CVE Database

109287+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-9120
8.8 HIGH

Use after free in WebRTC in Google Chrome prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium …

May 20, 2026
CVE-2026-9119
8.8 HIGH

Heap buffer overflow in WebRTC in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code inside a sandbox via a …

May 20, 2026
CVE-2026-9118
8.8 HIGH

Use after free in XR in Google Chrome on Windows prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code via a crafted HTML …

May 20, 2026
CVE-2026-9117
7.5 HIGH

Type Confusion in GFX in Google Chrome on Linux, ChromeOS prior to 148.0.7778.179 allowed a remote attacker who had compromised the renderer process to potentially …

May 20, 2026
CVE-2026-9116
4.3 MEDIUM

Insufficient policy enforcement in ServiceWorker in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to leak cross-origin data via a crafted HTML page. …

May 20, 2026
CVE-2026-9115
4.3 MEDIUM

Insufficient policy enforcement in Service Worker in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to bypass same origin policy via a crafted …

May 20, 2026
CVE-2026-9114
8.8 HIGH

Use after free in QUIC in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code inside a sandbox via malicious …

May 20, 2026
CVE-2026-9113
4.3 MEDIUM

Out of bounds read in GPU in Google Chrome on Mac prior to 148.0.7778.179 allowed a remote attacker to perform an out of bounds memory …

May 20, 2026
CVE-2026-9112
8.8 HIGH

Use after free in GPU in Google Chrome on Windows prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code inside a sandbox via …

May 20, 2026
CVE-2026-9111
8.8 HIGH

Use after free in WebRTC in Google Chrome on Linux prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code via a crafted HTML …

May 20, 2026
CVE-2026-9110
4.2 MEDIUM

Inappropriate implementation in UI in Google Chrome on Windows prior to 148.0.7778.179 allowed a remote attacker who had compromised the renderer process to perform UI …

May 20, 2026
CVE-2026-9102

A path traversal vulnerability exists in the Altium Enterprise Server ComparisonService due to missing filename sanitization in the Gerber file upload APIs. A regular authenticated …

May 20, 2026
CVE-2026-9082
9.8 CRITICAL KEV

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Drupal Drupal core allows SQL Injection. This issue affects Drupal core: …

May 20, 2026
CVE-2026-47099
6.1 MEDIUM

TeleJSON prior to 6.0.0 contains a DOM-based cross-site scripting vulnerability in the parse() function that allows attackers to execute arbitrary JavaScript by delivering a crafted …

May 20, 2026
CVE-2026-45444
10.0 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in WP Swings Gift Cards For WooCommerce Pro allows Using Malicious Files. This issue affects Gift Cards …

May 20, 2026
CVE-2026-39850
7.4 HIGH

Yii 2 is a PHP application framework. Versions 2.0.54 and prior contain flawed logic in the core view rendering method View::renderPhpFile() that leads to Local …

May 20, 2026
CVE-2026-39405

Frappe Learning Management System (LMS) is a learning system that helps users structure their content. In versions 2.50.0 and below, a user with course editing …

May 20, 2026
CVE-2026-39352

Frappe is a full-stack web application framework. Versions prior to 15.105.0 and 16.15.0 contain a possible Arbitrary File Read vulnerability via Path Traversal. The issue …

May 20, 2026
CVE-2026-39311
6.8 MEDIUM

Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. Versions 0.102.1 and prior contain a critical security flaw …

May 20, 2026
CVE-2026-39310
8.6 HIGH

Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. In versions 0.102.1 and prior, the Clipper API in …

May 20, 2026
CVE-2026-35016
4.6 MEDIUM

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in search.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized …

May 20, 2026
CVE-2026-35015
4.6 MEDIUM

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in do_unit_mail.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized …

May 20, 2026
CVE-2026-35014
4.6 MEDIUM

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in routes_nm.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized …

May 20, 2026
CVE-2026-35013
4.6 MEDIUM

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in street_view.php that allows authenticated attackers to inject arbitrary JavaScript by passing unsanitized values …

May 20, 2026
CVE-2026-35012
4.6 MEDIUM

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in add_facnote.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized …

May 20, 2026
CVE-2026-35011
4.6 MEDIUM

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in opena.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized …

May 20, 2026
CVE-2026-35010
4.6 MEDIUM

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in patient_JF.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized …

May 20, 2026
CVE-2026-35009
4.6 MEDIUM

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in add_note.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized …

May 20, 2026
CVE-2026-35008
4.6 MEDIUM

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in single.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized …

May 20, 2026
CVE-2026-35007
4.6 MEDIUM

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in single_unit.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized …

May 20, 2026
CVE-2026-33137

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki Platform is a generic wiki platform. In …

May 20, 2026
CVE-2026-2813
4.7 MEDIUM

ArcGIS Server contains an input validation weakness in the login redirection workflow. An Authenticated attacker could exploit this issue by sending a specially crafted request, …

May 20, 2026
CVE-2026-2812
5.3 MEDIUM

ArcGIS Server contains an improper authentication vulnerability in an undocumented administrative endpoint. An unauthenticated attacker could exploit this issue by sending a crafted request to …

May 20, 2026
CVE-2026-26028
6.1 MEDIUM

CryptPad is an end-to-end encrypted collaborative office suite. In versions prior to 2026.2.0, the HTML sanitizer in Diffmarked.js can be bypassed due to incomplete attribute …

May 20, 2026
CVE-2026-24218
8.1 HIGH

NVIDIA DGX OS contains a vulnerability in the factory provisioning process, where the cloning of a base image causes identical SSH host keys to be …

May 20, 2026
CVE-2026-24217
8.8 HIGH

NVIDIA BioNeMo Core for Linux contains a vulnerability where a user could cause a path traversal by loading a malicious file. A successful exploit of …

May 20, 2026
CVE-2026-24216
7.8 HIGH

NVIDIA BioNemo for Linux contains a vulnerability where a user could cause a deserialization of untrusted data. A successful exploit of this vulnerability might lead …

May 20, 2026
CVE-2026-24188
8.2 HIGH

NVIDIA TensorRT contains a vulnerability where an attacker could cause an out-of-bounds write. A successful exploit of this vulnerability might lead to data tampering.

May 20, 2026
CVE-2026-23734

XWiki Platform is a generic wiki platform. Versions prior to 18.1.0-rc-1, 17.10.3, 17.4.9, and 16.10.17 allow access to read configuration files by using URLs such …

May 20, 2026
CVE-2026-30691
6.1 MEDIUM

Cross-Site Scripting (XSS) vulnerability in @cyntler/react-doc-viewer v1.17.1 allows remote attackers to execute arbitrary JavaScript via a crafted .txt file. The TXTRenderer component fails to sanitize …

May 20, 2026
CVE-2026-20240
6.5 MEDIUM

In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.11, and 9.3.12, and Splunk Cloud Platform versions below 10.4.2603.1, 10.3.2512.9, 10.2.2510.11, 10.1.2507.21, 10.0.2503.13, and 9.3.2411.129, a low-privileged …

May 20, 2026
CVE-2026-20239
7.5 HIGH

In Splunk Enterprise versions below 10.2.2 and 10.0.5, and Splunk Cloud Platform versions below 10.3.2512.8, 10.2.2510.11, 10.1.2507.21, and 10.0.2503.13, a user with a role that …

May 20, 2026
CVE-2026-20238
6.5 MEDIUM

In Splunk AI Toolkit versions below 5.7.3, a low-privileged user that does not hold the 'admin' or 'power' roles could access confidential data that was …

May 20, 2026
CVE-2026-9101
4.3 MEDIUM

Prototype pollution in csv parsing logic during import can lead to untrusted file paths (but not arguments) entering shell.openExternal after specific user behavior leading to …

May 20, 2026
CVE-2026-9100
5.9 MEDIUM

The MongoDB C Driver's legacy GridFS API accepts malformed file metadata from the database without adequate validation. Crafted documents in a GridFS collection may cause …

May 20, 2026
CVE-2026-9087
6.4 MEDIUM

A flaw was found in Keycloak. The cross-session verification proof is keyed only by (local userId, idpAlias) and is not bound to the upstream identity …

May 20, 2026
CVE-2026-7613
7.2 HIGH

The Cost of Goods by PixelYourSite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'csvdata[0][cost_of_goods_value]' parameter in versions up to, and including, …

May 20, 2026
CVE-2026-44926
8.8 HIGH

InfoScale CmdServer before 7.4.2 mishandles access control.

May 20, 2026
CVE-2026-44925
8.8 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in InfoScale v.9.1.3 Operations Manager (VIOM) allows an attacker to force the user with an active session into clicking a …

May 20, 2026
CVE-2026-44924
5.4 MEDIUM

InfoScale VIOM 9.1.3 allows XSS.

May 20, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.