CVE Database

109356+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-8211
4.7 MEDIUM

A vulnerability was detected in codelibs Fess up to 15.5.1. Affected by this issue is the function update of the file org/codelibs/fess/app/web/admin/design/AdminDesignAction.java of the component …

May 9, 2026
CVE-2026-45184
6.5 MEDIUM

Kdenlive before 26.04.1 allows dangerous proxy parameters when an attacker-controlled project file is used.

May 9, 2026
CVE-2026-45182
2.2 LOW

GrapheneOS before 2026050400 allows attackers to discover the real IP address of a VPN user as a consequence of a registerQuicConnectionClosePayload optimization, because an application …

May 9, 2026
CVE-2026-45181
6.5 MEDIUM

Hex-Rays IDA Pro 9.2 and 9.3 before 9.3sp2 does not block Clang dependency-file generation (via argument injection), which allows attackers to place their code into …

May 9, 2026
CVE-2026-8210
5.3 MEDIUM

A security vulnerability has been detected in aandrew-me tgpt up to 2.11.1 on Linux/macOS. Affected by this vulnerability is the function helper.Update of the file …

May 9, 2026
CVE-2026-8196
3.7 LOW

A flaw has been found in JeecgBoot 3.9.1. The impacted element is an unknown function of the file jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/LoginController.java of the component mLogin Endpoint. This …

May 9, 2026
CVE-2026-8195
4.3 MEDIUM

A vulnerability was detected in JeecgBoot up to 3.9.1. The affected element is an unknown function of the file jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/CommonController.java of the component SVG File …

May 9, 2026
CVE-2026-8194
4.3 MEDIUM

A security vulnerability has been detected in osTicket up to 1.18.3. Impacted is an unknown function of the file include/class.dispatcher.php of the component Dispatcher. The …

May 9, 2026
CVE-2026-42606
8.1 HIGH

AzuraCast is a self-hosted, all-in-one web radio management suite. Prior to version 0.23.6, the ApplyXForwarded middleware unconditionally trusts the client-supplied X-Forwarded-Host HTTP header with no …

May 9, 2026
CVE-2026-42605
8.8 HIGH

AzuraCast is a self-hosted, all-in-one web radio management suite. Prior to version 0.23.6, the currentDirectory request parameter in the Flow.js media upload endpoint (POST /api/station/{station_id}/files/upload) …

May 9, 2026
CVE-2026-42601
9.8 CRITICAL

ArchiveBox is an open source self-hosted web archiving system. In versions 0.8.6rc0 and prior, the /add/ endpoint (AddView in core/views.py) accepts a config JSON field …

May 9, 2026
CVE-2026-42576
6.5 MEDIUM

apko allows users to build and publish OCI container images built from apk packages. Prior to version 1.2.7, DiscoverKeys in pkg/apk/apk/implementation.go unconditionally type-asserts JWKS keys …

May 9, 2026
CVE-2026-42575
7.5 HIGH

apko allows users to build and publish OCI container images built from apk packages. Prior to version 1.2.7, apko verifies the signature on APKINDEX.tar.gz but …

May 9, 2026
CVE-2026-42574
7.5 HIGH

apko allows users to build and publish OCI container images built from apk packages. From version 0.14.8 to before version 1.2.5, a crafted .apk could …

May 9, 2026
CVE-2026-42571

Pelican is a platform for creating data federations. From versions 7.21.0 to before 7.21.5, 7.22.0 to before 7.22.3, 7.23.0 to before 7.23.3, and 7.24.0 to …

May 9, 2026
CVE-2026-42569
9.4 CRITICAL

phpVMS is a PHP application to run and simulate an airline. Prior to version 7.0.6, a critical vulnerability in phpVMS allowed unauthenticated access to a …

May 9, 2026
CVE-2026-42562
8.3 HIGH

Plainpad is a self hosted note taking app. Prior to version 1.1.1, Plainpad allows a low-privilege authenticated user to self-escalate to administrator by submitting admin=true …

May 9, 2026
CVE-2026-42333

Quarkus OpenAPI Generator is Quarkus' extensions for generation of Rest Clients and server stubs generation. Prior to versions 2.11.1-lts, 2.16.0-lts, and 2.17.0, the generated authentication …

May 9, 2026
CVE-2026-42258

Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, symbol arguments to commands are vulnerable to …

May 9, 2026
CVE-2026-42257

Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, several Net::IMAP commands accept a raw string …

May 9, 2026
CVE-2026-42256

Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. From versions 0.4.0 to before 0.4.24, 0.5.0 to before 0.5.14, and 0.6.0 to before …

May 9, 2026
CVE-2026-42246

Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.3.10, 0.4.24, 0.5.14, and 0.6.4, a man-in-the-middle attacker can cause Net::IMAP#starttls …

May 9, 2026
CVE-2026-42245

Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, Net::IMAP::ResponseReader has quadratic time complexity when reading …

May 9, 2026
CVE-2026-41893
7.5 HIGH

Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.25.0, the HTTP login endpoints (POST …

May 9, 2026
CVE-2026-8193
6.3 MEDIUM

A weakness has been identified in Akaunting 3.1.21. This issue affects some unknown processing of the file config/dompdf.php of the component Invoice PDF Rendering. Executing …

May 9, 2026
CVE-2026-8192
6.3 MEDIUM

A security flaw has been discovered in Wavlink NU516U1 M16U1_V240425. This vulnerability affects the function wzdap of the file /cgi-bin/adm.cgi. Performing a manipulation of the …

May 9, 2026
CVE-2026-8191
6.3 MEDIUM

A vulnerability was identified in Wavlink NU516U1 M16U1_V240425. This affects the function wifi_region of the file /cgi-bin/adm.cgi. Such manipulation of the argument skiplist1/skiplist2 leads to …

May 9, 2026
CVE-2026-8190
6.3 MEDIUM

A vulnerability was determined in Wavlink NU516U1 M16U1_V240425. Affected by this issue is the function wan of the file /cgi-bin/adm.cgi. This manipulation of the argument …

May 9, 2026
CVE-2026-8189
6.3 MEDIUM

A vulnerability was found in Wavlink NU516U1 M16U1_V240425. Affected by this vulnerability is the function wzdrepeater of the file /cgi-bin/adm.cgi. The manipulation of the argument …

May 9, 2026
CVE-2026-8188
6.3 MEDIUM

A vulnerability has been found in Wavlink NU516U1 M16U1_V240425. Affected is the function change_wifi_password of the file /cgi-bin/adm.cgi. The manipulation of the argument wl_channel/wl_Pass/EncrypType leads …

May 9, 2026
CVE-2026-8198
5.3 MEDIUM

The Activity Logs, User Activity Tracking, Multisite Activity Log from Logtivity plugin for WordPress is vulnerable to Authentication Bypass to Information Disclosure in versions up …

May 9, 2026
CVE-2026-8186
5.3 MEDIUM

A vulnerability was detected in Open5GS up to 2.7.7. This affects the function ogs_sbi_client_send_via_scp_or_sepp in the library lib/sbi/client.c of the component NF. Performing a manipulation …

May 9, 2026
CVE-2026-8187
5.3 MEDIUM

A flaw has been found in Open5GS up to 2.7.7. This impacts the function _gtpv1_u_recv_cb of the file src/upf/gtp-path.c of the component UPF. Executing a …

May 9, 2026
CVE-2026-8185
6.3 MEDIUM

A security vulnerability has been detected in UGREEN CM933 1.1.59.4319. The impacted element is an unknown function of the component Administrative Interface. Such manipulation leads …

May 9, 2026
CVE-2026-3828
7.2 HIGH

Some Hikvision switch products (discontinued since December 2023) are vulnerable to authenticated remote command execution due to insufficient input validation. Attackers with valid credentials can …

May 9, 2026
CVE-2026-32683
5.3 MEDIUM

Some EZVIZ products utilize older versions of cloud feature modules with legacy API interfaces, which pose a data transmission risk. Attackers can exploit this by …

May 9, 2026
CVE-2026-1749
6.8 MEDIUM

There is an Access Control Vulnerability in some HikCentral Professional versions. This could allow an unauthenticated user to obtain the admin permission.

May 9, 2026
CVE-2026-42560
9.1 CRITICAL

auth provides authentication via oauth2, direct and email. From versions 1.18.0 to before 1.25.2 and 2.0.0 to before 2.1.2, the Patreon OAuth provider maps every …

May 9, 2026
CVE-2026-42311
7.8 HIGH

Pillow is a Python imaging library. From version 10.3.0 to before version 12.2.0, processing a malicious PSD file could lead to memory corruption, potentially resulting …

May 9, 2026
CVE-2026-42310
5.5 MEDIUM

Pillow is a Python imaging library. From version 4.2.0 to before version 12.2.0, an attacker can supply a malicious PDF that causes the process to …

May 9, 2026
CVE-2026-42309
5.5 MEDIUM

Pillow is a Python imaging library. From version 11.2.1 to before version 12.2.0, passing nested lists as coordinates to APIs that accept coordinates such as …

May 9, 2026
CVE-2026-42308
5.5 MEDIUM

Pillow is a Python imaging library. Prior to version 12.2.0, if a font advances for each glyph by an exceeding large amount, when Pillow keeps …

May 9, 2026
CVE-2025-15634
4.3 MEDIUM

A missing authorization vulnerability in HCL BigFix WebUI allows an authenticated user without proper permissions to view sensitive environmental information via direct URL access to …

May 9, 2026
CVE-2025-15633
6.5 MEDIUM

An improper authorization vulnerability in HCL BigFix WebUI allows an authenticated user without Master Operator privileges to access internal data (site names, versions, and configuration …

May 9, 2026
CVE-2026-8209

Gibbon versions before v30.0.01 are affected by a path traversal vulnerability resulting in DOS by attempting extraction of web application PHP files, failed .zip extraction …

May 9, 2026
CVE-2026-8208

Gibbon versions before v30.0.01 are affected by a local file inclusion vulnerability resulting in RCE by changing the report archive directory and forcing interpretation of …

May 9, 2026
CVE-2026-42461
7.5 HIGH

Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to version 1.18.0, four GET endpoints under /api/templates* in Arcane's Huma backend …

May 9, 2026
CVE-2026-42301
7.8 HIGH

pyp2spec generates working Fedora RPM spec file for Python projects. Prior to version 0.14.1, pyp2spec was writing PyPI package metadata (e.g. the summary field) into …

May 9, 2026
CVE-2026-42297
8.3 HIGH

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From version 4.0.0 to before version 4.0.5, the Sync Service's …

May 9, 2026
CVE-2026-42296
8.1 HIGH

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to versions 3.7.14 and 4.0.5, a user with create …

May 9, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.