CVE Database

9215+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-43083
9.1 CRITICAL

In the Linux kernel, the following vulnerability has been resolved: net: ioam6: fix OOB and missing lock When trace->type.bit6 is set: if (trace->type.bit6) { ... …

May 6, 2026
CVE-2026-40010
9.1 CRITICAL

Missing invocation of Servlet http web request method changeSessionId after session binding can be exploited for a session fixation attack in Apache Wicket. This issue …

May 6, 2026
CVE-2026-28780
9.8 CRITICAL

Heap-based Buffer Overflow vulnerability in mod_proxy_ajp of Apache HTTP Server. If mod_proxy_ajp connects to a malicious AJP server this AJP server can send a malicious …

May 5, 2026
CVE-2026-35579
9.8 CRITICAL

CoreDNS is a DNS server written in Go. In versions prior to 1.14.3, the gRPC, QUIC, DoH, and DoH3 transport implementations incorrectly handle TSIG authentication. …

May 5, 2026
CVE-2026-34084
9.8 CRITICAL

PhpSpreadsheet is a library for reading and writing spreadsheet files. In versions 1.30.2 and earlier, 2.0.0 through 2.1.14, 2.2.0 through 2.4.3, 3.3.0 through 3.10.3, and …

May 5, 2026
CVE-2026-7854
9.8 CRITICAL

A security vulnerability has been detected in D-Link DI-8100 16.07.26A1. Affected by this vulnerability is the function url_rule_asp of the file /url_rule.asp of the component …

May 5, 2026
CVE-2026-38428
9.8 CRITICAL

Kestra v1.3.3 and before is vulnerable to SQL Injection. The vulnerability occurs because user-controlled input from a GET parameter is directly concatenated into an SQL …

May 5, 2026
CVE-2026-27960
9.8 CRITICAL

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. In versions 6.6.0 through 6.9.12, there is a privilege escalation vulnerability …

May 5, 2026
CVE-2026-7853
9.8 CRITICAL

A weakness has been identified in D-Link DI-8100 16.07.26A1. Affected is the function sprintf of the file /auto_reboot.asp of the component HTTP Handler. This manipulation …

May 5, 2026
CVE-2026-38431
9.8 CRITICAL

ERPNext v15.103.1 and before is vulnerable to Server-Side Template Injection (SSTI). An attacker with permission to create or edit email templates can inject template expressions …

May 5, 2026
CVE-2026-38429
9.8 CRITICAL

OpenCMS v20 and before is vulnerable to XML External Entity (XXE) in the Admin Import DB feature due to insecure XML parsing of user supplied …

May 5, 2026
CVE-2026-7411
10.0 CRITICAL

In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, inadequate path normalization in the Submodel HTTP API allows an unauthenticated remote attacker to perform …

May 5, 2026
CVE-2026-43071
9.1 CRITICAL

In the Linux kernel, the following vulnerability has been resolved: dcache: Limit the minimal number of bucket to two There is an OOB read problem …

May 5, 2026
CVE-2026-43067
9.8 CRITICAL

In the Linux kernel, the following vulnerability has been resolved: ext4: handle wraparound when searching for blocks for indirect mapped blocks Commit 4865c768b563 ("ext4: always …

May 5, 2026
CVE-2026-7834
9.8 CRITICAL

A security vulnerability has been detected in EFM ipTIME NAS1dual 1.5.24. This issue affects the function get_csrf_whites of the file /cgi/advanced/misc_main.cgi. Such manipulation leads to …

May 5, 2026
CVE-2026-36356
9.1 CRITICAL

The GoAhead web server on MeiG Smart FORGE_SLT711 devices (firmware MDM9607.LE.1.0-00110-STD.PROD-1) allows unauthenticated OS command injection via the /action/SetRemoteAccessCfg endpoint.

May 5, 2026
CVE-2026-34408
9.1 CRITICAL

An issue was discovered in Gambio 4.9.2.0 (patched in 2024-02 v1.0.0 for GX4 v4.0.0.0 to v4.9.2.0). The password reset function can be bypassed to set …

May 5, 2026
CVE-2026-43566
9.1 CRITICAL

OpenClaw versions 2026.4.7 before 2026.4.14 contain a privilege escalation vulnerability where heartbeat owner downgrade logic skips webhook wake events carrying untrusted content. Attackers can exploit …

May 5, 2026
CVE-2026-43534
9.1 CRITICAL

OpenClaw before 2026.4.10 contains an input validation vulnerability that allows external hook metadata to be enqueued as trusted system events. Attackers can supply malicious hook …

May 5, 2026
CVE-2023-54344
9.8 CRITICAL

Eclipse Equinox OSGi 3.7.2 and earlier contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary commands by sending payloads to the …

May 5, 2026
CVE-2023-54342
9.8 CRITICAL

Eclipse Equinox OSGi versions 3.8 through 3.18 contain a remote code execution vulnerability in the console interface that allows unauthenticated attackers to execute arbitrary code …

May 5, 2026
CVE-2026-40797
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Saleswonder LLC WebinarIgnition allows Blind SQL Injection. This issue affects WebinarIgnition: …

May 5, 2026
CVE-2026-7823
9.8 CRITICAL

A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. Affected is the function setAppFilterCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument enable …

May 5, 2026
CVE-2026-5294
9.8 CRITICAL

The Geeky Bot plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.2.2. This is due to a nopriv AJAX …

May 5, 2026
CVE-2025-13618
9.8 CRITICAL

The Mentoring plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.2.8. This is due to the plugin not …

May 5, 2026
CVE-2026-5722
9.8 CRITICAL

The MoreConvert Pro plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.9.14. This is due to the guest …

May 5, 2026
CVE-2026-42238
9.8 CRITICAL

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.8, nginx-ui exposes a backup restore endpoint (POST /api/restore) that …

May 4, 2026
CVE-2026-42235
9.6 CRITICAL

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an unauthenticated attacker could register a malicious MCP OAuth client …

May 4, 2026
CVE-2026-42233
9.8 CRITICAL

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, a flaw in the Oracle Database node's select operation allowed …

May 4, 2026
CVE-2026-42796
9.8 CRITICAL

Arelle before 2.39.10 contains an unauthenticated remote code execution vulnerability in the /rest/configure REST endpoint that accepts a plugins query parameter and forwards it to …

May 4, 2026
CVE-2026-42088
9.6 CRITICAL

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to version 7.0.0-rc3, the Script …

May 4, 2026
CVE-2026-42087
9.6 CRITICAL

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. From version 6.7.0 to before version …

May 4, 2026
CVE-2026-41571
9.4 CRITICAL

Note Mark is an open-source note-taking application. In version 0.19.2, IsPasswordMatch in backend/db/models.go falls back to a hard-coded bcrypt("null") placeholder whenever a user has no …

May 4, 2026
CVE-2026-42812
9.9 CRITICAL

In Apache Iceberg, the table's metadata files are control files: they tell readers which data files belong to the table and which table version to …

May 4, 2026
CVE-2026-42811
9.9 CRITICAL

In plain terms, Apache Polaris is supposed to issue short-lived GCS credentials that only work for one table's files, but a crafted namespace or table …

May 4, 2026
CVE-2026-42810
9.9 CRITICAL

Apache Polaris accepts literal `*` characters in namespace and table names. When it later builds temporary S3 access policies for delegated table access, those same …

May 4, 2026
CVE-2026-42809
9.9 CRITICAL

Apache Polaris can issue broad temporary ("vended") storage credentials during staged table creation before the effective table location has been validated or durably reserved. Those …

May 4, 2026
CVE-2026-42376
9.8 CRITICAL

D-Link DIR-456U Hardware Revision A1 (End-of-Life, EOL) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /etc/init0.d/S80telnetd.sh with the username …

May 4, 2026
CVE-2026-42375
9.8 CRITICAL

D-Link DIR-600L Hardware Revision A1 (End-of-Life) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" …

May 4, 2026
CVE-2026-42374
9.8 CRITICAL

D-Link DIR-600L Hardware Revision B1 (End-of-Life) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" …

May 4, 2026
CVE-2026-42373
9.8 CRITICAL

D-Link DIR-605L Hardware Revision B2 (End-of-Life, EOL) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username …

May 4, 2026
CVE-2026-42090
9.6 CRITICAL

Notesnook is a note-taking app focused on user privacy & ease of use. Prior to Notesnook Web/Desktop version 3.3.15 and prior to Notesnook iOS/Android version …

May 4, 2026
CVE-2026-42076
9.8 CRITICAL

Evolver is a GEP-powered self-evolving engine for AI agents. Prior to version 1.69.3, a command injection vulnerability in the _extractLLM() function allows attackers to execute …

May 4, 2026
CVE-2026-42027
9.8 CRITICAL

Arbitrary Class Instantiation via Model Manifest in Apache OpenNLP ExtensionLoader Versions Affected: before 2.5.9, before 3.0.0-M3 Description: The ExtensionLoader.instantiateExtension(Class, String) method loads a class by …

May 4, 2026
CVE-2026-40682
9.1 CRITICAL

XML External Entity (XXE) via Unsanitized Dictionary Parsing in Apache OpenNLP DictionaryEntryPersistor Versions Affected: before 2.5.9, before 3.0.0-M3 Description: The DictionaryEntryPersistor class initializes a static …

May 4, 2026
CVE-2026-26956
9.8 CRITICAL

vm2 is an open source vm/sandbox for Node.js. In version 3.10.4, vm2 is vulnerable to full sandbox escape with arbitrary code execution. Attacker code inside …

May 4, 2026
CVE-2026-26332
9.8 CRITICAL

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.0, SuppressedError allows attackers to escape the sandbox and run arbitrary code. This issue …

May 4, 2026
CVE-2026-25293
9.6 CRITICAL

Buffer overflow due to incorrect authorization in PLC FW

May 4, 2026
CVE-2026-24781
9.8 CRITICAL

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.0, VM2 suffers from a sandbox breakout vulnerability through the inspect function. This allows …

May 4, 2026
CVE-2026-24120
9.8 CRITICAL

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.10.5, the fix for CVE-2023-37466 is insufficient and can be circumvented allowing attackers to …

May 4, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.