CVE Database

109356+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-7818
7.0 HIGH

Deserialization of untrusted data (CWE-502) in pgAdmin 4 FileBackedSessionManager. The session manager performed unsafe deserialization of session-file contents (using Python's standard object-serialization module) before performing …

May 11, 2026
CVE-2026-7817
6.5 MEDIUM

Local file inclusion (LFI) and server-side request forgery (SSRF) vulnerabilities in pgAdmin 4 LLM API configuration endpoints. User-supplied api_key_file and api_url preferences were passed to …

May 11, 2026
CVE-2026-7816
8.8 HIGH

OS command injection (CWE-78) vulnerability in pgAdmin 4 Import/Export query export. User-supplied input was interpolated directly into a psql \copy metacommand template without sanitization. An …

May 11, 2026
CVE-2026-7815
8.8 HIGH

SQL injection vulnerability in pgAdmin 4 Maintenance Tool. Four user-supplied JSON fields (buffer_usage_limit, vacuum_parallel, vacuum_index_cleanup, reindex_tablespace) were concatenated directly into the rendered VACUUM/ANALYZE/REINDEX command and …

May 11, 2026
CVE-2026-7814
4.8 MEDIUM

Stored cross-site scripting (XSS) vulnerability in pgAdmin 4 Browser Tree and Explain Visualizer modules. User-controlled PostgreSQL object names (database, schema, table, column, etc.) were assigned …

May 11, 2026
CVE-2026-7813
9.9 CRITICAL

Authorization vulnerability in pgAdmin 4 server mode affecting Server Groups, Servers, Shared Servers, Background Processes, and Debugger modules. Multiple endpoints fetched user-owned objects without filtering …

May 11, 2026
CVE-2026-6815
5.9 MEDIUM

An arbitrary file write vulnerability exists in Casdoor's Local File System storage provider. Due to insufficient path sanitization, an authenticated attacker with administrative privileges can …

May 11, 2026
CVE-2026-6093

Corteza contains a SQL injection vulnerability in its Microsoft SQL Server (MSSQL) backend when filtering Compose records by the meta field.This issue affects corteza: 2024.9.8.

May 11, 2026
CVE-2026-44643
10.0 CRITICAL

Angular Expressions provides expressions for the Angular.JS web framework as a standalone module. Prior to 1.5.2, an attacker can write a malicious expression using filters …

May 11, 2026
CVE-2026-44201
5.3 MEDIUM

Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, the Documents and Images API incorrectly listed items …

May 11, 2026
CVE-2026-44200
6.5 MEDIUM

Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user with limited access to pages …

May 11, 2026
CVE-2026-44199
6.5 MEDIUM

Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user with limited access to form …

May 11, 2026
CVE-2026-44198
4.3 MEDIUM

Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user without the ability to edit …

May 11, 2026
CVE-2026-44197
6.5 MEDIUM

Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user without the ability to edit …

May 11, 2026
CVE-2026-42841
4.8 MEDIUM

Grav is a file-based Web platform. Prior to 2.0.0-beta.2, an authenticated user with page editing permissions can inject an executable JavaScript event-handler attribute into rendered …

May 11, 2026
CVE-2026-42613
9.4 CRITICAL

Grav is a file-based Web platform. Prior to 2.0.0-beta.2, the Login::register() method in the Login plugin accepts attacker-controlled groups and access fields from the registration …

May 11, 2026
CVE-2026-42612
8.5 HIGH

Grav is a file-based Web platform. Prior to 2.0.0-beta.2, a stored Cross-Site Scripting (XSS) vulnerability in getgrav/grav allows publisher-level accounts to execute arbitrary JavaScript. The …

May 11, 2026
CVE-2026-42611
8.9 HIGH

Grav is a file-based Web platform. Prior to 2.0.0-beta.2, a low-privileged (with the ability to create a page) user can cause XSS with the injection …

May 11, 2026
CVE-2026-42610
6.5 MEDIUM

Grav is a file-based Web platform. Prior to 2.0.0-beta.2, a low-privileged user (EX: Content Editor with only pages.update permissions) can bypass the existing Twig sandbox …

May 11, 2026
CVE-2026-42609
8.1 HIGH

Grav is a file-based Web platform. Prior to 2.0.0-beta.2, a business logic vulnerability in the Grav Admin Panel allows a low-privileged user (with only user …

May 11, 2026
CVE-2026-42608
9.1 CRITICAL

Grav is a file-based Web platform. Prior to 2.0.0-beta.2, there is a Path Traversal vulnerability within the FormFlash core component. By manipulating the session_id (passed …

May 11, 2026
CVE-2026-42607
9.1 CRITICAL

Grav is a file-based Web platform. Prior to 2.0.0-beta.2, an authenticated user with administrative privileges can achieve Remote Code Execution (RCE) by uploading a specially …

May 11, 2026
CVE-2026-3320

Reflected Cross-Site Scripting (XSS) in the latest demo version of the Cradle eCommerce platform. User-controlled input is insecurely reflected in the HTML output in the …

May 11, 2026
CVE-2026-3319

Reflected Cross-Site Scripting (XSS) in the latest demo version of the Cradle eCommerce platform. User-controlled input is insecurely reflected in the HTML output in the …

May 11, 2026
CVE-2026-34092
7.5 HIGH

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Skin/Skin.Php. This issue affects MediaWiki: …

May 11, 2026
CVE-2026-34091
7.5 HIGH

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This issue affects MediaWiki: from * before 1.43.7, 1.44.4, 1.45.2.

May 11, 2026
CVE-2026-34090
7.5 HIGH

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation CheckUser. This issue affects CheckUser: from 1.45.0 before 1.45.2.

May 11, 2026
CVE-2026-34089

Vulnerability in Wikimedia Foundation Scribunto. This issue affects Scribunto: from 1.45.0 before 1.45.2.

May 11, 2026
CVE-2026-34088
7.5 HIGH

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This issue affects MediaWiki: from * before 1.43.7, 1.44.4, 1.45.2.

May 11, 2026
CVE-2026-34087
7.5 HIGH

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation OATHAuth. This issue affects OATHAuth: from * before 1.43.7, 1.44.4, 1.45.2.

May 11, 2026
CVE-2026-34086

Vulnerability in Wikimedia Foundation AbuseFilter. This issue affects AbuseFilter: from * before 1.43.7, 1.44.4, 1.45.2.

May 11, 2026
CVE-2026-31247
7.5 HIGH

Docling's JATS XML backend is vulnerable to XML Entity Expansion (XXE) attacks thru 2.61.0. The backend uses etree.parse() to parse XML files without disabling entity …

May 11, 2026
CVE-2026-31246
6.5 MEDIUM

GPT-Pilot thru commit 0819827ce20346ef5f25b3fe29293cb448840565 (2025-09-03) contains a command injection vulnerability (CWE-78) in the Executor.run() method. During project execution, when the system prompts the user to …

May 11, 2026
CVE-2025-65418
7.5 HIGH

docuFORM Managed Print Service Client 11.11c is vulnerable to a directory traversal allowing attackers to read arbitrary files via crafted url.

May 11, 2026
CVE-2025-65417
6.1 MEDIUM

docuFORM Managed Print Service Client 11.11c is vulnerable to a reflected cross site scripting attack via the login page of the application.

May 11, 2026
CVE-2025-65416
6.3 MEDIUM

docuFORM Managed Print Service Client 11.11c is vulnerable to arbitrary file upload via pmupdate.php.

May 11, 2026
CVE-2025-65415
5.4 MEDIUM

docuFORM Managed Print Service Client 11.11c is vulnerable to a session fixation attack via the login page of the application.

May 11, 2026
CVE-2025-63750

Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2026-21709. Reason: This record is a duplicate of CVE-2026-21709. Notes: All CVE users should reference CVE-2026-21709 …

May 11, 2026
CVE-2025-61314
7.3 HIGH

A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_orderopt.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript in …

May 11, 2026
CVE-2025-61313
7.3 HIGH

A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_markeralerts.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript in …

May 11, 2026
CVE-2025-61312
7.3 HIGH

A reflected cross-site scripted (XSS) vulnerability in the acc-menu_pricess.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript in …

May 11, 2026
CVE-2025-61311
7.3 HIGH

A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_alerts.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript in …

May 11, 2026
CVE-2025-61310
6.1 MEDIUM

A reflected cross-site scripted (XSS) vulnerability in the acc-menu_billings.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript in …

May 11, 2026
CVE-2025-61309
6.1 MEDIUM

A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_departments.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript in …

May 11, 2026
CVE-2025-61308
6.1 MEDIUM

A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_maintenance.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript in …

May 11, 2026
CVE-2025-61307
6.1 MEDIUM

A reflected cross-site scripted (XSS) vulnerability in the acc-menu_papers.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript in …

May 11, 2026
CVE-2025-61306
6.1 MEDIUM

A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_coveragealerts.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript in …

May 11, 2026
CVE-2025-61305
6.1 MEDIUM

A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_firmware.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript in …

May 11, 2026
CVE-2026-8290
4.3 MEDIUM

A security flaw has been discovered in Open5GS up to 2.7.7. This issue affects the function smf_nsmf_handle_update_data_in_vsmf of the file /src/smf/nsmf-handler.c of the component SMF. …

May 11, 2026
CVE-2026-8289
4.3 MEDIUM

A vulnerability was identified in Open5GS up to 2.7.7. This vulnerability affects the function smf_nsmf_handle_update_data_in_vsmf of the file /src/smf/nsmf-handler.c of the component SMF. The manipulation …

May 11, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.