAL

A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function setAccessDeviceCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management …

May 25, 2026
CVE-2026-9476
9.8 CRITICAL

A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such …

May 25, 2026
CVE-2026-9475
9.8 CRITICAL

A vulnerability was determined in Totolink A8000RU 7.1cu.643_b20200521. This affects the function setIpQosRules of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. This manipulation …

May 25, 2026
CVE-2026-9458
9.8 CRITICAL

A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. The impacted element is the function setWanCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. …

May 25, 2026
CVE-2026-9457
9.8 CRITICAL

A vulnerability was determined in Totolink A8000RU 7.1cu.643_b20200521. The affected element is the function UploadFirmwareFile of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. …

May 25, 2026
CVE-2026-9456
9.8 CRITICAL

A vulnerability was found in Totolink A8000RU 7.1cu.643_b20200521. Impacted is the function setOpenVpnCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. The manipulation …

May 25, 2026
CVE-2026-9455
9.8 CRITICAL

A vulnerability has been found in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function UploadOpenVpnCert of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. …

May 25, 2026
CVE-2026-9454
9.8 CRITICAL

A flaw has been found in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the function setOpenVpnCertGenerationCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. …

May 25, 2026
CVE-2026-9436
9.8 CRITICAL

A flaw has been found in Totolink A8000RU 7.1cu.643_b20200521. The impacted element is the function setL2tpServerCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management …

May 25, 2026
CVE-2026-9435
9.8 CRITICAL

A vulnerability was detected in Totolink A8000RU 7.1cu.643_b20200521. The affected element is the function setQosCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. …

May 25, 2026
CVE-2026-9434
9.8 CRITICAL

A security vulnerability has been detected in Totolink A8000RU 7.1cu.643_b20200521. Impacted is the function setWiFiWpsCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. …

May 25, 2026
CVE-2026-9433
9.8 CRITICAL

A weakness has been identified in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function setMacFilterRules of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. …

May 25, 2026
CVE-2026-9432
9.8 CRITICAL

A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the function setWiFiAdvancedCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management …

May 25, 2026
CVE-2026-2651
9.0 CRITICAL

A vulnerability in MLflow versions <=3.10.1.dev0 allows unauthorized access to multipart upload (MPU) endpoints when the `--serve-artifacts` mode is enabled. The authorization logic does not …

May 25, 2026
CVE-2026-9408
9.8 CRITICAL

A vulnerability was detected in Totolink A8000RU 7.1cu.643_b20200521. Affected by this issue is the function setStaticDhcpRules of the file /cgi-bin/cstecgi.cgi of the component Web Management …

May 25, 2026
CVE-2026-9407
9.8 CRITICAL

A security vulnerability has been detected in Totolink A8000RU 7.1cu.643_b20200521. Affected by this vulnerability is the function setFirewallType of the file /cgi-bin/cstecgi.cgi of the component …

May 25, 2026
CVE-2026-9406
9.8 CRITICAL

A weakness has been identified in Totolink A8000RU 7.1cu.643_b20200521. Affected is the function setRemoteCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Executing …

May 25, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.