CVE Database

109287+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-30117
9.8 CRITICAL

scalar/astro v0.1.13 was discovered to contain an arbitrary file upload vulnerability in the the scalar_url query parameter of the Scalar Proxy endpoint. This vulnerability allows …

May 19, 2026
CVE-2026-8711
8.1 HIGH

NGINX JavaScript has a vulnerability when the js_fetch_proxy directive is configured with at least one client-controlled NGINX variable (for example, $http_*, $arg_*, $cookie_*) and a …

May 19, 2026
CVE-2026-47100
7.5 HIGH

Funnel Builder for WooCommerce Checkout prior to 3.15.0.3 contains a missing authorization vulnerability in the public checkout endpoint that allows unauthenticated attackers to invoke internal …

May 19, 2026
CVE-2026-45557
5.8 MEDIUM

Technitium DNS Server aggressively tries to fetch missing RRSIG records or mismatched DNSKEY records. An attacker in control of a domain can cause a vulnerable …

May 19, 2026
CVE-2026-44159
9.8 CRITICAL

Tyler Identity Local (TID-L) uses documented, default administrative credentials. Users are not required to change the credentials before deployment. TID-L has not been distributed since …

May 19, 2026
CVE-2026-43634
7.5 HIGH

HestiaCP versions 1.2.0 through 1.9.4 contain an IP spoofing vulnerability that allows unauthenticated remote attackers to bypass authentication security controls by supplying an arbitrary IP …

May 19, 2026
CVE-2026-34883
5.3 MEDIUM

An issue was discovered in the Portrait Dell Color Management application before 3.7.0 for Dell monitors. On Windows, a symbolic link vulnerability allows a local …

May 19, 2026
CVE-2026-2587
9.6 CRITICAL

A critical Remote Code Execution (RCE) vulnerability was identified in the server-side template rendering mechanism used by the Glassfish gadget handler. The application processes .xml …

May 19, 2026
CVE-2026-2586
9.1 CRITICAL

An authenticated Remote Code Execution (RCE) vulnerability was identified in GlassFish's Administration Console. A user with access to the panel can send crafted requests that …

May 19, 2026
CVE-2025-70950
7.3 HIGH

An issue in gohttp commit 34ea51 allows attackers to execute a directory traversal via supplying a crafted request.

May 19, 2026
CVE-2025-51427
7.3 HIGH

An issue was discovered in ModelScope 1.25.0 allowing attackers to execute arbitrary code via crafted module listed in the configuration file (dey_mini.yaml) under the key …

May 19, 2026
CVE-2026-8975
8.8 HIGH

Memory safety bugs present in Thunderbird 140.10 and Thunderbird 150. Some of these bugs showed evidence of memory corruption and we presume that with enough …

May 19, 2026
CVE-2026-8974
8.8 HIGH

Memory safety bugs present in Thunderbird 140.10 and Thunderbird 150. Some of these bugs showed evidence of memory corruption and we presume that with enough …

May 19, 2026
CVE-2026-8973
8.8 HIGH

Memory safety bugs present in Thunderbird 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of …

May 19, 2026
CVE-2026-8972
8.8 HIGH

Privilege escalation in the WebRTC: Audio/Video component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.

May 19, 2026
CVE-2026-8971
6.5 MEDIUM

Same-origin policy bypass in the Networking: JAR component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.

May 19, 2026
CVE-2026-8970
8.8 HIGH

Privilege escalation in the Security component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.

May 19, 2026
CVE-2026-8969
8.1 HIGH

Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.

May 19, 2026
CVE-2026-8968
7.5 HIGH

Denial-of-service due to invalid pointer in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird …

May 19, 2026
CVE-2026-8967
7.5 HIGH

Information disclosure in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.

May 19, 2026
CVE-2026-8966
7.5 HIGH

Information disclosure in the IP Protection component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.

May 19, 2026
CVE-2026-8965
7.5 HIGH

Information disclosure in the DOM: Security component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.

May 19, 2026
CVE-2026-8964
7.5 HIGH

Spoofing issue in the Popup Blocker component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.

May 19, 2026
CVE-2026-8963
7.5 HIGH

Spoofing issue in the Web Speech component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.

May 19, 2026
CVE-2026-8962
8.1 HIGH

Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.

May 19, 2026
CVE-2026-8961
6.5 MEDIUM

Spoofing issue in the Form Autofill component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.

May 19, 2026
CVE-2026-8960
7.5 HIGH

Spoofing issue in WebExtensions. This vulnerability was fixed in Firefox 151 and Thunderbird 151.

May 19, 2026
CVE-2026-8959
9.6 CRITICAL

Sandbox escape due to incorrect boundary conditions in the Widget: Win32 component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and …

May 19, 2026
CVE-2026-8958
8.6 HIGH

Information disclosure, sandbox escape in the Security: Process Sandboxing component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.

May 19, 2026
CVE-2026-8957
8.8 HIGH

Privilege escalation in the Enterprise Policies component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.

May 19, 2026
CVE-2026-8956
9.8 CRITICAL

Integer overflow in the Networking: JAR component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.

May 19, 2026
CVE-2026-8955
8.8 HIGH

Privilege escalation in the DOM: Workers component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.

May 19, 2026
CVE-2026-8954
7.5 HIGH

Incorrect boundary conditions, integer overflow in the Audio/Video component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.

May 19, 2026
CVE-2026-8953
9.6 CRITICAL

Sandbox escape due to use-after-free in the Disability Access APIs component. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird …

May 19, 2026
CVE-2026-8952
8.8 HIGH

Privilege escalation in the Application Update component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.

May 19, 2026
CVE-2026-8951
6.5 MEDIUM

Spoofing issue in the Toolbar component in Firefox for Android. This vulnerability was fixed in Firefox 151.

May 19, 2026
CVE-2026-8950
9.3 CRITICAL

Same-origin policy bypass in the Networking: HTTP component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.

May 19, 2026
CVE-2026-8949
7.5 HIGH

Integer overflow in the Widget: Win32 component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.

May 19, 2026
CVE-2026-8948
9.1 CRITICAL

Same-origin policy bypass in the DOM: Networking component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.

May 19, 2026
CVE-2026-8947
7.3 HIGH

Use-after-free in the DOM: Bindings (WebIDL) component. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.

May 19, 2026
CVE-2026-8946
7.5 HIGH

Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird 151, and …

May 19, 2026
CVE-2026-8945
7.5 HIGH

Sandbox escape in Firefox and Firefox Focus for Android. This vulnerability was fixed in Firefox 151.

May 19, 2026
CVE-2026-6354

Rejected reason: Voluntarily withdrawn

May 19, 2026
CVE-2026-47323
9.8 CRITICAL

Camel-CXF and Camel-Knative Message Header Injection via Missing Inbound Filtering The CXF and Knative HeaderFilterStrategy implementations (CxfRsHeaderFilterStrategy in camel-cxf-rest, CxfHeaderFilterStrategy in camel-cxf-transport, and KnativeHttpHeaderFilterStrategy in …

May 19, 2026
CVE-2026-43633
10.0 CRITICAL

HestiaCP versions 1.9.0 through 1.9.4 contain a deserialization vulnerability in the web terminal component caused by a session format mismatch between PHP and Node.js that …

May 19, 2026
CVE-2026-42100

Improper Handling of Syntactically Invalid Structure in Sparx Pro Cloud Server allows Denial of Service (DoS) attack to be executed by sending an specially crafted …

May 19, 2026
CVE-2026-42099

Sparx Pro Cloud Server is vulnerable to a Race Condition in the /data_api/dl_internal_artifact.php endpoint. The application downloads the properties of the object pointed by guid …

May 19, 2026
CVE-2026-42098

Sparx Enterprise Architect software has a security feature that limits user's actions to those specified in the role. An authenticated attacker can modify the Enterprise …

May 19, 2026
CVE-2026-42097

Sparx Pro Cloud Server requires authentication based on requested URL. An attacker can omit the "model" query parameter and send the model name only in …

May 19, 2026
CVE-2026-42096

Sparx Pro Cloud Server is vulnerable to Broken Access Control within communication with the database. Due to lack of permission checks, any low privileged user …

May 19, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.