CVE Database

109356+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-41648
5.0 MEDIUM

Incus is a system container and virtual machine manager. Prior to version 7.0.0, user provided image and backup tarballs would be unpacked and YAML files …

May 7, 2026
CVE-2026-41647
6.5 MEDIUM

Incus is a system container and virtual machine manager. Prior to version 7.0.0, a missing error handling could lead an authenticated Incus user to cause …

May 7, 2026
CVE-2026-41589
9.6 CRITICAL

Wish is an SSH server with defaults and a collection of middlewares. From version 2.0.0 to before version 2.0.1, the SCP middleware in charm.land/wish/v2 is …

May 7, 2026
CVE-2026-41554
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bricks Builder allows Reflected XSS. This issue affects Bricks Builder: from n/a through …

May 7, 2026
CVE-2026-41490
8.3 HIGH

Dagster is an orchestration platform for the development, production, and observation of data assets. Prior to Dagster Core version 1.13.1 and prior to Dagster libraries …

May 7, 2026
CVE-2026-30496
9.8 CRITICAL

The Optoma CinemaX P2 projector (firmware TVOS-04.24.010.04.01, Android 8.0.0) exposes an HTTP API on TCP port 2345 that allows full unauthenticated remote control of the …

May 7, 2026
CVE-2026-30495
8.8 HIGH

The Optoma CinemaX P2 projector (firmware TVOS-04.24.010.04.01, Android 8.0.0) exposes Android Debug Bridge (ADB) on TCP port 5555 over the network without requiring authentication. The …

May 7, 2026
CVE-2025-14341
8.3 HIGH

Improperly controlled modification of Dynamically-Determined object attributes, Allocation of resources without limits or throttling vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Excessive Allocation, Flooding. …

May 7, 2026
CVE-2026-8094
9.8 CRITICAL

Other issue in the WebRTC component. This vulnerability was fixed in Firefox ESR 140.10.2 and Thunderbird 140.10.2.

May 7, 2026
CVE-2026-8093
8.1 HIGH

Memory safety bugs present in Thunderbird 150.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of …

May 7, 2026
CVE-2026-8092
8.1 HIGH

Memory safety bugs present in Thunderbird ESR 140.10.1 and Thunderbird 150.0.1. Some of these bugs showed evidence of memory corruption and we presume that with …

May 7, 2026
CVE-2026-8091
9.8 CRITICAL

Incorrect boundary conditions in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150, Thunderbird 150, Firefox ESR 140.10.1, Thunderbird 140.10.1, and Firefox ESR …

May 7, 2026
CVE-2026-8090
7.3 HIGH

Use-after-free in the DOM: Networking component. This vulnerability was fixed in Firefox 150.0.2, Firefox ESR 140.10.2, Firefox ESR 115.35.2, Thunderbird 150.0.2, and Thunderbird 140.10.2.

May 7, 2026
CVE-2026-6002
8.8 HIGH

Improper neutralization of Script-Related HTML tags in a web page (basic XSS) vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Cross-Site Scripting (XSS). This issue …

May 7, 2026
CVE-2026-5791
6.5 MEDIUM

Cross-Site request forgery (CSRF) vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Cross Site Request Forgery. This issue affects DivvyDrive: from 4.8.2.9 before 4.8.3.2.

May 7, 2026
CVE-2026-5784
8.8 HIGH

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Stored XSS. This issue affects DivvyDrive: from …

May 7, 2026
CVE-2026-8080
5.4 MEDIUM

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in misp allows Stored XSS. This issue affects MISP before 2.5.37. A …

May 7, 2026
CVE-2026-6508
9.8 CRITICAL

Origin Validation Error vulnerability in TUBITAK BILGEM Software Technologies Research Institute Liderahenk allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Liderahenk: from …

May 7, 2026
CVE-2026-42285
7.5 HIGH

GoBGP is an open source Border Gateway Protocol (BGP) implementation in the Go Programming Language. In version 4.4.0, an unauthenticated remote BGP peer can trigger …

May 7, 2026
CVE-2026-42010
7.1 HIGH

A flaw was found in gnutls. Servers configured with RSA-PSK (Rivest–Shamir–Adleman – Pre-Shared Key) wrongfully matched usernames containing a NUL character with truncated usernames. A …

May 7, 2026
CVE-2026-41644
7.1 HIGH

monetr is a budgeting application for recurring expenses. Prior to version 1.12.5, a server-side request forgery (SSRF) vulnerability in monetr's Lunch Flow integration allowed any …

May 7, 2026
CVE-2026-41643
7.5 HIGH

GoBGP is an open source Border Gateway Protocol (BGP) implementation in the Go Programming Language. Prior to version 4.3.0, a remote Denial of Service (DoS) …

May 7, 2026
CVE-2026-41642
7.5 HIGH

GoBGP is an open source Border Gateway Protocol (BGP) implementation in the Go Programming Language. In version 4.3.0, a remote Denial of Service (DoS) vulnerability …

May 7, 2026
CVE-2026-3953
8.8 HIGH

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Gosoft Software Industry and Trade Ltd. Co. Proticaret E-Commerce allows Cross-Site Scripting (XSS), …

May 7, 2026
CVE-2026-33589
6.5 MEDIUM

Lack of user input validation in the file upload functionality of Open Notebook v1.8.3 allows the application user to access local files content from the …

May 7, 2026
CVE-2026-33588
8.1 HIGH

Lack of user input validation in the file upload functionality of Open Notebook v1.8.3 allows the application user to create or modify files on the …

May 7, 2026
CVE-2026-33587
10.0 CRITICAL

Lack of user input sanitisation in Open Notebook v1.8.3 allows the application user to execute Python code (and subsequently OS commands) on the docker container …

May 7, 2026
CVE-2026-28201
7.8 HIGH

An improper input validation, together with an overly permissive default CORS configuration in Open Notebook v1.8.1 allows remote attacker to trick a legitimate user to …

May 7, 2026
CVE-2026-27415
4.3 MEDIUM

Cross-Site Request Forgery (CSRF) vulnerability in PluginUs.Net BEAR allows Cross Site Request Forgery. This issue affects BEAR: from n/a through 1.1.5.

May 7, 2026
CVE-2026-6805
7.5 HIGH

Vulnerability on the external sharing feature in Cryptobox allows an attacker knowing a sharing link URL to retrieve information from the server allowing an offline …

May 7, 2026
CVE-2026-44407
4.7 MEDIUM

A remote denial-of-service vulnerability exists in the ZTE Cloud PC client uSmartview, which may lead to memory corruption and remote denial of service.

May 7, 2026
CVE-2026-27421
6.5 MEDIUM

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WProyal Royal Elementor Addons allows Stored XSS. This issue affects Royal Elementor Addons: …

May 7, 2026
CVE-2026-27416
5.3 MEDIUM

Missing Authorization vulnerability in bPlugins PDF Poster allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PDF Poster: from n/a through 2.4.1.

May 7, 2026
CVE-2026-27329
5.3 MEDIUM

Authorization Bypass Through User-Controlled Key vulnerability in YITH YITH WooCommerce Wishlist allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects YITH WooCommerce Wishlist: …

May 7, 2026
CVE-2026-25468
5.3 MEDIUM

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in weDevs Happy Addons for Elementor allows Retrieve Embedded Sensitive Data. This issue affects …

May 7, 2026
CVE-2026-25436
5.3 MEDIUM

Missing Authorization vulnerability in WProyal Royal Elementor Addons allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Royal Elementor Addons: from n/a before …

May 7, 2026
CVE-2025-68604
5.4 MEDIUM

Cross-Site Request Forgery (CSRF) vulnerability in WPGraphQL allows Cross Site Request Forgery. This issue affects WPGraphQL: from n/a through 2.5.3.

May 7, 2026
CVE-2025-68060
7.6 HIGH

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPMart Team Member allows Blind SQL Injection. This issue affects Team …

May 7, 2026
CVE-2025-66105
5.3 MEDIUM

Missing Authorization vulnerability in Magepeople inc. Bus Ticket Booking with Seat Reservation allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Bus Ticket …

May 7, 2026
CVE-2025-62127
5.9 MEDIUM

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WEN Themes WEN Logo Slider allows DOM-Based XSS. This issue affects WEN Logo …

May 7, 2026
CVE-2025-2514
5.3 MEDIUM

Improper restriction of excessive authentication attempts vulnerability in Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage …

May 7, 2026
CVE-2025-1978
8.3 HIGH

Remote Code Execution Vulnerability in Hitachi Storage Navigator and the maintenance console in Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, …

May 7, 2026
CVE-2024-43384
8.0 HIGH

A low privileged remote attacker can gain the root password due to improper removal of sensitive information before storage or transfer.

May 7, 2026
CVE-2026-4430
7.8 HIGH

Out-of-bounds write vulnerability in The Document Foundation LibreOffice via crafted OOXML documents with mismatched encryption salt parameters. This issue affects LibreOffice: from 26.2 before 26.2.3, …

May 7, 2026
CVE-2026-44406
5.7 MEDIUM

ZTE Cloud PC client uSmartView contains a DLL hijacking vulnerability; since uSmartViewServiceAgent.exe runs with SYSTEM privileges, successful hijacking enables local arbitrary code execution, privilege escalation, …

May 7, 2026
CVE-2025-9661
8.1 HIGH

OS command injection vulneravility in the management gui (maintenance utility) of Hitachi Virtual Storage Platform One Block 23, 24, 26 and 28. This issue affects …

May 7, 2026
CVE-2026-8063
6.5 MEDIUM

An authenticated user can crash mongod when running $rankFusion or $scoreFusion with an empty pipeline on a view. When resolving a view, the server inspects …

May 7, 2026
CVE-2026-7252
8.1 HIGH

The WP-Optimize – Cache, Compress images, Minify & Clean database to boost page speed & performance plugin for WordPress is vulnerable to arbitrary file deletion …

May 7, 2026
CVE-2026-6692
8.8 HIGH

The Slider Revolution plugin for WordPress is vulnerable to Arbitrary File Upload in versions 7.0.0 to 7.0.10 via the '_get_media_url' and '_check_file_path' function. This is …

May 7, 2026
CVE-2026-4348
7.5 HIGH

The BetterDocs Pro plugin for WordPress is vulnerable to SQL Injection via the `get_current_letter_docs` and `docs_sort_by_letter` AJAX actions in all versions up to, and including, …

May 7, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.