CVE Database

108042+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-12127
5.3 MEDIUM

The WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More plugin for WordPress is vulnerable to Improper Neutralization of …

Jul 1, 2026
CVE-2026-12113
4.3 MEDIUM

The Appointment Booking Calendar plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.02 via the cpabc_appointments_filter_list. This …

Jul 1, 2026
CVE-2026-12110
6.5 MEDIUM

The Taskbuilder – Project Management & Task Management Tool With Kanban Board plugin for WordPress is vulnerable to generic SQL Injection via the 'task_search' parameter …

Jul 1, 2026
CVE-2026-12090
6.5 MEDIUM

The Taskbuilder – Project Management & Task Management Tool With Kanban Board plugin for WordPress is vulnerable to generic SQL Injection via the 'wppm_proj_filter' parameter …

Jul 1, 2026
CVE-2026-11988
6.5 MEDIUM

The LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions …

Jul 1, 2026
CVE-2026-11981
4.3 MEDIUM

The GiveWP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.15.3 This is due to missing nonce validation …

Jul 1, 2026
CVE-2026-11380
6.4 MEDIUM

The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 1.0.21. This is due to insufficient …

Jul 1, 2026
CVE-2026-20463
6.7 MEDIUM

In Modem, there is a possible escalation of privilege due to a permissions bypass. This could lead to local escalation of privilege if a malicious …

Jul 1, 2026
CVE-2026-20462
6.7 MEDIUM

In Telephony, there is a possible memory corruption due to a heap buffer overflow. This could lead to local escalation of privilege if a malicious …

Jul 1, 2026
CVE-2026-20461
5.3 MEDIUM

In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote denial of service, if …

Jul 1, 2026
CVE-2026-20460
5.3 MEDIUM

In Modem, there is a possible information disclosure due to improper input validation. This could lead to remote information disclosure, if a UE has connected …

Jul 1, 2026
CVE-2026-20459
5.3 MEDIUM

In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has …

Jul 1, 2026
CVE-2026-20458
7.5 HIGH

In Modem, there is a possible memory corruption due to a missing bounds check. This could lead to remote escalation of privilege, if a UE …

Jul 1, 2026
CVE-2026-20457
5.3 MEDIUM

In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has …

Jul 1, 2026
CVE-2026-14191
7.8 HIGH

An out-of-bounds heap write exists in the RAR5 recovery-volume (.rev) parser in WinRAR and UnRAR (RecVolumes5::ReadHeader in recvol5.cpp). The RecItems vector is sized only when …

Jul 1, 2026
CVE-2026-57963
6.5 MEDIUM

An attacker who can send HTML chat messages (via Matrix or XMPP) can inject arbitrary styled content, phishing links, and CSS that manipulates the chat …

Jul 1, 2026
CVE-2026-57962
5.3 MEDIUM

A malicious LDAP server, which a Thunderbird user is configured to query for address-book autocomplete, can stash arbitrarily large amounts of attacker-supplied data into the …

Jul 1, 2026
CVE-2026-53488
8.8 HIGH

containerd is an open-source container runtime. In versions prior to 1.7.33, 2.3.2, 2.2.5, 2.1.9, and 2.0.10 the CRI plugin propagates labels from an image config …

Jul 1, 2026
CVE-2026-41579
3.3 LOW

runc is a CLI tool for spawning and running containers according to the OCI specification. In versions prior to 1.3.6, 1.4.0-rc.1, 1.4.0-rc.12, 1.5.0-rc.1, and 1.5.0-rc.1, …

Jul 1, 2026
CVE-2026-54903

Oj (Optimized JSON) is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2, Oj.load is vulnerable to heap …

Jul 1, 2026
CVE-2026-54902

Oj (Optimized JSON) is a JSON parser and Object marshaller packaged as a Ruby gem. Prior to version 3.17.2, is vulnerable to Use-After-Free when in …

Jul 1, 2026
CVE-2026-54901

Oj (Optimized JSON) is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2, Oj::Parser in usual mode does …

Jul 1, 2026
CVE-2026-54900

Oj (Optimized JSON) is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2, when in usual mode with …

Jul 1, 2026
CVE-2026-54899

Oj (Optimized JSON) is a JSON parser and Object marshaller packaged as a Ruby gem. Prior to version 3.17.2, disabling symbol_keys on a reused Oj::Parser …

Jul 1, 2026
CVE-2026-54898

Oj (Optimized JSON) is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2,Oj::Parser#parse is vulnerable to a heap …

Jul 1, 2026
CVE-2026-54897

Oj (Optimized JSON) is a JSON parser and Object marshaller packaged as a Ruby gem. Prior to 3.17.2, Oj::Doc iterators (each_value, each_child, each_leaf) were vulnerable …

Jul 1, 2026
CVE-2026-54896

Oj (Optimized JSON) is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2, when in object mode, Oj.dump …

Jul 1, 2026
CVE-2026-54592
7.5 HIGH

Oj (Optimized JSON) is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.3, Oj::Doc#each_child, when invoked recursively over …

Jul 1, 2026
CVE-2026-54502

Oj (Optimized JSON) is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2, Oj.dump is vulnerable to a …

Jul 1, 2026
CVE-2026-54500
5.3 MEDIUM

Oj (Optimized JSON) is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.3, Oj.load in :object mode reads …

Jul 1, 2026
CVE-2026-57995
8.8 HIGH

phpMyFAQ before 4.1.5 contains a privilege escalation vulnerability in GroupController::updatePermissions that allows GROUP_EDIT administrators to grant arbitrary rights to groups without verifying they hold those …

Jun 30, 2026
CVE-2026-56777
5.0 MEDIUM

n8n before 2.25.7 and 2.26.x before 2.26.2 contains an abstract syntax tree (AST) security validator bypass in the Python Code node. An authenticated user with …

Jun 30, 2026
CVE-2026-56700
9.8 CRITICAL

Grav CMS before 2.0.0-beta.2 contains multiple code-execution vulnerabilities. Three unsafe unserialize() calls - in Scheduler\JobQueue, Framework\Cache\Adapter\FileCache, and Session - deserialize untrusted data without restricting allowed …

Jun 30, 2026
CVE-2026-56415
10.0 CRITICAL

Storage Concentrator (SC & SCVM) contains a command injection vulnerability within the debug.pl script that is reachable without authentication. A remote attacker can submit a …

Jun 30, 2026
CVE-2026-56413
10.0 CRITICAL

Storage Concentrator (SC & SCVM) contains a command injection vulnerability in the ms_service.pl service, which listens on TCP port 9000 by default and accepts custom …

Jun 30, 2026
CVE-2026-56399
5.0 MEDIUM

Open WebUI before 0.6.27 contains a server-side request forgery vulnerability in the /api/v1/retrieval/process/web endpoint that allows authenticated users to bypass SSRF protections. Attackers can manipulate …

Jun 30, 2026
CVE-2026-56377
3.3 LOW

ImageMagick before 7.1.2-24 contains an incorrect policy check that allows attackers to create or truncate files disallowed by security policies. Remote attackers can bypass path …

Jun 30, 2026
CVE-2026-56369
3.7 LOW

ImageMagick before 7.1.2-22 contains an information disclosure vulnerability in the PasskeyEncipherImage method due to AES-CTR nonce reuse. Attackers can exploit nonce reuse in the cipher …

Jun 30, 2026
CVE-2026-56365
3.7 LOW

ImageMagick before 7.1.2-19 contains a memory leak vulnerability in the PNG encoder when writing MNG images. Attackers can trigger the encoder failure condition to exhaust …

Jun 30, 2026
CVE-2026-56364
1.9 LOW

ImageMagick before 7.1.2-13 contains a memory leak vulnerability in LoadOpenCLDeviceBenchmark() function when parsing malformed OpenCL device profile XML files with unclosed device elements. Attackers with …

Jun 30, 2026
CVE-2026-56363
3.3 LOW

ImageMagick before 7.1.2-22 contains a division by zero vulnerability in binomial kernel processing that allows attackers to cause denial of service. An attacker can supply …

Jun 30, 2026
CVE-2026-56361
3.3 LOW

ImageMagick before 7.1.2-19 contains an off-by-one error in morphology validation allowing out-of-bounds heap buffer reads. Attackers can trigger heap buffer overflow by providing incorrect morphology …

Jun 30, 2026
CVE-2026-56356
5.4 MEDIUM

n8n contains a stored cross-site scripting vulnerability in the Chat Trigger node's Custom CSS field due to a misconfiguration of the sanitize-html library. Affected releases …

Jun 30, 2026
CVE-2026-56350
6.3 MEDIUM

n8n before 2.8.0 contains an authentication bypass vulnerability allowing authenticated SSO users to disable SSO enforcement through the API. Attackers can create local password credentials …

Jun 30, 2026
CVE-2026-56334
4.3 MEDIUM

Capgo before 12.128.2 lacks an UPDATE row-level security policy for the build_requests table, preventing API-key and anonymous access from persisting builder status updates. Attackers can …

Jun 30, 2026
CVE-2026-56333
4.3 MEDIUM

Capgo before 12.128.2 contains a server-side validation bypass vulnerability in organization security settings that allows authenticated org admins to persist invalid security policy state. Attackers …

Jun 30, 2026
CVE-2026-56331
5.3 MEDIUM

Capgo before 12.128.2 contains improper error handling in the /private/accept_invitation endpoint that returns HTTP 500 instead of safe 4xx errors when magic_invite_string is invalid. Attackers …

Jun 30, 2026
CVE-2026-56328
6.5 MEDIUM

Capgo before 12.128.2 allows multiple public channels for the same app and platform to coexist simultaneously, while unnamed /updates requests without defaultChannel implicitly resolve to …

Jun 30, 2026
CVE-2026-56327
5.3 MEDIUM

Capgo before 12.128.2 contains an information disclosure vulnerability in the public.invite_user_to_org RPC function that allows unauthenticated attackers to enumerate organization existence by observing distinct error …

Jun 30, 2026
CVE-2026-56320
7.1 HIGH

Capgo before 12.128.2 contains an authorization flaw in POST /private/create_device that accepts a caller-supplied org_id parameter without validating it matches the target app's owner organization. …

Jun 30, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.