CVE Database

109287+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-46383
5.5 MEDIUM

Microsoft APM is an open-source, community-driven dependency manager for AI agents. Prior to 0.13.0, Microsoft APM contains a Windows-specific archive extraction boundary failure in the …

May 15, 2026
CVE-2026-45539
7.4 HIGH

Microsoft APM is an open-source, community-driven dependency manager for AI agents. From 0.5.4 to 0.12.4, two primitive integrators in apm-cli enumerate package files with bare …

May 15, 2026
CVE-2026-45038
7.8 HIGH

Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.233, since Tabby does not escape control characters from file paths when dragging and …

May 15, 2026
CVE-2026-45037
7.1 HIGH

Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.232, Tabby's terminal linkifier passes any detected URI directly to the operating system's protocol …

May 15, 2026
CVE-2026-45036
7.0 HIGH

Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.233, Tabby before 1.0.233 automatically confirms ZMODEM protocol detection on all terminal session output …

May 15, 2026
CVE-2026-45035
8.8 HIGH

Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.233, Tabby registers itself as the handler for the tabby:// URL scheme on all …

May 15, 2026
CVE-2026-44774
9.9 CRITICAL

Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.46, 3.6.17, and 3.7.1, Traefik's Kubernetes Gateway API provider allows a tenant with HTTPRoute …

May 15, 2026
CVE-2026-44717
9.8 CRITICAL

MCP Calculate Server is a mathematical calculation service based on MCP protocol and SymPy library. Prior to 0.1.1, the use of eval() to evaluate mathematical …

May 15, 2026
CVE-2026-44714
7.5 HIGH

The bitcoinj library is a Java implementation of the Bitcoin protocol. Prior to 0.17.1, ScriptExecution.correctlySpends() contains two fast-path verification bugs for standard P2PKH and native …

May 15, 2026
CVE-2026-44699

LibJWT is a C JSON Web Token Library. From 3.0.0 to 3.3.2, libjwt accepts an RSA JWK that does not contain an alg parameter as …

May 15, 2026
CVE-2026-44641
7.1 HIGH

Microsoft APM is an open-source, community-driven dependency manager for AI agents. Prior to 0.8.12, Microsoft APM normalizes marketplace plugins by copying plugin components referenced in …

May 15, 2026
CVE-2026-44310
5.4 MEDIUM

Gitsign is a keyless Sigstore to signing tool for Git commits with your a GitHub / OIDC identity. From 0.4.0 to before 0.15.0, CertVerifier.Verify() in …

May 15, 2026
CVE-2026-44309
5.3 MEDIUM

Gitsign is a keyless Sigstore to signing tool for Git commits with your a GitHub / OIDC identity. Prior to 0.16.0, gitsign verify and gitsign …

May 15, 2026
CVE-2026-42458

Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of …

May 15, 2026
CVE-2026-42207
6.1 MEDIUM

Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of …

May 15, 2026
CVE-2026-42155

Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of …

May 15, 2026
CVE-2026-41258
9.1 CRITICAL

OpenMRS is an open source electronic medical record system platform. From 2.7.0 to before 2.7.9 and 2.8.6, the ConceptReferenceRangeUtility.evaluateCriteria() method in OpenMRS Core evaluates database-stored …

May 15, 2026
CVE-2026-41181
5.8 MEDIUM

Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.44, 3.6.15, and 3.7.0-rc.3, there is an information disclosure vulnerability in Traefik's errors (custom …

May 15, 2026
CVE-2026-23695
5.4 MEDIUM

Cockpit CMS through version 2.14.0, patched in commit 72a83fc, contains a stored cross-site scripting vulnerability in the Set field type's Display template option, where the …

May 15, 2026
CVE-2026-46508
7.8 HIGH

Turborepo is a high-performance build system for JavaScript and TypeScript codebases. Prior to 2.9.14000, the Turborepo LSP VS Code extension could execute shell commands derived …

May 15, 2026
CVE-2026-45803
3.5 LOW

`gh` is GitHub’s official command line tool. From 1.6.0 to before 2.92.0, a security vulnerability has been identified in GitHub CLI that could allow terminal …

May 15, 2026
CVE-2026-45773
6.5 MEDIUM

Turborepo is a high-performance build system for JavaScript and TypeScript codebases. Prior to 2.9.14, Turborepo's self-hosted login and SSO browser flows did not validate a …

May 15, 2026
CVE-2026-45772
9.8 CRITICAL

Turborepo is a high-performance build system for JavaScript and TypeScript codebases. From 1.1.0 to before 2.9.14, Turborepo can be vulnerable to arbitrary code execution when …

May 15, 2026
CVE-2026-35194
8.1 HIGH

Code injection in SQL code generation in Apache Flink 1.15.0 through 1.20.x and 2.0.0 through 2.x allows authenticated users with query submission privileges to execute …

May 15, 2026
CVE-2026-2031

An Improper Access Control vulnerability in several internal API endpoints for Google Cloud Application Integration prior to 2026-01-23 allows a remote, unauthenticated attacker to disclose …

May 15, 2026
CVE-2026-8669
6.5 MEDIUM

Imager versions through 1.030 for Perl allow a heap out of bounds (OOB) write on crafted multi-frame GIF files. Imager::File::GIF's i_readgif_multi_low allocates a single per-row …

May 15, 2026
CVE-2026-46483
3.6 LOW

Vim is an open source, command line text editor. Prior to 9.2.0479, a command injection vulnerability exists in tar#Vimuntar() in runtime/autoload/tar.vim when decompressing .tgz archives …

May 15, 2026
CVE-2026-45736
4.4 MEDIUM

ws is an open source WebSocket client and server for Node.js. Prior to 8.20.1, the websocket.close() implementation is vulnerable to uninitialized memory disclosure when a …

May 15, 2026
CVE-2026-39054
7.3 HIGH

Oinone Pamirs 7.0.0 contains a command injection vulnerability in CommandHelper.executeCommands. The method starts a shell process and writes attacker-controlled command strings directly to the process …

May 15, 2026
CVE-2026-39053
6.5 MEDIUM

Oinone Pamirs 7.0.0 contains an XML External Entity (XXE) issue in its XStream-based XML parsing logic. When attacker-controlled XML is passed to framework parsing entry …

May 15, 2026
CVE-2026-39052
6.5 MEDIUM

Oinone Pamirs 7.0.0 contains a code execution vulnerability via ScriptRunner. The method ScriptRunner.run(String expression, String type, Map<String, Object> context) evaluates attacker-controlled script expressions through the …

May 15, 2026
CVE-2026-38728
7.5 HIGH

An issue in Nodemailer smtp_server before v.3.18.3 allows a remote attacker to cause a denial of service via the SMTPStream._write, lib/smtp-stream.js components

May 15, 2026
CVE-2026-34253
8.2 HIGH

A buffer underflow vulnerability has been identified in the ogg123 utility from the vorbis-tools 1.4.3 package in function remotethread in remote.c. This vulnerability occurs in …

May 15, 2026
CVE-2025-67437
6.5 MEDIUM

Medical Management System a81df1ce700a9662cb136b27af47f4cbde64156b is vulnerable to Insecure Permissions, which allows arbitrary user password reset.

May 15, 2026
CVE-2025-14972

* Countermeasures for DPA within SYMCRYPTO engine on SixG301xxx devices are not sufficiently random and will eventually repeat. * KSU keys using SYMCRYPTO will be …

May 15, 2026
CVE-2026-46333
7.1 HIGH

In the Linux kernel, the following vulnerability has been resolved: ptrace: slightly saner 'get_dumpable()' logic The 'dumpability' of a task is fundamentally about the memory …

May 15, 2026
CVE-2026-7182

Diagram's export module is vulnerable to Path Traversal in src attribute due to lack of HTML sanitization. An unauthenticated user could craft the html payload …

May 15, 2026
CVE-2026-41553
10.0 CRITICAL

PDF Export Module used in DHTMLX's products Gantt and Scheduler is vulnerable to Remote Code Execution due to lack of "data" parameter sanitization. An unauthenticated …

May 15, 2026
CVE-2026-41552
7.5 HIGH

PDF Export Module used in DHTMLX's products Gantt and Scheduler is vulnerable to Path Traversal due to lack of HTML sanitization. An unauthenticated user could …

May 15, 2026
CVE-2026-8503
6.5 MEDIUM

Apache::Session::Generate::SHA256 versions before 1.3.19 for Perl create insecure session ids. Apache::Session::Generate::SHA256 generated session ids insecurely. The default session id generator returns a SHA-256 hash of …

May 15, 2026
CVE-2026-8454
5.3 MEDIUM

Imager::File::GIF versions through 1.002 for Perl allow a heap out of bounds (OOB) write on crafted multi-frame GIF files. Imager::File::GIF's i_readgif_multi_low allocates a single per-row …

May 15, 2026
CVE-2026-41971
5.5 MEDIUM

Permission control vulnerability in the security control module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

May 15, 2026
CVE-2026-41970
6.8 MEDIUM

Out-of-bounds write vulnerability in the distributed file system module. Impact: Successful exploitation of this vulnerability may affect availability.

May 15, 2026
CVE-2026-41969
6.2 MEDIUM

Permission control vulnerability in the projection module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

May 15, 2026
CVE-2026-41968
5.9 MEDIUM

Permission control vulnerability in the manufacturability design module. Impact: Successful exploitation of this vulnerability may affect availability.

May 15, 2026
CVE-2026-41967
5.9 MEDIUM

Permission control vulnerability in the manufacturability design module. Impact: Successful exploitation of this vulnerability may affect availability.

May 15, 2026
CVE-2026-41966
5.6 MEDIUM

Permission control vulnerability in the smart sensing service. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

May 15, 2026
CVE-2026-41965
5.6 MEDIUM

Use-After-Free (UAF) vulnerability in the web. Impact: Successful exploitation of this vulnerability may affect availability.

May 15, 2026
CVE-2026-41964
8.4 HIGH

Permission control vulnerability in the web. Impact: Successful exploitation of this vulnerability may affect availability.

May 15, 2026
CVE-2026-41963
2.8 LOW

Stack overflow vulnerability in the media platform. Impact: Successful exploitation of this vulnerability may affect availability.

May 15, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.