CVE Database

4399+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-40208
3.7 LOW

An attacker might be able to delay the processing of DoH3 queries by sending DoH3 GET queries with an invalid DATA frame.

Jun 25, 2026
CVE-2026-40011
3.7 LOW

An attacker sending a large number of crafted DNS queries might be able to trigger a dynamic block being inserted with a value causing invalid …

Jun 25, 2026
CVE-2026-3176
3.1 LOW

GitLab has remediated an issue in GitLab EE affecting all versions from 18.6 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain …

Jun 25, 2026
CVE-2026-0934
3.8 LOW

GitLab has remediated an issue in GitLab EE affecting all versions from 17.9 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain …

Jun 25, 2026
CVE-2026-8662
3.3 LOW

Path Traversal vulnerability in the create_archive function of Rapid7 InsightConnect Compression Plugin on Linux allows authenticated attackers to write to unintended file paths via crafted …

Jun 25, 2026
CVE-2026-49979
2.7 LOW

Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 1.99, the POST /api/v1/admin/send-test-email endpoint accepts attacker-controlled smtpHost and smtpPort values …

Jun 24, 2026
CVE-2026-39894
2.9 LOW

Cacti is an open source performance and fault management framework. In versions 1.2.30 and below, the locale-dependent decimal formatting in rrdtool_function_update() can corrupt RRDtool metric …

Jun 24, 2026
CVE-2026-52796
3.5 LOW

Gogs is an open source self-hosted Git service. Prior to 0.14.3, specially crafted issue index pattern can cause a panic when rendering, resulting in denial …

Jun 24, 2026
CVE-2026-57288
3.7 LOW

Jenkins Active Directory Plugin 2.41.1 and earlier does not escape the user name before building the LDAP search filter in the Windows native (ADSI) authentication …

Jun 24, 2026
CVE-2026-56370
3.3 LOW

ImageMagick before 7.1.2-19 contains an out-of-bounds access vulnerability in ConnectedComponentsImage() when processing connected-components artifacts with invalid indices. Attackers can trigger access violations by specifying malformed …

Jun 24, 2026
CVE-2026-56368
3.7 LOW

ImageMagick before 7.1.2-15 contains a memory leak vulnerability in multiple coders that write raw pixel data where allocated objects are not properly freed. Attackers can …

Jun 24, 2026
CVE-2026-10753
2.7 LOW

The Site Kit by Google WordPress plugin before 1.176.0 does not properly restrict a REST API write endpoint to administrators, allowing lower-privileged users who have …

Jun 24, 2026
CVE-2026-50268
1.9 LOW

Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. In Steeltoe.Configuration.Encryption 4.0.0 through 4.1.0, configuring `encrypt:rsa:algorithm=OAEP` …

Jun 17, 2026
CVE-2026-12567
2.2 LOW

The github_workflows module constructs local directory paths from user-controlled repository names without validating for symlinks. A local attacker sharing the scan directory can plant a …

Jun 17, 2026
CVE-2026-12566
3.1 LOW

The docker_pull module uses the realm parameter from a Docker registry's WWW-Authenticate response header as the authentication endpoint without validation. An attacker in a man-in-the-middle …

Jun 17, 2026
CVE-2026-6733
3.7 LOW

Impact: Undici's HTTP/1.1 client is vulnerable to response queue poisoning on reused keep-alive sockets. An attacker-controlled upstream server can inject an unsolicited HTTP/1.1 response onto …

Jun 17, 2026
CVE-2026-39199
2.9 LOW

snes9x 1.63 allows an out-of-bounds write and denial of service via a crafted .ups file.

Jun 17, 2026
CVE-2026-11525
3.7 LOW

Impact: When undici parses a Set-Cookie header, it accepts any SameSite attribute value that contains Strict, Lax, or None as a substring, rather than the …

Jun 17, 2026
CVE-2026-35068
3.5 LOW

Dell PowerFlex Manager, version(s) [Versions], contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with …

Jun 17, 2026
CVE-2026-12458
3.1 LOW

Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who convinced a user to engage in specific UI gestures to …

Jun 17, 2026
CVE-2026-0057
3.3 LOW

In Contacts Provider, there is a possible way to access an incoming call's phone number and associated metadata due to a missing permission check. This …

Jun 17, 2026
CVE-2025-62340
3.1 LOW

HCL iControl was affected by Inadequate Session Timeout vulnerability. The vulnerability involves a security risk where a web application fails to automatically terminate user sessions …

Jun 17, 2026
CVE-2026-46977
3.2 LOW

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: VMSVGA device). The supported version that is affected is 7.2.8. Easily exploitable vulnerability allows …

Jun 17, 2026
CVE-2026-46874
3.2 LOW

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.2.8. Easily exploitable vulnerability allows high …

Jun 17, 2026
CVE-2026-46816
3.2 LOW

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: VMSVGA device). The supported version that is affected is 7.2.8. Easily exploitable vulnerability allows …

Jun 17, 2026
CVE-2026-46815
3.2 LOW

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: VMSVGA device). The supported version that is affected is 7.2.8. Easily exploitable vulnerability allows …

Jun 17, 2026
CVE-2026-0158
3.3 LOW

In Camera, there is a possible unauthorized way to access photos due to a missing permission check. This could lead to local information disclosure with …

Jun 16, 2026
CVE-2026-0145
3.3 LOW

In keymint, there is a possible Permission Bypass due to a logic error in the code. This could lead to local information disclosure with no …

Jun 16, 2026
CVE-2026-0142
3.3 LOW

In iavb_parse_key_data of avb_rsa.c, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with …

Jun 16, 2026
CVE-2026-0134
3.3 LOW

In PostWipeData of recovery_ui.cpp, there is a possible data persistence issue after a factory reset due to a logic error in the code. This could …

Jun 16, 2026
CVE-2026-0130
3.5 LOW

In RtcpChunk::decodeRtcpChunk, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no …

Jun 16, 2026
CVE-2026-0129
3.5 LOW

In RtcpByePacket::decodeByePacket, there is a possible due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. …

Jun 16, 2026
CVE-2026-10636
3.7 LOW

In Zephyr's IPv4 IGMP implementation, igmp_send() in subsys/net/ip/igmp.c read the network interface back out of the packet via net_pkt_iface(pkt) after the packet had been handed …

Jun 16, 2026
CVE-2026-48709
3.7 LOW

OliveTin gives access to predefined shell commands from a web interface. In versions 3000.0.0 and prior, The ValidateArgumentType RPC endpoint in service/internal/api/api.go does not perform …

Jun 15, 2026
CVE-2026-12211
2.7 LOW

A flaw has been found in Intelbras iNVU 7016 FT 3.004.00IB000.0.T Build 2025-09-26. This impacts an unknown function of the file /RPC2_Loadfile/syslog/ of the component …

Jun 15, 2026
CVE-2026-12202
2.4 LOW

A vulnerability has been found in Intelliants Subrion CMS up to 4.0.3. Affected by this issue is some unknown functionality of the component Blocks Endpoint. …

Jun 15, 2026
CVE-2026-9062
3.4 LOW

The Store Locator WordPress plugin before 1.6.9 does not validate a parameter before using it in a file path, allowing high-privileged users such as administrators …

Jun 13, 2026
CVE-2026-9061
3.5 LOW

The Store Locator WordPress plugin before 1.6.9 does not sanitize and escape store logo metadata before storing it and outputting it on the Store Locator …

Jun 13, 2026
CVE-2026-53837
3.7 LOW

OpenClaw before 2026.5.6 contains an improper access control vulnerability in Mattermost event handlers that fails to validate channel type metadata. Attackers can bypass intended DM …

Jun 12, 2026
CVE-2026-53607
3.7 LOW

ApostropheCMS is an open-source Node.js content management system. In versions up to and including 4.30.0, when `prettyUrls: true` is enabled on `@apostrophecms/file` (a documented SEO …

Jun 12, 2026
CVE-2026-12130
3.5 LOW

A security flaw has been discovered in CodeAstro Human Resource Management System 1.0. This affects an unknown part of the file /Projects/Add_Projects of the component …

Jun 12, 2026
CVE-2026-12129
3.5 LOW

A vulnerability was identified in CodeAstro Human Resource Management System 1.0. Affected by this issue is some unknown functionality of the file /dashboard/add_tod of the …

Jun 12, 2026
CVE-2026-12065
1.8 LOW

A vulnerability was identified in Groww Stock, Mutual Fund, Gold App up to 20260805 on Android. This affects an unknown part of the component WebView …

Jun 12, 2026
CVE-2026-9269
3.5 LOW

The Secure Copy Content Protection and Content Locking WordPress plugin before 5.1.5 does not sanitise and escape some of its settings, which could allow high …

Jun 12, 2026
CVE-2026-12032
3.1 LOW

Inappropriate implementation in Passwords in Google Chrome on Android prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to bypass site …

Jun 11, 2026
CVE-2026-12017
3.1 LOW

Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to bypass site isolation via …

Jun 11, 2026
CVE-2026-53809
3.8 LOW

OpenClaw before 2026.4.25 contains a policy bypass vulnerability in embedded runner policy that allows requests using provider aliases to compare against aliases instead of canonical …

Jun 11, 2026
CVE-2026-44489
3.7 LOW

Axios is a promise based HTTP client for the browser and Node.js. From 1.15.2 to before 1.16.0, nested objects created by utils.merge() (e.g., config.proxy) are …

Jun 11, 2026
CVE-2026-11956
3.7 LOW

A vulnerability was determined in TwiN gatus 5.36.0. Impacted is the function setSessionCookie of the file security/oidc.go of the component OIDC Session Cookie Handler. Executing …

Jun 11, 2026
CVE-2026-9694
2.6 LOW

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.9 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain …

Jun 11, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.