CVE Database

36304+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-0125
7.0 HIGH

In multiple functions of vpu_ioctl.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege …

Jun 16, 2026
CVE-2026-53866
8.1 HIGH

OpenClaw before 2026.5.12 contains an allowlist bypass vulnerability in shell inline-command parsing that allows authenticated operators to execute unapproved commands. A command request using shell …

Jun 16, 2026
CVE-2026-53865
7.1 HIGH

OpenClaw before 2026.5.2 contains a path traversal vulnerability in maintenance task execution that allows workspace-derived service paths to influence trash command selection. Attackers can execute …

Jun 16, 2026
CVE-2026-53864
8.1 HIGH

OpenClaw before 2026.5.26 contains an insufficient sanitization vulnerability in the host environment sanitizer that allows Node.js control variables to bypass validation. Attackers with access to …

Jun 16, 2026
CVE-2026-53863
7.1 HIGH

OpenClaw before 2026.4.25 contains an input validation vulnerability in tool group policy callers that accept unvalidated group IDs. Attackers who can supply a group ID …

Jun 16, 2026
CVE-2026-53858
7.1 HIGH

OpenClaw before 2026.5.2 contains an environment variable injection vulnerability where workspace .env STATE_DIRECTORY could influence bundled runtime dependency roots. Attackers can manipulate the STATE_DIRECTORY variable …

Jun 16, 2026
CVE-2026-53857
8.1 HIGH

OpenClaw before 2026.5.3 contains a policy enforcement vulnerability where Zalo contacts with mutable display metadata could match allowFrom policy entries through display name changes. Attackers …

Jun 16, 2026
CVE-2026-53855
8.1 HIGH

OpenClaw before 2026.4.2 contains an inline-eval bypass vulnerability allowing authenticated operators to weaken strict allowlist checks via shell positional parameters. Attackers can combine allowlisted tools …

Jun 16, 2026
CVE-2026-53853
8.3 HIGH

OpenClaw before 2026.5.12 contains an argument pattern validation bypass in the exec allowlist that allows attackers to execute disallowed arguments for allowlisted executables on Linux …

Jun 16, 2026
CVE-2026-53849
8.1 HIGH

OpenClaw before 2026.5.7 contains a privilege escalation vulnerability where the allowFrom feature improperly validates Discord account identity using mutable display names instead of immutable user …

Jun 16, 2026
CVE-2026-53846
7.1 HIGH

OpenClaw before 2026.4.29 contains a path traversal vulnerability in the install helper that allows workspace .env files to override the npm_execpath configuration used for bundled …

Jun 16, 2026
CVE-2026-53843
8.8 HIGH

OpenClaw before 2026.5.26 contains an authorization bypass vulnerability where a surviving pairing-scoped device session can re-establish node token authority after revocation. Attackers with a paired …

Jun 16, 2026
CVE-2026-53842
7.1 HIGH

OpenClaw before 2026.5.2 contains an environment variable injection vulnerability allowing workspace .env files to influence Python runtime selection through CLOUDSDK_PYTHON during Gmail setup gcloud execution. …

Jun 16, 2026
CVE-2026-53840
7.1 HIGH

OpenClaw before 2026.5.12 contains an information disclosure vulnerability in streamable-http MCP servers that forwards operator-configured custom headers during cross-origin redirects. Attackers controlling or compromising an …

Jun 16, 2026
CVE-2026-50656
7.8 HIGH

Microsoft is aware of an elevation of privilege in the Microsoft Malware Protection Engine in Microsoft Defender publicly referred to as "RoguePlanet ". We are …

Jun 16, 2026
CVE-2026-47964
7.8 HIGH

DNG SDK versions 1.7.1 2536 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context …

Jun 16, 2026
CVE-2026-47749
7.8 HIGH

stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more) inference. Versions prior to master-584-0a7ae07 are …

Jun 16, 2026
CVE-2024-39575
7.4 HIGH

update_disk_psu_baseline.sh requires password in plain text

Jun 16, 2026
CVE-2026-44932
8.8 HIGH

Passing of unsanitized strings from DHCP replies into the wicked dhcp client before wicked 0.6.79 could be used by attackers operating a malicious DHCP server …

Jun 16, 2026
CVE-2026-42089
8.6 HIGH

Yeoman Environment provides an API to discover, create, and run generators, and to configure where and how a generator is resolved. Versions 2.9.0 through 6.0.0 …

Jun 16, 2026
CVE-2026-24228
7.8 HIGH

NVIDIA NeMo Framework for Linux contains a vulnerability where an attacker may cause deserialization of untrusted data. A successful exploit of this vulnerability may lead …

Jun 16, 2026
CVE-2026-24155
7.8 HIGH

NVIDIA NeMo Framework for all platforms contains a code injection vulnerability. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, …

Jun 16, 2026
CVE-2026-10649
8.6 HIGH

A flaw was found in Pacemaker. An unauthenticated remote attacker can exploit an integer overflow vulnerability in the remote message decompression process. By sending a …

Jun 16, 2026
CVE-2025-71261
8.6 HIGH

An attacker with network-level access between the SUSE Virtualization and Rancher Manager in SUSE Harvester before 1.8.0 could interfere with the TLS handshake and abuse …

Jun 16, 2026
CVE-2024-38487
7.0 HIGH

api-gateway container running with root privilege would allow an attacker to escape the container and access host system to perform unintended actions.

Jun 16, 2026
CVE-2024-24909
8.8 HIGH

Dell OpenManage Integration with Microsoft Windows Admin Center contains a Remote Code Execution vulnerability in the gateway plugin. A remote authenticated user could potentially exploit …

Jun 16, 2026
CVE-2026-48780
8.2 HIGH

Forem is open source software for building communities. Prior to commit a2ab6d4, a maliciously crafted email address could allow an attacker to bypass domain allowlist …

Jun 16, 2026
CVE-2026-47684
7.7 HIGH

Sync-in Server is a secure, open-source platform for file storage, sharing, collaboration, and syncing. Prior to version 2.3.0, the private IP blocklist regex used in …

Jun 16, 2026
CVE-2026-12398
7.5 HIGH

A command injection vulnerability was found in galaxy_ng. The do_git_checkout() function in the legacy role import API (v1) interpolates unsanitized git ref names (branch/tag names) …

Jun 16, 2026
CVE-2026-12328
8.1 HIGH

Memory safety bugs present in Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151. Some of these bugs showed evidence …

Jun 16, 2026
CVE-2026-12327
8.1 HIGH

Memory safety bugs present in Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption …

Jun 16, 2026
CVE-2026-12326
8.1 HIGH

Memory safety bugs present in Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough …

Jun 16, 2026
CVE-2026-12324
7.3 HIGH

Incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.

Jun 16, 2026
CVE-2026-12318
7.3 HIGH

Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Firefox 152 and Thunderbird 152.

Jun 16, 2026
CVE-2026-12317
7.5 HIGH

Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152 and Thunderbird 152.

Jun 16, 2026
CVE-2026-12314
7.5 HIGH

Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.

Jun 16, 2026
CVE-2026-12312
7.5 HIGH

Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.

Jun 16, 2026
CVE-2026-12310
7.5 HIGH

Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.

Jun 16, 2026
CVE-2026-12305
7.5 HIGH

Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.

Jun 16, 2026
CVE-2026-12290
8.1 HIGH

Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.

Jun 16, 2026
CVE-2026-12289
8.8 HIGH

Privilege escalation in the Graphics: WebRender component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.

Jun 16, 2026
CVE-2026-8442
8.1 HIGH

The WP Review Slider Pro plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to and including 12.6.8. This is due to …

Jun 16, 2026
CVE-2026-8176
7.5 HIGH

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Privilege Escalation to Administrator in versions up to, and …

Jun 16, 2026
CVE-2026-5416
8.8 HIGH

Due to the improper neutralization of special elements used in a name parameter a low privileged remote attacker can exploit a command injection vulnerability in …

Jun 16, 2026
CVE-2026-54198
7.1 HIGH

Unauthenticated Cross Site Scripting (XSS) in Media LIbrary Assistant <= 3.35 versions.

Jun 16, 2026
CVE-2026-54191
7.1 HIGH

Unauthenticated Cross Site Scripting (XSS) in Pods <= 3.3.8 versions.

Jun 16, 2026
CVE-2026-52712
7.6 HIGH

Subscriber SQL Injection in Attendance Manager <= 0.6.2 versions.

Jun 16, 2026
CVE-2026-52711
7.5 HIGH

Unauthenticated Broken Access Control in WooCommerce POS <= 1.8.14 versions.

Jun 16, 2026
CVE-2026-39581
8.5 HIGH

Subscriber SQL Injection in WP Sessions Time Monitoring Full Automatic <= 1.1.4 versions.

Jun 16, 2026
CVE-2026-39490
7.5 HIGH

Unauthenticated Broken Access Control in JupiterX Core <= 4.14.1 versions.

Jun 16, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.