CVE Database

109208+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-44728
8.2 HIGH

Babel is a compiler for writing next generation JavaScript. From 7.12.0 to before 7.29.4 and 8.0.0-alpha.13, using Babel to compile code that was specifically crafted …

May 26, 2026
CVE-2026-44707
6.8 MEDIUM

Chatwoot is a customer engagement suite. From 2.14.0 to before 4.13.0, a Pre-Account Takeover (Pre-ATO) vulnerability existed in Chatwoot's authentication flow. Because email confirmation was …

May 26, 2026
CVE-2026-44706
8.5 HIGH

Chatwoot is a customer engagement suite. From 2.2.0 to before 4.11.2, a SQL injection vulnerability exists in the conversation and contact filter APIs. When filtering …

May 26, 2026
CVE-2026-44669
8.7 HIGH

FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, Faction is vulnerable to stored cross-site scripting (XSS) via attachment filenames in assessment …

May 26, 2026
CVE-2026-44668
9.8 CRITICAL

FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, AccessControlInterceptor, the authentication gate for all Struts2 actions, unconditionally calls invocation.invoke() without checking …

May 26, 2026
CVE-2026-44667
8.7 HIGH

FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, Faction is vulnerable to stored cross-site scripting (XSS) via attachment filenames in remediation …

May 26, 2026
CVE-2026-42448
3.5 LOW

Magic Wormhole makes it possible to get arbitrary-sized files and directories from one computer to another. Prior to 0.24.0, there is a path traversal when …

May 26, 2026
CVE-2026-41164
4.4 MEDIUM

nuts-node is the reference implementation of the Nuts specification. Prior to 6.2.3 and 5.4.31, the v1 access token introspection endpoint (/auth/v1/introspect_access_token) accepts any JWT signed …

May 26, 2026
CVE-2026-24201
5.8 MEDIUM

NVIDIA vGPU software contains a vulnerability in the virtual GPU manager, where an attacker could cause an out-of-bound access. A successful exploit of this vulnerability …

May 26, 2026
CVE-2026-24200
7.0 HIGH

NVIDIA vGPU software contains a vulnerability in the virtual GPU manager, where an attacker could cause a use-after-free for stack memory. A successful exploit of …

May 26, 2026
CVE-2026-24199
4.7 MEDIUM

NVIDIA Display Driver for Linux contains a vulnerability in a kernel module, where a user could cause a race condition by reordering compiler or processor …

May 26, 2026
CVE-2026-24198
5.6 MEDIUM

NVIDIA GPU Display Driver for Linux contains a vulnerability where an advanced attacker could use a race condition to leak sensitive memory, which might cause …

May 26, 2026
CVE-2026-24197
6.5 MEDIUM

NVIDIA Display Driver for Linux contains a vulnerability in the Multi-Instance GPU (MIG) partition management, where an insecure default initialization of memory subsystem routing resources …

May 26, 2026
CVE-2026-24196
7.1 HIGH

NVIDIA Display Driver for Linux contains a vulnerability where a user could cause an out-of-bounds read. A successful exploit of this vulnerability might lead to …

May 26, 2026
CVE-2026-24195
7.1 HIGH

NVIDIA Display Driver for Linux contains a vulnerability in UVM, where a user could cause improper input validation. A successful exploit of this vulnerability might …

May 26, 2026
CVE-2026-24194
7.8 HIGH

NVIDIA Display Driver for Linux contains a vulnerability in a kernel mode layer handler, where a user could cause improper permission handling. A successful exploit …

May 26, 2026
CVE-2026-24193
7.8 HIGH

NVIDIA Display Driver for Windows and Linux contains a vulnerability where an attacker could cause an out-of-bounds write. A successful exploit of this vulnerability might …

May 26, 2026
CVE-2026-24192
7.8 HIGH

NVIDIA Display Driver for Linux contains a vulnerability where an attacker could cause an incorrect conversion between numeric types, leading to a heap buffer overflow. …

May 26, 2026
CVE-2026-24191
7.8 HIGH

NVIDIA Display Driver for Windows contains a vulnerability where an attacker could cause a time-of-check time-of-use issue. A successful exploit of this vulnerability might lead …

May 26, 2026
CVE-2026-24190
7.8 HIGH

NVIDIA Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a user could cause improper access to GPU resources. …

May 26, 2026
CVE-2026-24187
8.8 HIGH

NVIDIA Display Driver for Linux contains a vulnerability where an attacker could cause a use-after-free. A successful exploit of this vulnerability might lead to denial …

May 26, 2026
CVE-2026-24182
6.5 MEDIUM

NVIDIA Display Driver for Windows and Linux contains a vulnerability where an attacker could leak held driver locks. A successful exploit of this vulnerability might …

May 26, 2026
CVE-2025-33221
4.4 MEDIUM

NVIDIA Display Driver for Windows and Linux contains a vulnerability in the kernel driver, where a user could cause an incorrect permission assignment for a …

May 26, 2026
CVE-2026-9565
6.3 MEDIUM

A vulnerability was determined in haojing8312 WorkClaw up to 0.6.4. This affects the function is_dangerous of the file apps/runtime/src-tauri/src/agent/tools/bash.rs of the component Blacklist Handler. Executing …

May 26, 2026
CVE-2026-9564
2.4 LOW

A vulnerability was found in SourceCodester/oretnom23 Hospitals Patient Records Management System 1.0. The impacted element is an unknown function of the file /admin/?page=patients/view_patient. Performing a …

May 26, 2026
CVE-2026-9562
7.3 HIGH

A vulnerability has been found in sambitraj STUDENT-MANAGEMENT-SYSTEM up to 56ba287f2e9031523ccb4244cb6e3fe530e4e5d5. The affected element is an unknown function of the component Dashboard. Such manipulation leads …

May 26, 2026
CVE-2026-8852
6.2 MEDIUM

IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service via the optional module mod_fastcgi module.

May 26, 2026
CVE-2026-8850
7.5 HIGH

IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service via the optional module mod_ibm_upload.

May 26, 2026
CVE-2026-48905
6.1 MEDIUM

Lack of input filtering leads to an XSS vector in the HTML filter code.

May 26, 2026
CVE-2026-48904
9.8 CRITICAL

An improper access check allows privelege escalation through the com_users group editing webservice endpoint.

May 26, 2026
CVE-2026-48903
6.1 MEDIUM

Inadequate content filtering within the checkAttribute methods leads to XSS vulnerabilities in various components.

May 26, 2026
CVE-2026-48902
9.8 CRITICAL

The password and username reset features created plain http links for https connections if the "Force SSL" flag wasn't explicitly set.

May 26, 2026
CVE-2026-48901
7.5 HIGH

The InputFilter::getInstance() method omitted a security sensitive parameter from the instance cache key.

May 26, 2026
CVE-2026-48900
4.3 MEDIUM

An improper access check allowed low privileged users to edit the task types of existing scheduler tasks.

May 26, 2026
CVE-2026-48899
9.8 CRITICAL

An improper access check allows privilege escalation through the com_users batch task.

May 26, 2026
CVE-2026-48898
9.8 CRITICAL

An improper access check allows privilege escalation through the com_users batch task.

May 26, 2026
CVE-2026-48897
7.5 HIGH

Insufficient state checks lead to a vector that allows to bypass 2FA checks.

May 26, 2026
CVE-2026-48896
7.5 HIGH

Insufficient state checks lead to a vector that allows to bypass 2FA checks.

May 26, 2026
CVE-2026-48864
7.8 HIGH

A flaw was found in libsolv. This heap buffer overflow occurs during the decompression of attacker-controlled compressed data within `.solv` files due to insufficient input …

May 26, 2026
CVE-2026-48697
7.4 HIGH

FastNetMon Community Edition through 1.2.9 does not verify TLS certificates on outbound HTTPS connections. The execute_web_request_secure() function in src/fast_library.cpp creates a boost::asio::ssl::context with tls_client mode …

May 26, 2026
CVE-2026-48693
5.5 MEDIUM

FastNetMon Community Edition through 1.2.9 is vulnerable to a local symlink attack via predictable file paths in /tmp. The statistics file path defaults to '/tmp/fastnetmon.dat' …

May 26, 2026
CVE-2026-48691
9.8 CRITICAL

FastNetMon Community Edition through 1.2.9 contains an integer overflow in the BGP AS_PATH attribute encoder. In src/bgp_protocol.hpp, the IPv4UnicastAnnounce::get_attributes() function computes attribute_length as 'sizeof(bgp_as_path_segment_element_t) + …

May 26, 2026
CVE-2026-48690
7.1 HIGH

FastNetMon Community Edition through 1.2.9 contains an integer overflow vulnerability in the packet capture buffer allocation. In src/packet_storage.hpp, the allocate_buffer() function computes memory_size_in_bytes as 'buffer_size_in_packets …

May 26, 2026
CVE-2026-48126
8.2 HIGH

Algernon is a small self-contained pure-Go web server. Prior to 1.17.8, when algernon is started with --domain (or --letsencrypt, which silently turns on --domain at …

May 26, 2026
CVE-2026-48091

Rejected reason: Further research determined the issue is not a vulnerability.

May 26, 2026
CVE-2026-47728
4.3 MEDIUM

Bugsink is a self-hosted error tracking tool. Prior to 2.2.0, Bugsink resolved sourcemaps and debug files by debug ID without scoping that lookup to the …

May 26, 2026
CVE-2026-47716
3.1 LOW

Bugsink is a self-hosted error tracking tool. Prior to 2.2.0, In affected versions, the issue list view authorizes access through the project in the URL, …

May 26, 2026
CVE-2026-47715
3.1 LOW

Bugsink is a self-hosted error tracking tool. Prior to 2.2.0, Bugsink issue event pages accept a direct event identifier from the URL and, in affected …

May 26, 2026
CVE-2026-46431
4.3 MEDIUM

Algernon is a small self-contained pure-Go web server. Prior to 1.17.7, the SSE event server's Access-Control-Allow-Origin response header was hardcoded to the wildcard * regardless …

May 26, 2026
CVE-2026-46430
4.3 MEDIUM

Algernon is a small self-contained pure-Go web server. Prior to 1.17.7, the SSE event server bound to 0.0.0.0:5553 on Linux/macOS by default because the platform-dependent …

May 26, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.