CVE Database

109208+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-47072
7.5 HIGH

Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability in benoitc hackney allows HTTP Request/Response Splitting. The WebSocket upgrade code in src/hackney_ws.erl copies the host, path, …

May 25, 2026
CVE-2026-47071
7.5 HIGH

Uncontrolled Resource Consumption vulnerability in benoitc hackney allows Flooding. The SOCKS5 transport in src/hackney_socks5.erl correctly applies the caller-supplied timeout to the SOCKS5 negotiation phase, but …

May 25, 2026
CVE-2026-47070
6.1 MEDIUM

Sensitive Data Exposure vulnerability in benoitc hackney allows Retrieve Embedded Sensitive Data. The HTTP/3 redirect handler in src/hackney_h3.erl passes the original request headers unchanged to …

May 25, 2026
CVE-2026-47069
5.3 MEDIUM

Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability in benoitc hackney allows HTTP Response Splitting. The hackney_cookie:setcookie/3 function in src/hackney_cookie.erl validates the Name and Value …

May 25, 2026
CVE-2026-47067
7.5 HIGH

Allocation of Resources Without Limits or Throttling vulnerability in benoitc hackney allows Flooding. The URL parser in src/hackney_url.erl converts every unrecognized URL scheme to a …

May 25, 2026
CVE-2026-47066
7.5 HIGH

Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in benoitc hackney allows Excessive Allocation. The Alt-Svc response header parser in src/hackney_altsvc.erl does not guarantee forward …

May 25, 2026
CVE-2018-25381
7.1 HIGH

Joomla Responsive Portfolio 1.6.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL commands through multiple filter parameters. Attackers can inject …

May 25, 2026
CVE-2018-25380
7.1 HIGH

Joomla Component eXtroForms 2.1.5 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL commands through the filter_type_id, filter_pid_id, and filter_search parameters. …

May 25, 2026
CVE-2018-25379
8.2 HIGH

Collectric CMU 1.0 contains a boolean-based blind SQL injection vulnerability in the lang parameter that allows unauthenticated attackers to manipulate database queries during authentication. Attackers …

May 25, 2026
CVE-2018-25378
6.2 MEDIUM

Notebook Pro 2.0 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the …

May 25, 2026
CVE-2018-25377
8.4 HIGH

Flash Slideshow Maker Professional 5.20 contains a buffer overflow vulnerability in the registration dialog that allows local attackers to execute arbitrary code by exploiting structured …

May 25, 2026
CVE-2018-25376
8.4 HIGH

Socusoft 3GP Photo Slideshow 8.05 contains a buffer overflow vulnerability in the registration dialog that allows local attackers to execute arbitrary code by exploiting structured …

May 25, 2026
CVE-2018-25375
8.4 HIGH

SocuSoft iPod Photo Slideshow 8.05 contains a buffer overflow vulnerability in the registration dialog that allows local attackers to execute arbitrary code by overwriting the …

May 25, 2026
CVE-2018-25374
7.5 HIGH

Softneta MedDream PACS Server Premium 6.7.1.1 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the path parameter. Attackers …

May 25, 2026
CVE-2018-25373
8.4 HIGH

SocuSoft DVD Photo Slideshow Professional 8.07 contains a stack-based buffer overflow vulnerability in the registration name field that allows local attackers to execute arbitrary code …

May 25, 2026
CVE-2018-25372
8.2 HIGH

MedDream PACS Server Premium 6.7.1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the …

May 25, 2026
CVE-2018-25371
8.2 HIGH

mooSocial Store Plugin 2.6 contains a blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries through the product parameter in URL rewrite …

May 25, 2026
CVE-2018-25370
5.3 MEDIUM

Admidio 3.3.5 contains a cross-site request forgery vulnerability that allows low-privilege users to increase their permissions by exploiting improper origin checking. Attackers can craft malicious …

May 25, 2026
CVE-2018-25369
6.2 MEDIUM

Visual Ping 0.8.0.0 contains a buffer overflow vulnerability in input field handling that allows local attackers to crash the application by supplying oversized data. Attackers …

May 25, 2026
CVE-2018-25368
7.5 HIGH

Nord VPN 6.14.31 contains a denial of service vulnerability that allows unauthenticated attackers to crash the application by submitting an excessively long string in the …

May 25, 2026
CVE-2018-25367
6.2 MEDIUM

NASA openVSP 3.16.1 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the geometry …

May 25, 2026
CVE-2018-25366
8.4 HIGH

CuteFTP 5.0 XP contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by injecting malicious payload into the Site Manager label …

May 25, 2026
CVE-2018-25365
7.5 HIGH

PCViewer vt1000 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by submitting relative path sequences in GET requests. Attackers can …

May 25, 2026
CVE-2018-25364
8.2 HIGH

Twitter-Clone 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the name parameter. Attackers …

May 25, 2026
CVE-2018-25363
4.3 MEDIUM

Twitter-Clone 1 contains a cross-site request forgery vulnerability that allows remote attackers to force victims to delete posts by crafting malicious HTML forms. Attackers can …

May 25, 2026
CVE-2018-25362
8.2 HIGH

Twitter-Clone 1 contains a SQL injection vulnerability in follow.php that allows attackers to manipulate database queries by injecting SQL code through the userid parameter. Attackers …

May 25, 2026
CVE-2018-25361
6.8 MEDIUM

Soroush IM Desktop App 0.17.0 contains an authentication bypass vulnerability that allows local attackers to remove passcodes by injecting pre-encrypted database entries using a constant …

May 25, 2026
CVE-2018-25360
8.4 HIGH

AgataSoft Auto PingMaster 1.5 contains a stack-based buffer overflow vulnerability in the Trace Route host name field that allows local attackers to execute arbitrary code …

May 25, 2026
CVE-2018-25359
8.4 HIGH

Splinterware System Scheduler Pro 5.12 contains an insecure file permissions vulnerability that allows low-privilege users to escalate privileges by modifying service executable files. Attackers can …

May 25, 2026
CVE-2026-9461
8.8 HIGH

A security vulnerability has been detected in Edimax EW-7438RPn 1.31. Affected is the function formRadius of the file /goform/formRadius. The manipulation of the argument submit-url …

May 25, 2026
CVE-2026-9460
8.8 HIGH

A weakness has been identified in Edimax EW-7438RPn 1.31. This impacts the function formAccept of the file /goform/formAccept. Executing a manipulation of the argument submit-url …

May 25, 2026
CVE-2026-9459
8.8 HIGH

A security flaw has been discovered in Edimax EW-7438RPn 1.31. This affects the function formConnectionSetting of the file /goform/formConnectionSetting. Performing a manipulation of the argument …

May 25, 2026
CVE-2026-9458
9.8 CRITICAL

A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. The impacted element is the function setWanCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. …

May 25, 2026
CVE-2026-9457
9.8 CRITICAL

A vulnerability was determined in Totolink A8000RU 7.1cu.643_b20200521. The affected element is the function UploadFirmwareFile of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. …

May 25, 2026
CVE-2026-9058

Szafir SDK returns a success status code from the cryptographic digital signature verification process (i.e. /VerifyingTaskItem/Signature/VerificationResult/Result/@code == 0, "Positively verified") even when the trust status …

May 25, 2026
CVE-2026-9456
9.8 CRITICAL

A vulnerability was found in Totolink A8000RU 7.1cu.643_b20200521. Impacted is the function setOpenVpnCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. The manipulation …

May 25, 2026
CVE-2026-9455
9.8 CRITICAL

A vulnerability has been found in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function UploadOpenVpnCert of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. …

May 25, 2026
CVE-2026-9454
9.8 CRITICAL

A flaw has been found in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the function setOpenVpnCertGenerationCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. …

May 25, 2026
CVE-2026-9453
7.3 HIGH

A vulnerability was detected in FoundDream miniclawd up to 2d65665046e2222eeea76cafc8570ed546a8c125. This affects the function which of the file /src/application/skills-loader.ts of the component SkillsLoader. Performing a …

May 25, 2026
CVE-2026-7766

Kenik Camera management Panel is vulnerable to Path Traversal vulnerability. An unauthenticated attacker can send GET request with arbitrary file path and read corresponding files …

May 25, 2026
CVE-2026-9452
7.3 HIGH

A security vulnerability has been detected in FoundDream miniclawd up to 2d65665046e2222eeea76cafc8570ed546a8c125. Affected by this issue is the function ExecTool.execute of the file /src/tools/exec.ts. Such …

May 25, 2026
CVE-2026-9451
6.3 MEDIUM

A weakness has been identified in code-projects Employee Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /process/applyleaveprocess.php. This manipulation …

May 25, 2026
CVE-2026-9450
6.3 MEDIUM

A security flaw has been discovered in code-projects Employee Management System 1.0. Affected is an unknown function of the file /psubmit.php. The manipulation of the …

May 25, 2026
CVE-2026-9449
6.3 MEDIUM

A vulnerability was identified in code-projects Employee Management System 1.0. This impacts an unknown function of the file /changepassemp.php. The manipulation leads to sql injection. …

May 25, 2026
CVE-2026-9448
4.3 MEDIUM

A vulnerability was determined in code-projects Employee Management System 1.0. This affects an unknown function of the file /applyleave.php. Executing a manipulation of the argument …

May 25, 2026
CVE-2026-9447
7.3 HIGH

A vulnerability was found in SourceCodester Simple POS and Inventory System 1.0. The impacted element is an unknown function of the file /user/search.php. Performing a …

May 25, 2026
CVE-2026-46745
5.3 MEDIUM

Apache Airflow FAB Auth Manager contains an LDAP filter injection vulnerability (CWE-90) that allows unauthenticated attackers to exfiltrate directory data or bypass authentication. Upgrade to …

May 25, 2026
CVE-2026-40127

OutSystems Lifetime is vulnerable to Authorization Bypass Through User-Controlled Key vulnerability in ApplicationID parameter. Any authenticated user, can read the Change Log containing actions performed …

May 25, 2026
CVE-2026-9446
4.7 MEDIUM

A vulnerability has been found in SourceCodester Simple POS and Inventory System 1.0. The affected element is an unknown function of the file /admin/edit_customer.php. Such …

May 25, 2026
CVE-2026-9445
6.3 MEDIUM

A flaw has been found in SourceCodester Simple POS and Inventory System 1.0. Impacted is an unknown function of the file /admin/addproduct.php of the component …

May 25, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.