CVE Database

109287+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-44390
5.3 MEDIUM

NLnet Labs Unbound up to and including version 1.25.0 has a vulnerability when handling replies with very large RRsets that Unbound needs to perform name …

May 20, 2026
CVE-2026-42960
10.0 CRITICAL

NLnet Labs Unbound up to and including version 1.25.0 is vulnerable to poisoning via promiscuous records for the authority section. Promiscuous RRSets that complement DNS …

May 20, 2026
CVE-2026-42959
7.5 HIGH

NLnet Labs Unbound up to and including version 1.25.0 has a denial of service vulnerability in the DNSSEC validator that can lead to a crash …

May 20, 2026
CVE-2026-42944
7.5 HIGH

NLnet Labs Unbound 1.14.0 up to and including version 1.25.0 has a vulnerability that results in heap overflow when encoding multiple NSID and/or DNS Cookie …

May 20, 2026
CVE-2026-42923
5.3 MEDIUM

NLnet Labs Unbound up to and including version 1.25.0 has a vulnerability in the DNSSEC validator where the code path to consult the negative cache …

May 20, 2026
CVE-2026-42534
5.3 MEDIUM

NLnet Labs Unbound up to and including version 1.25.0 has a vulnerability in the jostle logic that could defeat its purpose and degrade resolution performance. …

May 20, 2026
CVE-2026-41292
7.5 HIGH

NLnet Labs Unbound up to and including version 1.25.0 is vulnerable to a degradation of service attack related to parsing long lists of incoming EDNS …

May 20, 2026
CVE-2026-41054
7.8 HIGH

In `src/havegecmd.c`, the `socket_handler` function performs a credential check on the abstract UNIX socket (`\0/sys/entropy/haveged`). However, while it detects if the connecting user is not …

May 20, 2026
CVE-2026-40622
7.5 HIGH

NLnet Labs Unbound 1.16.2 up to and including version 1.25.0 has a vulnerability of the 'ghost domain names' family of attacks that could extend the …

May 20, 2026
CVE-2026-35070
6.4 MEDIUM

Dell SmartFabric Storage Software, versions prior to 1.4.5, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A high privileged …

May 20, 2026
CVE-2026-33278
9.8 CRITICAL

NLnet Labs Unbound 1.19.1 up to and including version 1.25.0 has a vulnerability in the DNSSEC validator that enables denial of service and possible remote …

May 20, 2026
CVE-2026-32792
5.3 MEDIUM

NLnet Labs Unbound 1.6.2 up to and including version 1.25.0 has a denial of service vulnerability when compiled with DNSCrypt support ('--enable-dnscrypt'). A bad DNSCrypt …

May 20, 2026
CVE-2026-9065

SureCart version prior to 4.2.1 are vulnerable to authenticated SQL injection via multiple parameters ('model_name', 'model_id', 'integration_id', 'provider') on the REST API endpoint '/surecart/v1/integrations/{id}'. The …

May 20, 2026
CVE-2026-9059

NextGEN Gallery version prior to 4.2.1 are vulnerable to authenticated SQL injection via the 'orderby' parameter on the REST API endpoints '/imagely/v1/galleries' and '/imagely/v1/albums'. The …

May 20, 2026
CVE-2026-6405
4.3 MEDIUM

The Anomify AI – Anomaly Detection and Alerting plugin for WordPress is vulnerable to Cross-Site Request Forgery (CSRF) leading to Stored Cross-Site Scripting (XSS) in …

May 20, 2026
CVE-2026-5200
8.8 HIGH

The AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress plugin for WordPress is vulnerable to Missing Authorization in versions up to, …

May 20, 2026
CVE-2026-7385
5.8 MEDIUM

The Decent Comments WordPress plugin before 3.0.2 does not restrict access to comment author email addresses and post author email addresses via its REST API …

May 20, 2026
CVE-2026-6566
4.3 MEDIUM

The Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to and …

May 20, 2026
CVE-2026-5776
6.1 MEDIUM

The Email Encoder WordPress plugin before 2.4.7 does not escape email addresses retrieved via user input, allowing unauthenticated attackers to perform Stored XSS attacks

May 20, 2026
CVE-2026-47784
8.1 HIGH

In memcached before 1.6.42, password data for SASL password database authentication has a timing side channel because memcmp is used by sasl_server_userdb_checkpass.

May 20, 2026
CVE-2026-47783
8.1 HIGH

In memcached before 1.6.42, username data for SASL password database authentication has a timing side channel because a loop exits as soon as a valid …

May 20, 2026
CVE-2026-44392
4.3 MEDIUM

Missing authorization vulnerability exists in Movable Type. Under certain conditions, when a user without administrator privileges signs in to the product, unintended update processing may …

May 20, 2026
CVE-2026-2955
6.4 MEDIUM

The AI Chatbot & Workflow Automation by AIWU plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'X-Forwarded-For' header in versions up to, …

May 20, 2026
CVE-2026-9057
8.2 HIGH

A broken access control issue has been identified in the Talend Administration Center, that allows a user with “View” permission to modify the Talend Studio …

May 20, 2026
CVE-2026-9056
5.4 MEDIUM

A stored cross-site scripting vulnerability has been found in the Talend Administration Center. An attacker with permission to manage servers can store a XSS payload …

May 20, 2026
CVE-2026-7522
8.8 HIGH

The Advanced Database Cleaner – Premium plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 4.1.0 via the 'template' …

May 20, 2026
CVE-2026-5075
4.3 MEDIUM

The All in One SEO plugin for WordPress is vulnerable to Sensitive Information Exposure via 'internalOptions' localized script data in versions up to, and including, …

May 20, 2026
CVE-2026-9010
7.5 HIGH

The Boost plugin for WordPress is vulnerable to time-based SQL Injection via the 'current_url' and 'user_name' parameters in versions up to, and including, 2.0.3 due …

May 20, 2026
CVE-2026-9003
7.5 HIGH

E-LAN Hybrid Recording System developed by TONNET has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents.

May 20, 2026
CVE-2026-7637
9.8 CRITICAL

The Boost plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.0.3 via deserialization of untrusted input in the …

May 20, 2026
CVE-2026-7460

mailcow-dockerized contains a stored cross-site scripting vulnerability in the administrator Queue Manager. The Queue Manager fetches mail queue entries from /api/v1/get/mailq/all, copies server-controlled Postfix queue …

May 20, 2026
CVE-2026-24215
5.7 MEDIUM

NVIDIA Triton Inference Server contains a vulnerability in the DALI backend, where an attacker could cause uncontrolled resource consumption. A successful exploit of this vulnerability …

May 20, 2026
CVE-2026-24214
8.0 HIGH

NVIDIA Triton Inference Server contains a vulnerability in the DALI backend where an attacker could cause an integer overflow. A successful exploit of this vulnerability …

May 20, 2026
CVE-2026-24213
8.0 HIGH

NVIDIA Triton Inference Server contains a vulnerability in the DALI backend where an attacker could cause an out-of-bounds read. A successful exploit of this vulnerability …

May 20, 2026
CVE-2026-24210
7.5 HIGH

NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause an integer overflow. A successful exploit of this vulnerability might lead to denial …

May 20, 2026
CVE-2026-24209
7.5 HIGH

NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a path traversal issue. A successful exploit of this vulnerability might lead to …

May 20, 2026
CVE-2026-24208
5.3 MEDIUM

NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a path traversal issue. A successful exploit of this vulnerability might lead to …

May 20, 2026
CVE-2026-24207
9.8 CRITICAL

NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause an authentication bypass. A successful exploit of this vulnerability might lead to code …

May 20, 2026
CVE-2026-24206
7.3 HIGH

NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause an authentication bypass. A successful exploit of this vulnerability might lead to escalation …

May 20, 2026
CVE-2026-24163
7.5 HIGH

NVIDIA TRT-LLM for any platform contains a vulnerability in RPC testing, where an attacker could cause an unsafe deserialization. A successful exploit of this vulnerability …

May 20, 2026
CVE-2026-24160
5.5 MEDIUM

NVIDIA TRT-LLM for any platform contains a vulnerability where an attacker could cause an unchecked return value to a null pointer dereference. A successful exploit …

May 20, 2026
CVE-2026-24142
6.3 MEDIUM

NVIDIA TRT-LLM for any platform contains a deserialization vulnerability and unsafe serialized handle. A successful exploit of this vulnerability might lead to code execution, data …

May 20, 2026
CVE-2025-33255
7.5 HIGH

NVIDIA TRT-LLM for any platform contains a vulnerability in MPI server, where an attacker could cause an unsafe deserialization. A successful exploit of this vulnerability …

May 20, 2026
CVE-2025-15369
5.3 MEDIUM

The Xpro Addons — 140+ Widgets for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on …

May 20, 2026
CVE-2026-8685
6.5 MEDIUM

The Infility Global plugin for WordPress is vulnerable to SQL Injection via the 'orderby' and 'order' parameters in all versions up to, and including, 2.15.16. …

May 20, 2026
CVE-2026-8627
6.1 MEDIUM

The Correct Prices plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $_SERVER['PHP_SELF'] variable in versions up to and including 1.0. This is …

May 20, 2026
CVE-2026-8626
6.1 MEDIUM

The SponsorMe plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PHP_SELF Parameter in all versions up to, and including, 0.5.2 due to insufficient …

May 20, 2026
CVE-2026-8624
6.1 MEDIUM

The LJ comments import: reloaded plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PHP_SELF Parameter in all versions up to, and including, 0.97.1 …

May 20, 2026
CVE-2026-8610
4.3 MEDIUM

The TypeSquare Webfonts for ConoHa plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.0.4. This is due to …

May 20, 2026
CVE-2026-8424
4.3 MEDIUM

The Remove Yellow BGBOX plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to …

May 20, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.