CVE Database

108042+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-49451
7.5 HIGH

The OpenAPI.NET SDK contains a useful object model for OpenAPI documents in .NET along with common serializers to extract raw OpenAPI JSON and YAML documents …

Jun 30, 2026
CVE-2026-10655
6.5 MEDIUM

The asynchronous SNTP client in Zephyr (subsys/net/lib/sntp/sntp.c, sntp_close_async) closed the UDP socket file descriptor directly from the calling thread immediately after detaching it from the …

Jun 30, 2026
CVE-2026-10654
3.1 LOW

A race condition in the Zephyr Bluetooth Classic RFCOMM host stack (subsys/bluetooth/host/classic/rfcomm.c) mishandles a simultaneous bidirectional session disconnect. When the local device has initiated a …

Jun 30, 2026
CVE-2026-10653
6.4 MEDIUM

The Zephyr net_buf library (lib/net_buf/buf.c) manipulated both of its reference counts -- the per-header buf->ref and the per-data-block ref_count at the start of each variable/heap …

Jun 30, 2026
CVE-2026-10652
4.8 MEDIUM

Zephyr's DNS resolver (subsys/net/lib/dns) parses resource records from DNS responses in dns_unpack_answer(), which validated only the fixed RR header (type, class, TTL, rdlength) and accepted …

Jun 30, 2026
CVE-2026-48315
9.3 CRITICAL

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of …

Jun 30, 2026
CVE-2026-48314
6.5 MEDIUM

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result …

Jun 30, 2026
CVE-2026-48313
9.3 CRITICAL

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead …

Jun 30, 2026
CVE-2026-48307
8.8 HIGH

ColdFusion versions 2025.9, 2023.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this vulnerability to inject malicious scripts …

Jun 30, 2026
CVE-2026-48286
10.0 CRITICAL

Adobe Campaign Classic (ACC) versions 7.4.3 build 9396 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in …

Jun 30, 2026
CVE-2026-48285
8.6 HIGH

ColdFusion versions 2025.9, 2023.20 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could result in a Security feature bypass. An attacker …

Jun 30, 2026
CVE-2026-48283
10.0 CRITICAL

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution …

Jun 30, 2026
CVE-2026-48282
10.0 CRITICAL

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead …

Jun 30, 2026
CVE-2026-48281
10.0 CRITICAL

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of …

Jun 30, 2026
CVE-2026-48277
10.0 CRITICAL

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of …

Jun 30, 2026
CVE-2026-48276
10.0 CRITICAL

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution …

Jun 30, 2026
CVE-2026-44948

A path traversal vulnerability was found in Fleet's ImageScan subsystem in Rancher Fleet 0.12.0 up to 0.12.16, 0.13.0 up to 0.13.12, 0.14.0 up to 0.14.7 …

Jun 30, 2026
CVE-2026-13455
4.3 MEDIUM

PostgreSQL Anonymizer contains a vulnerability that allows unprivileged masked users to repeatedly call the anon.hash() function and collects (seed, hash_output) pairs to perform an offline …

Jun 30, 2026
CVE-2026-4360

In the Tarfile.extract() function, the filter parameter is not passed properly when extracting hardlinks. An affected system that extracts content from untrusted tar files could …

Jun 30, 2026
CVE-2026-48192
5.4 MEDIUM

A vulnerability has been identified in Mendix Studio Pro 10.11 (All versions), Mendix Studio Pro 10.12 (All versions), Mendix Studio Pro 10.13 (All versions), Mendix …

Jun 30, 2026
CVE-2026-44949

A Rancher FleetWorkspace admission path allowed side effects to occur in the Rancher webhook handler for versions 0.7.0 up to 0.7.10, 0.8.0 up to 0.8.7, …

Jun 30, 2026
CVE-2026-44947

A missing clean-up in the legacy Project Role Template Binding (PRTB) reconciler in Rancher versions 2.13.0 up to 2.13.7 and 2.14.0 up to 2.14.3 allowed …

Jun 30, 2026
CVE-2026-27957
8.8 HIGH

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.464, an authenticated command injection vulnerability in the CA Certificate …

Jun 30, 2026
CVE-2026-27956
4.3 MEDIUM

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.464, `GET /api/v1/servers/{server_uuid}/domains?uuid={app_uuid}` bypasses team scoping when the optional uuid …

Jun 30, 2026
CVE-2026-27955
6.6 MEDIUM

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.464, the executeInDocker() helper wraps commands in bash -c '{$command}' …

Jun 30, 2026
CVE-2026-27883
5.0 MEDIUM

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.464, the `GET /api/v1/deployments/{uuid}` endpoint allows any authenticated user to …

Jun 30, 2026
CVE-2026-27882
4.8 MEDIUM

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.461, the GitLab webhook endpoint uses a non-constant-time string comparison …

Jun 30, 2026
CVE-2026-27881
5.0 MEDIUM

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.464, `GET /api/v1/deployments/{uuid}` in DeployController.php retrieves deployment details without validating …

Jun 30, 2026
CVE-2026-35098

KTM System e-BOK does not implement any limit or timeout on consecutive login attempts, allowing an attacker to perform unlimited authentication requests. This lack of …

Jun 30, 2026
CVE-2026-35097

KTM System e-BOK enforces a maximum password length of six numeric digits and does not permit the use of any alphabetic, special, or extended characters. …

Jun 30, 2026
CVE-2026-35096

KTM System e-BOK is vulnerable to Cross‑Site Request Forgery (CSRF) in both the email-change and password-change functionalities. An attacker can craft a malicious website that, …

Jun 30, 2026
CVE-2026-35095

KTM System e-BOK allows the session identifier to be set by the client prior to authentication. If a cookie with a valid name is set, …

Jun 30, 2026
CVE-2026-14241
9.8 CRITICAL

Memory safety bugs present in Firefox 152.0.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of …

Jun 30, 2026
CVE-2026-14178
5.9 MEDIUM

openGauss 在处理带 NLS 参数的 to_timestamp 调用时,to_timestamp_with_fmt_nls() 会将 nls_fmt_str 保存到 u_sess->parser_cxt.nls_fmt_str。在 seqscan + sort 执行路径下,该字符串原本被分配在 SeqScan 的表达式上下文中;当 SeqScan 完成后,该内存上下文会被 reset,但后续结果输出阶段 timestamp_out() 仍会通过 CheckNlsFormat() 访问 u_sess->parser_cxt.nls_fmt_str,导致访问已释放内存。攻击者在具备数据库 SQL …

Jun 30, 2026
CVE-2025-53648
5.4 MEDIUM

SQL misconfiguration in the Gravitino UI, in versions 1.0.0 and below, can allow a malicious user to read or truncate files. Users are recommended to …

Jun 30, 2026
CVE-2026-8655
9.8 CRITICAL

Multiple Memory overflow vulnerabilities in NetScaler ADC and NetScaler Gateway leading to unpredictable or erroneous behavior and Denial of Service if NetScaler ADC is configured …

Jun 30, 2026
CVE-2026-8452
9.8 CRITICAL

Memory overflow vulnerability NetScaler ADC and NetScaler Gateway leading to unpredictable or erroneous behavior and Denial of Service if the appliance is configured as a …

Jun 30, 2026
CVE-2026-8451
7.5 HIGH

Insufficient input validation in NetScaler ADC and NetScaler Gateway leading to memory overread if NetScaler ADC or NetScaler Gateway is configured as a SAML IDP

Jun 30, 2026
CVE-2026-8403
6.1 MEDIUM

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Eksagate Electronic Engineering and Computer Industry Trade Inc. SYSGUARD 6001 allows Stored XSS. …

Jun 30, 2026
CVE-2026-6556
9.1 CRITICAL

@fastify/express versions 4.0.6 and earlier only rewrite the plugin prefix for middleware mount paths when the path argument is a string. Non-string mount paths (arrays …

Jun 30, 2026
CVE-2026-58374
6.5 MEDIUM

In hostapd before 2.12, a missing bounds check in AP-mode Wi-Fi 7 (IEEE 802.11be) Multi-Link Operation (MLO) association request processing allows an unauthenticated attacker within …

Jun 30, 2026
CVE-2026-58116
9.8 CRITICAL

LLaMA-Factory through 0.9.5 contains a remote code execution vulnerability that allows attackers with WebUI access to execute arbitrary Python code by supplying a malicious model …

Jun 30, 2026
CVE-2026-58016
7.5 HIGH

A flaw was found in GLib. A state confusion issue exists in g_dbus_node_info_new_for_xml() in the gio/gdbusintrospection.c file when processing malformed D-Bus introspection XML, specifically with …

Jun 30, 2026
CVE-2026-58015
5.9 MEDIUM

A flaw was found in GLib. The D-Bus client-side implementation of the DBUS_COOKIE_SHA1 SASL authentication mechanism does not validate the cookie_context parameter received from the …

Jun 30, 2026
CVE-2026-58014
7.3 HIGH

A flaw was found in GLib. An off-by-one error can occur in the g_key_file_get_locale_string_list function in the gkeyfile.c file when loading a key file with …

Jun 30, 2026
CVE-2026-58013
6.5 MEDIUM

A flaw was found in GLib. A buffer over-read can occur in g_io_channel_read_line_backend() in the giochannel.c file when a custom line terminator with a length …

Jun 30, 2026
CVE-2026-58012
6.5 MEDIUM

A flaw was found in GLib. A buffer over-read can occur in the g_regex_replace function when used with the `G_REGEX_RAW` compile flag and case-change replacement …

Jun 30, 2026
CVE-2026-58011
6.5 MEDIUM

A flaw was found in GLib. An out-of-bounds read of only 2 bytes can occur in the g_date_time_get_ymd function in the glib/gdatetime.c file when an …

Jun 30, 2026
CVE-2026-58010
6.5 MEDIUM

A flaw was found in GLib. An off-by-one error can occur in the gvs_tuple_is_normal function in the glib/gvariant-serialiser.c file when doing an alignment padding check …

Jun 30, 2026
CVE-2026-53433
7.5 HIGH

fzf is vulnerable to a Denial of Service (DoS) due to inefficient HTTP body processing in the --listen mode due to inefficient HTTP body processing …

Jun 30, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.