CVE Database

109208+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-9356
7.3 HIGH

A vulnerability has been found in SourceCodester Hospitals Patient Records Management System 1.0. This affects an unknown function of the file /admin/patients/manage_history.php. Such manipulation of …

May 24, 2026
CVE-2026-9355
7.3 HIGH

A flaw has been found in SourceCodester Hospitals Patient Records Management System 1.0. The impacted element is an unknown function of the file /classes/Master.php?f=save_patient_history. This …

May 24, 2026
CVE-2026-9354
6.5 MEDIUM

A vulnerability was detected in NousResearch hermes-agent up to 2026.4.16. The affected element is an unknown function of the component Slack Agent/Mattermost Agent. The manipulation …

May 24, 2026
CVE-2026-9353
7.3 HIGH

A security vulnerability has been detected in NousResearch hermes-agent up to 2026.4.23. Impacted is an unknown function of the file agent/skills_guard.py of the component Skills …

May 24, 2026
CVE-2026-9352
5.3 MEDIUM

A weakness has been identified in NousResearch hermes-agent up to 2026.4.23. This issue affects the function _make_run_env of the file tools/environments/local.py of the component Messaging …

May 24, 2026
CVE-2026-3515
8.5 HIGH

A vulnerability in the `GitHubRepository` block of the `prefect-github` integration in Prefect version 3.6.18 allows an attacker to inject arbitrary git command-line options via the …

May 24, 2026
CVE-2026-9351
6.5 MEDIUM

A security flaw has been discovered in NousResearch hermes-agent up to 2026.4.16. This vulnerability affects the function _is_blocked_device of the file tools/file_tools.py of the component …

May 24, 2026
CVE-2026-9350
7.3 HIGH

A vulnerability was identified in NousResearch hermes-agent up to 2026.4.16. This affects the function check_all_command_guards of the file tools/approval.py of the component Batch Runner. Such …

May 24, 2026
CVE-2026-9349
5.3 MEDIUM

A vulnerability was determined in calcom cal.diy up to 4.9.4. Affected by this issue is the function getServerSideProps of the file apps/web/modules/bookings/views/bookings-single-view.getServerSideProps.tsx of the component …

May 24, 2026
CVE-2026-9348
8.8 HIGH

A vulnerability was found in Edimax EW-7438RPn up to 1.31. Affected by this vulnerability is an unknown functionality of the file /goform/mp of the component …

May 24, 2026
CVE-2026-48829
7.5 HIGH

In GNU SASL before 2.2.3, DIGEST-MD5 has a NULL pointer dereference affecting both clients and servers, via a known token with no accompanying = character. …

May 24, 2026
CVE-2026-9347
6.3 MEDIUM

A vulnerability has been found in Edimax EW-7438RPn up to 1.31. Affected is the function formWizSurvey of the file /goform/formWizSurvey of the component webs. The …

May 24, 2026
CVE-2026-9346
8.8 HIGH

A flaw has been found in Edimax EW-7438RPn up to 1.31. This impacts the function formWirelessTbl of the file /goform/formWirelessTbl of the component webs. Executing …

May 24, 2026
CVE-2026-9345
8.8 HIGH

A vulnerability was detected in Edimax EW-7438RPn up to 1.31. This affects the function formWizSurvey of the file /goform/formWizSurvey of the component webs. Performing a …

May 24, 2026
CVE-2026-9344
8.8 HIGH

A security vulnerability has been detected in Edimax EW-7438RPn up to 1.31. The impacted element is an unknown function of the file /goform/formWpsStart of the …

May 24, 2026
CVE-2026-9343
6.3 MEDIUM

A weakness has been identified in Edimax EW-7438RPn up to 1.31. The affected element is the function formWpsStart of the file /goform/formWpsStart of the component …

May 23, 2026
CVE-2026-9342
6.3 MEDIUM

A security flaw has been discovered in SourceCodester Hospitals Patient Records Management System 1.0. Impacted is an unknown function of the file /admin/patients/view_history.php. The manipulation …

May 23, 2026
CVE-2018-25358
7.5 HIGH

D-Link DIR601 2.02NA contains a credential disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive configuration data by manipulating the table_name parameter in POST requests. …

May 23, 2026
CVE-2018-25357
9.8 CRITICAL

Dolibarr ERP CRM 7.0.3 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting PHP code through the db_name …

May 23, 2026
CVE-2018-25356
8.4 HIGH

SIPp 3.6 and earlier contains a local buffer overflow vulnerability in command-line argument handling that allows local attackers to crash the application or execute arbitrary …

May 23, 2026
CVE-2018-25355
8.4 HIGH

Audiograbber 1.83 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by exploiting structured exception handling mechanisms. Attackers can craft malicious …

May 23, 2026
CVE-2018-25354
4.3 MEDIUM

Joomla Component jomres 9.11.2 contains a cross-site request forgery vulnerability that allows attackers to modify user account information by tricking authenticated users into visiting malicious …

May 23, 2026
CVE-2018-25353
8.8 HIGH

Redaxo CMS Mediapool Addon 5.5.1 and older contains an arbitrary file upload vulnerability that allows authenticated users to bypass file extension blacklist restrictions. Attackers with …

May 23, 2026
CVE-2018-25352
7.1 HIGH

WordPress Ultimate Form Builder Lite plugin version 1.3.7 and below contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting …

May 23, 2026
CVE-2018-25351
8.2 HIGH

Joomla! Component EkRishta 2.10 contains an error-based SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the …

May 23, 2026
CVE-2018-25350
9.8 CRITICAL

userSpice 4.3.24 contains a username enumeration vulnerability that allows unauthenticated attackers to discover valid usernames by sending POST requests to the existingUsernameCheck.php endpoint. Attackers can …

May 23, 2026
CVE-2018-25349
6.1 MEDIUM

userSpice 4.3.24 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through the X-Forwarded-For HTTP header. Attackers can send crafted requests to …

May 23, 2026
CVE-2018-25348
8.2 HIGH

Joomla! Component Ek Rishta 2.10 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cid …

May 23, 2026
CVE-2018-25347
7.1 HIGH

WordPress Contact Form Maker Plugin 1.12.20 contains SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries through the FormMakerSQLMapping and generete_csv_fmc AJAX actions. …

May 23, 2026
CVE-2018-25346
7.1 HIGH

WordPress Form Maker Plugin 1.12.24 and below contains SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries by injecting SQL code through the …

May 23, 2026
CVE-2018-25345
8.4 HIGH

10-Strike Network Scanner 3.0 contains a local buffer overflow vulnerability in the host name field that allows attackers to bypass SafeSEH protections and execute arbitrary …

May 23, 2026
CVE-2018-25344
8.4 HIGH

10-Strike Network Inventory Explorer 8.54 contains a stack-based buffer overflow vulnerability in the registration key input field that allows local attackers to execute arbitrary code …

May 23, 2026
CVE-2018-25343
4.3 MEDIUM

Smartshop 1 contains a cross-site request forgery vulnerability that allows attackers to modify user profiles by tricking authenticated users into submitting malicious requests. Attackers can …

May 23, 2026
CVE-2018-25342
8.2 HIGH

Smartshop 1 contains a time-based blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'searched' parameter …

May 23, 2026
CVE-2018-25341
8.2 HIGH

Smartshop 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers …

May 23, 2026
CVE-2018-25340
8.2 HIGH

Smartshop 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers …

May 23, 2026
CVE-2026-9306
3.7 LOW

A security vulnerability has been detected in QuantumNous new-api up to 0.12.1. This affects the function RelayMidjourneyImage/GetByOnlyMJId of the file router/relay-router.go of the component Midjourney …

May 23, 2026
CVE-2026-9305
6.3 MEDIUM

A weakness has been identified in QuantumNous new-api up to 0.12.1. The impacted element is the function SearchUserTopUps/SearchAllTopUps of the file model/topup.go of the component …

May 23, 2026
CVE-2026-9304
5.0 MEDIUM

A security flaw has been discovered in calcom cal.diy up to 4.9.4. The affected element is the function validateUrlForSSRF of the file apps/web/app/api/logo/route.ts of the …

May 23, 2026
CVE-2026-9303
4.3 MEDIUM

A vulnerability was identified in calcom cal.diy up to 4.9.4. Impacted is an unknown function. The manipulation leads to cross-site request forgery. It is possible …

May 23, 2026
CVE-2026-9302
6.3 MEDIUM

A vulnerability was determined in 546669204 vps-inventory-monitoring up to 98c00b370668c96ae75e91c15548d9ea113652d9. This issue affects the function eval of the file app/index/command/VpsTest.php of the component VpsTest Console. …

May 23, 2026
CVE-2026-9301
6.3 MEDIUM

A vulnerability was found in omec-project amf up to 2.1.1. This vulnerability affects unknown code of the component NGReset Message Handler. Performing a manipulation results …

May 23, 2026
CVE-2026-9300
6.3 MEDIUM

A vulnerability has been found in omec-project amf up to 2.1.1. This affects an unknown part of the component NGSetupRequest Handler. Such manipulation leads to …

May 23, 2026
CVE-2026-46300
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: net: skbuff: preserve shared-frag marker during coalescing skb_try_coalesce() can attach paged frags from @from to …

May 23, 2026
CVE-2026-43503

In the Linux kernel, the following vulnerability has been resolved: net: skbuff: propagate shared-frag marker through frag-transfer helpers Two frag-transfer helpers (__pskb_copy_fclone() and skb_shift()) fail …

May 23, 2026
CVE-2026-9299
6.3 MEDIUM

A flaw has been found in omec-project amf up to 2.1.1. Affected by this issue is the function PDUSessionResourceModifyIndication of the file /go/src/amf/ngap/handler.go. This manipulation …

May 23, 2026
CVE-2026-9298
6.3 MEDIUM

A vulnerability was detected in omec-project amf up to 2.1.1. Affected by this vulnerability is an unknown functionality of the component PathSwitchRequest Handler. The manipulation …

May 23, 2026
CVE-2026-9297
6.3 MEDIUM

A security vulnerability has been detected in Edimax BR-6428NS 1.10. Affected is the function formWlbasic of the file /goform/formWlbasic of the component POST Request Handler. …

May 23, 2026
CVE-2026-9296
6.3 MEDIUM

A weakness has been identified in Edimax BR-6428NS 1.10. This impacts the function system of the file /goform/formWlanM of the component POST Request Handler. Executing …

May 23, 2026
CVE-2026-9295
8.8 HIGH

A security flaw has been discovered in Edimax BR-6428NS 1.10. This affects the function formWirelessTbl of the file /goform/formWirelessTbl of the component POST Request Handler. …

May 23, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.