CVE Database

110702+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-7747
9.8 CRITICAL

A security flaw has been discovered in Totolink N300RH 3.2.4-B20220812. Affected by this vulnerability is the function loginauth of the file /cgi-bin/cstecgi.cgi of the component …

May 4, 2026
CVE-2026-7746
6.3 MEDIUM

A vulnerability was identified in SourceCodester Web-based Pharmacy Product Management System 1.0. Affected is an unknown function of the file /product_expiry/edit-admin.php. Such manipulation of the …

May 4, 2026
CVE-2026-7745
6.3 MEDIUM

A vulnerability was determined in CodeAstro Online Classroom 1.0. This impacts an unknown function of the file /OnlineClassroom/facultydetails. This manipulation of the argument deleteid causes …

May 4, 2026
CVE-2025-14320
9.8 CRITICAL

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Tegsoft Management and Information Services Trade Limited Company Online Support Application allows Reflected …

May 4, 2026
CVE-2026-7744
6.3 MEDIUM

A vulnerability was found in CodeAstro Online Classroom 1.0. This affects an unknown function of the file /OnlineClassroom/addnewstudent. The manipulation of the argument fname results …

May 4, 2026
CVE-2026-7743
6.3 MEDIUM

A vulnerability has been found in CodeAstro Online Classroom 1.0. The impacted element is an unknown function of the file /OnlineClassroom/studentdetails. The manipulation of the …

May 4, 2026
CVE-2026-7742
6.3 MEDIUM

A flaw has been found in CodeAstro Online Classroom 1.0. The affected element is an unknown function of the file /OnlineClassroom/facultylogin. Executing a manipulation of …

May 4, 2026
CVE-2026-7741
6.3 MEDIUM

A vulnerability was detected in CodeAstro Online Classroom 1.0. Impacted is an unknown function of the file /OnlineClassroom/studentlogin. Performing a manipulation of the argument sid …

May 4, 2026
CVE-2026-7740
3.3 LOW

A security vulnerability has been detected in justdan96 tsMuxer up to 2.7.0. This issue affects the function VvcVpsUnit::setFPS of the file tsMuxer/vvc.cpp. Such manipulation of …

May 4, 2026
CVE-2026-7739
3.3 LOW

A weakness has been identified in justdan96 tsMuxer up to 2.7.0. This vulnerability affects the function HevcVpsUnit::setFPS of the file /AFLplusplus/tsMuxer_prev/tsMuxer/hevc.cpp. This manipulation of the …

May 4, 2026
CVE-2026-7738
6.3 MEDIUM

A security flaw has been discovered in puchunjie doc-tools-mcp 1.0.18. This affects the function create_document/open_document of the file src/mcp-server.ts of the component MCP Interface. The …

May 4, 2026
CVE-2026-7737
5.3 MEDIUM

A vulnerability was identified in osrg GoBGP up to 4.3.0. Affected by this issue is the function BMPPeerUpNotification.ParseBody/BMPStatisticsReport.ParseBody of the file pkg/packet/bmp/bmp.go of the component …

May 4, 2026
CVE-2026-7736
7.3 HIGH

A vulnerability was determined in osrg GoBGP up to 4.3.0. Affected by this vulnerability is the function parseRibEntry of the file pkg/packet/mrt/mrt.go. Executing a manipulation …

May 4, 2026
CVE-2026-5335
5.3 MEDIUM

The Magic Export & Import WordPress plugin before 1.2.0 stores exported CSV files at a publicly accessible location, making it possible for any visitors to …

May 4, 2026
CVE-2026-43864
2.5 LOW

mutt before 2.3.2 has a show_sig_summary NULL pointer dereference.

May 4, 2026
CVE-2026-43863
3.7 LOW

mutt before 2.3.2 has an infinite loop in data_object_to_stream in crypt-gpgme.c.

May 4, 2026
CVE-2026-43862
3.7 LOW

In mutt before 2.3.2, the imap_auth_gss security level is mishandled.

May 4, 2026
CVE-2026-43861
3.7 LOW

mutt before 2.3.2 does not check for '\0' in url_pct_decode.

May 4, 2026
CVE-2026-43860
3.7 LOW

mutt before 2.3.2 sometimes truncates the hash_passwd by one byte for IMAP auth_cram MD5 digest.

May 4, 2026
CVE-2026-43859
3.7 LOW

mutt before 2.3.2 sometimes uses strfcpy instead of memcpy for the IMAP auth_cram MD5 digest.

May 4, 2026
CVE-2026-29200

A critical IDOR vulnerability has been discovered in Comet Backup affecting all versions from 20.11.0 to 26.1.1 and 26.2.1. The vulnerability allows a tenant administrator …

May 4, 2026
CVE-2026-29199
8.1 HIGH

phpBB before 3.3.16 is vulnerable to Host Header Injection that can lead to password rest link poisoning. When force_server_vars is disabled, the servers hostname may …

May 4, 2026
CVE-2026-20451
6.7 MEDIUM

In slbc, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege if a malicious …

May 4, 2026
CVE-2026-20450
6.5 MEDIUM

In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has …

May 4, 2026
CVE-2026-20449
6.5 MEDIUM

In Modem, there is a possible system crash due to a heap buffer overflow. This could lead to remote denial of service, if a UE …

May 4, 2026
CVE-2026-20448
6.7 MEDIUM

In geniezone, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege if a …

May 4, 2026
CVE-2026-20447
6.7 MEDIUM

In geniezone, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of privilege if a …

May 4, 2026
CVE-2026-7735
7.3 HIGH

A vulnerability was found in osrg GoBGP up to 4.3.0. Affected is the function PathAttributeAigp.DecodeFromBytes of the file pkg/packet/bgp/bgp.go of the component AIGP Attribute Parser. …

May 4, 2026
CVE-2026-7734
5.3 MEDIUM

A vulnerability has been found in osrg GoBGP up to 4.3.0. This impacts the function SRv6L3ServiceAttribute.DecodeFromBytes of the file pkg/packet/bgp/prefix_sid.go of the component SRv6 L3 …

May 4, 2026
CVE-2026-7733
7.3 HIGH

A flaw has been found in funadmin up to 7.1.0-rc6. This affects the function UploadService::chunkUpload of the file app/common/service/UploadService.php of the component Frontend Chunked Upload …

May 4, 2026
CVE-2026-7732
6.3 MEDIUM

A vulnerability was detected in code-projects BloodBank Managing System 1.0. The impacted element is an unknown function of the file request_blood.php. The manipulation results in …

May 4, 2026
CVE-2026-7731
6.3 MEDIUM

A security vulnerability has been detected in code-projects BloodBank Managing System 1.0. The affected element is an unknown function of the file get_state.php. The manipulation …

May 4, 2026
CVE-2026-7730
6.3 MEDIUM

A weakness has been identified in privsim mcp-test-runner 0.2.0. Impacted is the function child_process.spawn of the file src/index.ts of the component MCP Interface. Executing a …

May 4, 2026
CVE-2026-7729
6.3 MEDIUM

A security flaw has been discovered in pixelsock directus-mcp 1.0.0. This issue affects the function validateUrl of the file index.ts of the component MCP Interface. …

May 4, 2026
CVE-2026-7728
6.3 MEDIUM

A vulnerability was identified in ryanjoachim mcp-rtfm 0.1.0. This vulnerability affects the function get_doc_content/read_doc/update_doc of the component MCP Interface. Such manipulation of the argument docFile …

May 4, 2026
CVE-2026-7727
7.3 HIGH

A vulnerability was determined in Shandong Hoteam Software PDM Product Data Management System up to 8.3.9. This affects the function GetQueryMachineGridOnePageData of the file /Base/BaseService.asmx/DataService. …

May 4, 2026
CVE-2026-7725
6.3 MEDIUM

A vulnerability was found in PrefectHQ prefect up to 3.6.25.dev6. Affected by this issue is some unknown functionality of the file src/prefect/runner/storage.py of the component …

May 4, 2026
CVE-2026-7724
5.0 MEDIUM

A vulnerability has been found in PrefectHQ prefect up to 3.6.28.dev1. Affected by this vulnerability is the function validate_restricted_url of the component Webhook/Notification. The manipulation …

May 4, 2026
CVE-2026-7723
7.3 HIGH

A flaw has been found in PrefectHQ prefect up to 3.6.13. Affected is an unknown function of the file /api/events/in of the component WebSocket Endpoint. …

May 4, 2026
CVE-2026-7722
5.3 MEDIUM

A vulnerability was detected in PrefectHQ prefect up to 3.6.21. This impacts the function endswith of the file /api/health of the component Health Check API. …

May 4, 2026
CVE-2026-7721
6.3 MEDIUM

A security vulnerability has been detected in Totolink WA300 5.2cu.7112_B20190227. This affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument hostTime …

May 4, 2026
CVE-2026-7720
6.3 MEDIUM

A weakness has been identified in Totolink WA300 5.2cu.7112_B20190227. The impacted element is the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request …

May 4, 2026
CVE-2026-7719
9.8 CRITICAL

A security flaw has been discovered in Totolink WA300 5.2cu.7112_B20190227. The affected element is the function loginauth of the file /cgi-bin/cstecgi.cgi of the component POST …

May 4, 2026
CVE-2026-7718
6.3 MEDIUM

A vulnerability was identified in Totolink WA300 5.2cu.7112_B20190227. Impacted is the function setWebWlanIdx of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation …

May 4, 2026
CVE-2026-7717
8.8 HIGH

A vulnerability was determined in Totolink WA300 5.2cu.7112_B20190227. This issue affects the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Executing …

May 4, 2026
CVE-2026-7716
6.3 MEDIUM

A vulnerability was found in code-projects Gym Management System In PHP and Windows NT 1.0. This vulnerability affects unknown code of the file /index.php. Performing …

May 4, 2026
CVE-2026-7715
6.3 MEDIUM

A vulnerability has been found in ravenwits mcp-server-arangodb up to 0.4.7. This affects the function arango_backup of the file src/tools.ts of the component MCP Interface. …

May 4, 2026
CVE-2026-7714
6.5 MEDIUM

A flaw has been found in crocodilestick Calibre-Web-Automated up to 4.0.6. Affected by this issue is some unknown functionality of the file cps/cwa_functions.py of the …

May 4, 2026
CVE-2026-7372
9.0 CRITICAL

A stack overflow vulnerability exists in the WebCam Server Login functionality of GeoVision GV-VMS V20 20.0.2. A specially crafted HTTP request can lead to an …

May 4, 2026
CVE-2026-7371
7.4 HIGH

Multiple reflected cross-site scripting (xss) vulnerabilities exist in the Web Interface / ssi.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted malicious url can lead …

May 4, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.