CVE Database

109287+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-8725
7.3 HIGH

A weakness has been identified in CoreWorxLab CAAL up to 1.6.0. The affected element is an unknown function of the file src/caal/webhooks.py of the component …

May 17, 2026
CVE-2026-8724
4.7 MEDIUM

A security flaw has been discovered in Dataease 2.10.20. Impacted is the function SqlparserUtils.transFilter of the file SqlparserUtils.java of the component Data Dashboard. The manipulation …

May 17, 2026
CVE-2026-8723
5.3 MEDIUM

### Summary `qs.stringify` throws `TypeError` when called with `arrayFormat: 'comma'` and `encodeValuesOnly: true` on an array containing `null` or `undefined`. The throw is synchronous and …

May 17, 2026
CVE-2026-6050

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

May 16, 2026
CVE-2026-46728
8.2 HIGH

Das U-Boot before 2026.04 allows FIT (Flat Image Tree) signature verification bypass because hashed-nodes is omitted from a hash.

May 16, 2026
CVE-2021-47981
5.4 MEDIUM

Quick.CMS 6.7 contains a cross-site scripting vulnerability in the sliders form that allows authenticated attackers to inject malicious scripts by submitting XSS payloads through the …

May 16, 2026
CVE-2021-47980
7.1 HIGH

Fuel CMS 1.4.13 contains a blind SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'col' parameter …

May 16, 2026
CVE-2021-47979
8.8 HIGH

WordPress Plugin Backup and Restore 1.0.3 contains an arbitrary file deletion vulnerability that allows authenticated attackers to delete files by manipulating parameters in AJAX requests. …

May 16, 2026
CVE-2021-47978
6.2 MEDIUM

ProcessMaker 3.5.4 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting improper path traversal validation. Attackers can send …

May 16, 2026
CVE-2021-47977
7.5 HIGH

WordPress Plugin Anti-Malware Security and Bruteforce Firewall 4.20.59 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the file …

May 16, 2026
CVE-2021-47976
8.8 HIGH

TextPattern CMS 4.9.0-dev contains a remote code execution vulnerability that allows authenticated attackers to upload arbitrary PHP files by exploiting the plugin upload functionality. Attackers …

May 16, 2026
CVE-2021-47975
7.2 HIGH

WP Learn Manager 1.1.2 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts through the fieldtitle parameter. Attackers can submit …

May 16, 2026
CVE-2021-47974
7.8 HIGH

VX Search 13.5.28 contains an unquoted service path vulnerability in both VX Search Server and VX Search Enterprise services that allows local attackers to escalate …

May 16, 2026
CVE-2021-47973
7.5 HIGH

Sticky Notes Widget 3.0.6 contains a denial of service vulnerability that allows attackers to crash the application by pasting excessively long character strings into note …

May 16, 2026
CVE-2021-47972
7.5 HIGH

Sticky Notes & Color Widgets 1.4.2 contains a denial of service vulnerability that allows attackers to crash the application by creating notes with excessively long …

May 16, 2026
CVE-2021-47971
7.5 HIGH

My Notes Safe 5.3 contains a denial of service vulnerability that allows attackers to crash the application by pasting excessively long character strings into note …

May 16, 2026
CVE-2021-47970
7.5 HIGH

Macaron Notes 5.5 contains a denial of service vulnerability that allows attackers to crash the application by creating notes with excessively long character strings. Attackers …

May 16, 2026
CVE-2021-47969
7.5 HIGH

Color Notes 1.4 contains a denial of service vulnerability that allows attackers to crash the application by pasting excessively long character strings into note fields. …

May 16, 2026
CVE-2021-47957
6.4 MEDIUM

Cookie Law Bar 1.2.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting unsanitized input to the Bar …

May 16, 2026
CVE-2021-47956
8.2 HIGH

EgavilanMedia PHPCRUD 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the firstname parameter. Attackers …

May 16, 2026
CVE-2021-47955
5.4 MEDIUM

CouchCMS 2.2.1 contains a cross-site scripting vulnerability that allows authenticated attackers to execute arbitrary JavaScript by uploading malicious SVG files through the file upload functionality. …

May 16, 2026
CVE-2021-47954
8.2 HIGH

LayerBB 1.1.4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the search_query parameter. Attackers can …

May 16, 2026
CVE-2021-47952
9.8 CRITICAL

python jsonpickle 2.0.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary Python commands by deserializing malicious JSON payloads containing py/repr objects. …

May 16, 2026
CVE-2021-47942
7.5 HIGH

Home Assistant Community Store (HACS) 1.10.0 contains a path traversal vulnerability that allows unauthenticated attackers to read sensitive files by traversing directories via the /hacsfiles/ …

May 16, 2026
CVE-2021-47934
5.3 MEDIUM

MyBB Timeline Plugin 1.0 contains cross-site scripting vulnerabilities that allow attackers to inject malicious scripts through thread titles, post content, and user profile fields like …

May 16, 2026
CVE-2020-37247
7.8 HIGH

Kite 4.2.0.1 U1 contains an unquoted service path vulnerability in the KiteService Windows service that allows local attackers to escalate privileges by exploiting the service …

May 16, 2026
CVE-2020-37246
6.2 MEDIUM

Supsystic Backup 2.3.9 contains a local file inclusion vulnerability that allows unauthenticated attackers to read and delete arbitrary files by manipulating the download path parameter. …

May 16, 2026
CVE-2020-37245
7.5 HIGH

Supsystic Digital Publications 1.6.9 contains a path traversal vulnerability in the Folder input field that allows attackers to access files outside the web root by …

May 16, 2026
CVE-2020-37244
8.2 HIGH

Supsystic Membership 1.4.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'search' and …

May 16, 2026
CVE-2020-37243
8.2 HIGH

Supsystic Pricing Table 1.8.7 contains an SQL injection vulnerability in the 'sidx' GET parameter that allows unauthenticated attackers to execute arbitrary SQL queries through the …

May 16, 2026
CVE-2020-37242
8.2 HIGH

Supsystic Ultimate Maps 1.1.12 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'sidx' …

May 16, 2026
CVE-2020-37241
5.3 MEDIUM

bloofoxCMS 0.5.2.1 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by tricking logged-in users into visiting malicious pages. Attackers can …

May 16, 2026
CVE-2020-37240
6.4 MEDIUM

Queue Management System 4.0.0 contains a stored cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts through user creation fields. Attackers can insert …

May 16, 2026
CVE-2020-37239
9.8 CRITICAL

libbabl 0.1.62 contains a broken double free detection vulnerability that allows attackers to bypass memory safety checks by exploiting signature overwriting in freed chunks. Attackers …

May 16, 2026
CVE-2020-37238
6.4 MEDIUM

CMS Made Simple 2.2.15 contains a stored cross-site scripting vulnerability that allows authenticated users with Content Manager access to inject malicious scripts through SVG file …

May 16, 2026
CVE-2020-37237
6.4 MEDIUM

Composr CMS 10.0.34 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts through the banner management interface. Attackers with admin …

May 16, 2026
CVE-2020-37236
6.4 MEDIUM

NewsLister contains an authenticated persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts through the title parameter in the news addition interface. …

May 16, 2026
CVE-2020-37235
6.4 MEDIUM

WordPress Theme Wibar 1.1.8 contains a stored cross-site scripting vulnerability in the Brand component that allows authenticated users to inject malicious scripts by manipulating the …

May 16, 2026
CVE-2020-37234
6.2 MEDIUM

Internet Download Manager 6.38.12 contains a buffer overflow vulnerability in the Scheduler component that allows local attackers to crash the application by supplying oversized input. …

May 16, 2026
CVE-2020-37233
6.4 MEDIUM

WordPress Plugin Buddypress 6.2.0 contains a persistent cross-site scripting vulnerability that allows authenticated attackers with moderator privileges to inject malicious script code through the figure …

May 16, 2026
CVE-2020-37232
7.8 HIGH

Advanced System Care Service 13.0.0.157 contains an unquoted service path vulnerability in the AdvancedSystemCareService13 service binary path that allows local attackers to escalate privileges. Attackers …

May 16, 2026
CVE-2020-37231
7.8 HIGH

Privacy Drive 3.17.0 contains an unquoted service path vulnerability in the pdsvc.exe service binary that allows local attackers to escalate privileges by exploiting the service …

May 16, 2026
CVE-2020-37230
7.8 HIGH

Syncplify.me Server! 5.0.37 contains an unquoted service path vulnerability in the SMWebRestServicev5 service that allows local attackers to escalate privileges by exploiting the unquoted binary …

May 16, 2026
CVE-2020-37229
7.8 HIGH

OKI sPSV Port Manager 1.0.41 contains an unquoted service path vulnerability in the sPSVOpLclSrv service that allows local attackers to escalate privileges by inserting executable …

May 16, 2026
CVE-2020-37228
9.8 CRITICAL

iDS6 DSSPro Digital Signage System 6.2 contains a CAPTCHA security bypass vulnerability that allows attackers to bypass authentication by requesting the autoLoginVerifyCode object. Attackers can …

May 16, 2026
CVE-2020-37227
8.8 HIGH

HS Brand Logo Slider 2.1 contains an unrestricted file upload vulnerability that allows authenticated users to bypass client-side file extension validation by uploading arbitrary files. …

May 16, 2026
CVE-2026-46719
6.5 MEDIUM

Net::Statsd::Lite versions before 0.9.0 for Perl allowed metric injections. The metric names were not checked for newlines, colons or pipes. Metrics generated from untrusted sources …

May 16, 2026
CVE-2025-4202
4.3 MEDIUM

The Multicollab: Content Team Collaboration and Editorial Workflow plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on …

May 16, 2026
CVE-2026-8657
8.2 HIGH

Versions of the package jsondiffpatch before 0.7.6 are vulnerable to Prototype Pollution via the jsondiffpatch.patch() and jsondiffpatch/formatters/jsonpatch.patch() APIs. An attacker can perform prototype pollution by …

May 16, 2026
CVE-2026-8656
6.1 MEDIUM

Versions of the package jsondiffpatch before 0.7.6 are vulnerable to Cross-site Scripting (XSS) via the annotated formatter due to improper sanitization of JSON values and …

May 16, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.