CVE Database

110702+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-31694
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: fuse: reject oversized dirents in page cache fuse_add_dirent_to_cache() computes a serialized dirent size from the …

May 1, 2026
CVE-2026-7581
4.3 MEDIUM

A security vulnerability has been detected in alexta69 MeTube up to 2026.04.09. This affects the function on_prepare of the file app/main.py of the component CORS …

May 1, 2026
CVE-2026-7580
5.3 MEDIUM

A vulnerability was detected in Exiftool up to 13.53. Impacted is the function Process_mrld of the file lib/Image/ExifTool/GM.pm of the component JPEG/QuickTime/MOV/MP4. The manipulation of …

May 1, 2026
CVE-2026-7579
7.3 HIGH

A security vulnerability has been detected in AstrBotDevs AstrBot up to 4.16.0. This issue affects some unknown processing of the file astrbot/dashboard/routes/auth.py of the component …

May 1, 2026
CVE-2026-3772
8.8 HIGH

The WP Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.9.2. This is due to missing …

May 1, 2026
CVE-2026-3140
4.3 MEDIUM

The Ultimate Dashboard plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.14. This is due to a …

May 1, 2026
CVE-2026-7578
4.7 MEDIUM

A weakness has been identified in MacCMS Pro up to 2022.1.3. This vulnerability affects the function install of the file /admi.php/admin/addon/add.html of the component Plugin …

May 1, 2026
CVE-2026-42779
9.8 CRITICAL

The fix for CVE-2026-41635 was not applied to the 2.1.X and 2.2.X branches. Here was the original issue description: Apache MINA's AbstractIoBuffer.resolveClass() contains two branches, …

May 1, 2026
CVE-2026-42778
9.8 CRITICAL

The fix for CVE-2026-41409 was not applied to the 2.1.X and 2.2.X branches. Here was the original issue description: The fix for CVE-2024-52046 in Apache …

May 1, 2026
CVE-2026-42404
6.5 MEDIUM

Apache Neethi does not impose any restrictions on URIs when manually fetching remote policy references through the PolicyReference API. When an application explicitly calls the …

May 1, 2026
CVE-2026-7567
9.8 CRITICAL

The Temporary Login plugin for WordPress is vulnerable to Authentication Bypass in versions up to and including 1.0.0. This is due to improper input validation …

May 1, 2026
CVE-2026-43003
8.0 HIGH

An issue was discovered in OpenStack ironic-python-agent 1.0.0 through 11.5.0. Ironic Python Agent (IPA) sometimes executes grub-install from within a chroot of the deployed partition …

May 1, 2026
CVE-2026-43001
7.9 HIGH

An issue was discovered in OpenStack Keystone 13 through 29. POST /v3/credentials did not validate that the caller-supplied project_id for an EC2-type credential matched the …

May 1, 2026
CVE-2026-42403
7.5 HIGH

Apache Neethi does not properly detect circular references in policy definitions. When a WS-Policy document contains circular policy references (where Policy A references Policy B …

May 1, 2026
CVE-2026-42402
7.5 HIGH

Apache Neethi is vulnerable to a Denial of Service attack through algorithmic complexity in policy normalization. Specially crafted WS-Policy documents can trigger an exponential Cartesian …

May 1, 2026
CVE-2026-40201
5.4 MEDIUM

@diplodoc/search-extension 1.0.0 through 3.x before 3.0.3 allows stored XSS via the title in a .md file.

May 1, 2026
CVE-2026-7584
7.8 HIGH

The LabOne Q serialization framework uses a class-loading mechanism (import_cls) to dynamically import and instantiate Python classes during deserialization. Prior to the fix, this mechanism …

May 1, 2026
CVE-2026-42996

JS8Call through 2.3.1 and JS8Call-improved before 3.0 have a stack-based buffer overflow via a radio transmission of @APRSIS GRID followed by a long Maidenhead locator. …

May 1, 2026
CVE-2026-7555
7.3 HIGH

A vulnerability was identified in itsourcecode Electronic Judging System 1.0. This affects an unknown part of the file /intrams/login.php. Such manipulation of the argument Username …

May 1, 2026
CVE-2026-7554
5.6 MEDIUM

A vulnerability was determined in D-Link M60 up to 1.20B02. Affected by this issue is some unknown functionality of the file /usr/bin/httpd. This manipulation causes …

May 1, 2026
CVE-2026-6127
6.4 MEDIUM

The Elementor Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the _elementor_data meta field in versions up to, and including, 4.0.4. …

May 1, 2026
CVE-2024-13362
6.1 MEDIUM

Multiple plugins and/or themes for WordPress are vulnerable to Reflected Cross-Site Scripting via the url parameter in various versions due to insufficient input sanitization and …

May 1, 2026
CVE-2026-7553
4.7 MEDIUM

A vulnerability was found in code-projects Gym Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/edit_exercises.php. The manipulation of …

May 1, 2026
CVE-2026-7550
7.3 HIGH

A vulnerability has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. Affected is an unknown function of the file /ajax.php?action=save_customer. The manipulation of …

May 1, 2026
CVE-2026-7549
7.3 HIGH

A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. This impacts an unknown function of the file /ajax.php?action=delete_customer. Executing a manipulation …

May 1, 2026
CVE-2026-42994
9.8 CRITICAL

Bitwarden CLI 2026.4.0 from 2026-04-22T21:57Z to 2026-04-22T23:30Z, when obtained from npm, had embedded malicious code. This is related to a Checkmarx supply chain incident.

May 1, 2026
CVE-2026-7548
8.8 HIGH

A vulnerability was detected in Totolink NR1800X 9.1.0u.6279_B20210910. This affects the function sub_41A68C of the file /cgi-bin/cstecgi.cgi. Performing a manipulation of the argument setUssd results …

May 1, 2026
CVE-2026-7546
9.8 CRITICAL

A security vulnerability has been detected in Totolink NR1800X 9.1.0u.6279_B20210910. The impacted element is the function find_host_ip of the component lighttpd. Such manipulation of the …

May 1, 2026
CVE-2026-7545
7.3 HIGH

A weakness has been identified in SourceCodester Advanced School Management System 1.0. The affected element is an unknown function of the file commonController.php of the …

May 1, 2026
CVE-2026-7538
9.8 CRITICAL

A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function Vulnerability of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation …

May 1, 2026
CVE-2026-7536
5.3 MEDIUM

A vulnerability was determined in Open5GS up to 2.7.7. This vulnerability affects the function bsf_sess_add_by_ip_address of the file /nbsf-management/v1/pcfBindings of the component BSF. Executing a …

May 1, 2026
CVE-2026-7535
4.3 MEDIUM

A vulnerability was found in Open5GS up to 2.7.7. This affects the function amf_namf_comm_handle_registration_status_update_request in the library /lib/app/ogs-init.c of the file /namf-comm/v1/ue-contexts/{ueContextId}/transfer-update. Performing a manipulation …

May 1, 2026
CVE-2026-7519
7.3 HIGH

A vulnerability has been found in Fujian Apex LiveBOS up to 2.0. Impacted is an unknown function of the file /feed/UploadImage.do of the component Endpoint. …

May 1, 2026
CVE-2026-7518
4.3 MEDIUM

A flaw has been found in Open5GS up to 2.7.7. This issue affects the function amf_namf_callback_handle_sdm_data_change_notify of the file /namf-callback/v1/{id}/sdmsubscription-notify of the component AMF SBI …

May 1, 2026
CVE-2026-7513
8.8 HIGH

A vulnerability has been found in UTT HiPER 1200GW up to 2.5.3-170306. The impacted element is the function strcpy of the file /goform/formRemoteControl. The manipulation …

May 1, 2026
CVE-2026-7512
8.8 HIGH

A flaw has been found in UTT HiPER 1200GW up to 2.5.3-1703. The affected element is the function strcpy of the file /goform/formUser. Executing a …

May 1, 2026
CVE-2026-5656
7.0 HIGH

Profile import path traversal in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service and possible code execution

May 1, 2026
CVE-2026-5405
7.8 HIGH

RDP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service and possible code execution

May 1, 2026
CVE-2026-5404
4.7 MEDIUM

K12 RF5 file parser crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

May 1, 2026
CVE-2026-5403
7.8 HIGH

SBC codec crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service and possible code execution

May 1, 2026
CVE-2026-22726
5.0 MEDIUM

Route Services can be leveraged to send app traffic to network destinations outside of an app's configured egress rules. As a result, a malicious developer …

May 1, 2026
CVE-2026-7510
6.3 MEDIUM

A vulnerability was determined in OWAP DefectDojo up to 2.55.4. Affected by this vulnerability is an unknown functionality of the component Benchmark/Engagement/Product/Survey. Executing a manipulation …

Apr 30, 2026
CVE-2026-7508
6.3 MEDIUM

A vulnerability was found in Bootstrap CMS 0.9.0-alpha. Affected is an unknown function of the file resources/views/pages/show.blade.php of the component Page Creation Handler. Performing a …

Apr 30, 2026
CVE-2026-7506
7.3 HIGH

A vulnerability has been found in SourceCodester Hotel Management System 1.0. This impacts an unknown function of the file /index.php/reservation/check. Such manipulation of the argument …

Apr 30, 2026
CVE-2026-7505
7.3 HIGH

A flaw has been found in nextlevelbuilder GoClaw and GoClaw Lite up to 3.8.5. This affects an unknown function of the component RPC Handler. This …

Apr 30, 2026
CVE-2026-4178

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Apr 30, 2026
CVE-2026-28909
6.5 MEDIUM

Users who connect to malicious registries with hostnames matching the bypass patterns will have their registry credentials exposed in plaintext. This issue is fixed in …

Apr 30, 2026
CVE-2026-7551
8.8 HIGH

HKUDS OpenHarness contains a remote code execution vulnerability in the /bridge slash command that allows remote senders accepted by configuration to execute arbitrary operating system …

Apr 30, 2026
CVE-2026-7503
8.8 HIGH

A vulnerability was detected in code-projects for Plugin 4.1.2cu.5137. The impacted element is the function setWiFiMultipleConfig in the library /lib/cste_modules/wireless.so of the file /cgi-bin/cstecgi.cgi. The …

Apr 30, 2026
CVE-2026-7502
5.4 MEDIUM

A security vulnerability has been detected in LinkStackOrg LinkStack up to 4.8.6. The affected element is the function saveLink of the file app/Http/Controllers/UserController.php of the …

Apr 30, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.