CVE Database

109208+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-8702
6.4 MEDIUM

The GBI To Print plugin for WordPress is vulnerable to Stored Cross-Site Scripting in version 1.0 via the 'div' attribute of the 'gbitoprint' shortcode. This …

May 27, 2026
CVE-2026-8701
6.4 MEDIUM

The GNTT Post Title Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting in version 1.0 via the `title-ticker-slide`, `title-ticker-fade`, and `title-ticker-typing` shortcodes. This …

May 27, 2026
CVE-2026-8698
6.4 MEDIUM

The Cryptocurrency Prijsvergelijking Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting in version 1.0. This is due to insufficient output escaping in the …

May 27, 2026
CVE-2026-8048
6.4 MEDIUM

The My Email Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'subject' shortcode attribute in the 'my-email' shortcode in all versions …

May 27, 2026
CVE-2026-8040
6.4 MEDIUM

The faq shortocde plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'color' shortcode attribute in the 'faq' shortcode in all versions up …

May 27, 2026
CVE-2026-7614
4.3 MEDIUM

The Old Posts Highlighter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.3. This is due to …

May 27, 2026
CVE-2026-6268
7.1 HIGH

The EventPress WordPress theme before 22.2 does not sanitize or escape the 'id' parameter in the eventpress_customizer_notify_dismiss_action AJAX handler before outputting it back in the …

May 27, 2026
CVE-2026-9236
4.3 MEDIUM

The CM Ad Changer – A simple tool to control and optimize your site's banners plugin for WordPress is vulnerable to Cross-Site Request Forgery in …

May 27, 2026
CVE-2026-8450
9.1 CRITICAL

HTTP::Daemon versions before 6.17 for Perl allow OS command injection via send_file(). send_file() opens its string argument with Perl's 2-arg open(). The 2-arg form interprets …

May 27, 2026
CVE-2026-6287
5.4 MEDIUM

The ShopLentor - WooCommerce Builder for Elementor & Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'blockUniqId' block attribute in multiple …

May 27, 2026
CVE-2026-49000
7.0 HIGH

An insecure password scheme refers to vulnerabilities arising from improper selection of encryption algorithms, inadequate key management, or flawed code implementation, which may lead to …

May 27, 2026
CVE-2025-14481
4.3 MEDIUM

The Yoast SEO plugin for WordPress is vulnerable to Insecure Direct Object References in all versions up to, and including, 26.5. This is due to …

May 27, 2026
CVE-2026-9022
6.4 MEDIUM

The Splide Carousel Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'url' Block Attribute in all versions up to, and including, 1.7.1 …

May 27, 2026
CVE-2026-48999
5.7 MEDIUM

Attackers carefully craft malicious scripts, such as JavaScript, and inject them into target systems; when other users access pages containing such malicious content, the scripts …

May 27, 2026
CVE-2026-48962
7.3 HIGH

IO::Compress versions before 2.220 for Perl can execute arbitrary code in File::GlobMapper via an attacker-controlled output glob. _parseOutputGlob() wraps the caller-supplied output glob string in …

May 27, 2026
CVE-2026-48961
7.3 HIGH

IO::Compress versions from 2.207 before 2.220 for Perl ship a zipdetails CLI tool that crashes with undefined subroutine on Info-ZIP Unix Extra Field with 8-byte …

May 27, 2026
CVE-2026-48959
7.5 HIGH

IO::Uncompress::Unzip versions before 2.220 for Perl allow CPU exhaustion via per-byte read loop in fastForward. fastForward() compares length $offset (the digit count of the offset, …

May 27, 2026
CVE-2026-2255
4.3 MEDIUM

Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6 and 11.0.0.0, including 9.3.x and 8.3.x, expose Hadoop cluster credentials in plain text through the …

May 27, 2026
CVE-2026-2254
6.3 MEDIUM

Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6 and 11.0.0.0, including 9.3.x and 8.3.x, does not apply ACLs on certain API endpoints related …

May 27, 2026
CVE-2026-2253
7.7 HIGH

Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.7 and 11.0.0.0, including 9.3.x and 8.3.x, does not prevent certain XML parsers from resolving external …

May 27, 2026
CVE-2025-15649
5.5 MEDIUM

IO::Uncompress::Unzip versions before 2.215 for Perl propagate uncaught exception when parsing zip header with malformed DOS date. _dosToUnixTime() decodes the local-file-header last-modification date field and …

May 27, 2026
CVE-2026-9632
8.8 HIGH

A flaw has been found in UTT HiPER 1250GW up to 3.2.7-210907-180535. Affected by this issue is the function strcpy of the file /goform/formGroupConfig of …

May 27, 2026
CVE-2026-9631
8.8 HIGH

A vulnerability was detected in UTT HiPER 1250GW up to 3.2.7-210907-180535. Affected by this vulnerability is the function strcpy of the file /goform/formConfigFastDirectionW of the …

May 27, 2026
CVE-2026-9628
8.8 HIGH

A weakness has been identified in UTT HiPER 1200GW up to 2.5.3-170306. Affected is an unknown function of the file /goform/formPptpClientConfig of the component Web …

May 27, 2026
CVE-2026-9627
8.8 HIGH

A security flaw has been discovered in UTT HiPER 1200GW up to 2.5.3-170306. This impacts the function strcpy of the file /goform/setSysAdm of the component …

May 27, 2026
CVE-2026-9609
4.7 MEDIUM

A vulnerability was identified in QianFox FoxCMS up to 1.2.6. This affects the function Edit of the file Admin.php. The manipulation leads to weak password …

May 27, 2026
CVE-2026-9608
2.4 LOW

A vulnerability was determined in QianFox FoxCMS up to 1.2.6. The impacted element is an unknown function of the file /Tag/edit of the component Administrator …

May 27, 2026
CVE-2026-9207
8.8 HIGH

Tanium addressed an unauthorized code execution vulnerability in Connect.

May 27, 2026
CVE-2026-9156
6.5 MEDIUM

Tanium addressed a denial of service vulnerability in Tanium Server.

May 27, 2026
CVE-2026-7493
5.3 MEDIUM

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to denial of service in all versions up to, and …

May 27, 2026
CVE-2026-6565
6.4 MEDIUM

The Style Kits – Advanced Theme Styles for Elementor, Elementor Kits & Elementor Patterns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the …

May 27, 2026
CVE-2026-49017

In OpenStack Swift before 2.36.2 and 2.37.2, s3api middleware enters an infinite loop when processing a truncated aws-chunked PUT request body. The StreamingInput class repeatedly …

May 27, 2026
CVE-2026-49014
7.4 HIGH

In GDAL 3.1.0 through 3.13.0, scanForGeometryContainers in the netCDF driver allows code execution via a stack-based buffer overflow. It reads a geometry attribute into a …

May 27, 2026
CVE-2026-9607
6.3 MEDIUM

A vulnerability was found in itsourcecode Courier Management System 1.0. The affected element is an unknown function of the file /parcel_list.php. Performing a manipulation of …

May 27, 2026
CVE-2026-9606
7.3 HIGH

A vulnerability has been found in itsourcecode Courier Management System 1.0. Impacted is an unknown function of the file /manage_user.php. Such manipulation of the argument …

May 27, 2026
CVE-2026-9605
7.3 HIGH

A flaw has been found in GNU libredwg up to 0.13.4.8160. This issue affects the function bit_read_RC of the file bits.c of the component Dwgbmp …

May 27, 2026
CVE-2026-9312

A server-side request forgery (SSRF) vulnerability was identified in GitHub Enterprise Server that allowed an unauthenticated attacker to send crafted requests to internal services by …

May 27, 2026
CVE-2026-8606
5.9 MEDIUM

A Server-Side Request Forgery (SSRF) vulnerability was identified in GitHub Enterprise Server that allowed an attacker to cause the server to issue HTTP requests to …

May 27, 2026
CVE-2026-9604
4.3 MEDIUM

A vulnerability was detected in JeecgBoot up to 3.9.1. This vulnerability affects unknown code of the component AiragModelController. The manipulation of the argument list/queryById results …

May 26, 2026
CVE-2026-8680

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

May 26, 2026
CVE-2026-8647
4.8 MEDIUM

Crypt::ScryptKDF versions through 0.010 for Perl uses insecure random number source when no CSPRNG module is available. The random_bytes function fell back to using the …

May 26, 2026
CVE-2026-46740
5.3 MEDIUM

Mojolicious::Plugin::Statsd versions through 0.04 for Perl allowed metric injections. The metric names and set values were not checked for newlines, colons or pipes. Metrics generated …

May 26, 2026
CVE-2026-9603
6.5 MEDIUM

A security vulnerability has been detected in SourceCodester eDoc Doctor Appointment System 1.0. This affects an unknown part of the file /admin/delete-session.php. The manipulation of …

May 26, 2026
CVE-2026-9584
7.3 HIGH

A security vulnerability has been detected in code-projects Project Management System 1.0. Affected is an unknown function of the file chk.php of the component Login. …

May 26, 2026
CVE-2026-5260
8.2 HIGH

A flaw was found in libgnutls. A remote attacker, by sending an extremely short premaster secret during an RSA key exchange to a server using …

May 26, 2026
CVE-2026-48710
6.5 MEDIUM

Starlette is a lightweight ASGI framework/toolkit. Prior to version 1.0.1, the HTTP `Host` request header was not validated before being used to reconstruct `request.url`. Because …

May 26, 2026
CVE-2026-45574
8.1 HIGH

epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. Prior to 1.2.2, an attacker on the network path between the …

May 26, 2026
CVE-2026-45298
8.6 HIGH

Dozzle is a realtime log viewer for docker containers. Prior to 10.5.2, in a default dozzle deploy (the documented quickstart, no DOZZLE_AUTH_PROVIDER set), POST /api/notifications/test-webhook …

May 26, 2026
CVE-2026-44985
9.6 CRITICAL

Dozzle is a realtime log viewer for docker containers. Prior to 10.5.2, he WebSocket upgrader for the /exec and /attach endpoints uses CheckOrigin: func(r *http.Request) …

May 26, 2026
CVE-2026-44983
7.3 HIGH

smallbitvec is a growable bit-vector for Rust, optimized for size. From 1.0.1 to 2.6.0, an integer overflow in the internal capacity calculation of smallbitvec can …

May 26, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.