CVE Database

109287+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-34649
7.5 HIGH

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. …

May 12, 2026
CVE-2026-34648
7.5 HIGH

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. …

May 12, 2026
CVE-2026-34647
7.4 HIGH

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could result in a …

May 12, 2026
CVE-2026-34646
7.5 HIGH

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature …

May 12, 2026
CVE-2026-34645
7.5 HIGH

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature …

May 12, 2026
CVE-2026-23827
7.5 HIGH

A heap-based buffer overflow vulnerability exists in a Network management service of AOS-8 and AOS-10 that could allow an unauthenticated remote attacker to achieve remote …

May 12, 2026
CVE-2026-23826
7.5 HIGH

A vulnerability in a network management service of AOS-8 Operating System could allow an unauthenticated remote attacker to exploit this vulnerability by sending specially crafted …

May 12, 2026
CVE-2026-23825
7.5 HIGH

Vulnerabilities exist in a protocol-handling component of AOS-8 and AOS-10 Operating Systems. An unauthenticated attacker could exploit these vulnerabilities by sending specially crafted network messages …

May 12, 2026
CVE-2026-23824
7.5 HIGH

Vulnerabilities exist in a protocol-handling component of AOS-8 and AOS-10 Operating Systems. An unauthenticated attacker could exploit these vulnerabilities by sending specially crafted network messages …

May 12, 2026
CVE-2026-8431
7.2 HIGH

An administrative user with access to configure webhooks can execute arbitrary commands by configuring and then triggering webhooks containing specific FreeMarker template syntax. This issue …

May 12, 2026
CVE-2026-8430
8.1 HIGH

SPIP versions prior to 4.4.14 contain a remote code execution vulnerability in the public space that is limited to certain nginx configurations, allowing attackers to …

May 12, 2026
CVE-2026-8429
8.8 HIGH

SPIP versions prior to 4.4.14 contain a remote code execution vulnerability in the private space that allows attackers to execute arbitrary code in the context …

May 12, 2026
CVE-2026-34684
7.8 HIGH

Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of …

May 12, 2026
CVE-2026-34683
7.8 HIGH

Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of …

May 12, 2026
CVE-2026-34682
7.8 HIGH

Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of …

May 12, 2026
CVE-2026-34681
7.8 HIGH

Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of …

May 12, 2026
CVE-2026-34664
6.3 MEDIUM

Substance3D - Designer versions 15.1.0 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could …

May 12, 2026
CVE-2026-34660
9.3 CRITICAL

Adobe Connect versions 2025.9.15, 2025.8.157 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of …

May 12, 2026
CVE-2026-34659
9.6 CRITICAL

Adobe Connect versions 2025.9.15, 2025.8.157 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the …

May 12, 2026
CVE-2026-23823
7.2 HIGH

A vulnerability in the command line interface of Access Points running AOS-10 could allow an authenticated remote attacker to perform command injection. Successful exploitation could …

May 12, 2026
CVE-2026-23822
5.3 MEDIUM

A vulnerability in the XML handling component of AOS-8 DHCP services could allow an unauthenticated remote attacker to trigger a denial-of-service condition. Successful exploitation could …

May 12, 2026
CVE-2026-23821
7.2 HIGH

A vulnerability in the configuration processing logic of Access Points running AOS-10 could allow an authenticated remote attacker to execute system commands under certain pre-existing …

May 12, 2026
CVE-2026-23820
7.2 HIGH

A vulnerability in the command line interface of Access Points running AOS-10 and AOS-8 Instant could allow an authenticated remote attacker to execute system commands …

May 12, 2026
CVE-2026-23819
8.8 HIGH

A vulnerability in the web-based management interface of Access Points running AOS-10 and AOS-8 Instant could allow an unauthenticated remote attacker to execute arbitrary JavaScript …

May 12, 2026
CVE-2026-5146
4.3 MEDIUM

Improper access control in the notification management endpoints in Devolutions Server allows an unauthenticated attacker to modify or delete arbitrary user notification records via missing …

May 12, 2026
CVE-2026-44343

WGDashboard is a dashboard for WireGuard VPN. Prior to 4.3.2, there are critical vulnerabilities affecting WGDashboard that, if exploited, could allow unauthorized parties to access …

May 12, 2026
CVE-2026-44279
5.5 MEDIUM

A improper export of android application components vulnerability in Fortinet FortiTokenAndroid 6.2 all versions, FortiTokenAndroid 6.1 all versions, FortiTokenAndroid 5.2 all versions may allow attacker …

May 12, 2026
CVE-2026-44278
2.3 LOW

A use of hard-coded cryptographic key vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.2, FortiClientWindows 7.2 all versions may allow attacker to information disclosure via <insert …

May 12, 2026
CVE-2026-44277
9.8 CRITICAL

A improper access control vulnerability in Fortinet FortiAuthenticator 8.0.2, FortiAuthenticator 8.0.0, FortiAuthenticator 6.6.0 through 6.6.8, FortiAuthenticator 6.5.0 through 6.5.6 may allow attacker to execute unauthorized …

May 12, 2026
CVE-2026-44204
6.5 MEDIUM

Shelf is a platform for tracking physical assets. From 1.12 to before 1.20.1, a SQL injection vulnerability in the sortBy query parameter on the /assets …

May 12, 2026
CVE-2026-44196
9.1 CRITICAL

Pingvin Share X is a secure and easy self-hosted file sharing platform. From 1.14.1 to 1.16.2, a critical authentication bypass vulnerability allows an attacker who …

May 12, 2026
CVE-2026-44184
8.0 HIGH

Cleanuparr is a tool for automating the cleanup of unwanted or blocked files in Sonarr, Radarr, and supported download clients like qBittorrent. Prior to 2.9.10, …

May 12, 2026
CVE-2026-44183
9.8 CRITICAL

Cleanuparr is a tool for automating the cleanup of unwanted or blocked files in Sonarr, Radarr, and supported download clients like qBittorrent. Prior to 2.9.10, …

May 12, 2026
CVE-2026-44167
7.5 HIGH

phpseclib is a PHP secure communications library. Prior to 1.0.29, 2.0.54, and 3.0.52, anyone loading untrusted ASN1 files (eg. X509 certificates, RSA PKCS8 private or …

May 12, 2026
CVE-2026-44166

Pocketbase is an open source web backend written in go. Prior to 0.22.42 and 0.37.4, in some situations, if an attacker knows the email address …

May 12, 2026
CVE-2026-43929
8.2 HIGH

ssrfcheck is a library that checks if a string contains a potential SSRF attack. In 1.3.0 and earlier, ssrfcheck fails to block Server-Side Request Forgery …

May 12, 2026
CVE-2026-43892
8.8 HIGH

AntSword is a cross-platform website management toolkit. Prior to 2.1.16, incomplete noxss() sanitization leads to 1-click RCE via jquery.terminal format code injection. This vulnerability is …

May 12, 2026
CVE-2026-43891
7.5 HIGH

changedetection.io is a free open source web page change detection tool. Prior to 0.55.1, the vulnerability is caused by trusting attacker-controlled snapshot paths restored from …

May 12, 2026
CVE-2026-42899
7.5 HIGH

Loop with unreachable exit condition ('infinite loop') in ASP.NET Core allows an unauthorized attacker to deny service over a network.

May 12, 2026
CVE-2026-42898
9.9 CRITICAL

Improper control of generation of code ('code injection') in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network.

May 12, 2026
CVE-2026-42896
7.8 HIGH

Integer overflow or wraparound in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

May 12, 2026
CVE-2026-42893
7.4 HIGH

Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to perform tampering over a network.

May 12, 2026
CVE-2026-42891
6.5 MEDIUM

User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

May 12, 2026
CVE-2026-42838
5.4 MEDIUM

Improper neutralization of special elements in output used by a downstream component ('injection') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to elevate privileges over …

May 12, 2026
CVE-2026-42833
9.1 CRITICAL

Execution with unnecessary privileges in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network.

May 12, 2026
CVE-2026-42832
7.7 HIGH

Improper access control in Microsoft Office allows an unauthorized attacker to perform spoofing locally.

May 12, 2026
CVE-2026-42831
7.8 HIGH

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

May 12, 2026
CVE-2026-42830
6.5 MEDIUM

Untrusted search path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.

May 12, 2026
CVE-2026-42825
7.0 HIGH

Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.

May 12, 2026
CVE-2026-42823
9.9 CRITICAL

Improper access control in Azure Logic Apps allows an authorized attacker to elevate privileges over a network.

May 12, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.