CVE Database

36304+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-14652
7.3 HIGH

A vulnerability was found in SourceCodester Simple and Nice Shopping Cart Script 1.0. This affects an unknown function of the file /admin/login.php of the component …

Jul 4, 2026
CVE-2026-14649
7.3 HIGH

A vulnerability was detected in code-projects Online Voting System 1.0. Impacted is the function test_input of the file /saveVote.php. Performing a manipulation of the argument …

Jul 4, 2026
CVE-2026-14648
7.3 HIGH

A security vulnerability has been detected in code-projects Online Voting System up to 0.x/1.0. This issue affects the function test_input of the file /authentication.php of …

Jul 4, 2026
CVE-2026-14642
7.3 HIGH

A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0. Affected by this issue is some unknown functionality of the file /edit_class2.php. The …

Jul 4, 2026
CVE-2026-14641
7.3 HIGH

A vulnerability was determined in SourceCodester Class and Exam Timetabling System 1.0. Affected by this vulnerability is an unknown functionality of the file /edit_course.php. Executing …

Jul 4, 2026
CVE-2026-14640
7.3 HIGH

A vulnerability was found in CodeAstro Apartment Visitor Management System 1.0. Affected is an unknown function of the file /index.php of the component Login. Performing …

Jul 4, 2026
CVE-2026-14637
8.2 HIGH

A security vulnerability has been detected in kirilkirkov Ecommerce-CodeIgniter-Bootstrap up to 13fd582aaf49aeab7438acc0fc3eb973a1f5e6a7. The affected element is the function getCartItems in the library application/libraries/ShoppingCart.php. The manipulation …

Jul 4, 2026
CVE-2026-12746
8.1 HIGH

Dancer2::Plugin::Auth::OAuth::Provider versions before 0.23 for Perl do not support the OAuth 2.0 state parameter. The authentication_url method builds the provider authorization redirect without issuing a …

Jul 4, 2026
CVE-2026-12740
8.1 HIGH

Plack::Middleware::OAuth versions through 0.10 for Perl do not support the OAuth 2.0 state parameter. RequestTokenV2 builds the provider authorization redirect without issuing a state value, …

Jul 4, 2026
CVE-2026-14635
7.3 HIGH

A security flaw has been discovered in kirilkirkov Ecommerce-CodeIgniter-Bootstrap up to 222ff31c06687b1c6d0e1ab63953f82c3674c52b. This issue affects some unknown processing of the file application/modules/vendor/controllers/AddProduct.php of the component …

Jul 4, 2026
CVE-2026-14535
8.8 HIGH

In Trail of Bits fickling versions up to and including 0.1.11, the UnsafeImportsML analysis pass unconditionally calls AnalysisContext.shorten_code(node) on every import node it inspects, regardless …

Jul 4, 2026
CVE-2026-14534
8.8 HIGH

Trail of Bits fickling versions up to and including 0.1.10 do not include the Python standard library modules _posixsubprocess, site, and atexit in the UNSAFE_IMPORTS …

Jul 4, 2026
CVE-2026-14622
7.3 HIGH

A vulnerability was found in jairiidriss restaurant-website-php-mysql up to 521428b5b612449df0cf4a5d15ee40cba67f3d35. This vulnerability affects unknown code of the file /admin/ajax_files of the component AJAX Endpoint. Performing …

Jul 4, 2026
CVE-2026-12252
7.8 HIGH

In nltk/nltk versions 3.9.3 and earlier, five Stanford interface classes (StanfordPOSTagger, StanfordNERTagger, StanfordParser, StanfordDependencyParser, and StanfordNeuralDependencyParser) are vulnerable to untrusted JAR code execution. These classes …

Jul 4, 2026
CVE-2025-71380
8.8 HIGH

The Execute Command node in n8n allows authenticated users to execute arbitrary commands on the host system where n8n runs. Attackers with user access or …

Jul 4, 2026
CVE-2025-71375
8.1 HIGH

picklescan before 0.0.34 fails to detect the _operator.methodcaller built-in function when scanning pickle files for malicious code. Attackers can craft malicious pickle payloads using _operator.methodcaller …

Jul 4, 2026
CVE-2025-71373
8.1 HIGH

picklescan before 0.0.33 fails to detect operator.methodcaller function calls in pickle files, allowing attackers to bypass security checks. Remote attackers can craft malicious pickle payloads …

Jul 4, 2026
CVE-2025-71372
8.1 HIGH

Picklescan before 0.0.33 fails to detect the numpy.f2py.crackfortran.getlincoef gadget in pickle __reduce__ methods, allowing arbitrary code execution. Attackers can craft malicious pickle files that execute …

Jul 4, 2026
CVE-2025-71369
8.1 HIGH

picklescan before 0.0.28 fails to detect malicious pickle files that use torch.utils.data.datapipes.utils.decoder.basichandlers in reduce methods, allowing attackers to bypass safety checks. Remote attackers can embed …

Jul 4, 2026
CVE-2025-71367
8.1 HIGH

picklescan before 0.0.34 fails to detect _operator.attrgetter function calls in pickle payloads, allowing attackers to bypass security checks. Remote attackers can craft malicious pickle files …

Jul 4, 2026
CVE-2025-71366
8.1 HIGH

picklescan before 0.0.28 fails to detect malicious torch.utils.bottleneck.__main__.run_cprofile function calls in pickle files, allowing attackers to bypass safety checks. Remote attackers can embed undetected code …

Jul 4, 2026
CVE-2025-71364
8.1 HIGH

picklescan before 0.0.30 fails to detect the asyncio.unix_events._UnixSubprocessTransport._start function in pickle reduce methods, allowing remote code execution. Attackers can craft malicious pickle files embedding this …

Jul 4, 2026
CVE-2025-71362
8.1 HIGH

picklescan before 0.0.33 fails to detect unsafe deserialization when numpy.f2py.crackfortran functions call eval on arbitrary strings. Attackers can embed malicious code in pickle files that …

Jul 4, 2026
CVE-2025-71360
8.1 HIGH

picklescan before 0.0.29 fails to detect malicious pickle files using idlelib.calltip.get_entity function in reduce methods. Attackers can embed undetected code in pickle files that executes …

Jul 4, 2026
CVE-2025-71359
8.1 HIGH

picklescan before 0.0.29 fails to detect malicious pickle payloads that utilize lib2to3.pgen2.grammar.Grammar.loads in the reduce method, allowing remote code execution. Attackers can craft pickle files …

Jul 4, 2026
CVE-2025-71356
8.1 HIGH

picklescan before 0.0.28 fails to detect malicious torch.fx.experimental.symbolic_shapes.ShapeEnv.evaluate_guards_expression function calls in pickle files. Attackers can embed undetected code in pickle files that executes remote code …

Jul 4, 2026
CVE-2025-71353
8.1 HIGH

picklescan before 0.0.28 fails to detect malicious pickle files that exploit torch._dynamo.guards.GuardBuilder.get function in reduce methods. Attackers can craft pickle files with embedded code that …

Jul 4, 2026
CVE-2025-71347
8.1 HIGH

picklescan before 0.0.33 fails to detect malicious pickle files using numpy.f2py.crackfortran.param_eval function in reduce methods, allowing attackers to bypass security checks. Remote attackers can embed …

Jul 4, 2026
CVE-2025-71345
8.1 HIGH

picklescan before 0.0.30 fails to detect malicious pickle files that invoke torch.utils.bottleneck.__main__.run_autograd_prof function. Attackers can embed undetected code in pickle files that executes during deserialization, …

Jul 4, 2026
CVE-2025-71343
8.1 HIGH

picklescan before 0.0.30 fails to detect malicious pickle files that exploit lib2to3.pgen2.pgen.ParserGenerator.make_label function in the reduce method. Attackers can craft malicious pickle files with embedded …

Jul 4, 2026
CVE-2025-71342
8.1 HIGH

picklescan before 0.0.30 fails to detect malicious pickle files using idlelib.run.Executive.runcode in reduce methods. Attackers can embed undetected code in pickle files that executes during …

Jul 4, 2026
CVE-2026-54424
8.4 HIGH

An Incorrect Use of Privileged APIs vulnerability in Unity Parsec on Windows hosts leads to a potential Elevation of Privilege. This issue affects Parsec through …

Jul 4, 2026
CVE-2026-58424
8.9 HIGH

Permanent Fork PR Workflow Approval Gate Bypass

Jul 3, 2026
CVE-2026-58423
7.7 HIGH

LFS authentication bypass via malformed SSH sub-verb allows unauthorized read access to private repositories

Jul 3, 2026
CVE-2026-58421
7.5 HIGH

Unauthenticated ReDoS via CODEOWNERS pattern matching allows denial of service

Jul 3, 2026
CVE-2026-58419
7.5 HIGH

Notification API leaks private issue metadata after access revocation

Jul 3, 2026
CVE-2026-58299
7.5 HIGH

Time-of-check time-of-use (toctou) race condition in Microsoft Edge for Android allows an unauthorized attacker to execute code over a network.

Jul 3, 2026
CVE-2026-58298
7.2 HIGH

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

Jul 3, 2026
CVE-2026-58297
7.1 HIGH

Exposure of private personal information to an unauthorized actor in Microsoft Edge for Android allows an unauthorized attacker to disclose information over a network.

Jul 3, 2026
CVE-2026-58296
7.1 HIGH

Exposure of private personal information to an unauthorized actor in Microsoft Edge for Android allows an unauthorized attacker to disclose information over a network.

Jul 3, 2026
CVE-2026-58295
8.3 HIGH

Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network.

Jul 3, 2026
CVE-2026-58294
7.5 HIGH

Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

Jul 3, 2026
CVE-2026-58293
8.1 HIGH

External control of file name or path in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

Jul 3, 2026
CVE-2026-58292
7.5 HIGH

Improper input validation in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

Jul 3, 2026
CVE-2026-58290
7.5 HIGH

Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

Jul 3, 2026
CVE-2026-58288
8.3 HIGH

Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

Jul 3, 2026
CVE-2026-58287
8.3 HIGH

Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

Jul 3, 2026
CVE-2026-58286
8.1 HIGH

Improper access control in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

Jul 3, 2026
CVE-2026-58285
8.3 HIGH

Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

Jul 3, 2026
CVE-2026-58284
8.3 HIGH

Improper authorization in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

Jul 3, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.