CVE Database

109287+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-44923
6.5 MEDIUM

SQL injection in InfoScale VIOM before v9.1.3 allows remote attackers to escalate privileges.

May 20, 2026
CVE-2026-20223
10.0 CRITICAL

A vulnerability in the access validation of internal REST APIs of Cisco Secure Workload could allow an unauthenticated, remote attacker to access site resources with the …

May 20, 2026
CVE-2026-20206
6.3 MEDIUM

A vulnerability in the BrowserBot component of Cisco ThousandEyes Enterprise Agent could have allowed an authenticated, remote attacker to execute arbitrary commands on Agents on …

May 20, 2026
CVE-2026-20199
4.7 MEDIUM

A vulnerability in the SSL certificate handling of Cisco ThousandEyes Virtual Appliance could allow an authenticated, remote attacker to execute commands on the underlying operating …

May 20, 2026
CVE-2026-20171
6.8 MEDIUM

A vulnerability in the Border Gateway Protocol (BGP) enforce-first-as feature of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could …

May 20, 2026
CVE-2026-9084

MISP’s OIDC authentication plugin allowed automatic linking of an OIDC identity to an existing local user account based on the email claim when the local …

May 20, 2026
CVE-2026-8598
9.1 CRITICAL

An undocumented configuration export port is accessible on some models of ZKTeco CCTV cameras. This port does not require authentication and exposes critical information about …

May 20, 2026
CVE-2026-8488
4.3 MEDIUM

Allocation of resources without limits or throttling vulnerability in Progress Software MOVEit Automation allows Excessive Allocation. This issue affects MOVEit Automation: before 2025.0.11, from 2025.1.0 …

May 20, 2026
CVE-2026-8487
6.5 MEDIUM

Incorrect default permissions vulnerability in Progress Software MOVEit Automation allows Retrieve Embedded Sensitive Data. This issue affects MOVEit Automation: before 2025.0.11, from 2025.1.0 before 2025.1.7.

May 20, 2026
CVE-2026-8486
5.3 MEDIUM

Allocation of resources without limits or throttling vulnerability in Progress Software MOVEit Automation allows Flooding. This issue affects MOVEit Automation: before 2025.0.11, from 2025.1.0 before …

May 20, 2026
CVE-2026-5783
7.6 HIGH

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Beyaz Computer Software Design Industry and Trade Ltd. Co. CityPLus allows Reflected XSS. …

May 20, 2026
CVE-2026-4293
5.3 MEDIUM

The affected Kieback & Peter DDC building controllers are vulnerable to cross-site scripting, enabling JavaScript to be executed by the victim's browser, which allows the …

May 20, 2026
CVE-2026-39047
7.5 HIGH

Buffer Overflow vulnerability in EPSON L14150 FL27PB allows a remote attacker to execute arbitrary code via the RAW Printing Service (JetDirect) on TCP port 9100

May 20, 2026
CVE-2025-32750
7.5 HIGH

Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Exposure of Information Through Directory Listing vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, …

May 20, 2026
CVE-2023-7346
4.0 MEDIUM

Ledger Bitcoin app versions 2.1.0 and 2.1.1 contain an address derivation vulnerability that allows attackers to cause incorrect Bitcoin addresses to be displayed by exploiting …

May 20, 2026
CVE-2026-8485
5.9 MEDIUM

Uncontrolled Memory Allocation vulnerability in Progress Software MOVEit Automation allows Excessive Allocation. This issue affects MOVEit Automation: before 2025.0.11, from 2025.1.0 before 2025.1.7.

May 20, 2026
CVE-2026-8469

Allocation of Resources Without Limits or Throttling vulnerability in phenixdigital phoenix_storybook allows unauthenticated denial-of-service via BEAM atom table exhaustion. Multiple LiveView event handlers convert user-supplied …

May 20, 2026
CVE-2026-8467

Code Injection vulnerability in phenixdigital phoenix_storybook allows unauthenticated remote code execution via unsanitized attribute value interpolation in HEEx template generation. The psb-assign WebSocket event handler …

May 20, 2026
CVE-2026-47068

Authorization Bypass Through User-Controlled Key vulnerability in phenixdigital phoenix_storybook allows cross-session PubSub topic injection via a URL query parameter. 'Elixir.PhoenixStorybook.Story.ComponentIframeLive':handle_params/3 in lib/phoenix_storybook/live/story/component_iframe_live.ex reads a PubSub …

May 20, 2026
CVE-2026-24425
8.8 HIGH

Twig versions 2.16.x and 3.9.0 through 3.25.x contain a sandbox bypass vulnerability when using a SourcePolicyInterface that allows attackers with template rendering capabilities to pass …

May 20, 2026
CVE-2026-22554
7.8 HIGH

MediaArea MediaInfoLib Channel Splitting heap-based buffer overflow vulnerability

May 20, 2026
CVE-2026-21836
6.5 MEDIUM

The HCL DominoIQ RAG feature is affected by a Broken Access Control vulnerability. Under certain circumstances, document level access restrictions will be ignored when determining …

May 20, 2026
CVE-2026-5950
5.3 MEDIUM

An unbounded resend loop vulnerability exists in the BIND 9 resolver state machine during bad-server handling, enabling a remote unauthenticated attacker to cause severe resource …

May 20, 2026
CVE-2026-5947
7.5 HIGH

Undefined behavior may result due to a race condition leading to a use-after-free violation. If BIND receives an incoming DNS message signed with SIG(0), it …

May 20, 2026
CVE-2026-5946
7.5 HIGH

Multiple flaws have been identified in `named` related to the handling of DNS messages whose CLASS is not Internet (`IN`) — for example, `CHAOS` or …

May 20, 2026
CVE-2026-45584
8.1 HIGH

Heap-based buffer overflow in Microsoft Defender allows an unauthorized attacker to execute code over a network.

May 20, 2026
CVE-2026-45498
4.0 MEDIUM KEV

Microsoft Defender Denial of Service Vulnerability

May 20, 2026
CVE-2026-45443
5.0 MEDIUM

Missing Authorization vulnerability in ADD-ONS.ORG PDF for Elementor Forms + Drag And Drop Template Builder allows Exploiting Incorrectly Configured Access Control Security Levels. This issue …

May 20, 2026
CVE-2026-42834
7.8 HIGH

Improper link resolution before file access ('link following') in Azure Portal Windows Admin Center allows an authorized attacker to elevate privileges locally.

May 20, 2026
CVE-2026-42383
7.6 HIGH

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YITH YITH WooCommerce Product Add-Ons allows Blind SQL Injection. This issue …

May 20, 2026
CVE-2026-41091
7.8 HIGH KEV

Improper link resolution before file access ('link following') in Microsoft Defender allows an authorized attacker to elevate privileges locally.

May 20, 2026
CVE-2026-3593
7.4 HIGH

A use-after-free vulnerability exists within the DNS-over-HTTPS implementation. This issue affects BIND 9 versions 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, and 9.20.9-S1 through 9.20.22-S1. BIND …

May 20, 2026
CVE-2026-3592
5.3 MEDIUM

BIND resolvers are vulnerable to an amplified resource consumption/exhaustion attack. If a victim resolver makes a query to a specially crafted zone, the resolver will …

May 20, 2026
CVE-2026-3039
7.5 HIGH

BIND servers that are configured to use TKEY-based authentication via GSS-API tokens are vulnerable to excessive memory consumption when receiving and processing maliciously-constructed packets. Typically …

May 20, 2026
CVE-2026-29518
7.0 HIGH

Rsync versions before 3.4.3 contain a time-of-check to time-of-use (TOCTOU) race condition in daemon file handling that allows attackers to redirect file writes outside intended …

May 20, 2026
CVE-2026-27424
4.3 MEDIUM

Missing Authorization vulnerability in WP Chill Image Photo Gallery Final Tiles Grid allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Image Photo …

May 20, 2026
CVE-2026-27405
6.5 MEDIUM

Missing Authorization vulnerability in Magepeople inc. WpBookingly allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WpBookingly: from n/a through 1.2.9.

May 20, 2026
CVE-2026-24573
6.5 MEDIUM

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeisle Visualizer allows Stored XSS. This issue affects Visualizer: from n/a before 4.0.0.

May 20, 2026
CVE-2025-11954
8.0 HIGH

Cross-Site request forgery (CSRF) vulnerability in Sitemio Information Technologies Trade Ltd. Co. WISECP allows Cross Site Request Forgery. This issue affects WISECP: through 20022026. NOTE: …

May 20, 2026
CVE-2025-31985
3.7 LOW

HCL BigFix Service Management (SM) is affected by a security misconfiguration due to a missing or insecure “X-Content-Type-Options” header. This could allow browsers to perform …

May 20, 2026
CVE-2025-31973
4.0 MEDIUM

HCL BigFix Service Management (SM) is susceptible to a Configuration – 'Insecure Use of Base Image Version'. Using outdated or insecure base images may introduce …

May 20, 2026
CVE-2026-25602
4.4 MEDIUM

Insufficient Verification of Data Authenticity vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component makes it possible to send messages to any email …

May 20, 2026
CVE-2026-22315
7.2 HIGH

Incorrect Privilege Assignment vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component enables the export of user data, including cleartext passwords, via the …

May 20, 2026
CVE-2026-22314
9.0 CRITICAL

Improper Control of Generation of Code ('Code Injection') vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component enables code execution on other users' …

May 20, 2026
CVE-2026-0857
6.0 MEDIUM

Cleartext Storage of Sensitive Information in Memory vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component. This issue affects Meona Client Launcher Component: …

May 20, 2026
CVE-2026-0856
7.8 HIGH

Improper Access Control vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component enables a normal user gaining access to the admin panel. This …

May 20, 2026
CVE-2026-9064
7.5 HIGH

A flaw was found in 389-ds-base. The get_ldapmessage_controls_ext() function in the LDAP server does not enforce an upper bound on the number of controls per …

May 20, 2026
CVE-2026-6728
5.3 MEDIUM

The Slider Revolution plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 7.0.9 via the 'get_stream_data()' function. This makes …

May 20, 2026
CVE-2026-44933
7.8 HIGH

`PluginScript` attempts to `chroot` the plugin to the `repoManagerRoot`, this root is frequently `/` (the system root) in standard configurations or when using `--root`. If …

May 20, 2026
CVE-2026-44608
5.9 MEDIUM

NLnet Labs Unbound 1.14.0 up to and including version 1.25.0 has a locking inconsistency vulnerability that when certain conditions are met (multi-threaded, RPZ XFR reload, …

May 20, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.