CVE Database

110702+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-7673
4.7 MEDIUM

A vulnerability was detected in crmeb_java up to 1.3.4. This vulnerability affects unknown code of the file crmeb/crmeb-service/src/main/java/com/zbkj/service/service/impl/UploadServiceImpl.java of the component Admin Upload. Performing a …

May 3, 2026
CVE-2026-40561
5.3 MEDIUM

Starlet versions through 0.31 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Starlet incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are …

May 3, 2026
CVE-2026-7672
6.3 MEDIUM

A security vulnerability has been detected in youlaitech youlai-boot up to 2.21.1. This affects the function getUserList of the file src/main/java/com/youlai/boot/system/controller/UserController.java of the component Users …

May 3, 2026
CVE-2026-7671
3.7 LOW

A vulnerability has been found in CodeWise Tornet Scooter Mobile App 4.75 on iOS/Android. The impacted element is an unknown function of the file /TwoFactor. …

May 3, 2026
CVE-2026-7670
7.3 HIGH

A flaw has been found in Jinher OA 1.0. The affected element is an unknown function of the file /C6/JHSoft.Web.PlanSummarize/UserSel.aspx. This manipulation of the argument …

May 2, 2026
CVE-2026-6481

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

May 2, 2026
CVE-2026-7669
5.6 MEDIUM

A vulnerability was detected in sgl-project SGLang up to 0.5.9. Impacted is the function get_tokenizer of the file python/sglang/srt/utils/hf_transformers_utils.py of the component HuggingFace Transformer Handler. …

May 2, 2026
CVE-2026-7668
7.3 HIGH

A vulnerability was identified in MikroTik RouterOS 6.49.8. This vulnerability affects the function ASN1_STRING_data in the library nova/lib/www/scep.p of the component SCEP Endpoint. The manipulation …

May 2, 2026
CVE-2026-7653
6.3 MEDIUM

A security flaw has been discovered in r-huijts mcp-server-rijksmuseum up to 1.0.4. Affected is the function open_image_in_browser of the file src/index.ts of the component MCP …

May 2, 2026
CVE-2026-7645
6.5 MEDIUM

A vulnerability was found in ruvnet sublinear-time-solver 1.5.0. Affected by this vulnerability is the function export_state of the file src/consciousness-explorer/mcp/server.js of the component MCP Interface. …

May 2, 2026
CVE-2026-7644
7.3 HIGH

A vulnerability has been found in ChatGPTNextWeb NextChat up to 2.16.1. Affected is the function addMcpServer of the file app/mcp/actions.ts. The manipulation leads to improper …

May 2, 2026
CVE-2026-7643
4.3 MEDIUM

A flaw has been found in ChatGPTNextWeb NextChat up to 2.16.1. This impacts an unknown function of the file Next.js of the component API Endpoint. …

May 2, 2026
CVE-2026-7642
6.3 MEDIUM

A vulnerability was detected in pskill9 website-downloader up to 0.1.0. This affects the function download_website of the file src/index.ts of the component MCP Interface. Performing …

May 2, 2026
CVE-2026-7633
6.5 MEDIUM

A vulnerability was identified in Totolink N300RH 6.1c.1353_B20190305. This impacts the function setUploadSetting of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument FileName leads to …

May 2, 2026
CVE-2026-7632
7.3 HIGH

A vulnerability was determined in code-projects Online Hospital Management System 1.0. This affects an unknown function of the file /viewappointment.php. This manipulation of the argument …

May 2, 2026
CVE-2026-7631
5.4 MEDIUM

A vulnerability was found in code-projects Online Hospital Management System 1.0. The impacted element is an unknown function of the component Registration Handler. The manipulation …

May 2, 2026
CVE-2026-7630
7.3 HIGH

A vulnerability has been found in innocommerce InnoShop up to 0.7.8. The affected element is the function InstallServiceProvider::boot of the file innopacks/install/src/InstallServiceProvider.php of the component …

May 2, 2026
CVE-2026-7629
6.3 MEDIUM

A flaw has been found in kleneway awesome-cursor-mpc-server up to 2.0.1. Impacted is the function runCodeReviewTool of the file src/tools/codeReview.ts of the component Ccode-Review Tool. …

May 2, 2026
CVE-2026-3504
5.3 MEDIUM

The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.1 …

May 2, 2026
CVE-2026-2554
8.1 HIGH

The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to Insecure Direct Object Reference in all …

May 2, 2026
CVE-2026-0703
6.4 MEDIUM

The NextMove Lite – Thank You Page for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'xlwcty_current_date' shortcode in all …

May 2, 2026
CVE-2026-7628
6.3 MEDIUM

A vulnerability was detected in crazyrabbitLTC mcp-code-review-server up to 0.1.0. This issue affects the function executeRepomix of the file src/repomix.ts of the component RepoMix Command …

May 2, 2026
CVE-2026-6817
5.8 MEDIUM

The Quiz Maker by AYS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'rate_reason' parameter in all versions up to, and including, …

May 2, 2026
CVE-2026-6525
5.5 MEDIUM

IEEE 802.11 protocol dissector crash in Wireshark 4.6.0 to 4.6.4

May 2, 2026
CVE-2026-6320
7.5 HIGH

The Salon Booking System – Free Version plugin for WordPress is vulnerable to Arbitrary File Read in versions up to, and including, 10.30.25. This is …

May 2, 2026
CVE-2026-4790
5.4 MEDIUM

The Premium Addons for Elementor – Powerful Elementor Templates & Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'custom_svg' parameter in …

May 2, 2026
CVE-2026-4100
7.1 HIGH

The Paid Memberships Pro plugin for WordPress is vulnerable to unauthorized modification and disruption of Stripe webhook configuration in all versions up to, and including, …

May 2, 2026
CVE-2026-4062
7.5 HIGH

The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'object_ids' and 'exclude_object_ids' parameters in all versions up to, and including, …

May 2, 2026
CVE-2026-4061
7.5 HIGH

The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'map_post_type' parameter in all versions up to, and including, 1.13.18. This …

May 2, 2026
CVE-2026-4060
7.5 HIGH

The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'sort' parameter in all versions up to, and including, 1.13.18. This …

May 2, 2026
CVE-2026-7627
6.3 MEDIUM

A security vulnerability has been detected in 8nite metatrader-4-mcp 1.0.0. This vulnerability affects the function CallToolRequestSchema of the file src/index.ts of the component sync_ea_from_file. Such …

May 2, 2026
CVE-2026-7612
4.7 MEDIUM

A vulnerability was determined in itsourcecode Courier Management System 1.0. Affected is an unknown function of the file /edit_user.php. Executing a manipulation of the argument …

May 2, 2026
CVE-2026-7611
3.7 LOW

A vulnerability was found in TRENDnet TEW-821DAP up to 1.12B01. This impacts the function platform_do_upgrade_cameo_dev of the file cameo_dev.sh of the component Firmware Update Handler. …

May 2, 2026
CVE-2026-7610
3.7 LOW

A vulnerability has been found in TRENDnet TEW-821DAP 1.12B01. This affects an unknown function of the file /www/cgi/ssi of the component Firmware Update. Such manipulation …

May 2, 2026
CVE-2026-7609
6.3 MEDIUM

A flaw has been found in TRENDnet TEW-821DAP up to 1.12B01. The impacted element is the function tools_diagnostic of the file /tmp/diagnostic of the component …

May 2, 2026
CVE-2026-7491
8.1 HIGH

School App developed by Zyosoft has an Insecure Direct Object Reference vulnerability, allowing authenticated remote attackers to modify a specific parameter to read and modify …

May 2, 2026
CVE-2026-7490
7.2 HIGH

CTMS and CPAS developed by Sunnet has an Arbitrary File Upload vulnerability, allowing privileged remote attackers to upload and execute web shell backdoors, thereby enabling …

May 2, 2026
CVE-2026-7489
8.8 HIGH

CTMS developed by Sunnet has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.

May 2, 2026
CVE-2026-5077
5.4 MEDIUM

The Total theme for WordPress is vulnerable to Stored Cross-Site Scripting via post titles in versions up to, and including, 2.2.1 due to insufficient output …

May 2, 2026
CVE-2026-7608
5.5 MEDIUM

A vulnerability was detected in TRENDnet TEW-821DAP up to 1.12B01. The affected element is the function tools_diagnostic. The manipulation results in os command injection. The …

May 2, 2026
CVE-2026-5324
7.2 HIGH

The Brizy – Page Builder plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in all versions up to, and including, 2.8.11 This is …

May 2, 2026
CVE-2026-4024
5.3 MEDIUM

The Royal Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `wpr_update_form_action_meta` AJAX …

May 2, 2026
CVE-2026-7649
7.5 HIGH

The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to time-based blind SQL Injection via …

May 2, 2026
CVE-2026-7607
8.8 HIGH

A security vulnerability has been detected in TRENDnet TEW-821DAP 1.12B01. Impacted is the function auto_update_firmware of the component Firmware Udpate. The manipulation of the argument …

May 2, 2026
CVE-2026-7606
3.7 LOW

A weakness has been identified in TRENDnet TEW-821DAP 1.12B01. This issue affects the function find_hwid/new_gui_update_firmware of the component Firmware Update Handler. Executing a manipulation of …

May 2, 2026
CVE-2026-6457
6.5 MEDIUM

The Geo Mashup plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'geo_mashup_null_fields' parameter in all versions up to, and including, 1.13.19 …

May 2, 2026
CVE-2026-6449
5.3 MEDIUM

The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Improper Authorization in all versions up to, and including, 2.1.2. …

May 2, 2026
CVE-2026-6229
7.2 HIGH

The Royal Elementor Addons plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 1.7.1057. This is due to insufficient …

May 2, 2026
CVE-2026-4650
5.3 MEDIUM

The FundPress – WordPress Donation Plugin for WordPress is vulnerable to authorization bypass in versions up to and including 2.0.8. This is due to missing …

May 2, 2026
CVE-2026-2052
8.8 HIGH

The Widget Options – Advanced Conditional Visibility for Gutenberg Blocks & Classic Widgets plugin for WordPress is vulnerable to Remote Code Execution in all versions …

May 2, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.