CVE Database

108042+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-56318
5.3 MEDIUM

Capgo before 12.128.2 contains an information disclosure vulnerability in the /private/validate_password_compliance endpoint that returns different error responses for malformed, non-existent, and existing organization IDs. Unauthenticated …

Jun 30, 2026
CVE-2026-56300
7.5 HIGH

Capgo before 12.128.2 contains unauthenticated security definer RPC functions get_user_id and get_org_perm_for_apikey that expose API key validity oracles and user UUID disclosure. Unauthenticated attackers using …

Jun 30, 2026
CVE-2026-56286
8.1 HIGH

Capgo before 12.128.2 contains an authentication bypass vulnerability in the account deletion endpoint that allows deletion without password re-authentication or secondary verification. Attackers can delete …

Jun 30, 2026
CVE-2026-56278
9.1 CRITICAL

Flowise before 3.1.0 (affected versions 3.0.13 and earlier) uses a weak hardcoded default secret ('flowise') for the express-session middleware when the EXPRESS_SESSION_SECRET environment variable is …

Jun 30, 2026
CVE-2026-56277
6.5 MEDIUM

Flowise before 3.1.2 sets Access-Control-Allow-Origin to a hardcoded wildcard (*) on its text-to-speech (TTS) generation endpoint (packages/server/src/controllers/text-to-speech/index.ts), independent of the server's configured CORS policy. This …

Jun 30, 2026
CVE-2026-56264
8.1 HIGH

Crawl4AI before 0.8.7 contains an arbitrary JavaScript execution vulnerability in the Docker API server's /execute_js endpoint, which accepts and executes arbitrary user-supplied JavaScript in the …

Jun 30, 2026
CVE-2026-56249
7.6 HIGH

Capgo before 12.128.2 contains an authorization bypass vulnerability in the channel creation endpoint that allows authenticated users to overwrite existing channels by reusing their names. …

Jun 30, 2026
CVE-2026-56247
8.8 HIGH

Capgo before 12.128.2 allows org admins to assign org-scoped RBAC roles at app scope without validating role scope compatibility, including to pending invitees. Attackers can …

Jun 30, 2026
CVE-2026-56233
8.3 HIGH

Capgo before 12.128.2 contains a path traversal vulnerability in the builder upload proxy that allows authenticated users with build permissions to bypass upload restrictions. Attackers …

Jun 30, 2026
CVE-2026-56230
8.8 HIGH

Capgo before 12.128.2 contains a broken object level authorization vulnerability in middlewareKey() that accepts the client-controlled x-limited-key-id header without validating ownership, allowing authenticated users to …

Jun 30, 2026
CVE-2026-56224
5.4 MEDIUM

Capgo console.capgo.app/login before 12.128.2 accepts access_token and refresh_token in URL query parameters, automatically authenticating users without confirmation. Attackers can craft malicious links to force victims …

Jun 30, 2026
CVE-2026-56219
7.5 HIGH

Capgo before 12.128.2 contains a NULL-auth bypass vulnerability in the public.get_org_user_access_rbac function that allows unauthenticated attackers to retrieve RBAC role bindings and member email addresses. …

Jun 30, 2026
CVE-2026-55721
9.3 CRITICAL

Storage Concentrator (SC & SCVM) is vulnerable to SQL injection through cookie values processed by the login.pl and debug.pl scripts. The cookie value is incorporated …

Jun 30, 2026
CVE-2026-55223

c3p0 is a JDBC Connection pooling library. In versions prior to 0.14.0, c3p0 in combination with other libraries, can compose to a "sink" for deserialization …

Jun 30, 2026
CVE-2026-54696
3.7 LOW

Ruby JSON is a JSON implementation for Ruby. Versions 2.9.0 through 2.19.8 are vulnerable to heap buffer overflow when the JSON generator is provided with …

Jun 30, 2026
CVE-2026-54673

electron-updater allows for automatic updates for Electron apps. Prior to 9.7.0, the HTTP redirect handler (HttpExecutor.prepareRedirectUrlOptions) only stripped a credential header whose key string matched …

Jun 30, 2026
CVE-2026-54672
7.8 HIGH

electron-updater allows for automatic updates for Electron apps. Prior to 26.15.0, AppImage targets built by app-builder-lib could use an empty path component when setting the …

Jun 30, 2026
CVE-2026-52198
7.5 HIGH

Buffer Overflow vulnerability in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service via the gohead/sub_425994 component

Jun 30, 2026
CVE-2026-52197
7.5 HIGH

An issue in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service via the gohead/sub_44af70 component

Jun 30, 2026
CVE-2026-52195
7.5 HIGH

Buffer Overflow vulnerability in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service via the gohead/sub_472f08 component

Jun 30, 2026
CVE-2026-52193
7.5 HIGH

Buffer Overflow vulnerability in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service via the gohead/sub_447CAC component

Jun 30, 2026
CVE-2026-50110
9.2 CRITICAL

Storage Concentrator (SC & SCVM) contains hardcoded credentials for numerous internal services embedded within a configuration file. While the credentials are stored in an encoded …

Jun 30, 2026
CVE-2026-50040
6.1 MEDIUM

Storage Concentrator (SC & SCVM) is vulnerable to reflected cross-site scripting due to unsanitized content being echoed back in 404 error pages. An attacker can …

Jun 30, 2026
CVE-2026-28322
5.6 MEDIUM

SolarWinds Database Performance Analyzer was found to be affected by a stored cross-site scripting vulnerability, which when exploited, can lead to unintended script execution.

Jun 30, 2026
CVE-2026-14156
6.5 MEDIUM

Insufficient policy enforcement in StorageAccessAPI in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to bypass same origin …

Jun 30, 2026
CVE-2026-14155
6.5 MEDIUM

Insufficient policy enforcement in StorageAccessAPI in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium …

Jun 30, 2026
CVE-2026-14154
4.8 MEDIUM

Inappropriate implementation in DevTools in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to perform UI …

Jun 30, 2026
CVE-2026-14153
5.3 MEDIUM

Inappropriate implementation in Glic in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to …

Jun 30, 2026
CVE-2026-14152
9.6 CRITICAL

Out of bounds read and write in ANGLE in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to …

Jun 30, 2026
CVE-2026-14151
8.3 HIGH

Inappropriate implementation in AI in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox …

Jun 30, 2026
CVE-2026-14150
5.4 MEDIUM

Insufficient validation of untrusted input in Speech in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform …

Jun 30, 2026
CVE-2026-14149
8.8 HIGH

Use after free in Audio in Google Chrome on Linux prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code via a crafted HTML …

Jun 30, 2026
CVE-2026-14148
6.5 MEDIUM

Type Confusion in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted …

Jun 30, 2026
CVE-2026-14147
6.1 MEDIUM

Inappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML …

Jun 30, 2026
CVE-2026-14146
6.5 MEDIUM

Inappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security …

Jun 30, 2026
CVE-2026-14145
6.1 MEDIUM

Inappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML …

Jun 30, 2026
CVE-2026-14144
4.2 MEDIUM

Incorrect security UI in Views in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures …

Jun 30, 2026
CVE-2026-14143
4.3 MEDIUM

Incorrect security UI in Passwords in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML …

Jun 30, 2026
CVE-2026-14142
5.4 MEDIUM

Inappropriate implementation in Extensions in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via …

Jun 30, 2026
CVE-2026-14141
4.3 MEDIUM

Incorrect security UI in Document Picture-in-Picture in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to perform domain spoofing via a crafted …

Jun 30, 2026
CVE-2026-14140
4.3 MEDIUM

Insufficient validation of untrusted input in Input in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a …

Jun 30, 2026
CVE-2026-14139
4.2 MEDIUM

Inappropriate implementation in TabStrip in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to …

Jun 30, 2026
CVE-2026-14138
4.2 MEDIUM

Inappropriate implementation in WebAppInstalls in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI …

Jun 30, 2026
CVE-2026-14137
4.2 MEDIUM

Insufficient validation of untrusted input in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker who convinced a user …

Jun 30, 2026
CVE-2026-14136
4.3 MEDIUM

Insufficient validation of untrusted input in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing …

Jun 30, 2026
CVE-2026-14135
5.4 MEDIUM

Insufficient validation of untrusted input in Network in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform …

Jun 30, 2026
CVE-2026-14134
4.3 MEDIUM

Inappropriate implementation in Autofill in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. …

Jun 30, 2026
CVE-2026-14133
4.2 MEDIUM

Race in History Embeddings in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security …

Jun 30, 2026
CVE-2026-14132
5.4 MEDIUM

Inappropriate implementation in WebXR in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security …

Jun 30, 2026
CVE-2026-14131
5.4 MEDIUM

Insufficient validation of untrusted input in WebAppInstalls in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform …

Jun 30, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.