CVE Database

109287+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-44408
6.3 MEDIUM

There is an unauthorized access vulnerability in ZTE MU5250. Due to improper permission control of the Web interface, an unauthorized attacker can modify configuration through …

May 19, 2026
CVE-2026-8922
5.4 MEDIUM

A flaw was found in Keycloak. When both realm-level and client-level `notBefore` revocation policies are configured, Keycloak's OpenID Connect (OIDC) Introspection feature fails to properly …

May 19, 2026
CVE-2026-4885
9.8 CRITICAL

The Piotnet Addons for Elementor Pro plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the 'pafe_ajax_form_builder' function …

May 19, 2026
CVE-2026-47317
5.5 MEDIUM

Uncontrolled Recursion vulnerability in Samsung Open Source Escargot allows Excessive Allocation. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3.

May 19, 2026
CVE-2026-47316
5.5 MEDIUM

Improper Check or Handling of Exceptional Conditions vulnerability in Samsung Open Source Escargot allows Input Data Manipulation. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3.

May 19, 2026
CVE-2026-47315
5.5 MEDIUM

Improper Check for Unusual or Exceptional Conditions vulnerability in Samsung Open Source Escargot allows Input Data Manipulation. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3.

May 19, 2026
CVE-2026-47314
7.8 HIGH

Out-of-bounds write vulnerability in Samsung Open Source Escargot allows Overflow Buffers. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3.

May 19, 2026
CVE-2026-47313
5.5 MEDIUM

Memory allocation with excessive size value vulnerability in Samsung Open Source Escargot allows Excessive Allocation. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3.

May 19, 2026
CVE-2026-47312
5.5 MEDIUM

Release of invalid pointer or reference vulnerability in Samsung Open Source Escargot allows Buffer Manipulation. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3.

May 19, 2026
CVE-2026-8830
4.3 MEDIUM

A flaw was found in Keycloak. An authenticated user can bypass configured WebAuthn policies during credential registration by manipulating client-side JavaScript. This occurs because the …

May 19, 2026
CVE-2026-8814
5.3 MEDIUM

Versions of the package exifreader before 4.39.0 are vulnerable to Improper Handling of Highly Compressed Data (Data Amplification) due to decompressing PNG zTXt metadata without …

May 19, 2026
CVE-2026-8813
7.5 HIGH

This affects versions of the package exifreader before 4.39.0. A crafted image containing an ICC mluc tag can set an attacker-controlled record count together with …

May 19, 2026
CVE-2026-47311
7.8 HIGH

Heap-based buffer overflow vulnerability in Samsung Open Source Escargot allows Overflow Buffers. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3.

May 19, 2026
CVE-2026-47310
7.8 HIGH

Use after free vulnerability in Samsung Open Source Escargot allows Pointer Manipulation. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3.

May 19, 2026
CVE-2026-47309
5.5 MEDIUM

Uncontrolled Recursion vulnerability in Samsung Open Source Escargot allows Oversized Serialized Data Payloads. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3.

May 19, 2026
CVE-2025-15609
7.5 HIGH

The Fortis for WooCommerce WordPress plugin before 1.3.1 may leak sensitive API keys to unauthenticated attackers, allowing them to query Fortis' API and retrieve sensitive …

May 19, 2026
CVE-2026-47308
5.5 MEDIUM

NULL pointer dereference vulnerability in Samsung Open Source Walrus allows Pointer Manipulation. This issue affects Walrus: f339b8ee4ea701772e8ae640b3d1b12ac02b1ae9.

May 19, 2026
CVE-2026-32994
5.3 MEDIUM

The /api/v1/autotranslate.translateMessage endpoint in versions <8.5.0, <8.4.2, <8.3.4, <8.2.4, <8.1.5, <8.0.6, <7.13.8, and <7.10.12 allows any authenticated user to retrieve the full content of any …

May 19, 2026
CVE-2026-47307
5.5 MEDIUM

NULL pointer dereference vulnerability in Samsung Open Source Walrus allows an attacker to cause a denial of service via a crafted WebAssembly module containing deeply …

May 19, 2026
CVE-2026-33565
3.3 LOW

in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS.

May 19, 2026
CVE-2026-28751
3.3 LOW

in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS.

May 19, 2026
CVE-2026-28733
6.5 MEDIUM

in OpenHarmony v6.0 and prior versions allow a local attacker arbitrary code execution.

May 19, 2026
CVE-2026-27781
3.3 LOW

in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS.

May 19, 2026
CVE-2026-27766
5.5 MEDIUM

in OpenHarmony v6.0 and prior versions allow a local attacker cause information leak.

May 19, 2026
CVE-2026-27648
8.8 HIGH

in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps.

May 19, 2026
CVE-2026-25850
5.5 MEDIUM

in OpenHarmony v6.0 and prior versions allow a local attacker cause information leak

May 19, 2026
CVE-2026-25781
8.4 HIGH

in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS and it cannot be recovered.

May 19, 2026
CVE-2026-25110
3.3 LOW

in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS.

May 19, 2026
CVE-2026-24792
8.1 HIGH

in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps.

May 19, 2026
CVE-2026-22069
7.3 HIGH

A local privilege escalation vulnerability exists in O+ Connect because it fails to validate the identity of the caller on the pipe interface.

May 19, 2026
CVE-2026-33514

Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1, an authenticated user on a Discourse instance with the form …

May 19, 2026
CVE-2026-33234
5.0 MEDIUM

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. In versions 0.1.0 through 0.6.51, SendEmailBlock in autogpt_platform/backend/backend/blocks/email_block.py accepts a …

May 19, 2026
CVE-2026-33233
7.6 HIGH

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. In versions 0.6.34 through 0.6.51, the backend deserializes Redis cache …

May 19, 2026
CVE-2026-33232
7.5 HIGH

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Versions 0.4.2 through 0.6.51 are vulnerable to an unauthenticated Denial …

May 19, 2026
CVE-2026-33052

Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions 2.28.0 and 2.28.1 allow a low-privileged authenticated user assigned the "add_profile_threshold" permission to create …

May 19, 2026
CVE-2026-32323
7.3 HIGH

Mullvad VPN is a VPN client app for desktop and mobile. When using macOS with versions 2026.1 and below, Mullvad VPN may allow local privilege …

May 19, 2026
CVE-2026-32312
4.3 MEDIUM

GLPI is a free asset and IT management software package. In versions 11.0.0 through 11.0.6, an authenticated user with forms READ permission can export the …

May 19, 2026
CVE-2026-32244
5.3 MEDIUM

Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1, outdated cached AI summaries can leak removed content to anonymous …

May 19, 2026
CVE-2026-30950
7.1 HIGH

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Versions 0.6.36 through 0.6.50 are vulnerable to Authenticated Session Hijacking …

May 18, 2026
CVE-2026-27964
3.9 LOW

FacturaScripts is an open source accounting and invoicing software. Versions 2025.7 and prior contain a Reflected Cross-Site Scripting (XSS) vulnerability through the fsNick cookie parameter. …

May 18, 2026
CVE-2026-27892
6.5 MEDIUM

FacturaScripts is an open source accounting and invoicing software. In versions prior to 2026, the Library module stores and serves uploaded images byte-for-byte, without stripping …

May 18, 2026
CVE-2026-27891
7.2 HIGH

FacturaScripts is an open source accounting and invoicing software. Versions 2026 and below contain a critical vulnerability in the Plugins::add() function. The system fails to …

May 18, 2026
CVE-2026-27737
6.5 MEDIUM

BigBlueButton is an open-source virtual classroom. In versions prior to 3.0.19, the recording playback (presentation format) was not sanitizing user's input in public chat. This …

May 18, 2026
CVE-2026-8851
8.1 HIGH

SOGo versions 5.12.7 and prior contains a SQL injection vulnerability in the Access Control List management functionality that allows authenticated users to extract arbitrary data …

May 18, 2026
CVE-2026-8838
9.8 CRITICAL

Unsafe use of Python's eval() on server-received data in the vector_in() function in amazon-redshift-python-driver before 2.1.14 allows a rogue server or man-in-the-middle actor to execute …

May 18, 2026
CVE-2026-4137
7.0 HIGH

In mlflow/mlflow versions prior to 3.11.0, the `get_or_create_nfs_tmp_dir()` function in `mlflow/utils/file_utils.py` creates temporary directories with world-writable permissions (0o777), and the `_create_model_downloading_tmp_dir()` function in `mlflow/pyfunc/__init__.py` creates …

May 18, 2026
CVE-2026-27130
9.9 CRITICAL

Dokploy is a free, self-hostable Platform as a Service (PaaS). Versions 0.26.6 and below have OS command injection through the appName parameter. 3 chained issues …

May 18, 2026
CVE-2026-26978

FreePBX is an open source IP PBX. In versions below 16.0.71 and 17.0.6, the backup module does not properly sanitize data during restore operations, potentially …

May 18, 2026
CVE-2026-25244
9.8 CRITICAL

WebdriverIO is a test automation framework for unit, e2e and component testing using WebDriver, WebDriver BiDi and Appium. Versions below 9.24.0 contain a command injection …

May 18, 2026
CVE-2026-22810
8.2 HIGH

Joplin is an open source note-taking and to-do application that organises notes and lists into notebooks. Versions prior to 3.5.7 contain a path traversal vulnerability …

May 18, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.