CVE Database

109356+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-28917
4.3 MEDIUM

The issue was addressed with improved input validation. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, …

May 11, 2026
CVE-2026-28915
7.8 HIGH

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma …

May 11, 2026
CVE-2026-28914
5.5 MEDIUM

A logic issue was addressed with improved file handling. This issue is fixed in macOS Tahoe 26.5. A maliciously crafted ZIP archive may bypass Gatekeeper …

May 11, 2026
CVE-2026-28913
7.5 HIGH

The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, …

May 11, 2026
CVE-2026-28910
3.3 LOW

This issue was addressed with improved permissions checking. This issue is fixed in macOS Tahoe 26.4. A malicious app may be able to access arbitrary …

May 11, 2026
CVE-2026-28908
7.5 HIGH

A denial of service issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe …

May 11, 2026
CVE-2026-28907
8.1 HIGH

The issue was addressed with improved input validation. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, …

May 11, 2026
CVE-2026-28906
7.5 HIGH

This issue was addressed through improved state management. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia …

May 11, 2026
CVE-2026-28905
7.5 HIGH

The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, …

May 11, 2026
CVE-2026-28904
7.5 HIGH

The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, …

May 11, 2026
CVE-2026-28903
6.5 MEDIUM

The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, …

May 11, 2026
CVE-2026-28902
6.5 MEDIUM

The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, …

May 11, 2026
CVE-2026-28901
4.3 MEDIUM

The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, …

May 11, 2026
CVE-2026-28897
6.2 MEDIUM

A buffer overflow was addressed with improved input validation. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS …

May 11, 2026
CVE-2026-28883
7.5 HIGH

A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS …

May 11, 2026
CVE-2026-28873
7.5 HIGH

This issue was addressed with additional entitlement checks. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.4 and iPadOS 26.4. An app …

May 11, 2026
CVE-2026-28872
7.5 HIGH

A resource exhaustion issue was addressed with improved input validation. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.4 and iPadOS 26.4. …

May 11, 2026
CVE-2026-28860
7.5 HIGH

The issue was addressed with improved input validation. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia …

May 11, 2026
CVE-2026-28848
7.5 HIGH

A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Sequoia 15.7.7, macOS Tahoe 26.5. A remote attacker may be …

May 11, 2026
CVE-2026-28847
6.5 MEDIUM

The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, …

May 11, 2026
CVE-2026-28846
7.5 HIGH

A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS …

May 11, 2026
CVE-2026-28840
7.8 HIGH

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.4. An app may …

May 11, 2026
CVE-2026-28830
4.7 MEDIUM

A race condition was addressed with additional validation. This issue is fixed in macOS Tahoe 26.4. An app may be able to access sensitive user …

May 11, 2026
CVE-2026-28819
5.4 MEDIUM

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, macOS Sequoia 15.7.7, macOS Sonoma …

May 11, 2026
CVE-2026-20696
5.5 MEDIUM

An authorization issue was addressed with improved state management. This issue is fixed in macOS Tahoe 26.4. An app may be able to access sensitive …

May 11, 2026
CVE-2026-8321
7.3 HIGH

A vulnerability was detected in inkeep agents 0.58.14. This vulnerability affects the function createDevContext of the file agents-api/src/middleware/runAuth.ts of the component runAuth Middleware. Performing a …

May 11, 2026
CVE-2026-8320
4.7 MEDIUM

A security vulnerability has been detected in jishenghua jshERP up to 3.6. This affects the function getUserByWeixinCode of the file jshERP-boot/src/main/java/com/jsh/erp/service/UserService.java of the component updatePlatformConfigByKey …

May 11, 2026
CVE-2026-8319
5.3 MEDIUM

A weakness has been identified in aiwaves-cn agents up to e8c4e3c2d19739d3dff59e577d1c97090cc15f59. Affected by this issue is the function recall_relevant_memories_to_working_memory of the file core/cat/looking_glass/stray_cat.py of the …

May 11, 2026
CVE-2026-6146
5.3 MEDIUM

Amazon::Credentials versions through 1.2.0 for Perl uses rand to generate encryption keys. Amazon::Credentials stores credentials in an obfuscated form to prevent access to the secrets …

May 11, 2026
CVE-2026-45026
6.8 MEDIUM

WeGIA is a web manager for charitable institutions. In versions prior to 3.7.3, a Stored Cross-Site Scripting (XSS) vulnerability allows an authenticated user to inject …

May 11, 2026
CVE-2026-45025
6.8 MEDIUM

WeGIA is a web manager for charitable institutions. In versions prior to 3.7.3, a Stored Cross-Site Scripting (XSS) vulnerability allows an authenticated user to inject …

May 11, 2026
CVE-2026-42887
4.5 MEDIUM

Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.33.0, a stored cross-site scripting (XSS) vulnerability exists in the Login Page due to improper …

May 11, 2026
CVE-2026-42886
4.9 MEDIUM

Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the POST /api/backups/upload endpoint decompresses the details entry from an uploaded .audiobookshelf ZIP file …

May 11, 2026
CVE-2026-42885
4.3 MEDIUM

Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the POST /api/filesystem/pathexists endpoint uses String.startsWith() to validate that a resolved file path is …

May 11, 2026
CVE-2026-42884
4.3 MEDIUM

Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the GET /api/collections and GET /api/collections/:id endpoints return collections from all libraries without checking …

May 11, 2026
CVE-2026-42883
6.5 MEDIUM

Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the GET /api/libraries/:id/download endpoint validates that the requesting user has access to the library …

May 11, 2026
CVE-2026-42882
9.4 CRITICAL

oxyno-zeta/s3-proxy is an aws s3 proxy written in go. Prior to 5.0.0, s3-proxy contains an authentication bypass caused by inconsistent URL path interpretation between the …

May 11, 2026
CVE-2026-42876
4.9 MEDIUM

External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. Prior to 2.4.1, a user who only has …

May 11, 2026
CVE-2026-42875

External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. Prior to 2.4.0, Namespaced SecretStore resources that used …

May 11, 2026
CVE-2026-42874
3.7 LOW

Microdot is a minimalistic Python web framework. Prior to 2.6.1, the Response.set_cookie() method does not sanitize its string arguments, and in particular will not detect …

May 11, 2026
CVE-2026-42873
0.0 NONE

WeGIA is a web manager for charitable institutions. In versions prior to 3.6.10, when attempting to upload a file with malicious content to funcionario/docdependente_upload.php, the …

May 11, 2026
CVE-2026-42872
6.1 MEDIUM

WeGIA is a web manager for charitable institutions. In versions prior to 3.7.0, a reflected Cross-Site Scripting (XSS) vulnerability exists in lista_arquivos_etapa.php due to improper …

May 11, 2026
CVE-2026-42870

WeGIA is a web manager for charitable institutions. In versions prior to 3.7.0, a Stored Cross-Site Scripting (XSS) flaw was identified at the following endpoint: …

May 11, 2026
CVE-2026-42869
10.0 CRITICAL

SOCFortress CoPilot focuses on providing a single pane of glass for all your security operations needs. Prior to 0.1.57, SOCFortress CoPilot ships a hardcoded JWT …

May 11, 2026
CVE-2026-42565
4.3 MEDIUM

@workos/authkit-session is a toolkit for building WorkOS AuthKit framework integrations. Prior to 0.5.1, an open redirect vulnerability exists in AuthService.handleCallback due to insufficient validation of …

May 11, 2026
CVE-2026-42050
5.5 MEDIUM

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-21 and 6.9.13-46, a malicious MIFF file could trigger an …

May 11, 2026
CVE-2026-36734
8.8 HIGH

EDIMAX BR-6428nS V3 1.15 is vulnerable to Command Injection. An authenticated attacker with access to the network can submit crafted input to the WLAN configuration …

May 11, 2026
CVE-2026-2614
7.5 HIGH

A vulnerability in the `_create_model_version()` handler of `mlflow/server/handlers.py` in mlflow/mlflow versions 3.9.0 and earlier allows an unauthenticated remote attacker to read arbitrary files from the …

May 11, 2026
CVE-2022-4988
7.3 HIGH

Alien::FreeImage versions through 1.001 for Perl contains several vulnerable libraries. Alien::FreeImage contains version 3.17.0 of the FreeImage library from 2017, which has known vulnerabilities such …

May 11, 2026
CVE-2026-8318
5.3 MEDIUM

A security flaw has been discovered in VectifyAI PageIndex up to f50e52975313c6716c02b20a119577a1929decba. Affected by this vulnerability is the function toc_transformer of the file pageindex/page_index.py of …

May 11, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.