CVE Database

108042+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-53432
7.5 HIGH

fzf is vulnerable to Integer Overflow leading to crash in FuzzyMatchV2 function. When input line length is approximately 2,200,000 bytes and pattern length is 999 …

Jun 30, 2026
CVE-2026-4629
6.5 MEDIUM

A flaw was found in Keycloak. A highly privileged user with `manage-clients` permission can exploit this vulnerability by injecting a hardcoded role mapper into any …

Jun 30, 2026
CVE-2026-47105

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Jun 30, 2026
CVE-2026-44946
7.4 HIGH

A SAML authentication replay vulnerability in Rancher's Assertion Consumer Service (ACS) handler did not enforce one-time use of SAML assertion, potentially allowing person in the …

Jun 30, 2026
CVE-2026-14209
4.3 MEDIUM

A vulnerability was discovered in Keycloak's Admin UI extension that allows certain administrative users to bypass security restrictions. When Fine-Grained Admin Permissions (FGAPv2) are enabled, …

Jun 30, 2026
CVE-2026-13474
7.5 HIGH

Denial of service via malformed HTTP/2 requests in NetScaler ADC and NetScaler Gateway if HTTP/2 is enabled in HTTP Profile and associated with the virtual …

Jun 30, 2026
CVE-2026-12388
6.5 MEDIUM

A flaw was found in the Identity Provider (IdP) mapper component of Keycloak, which is used to manage how user information from external services is …

Jun 30, 2026
CVE-2026-10817
7.5 HIGH

Insufficient input validation leading to memory overread in NetScaler ADC and NetScaler Gateway if the TCP TimeStamp is enabled in TCP Profile and is associated …

Jun 30, 2026
CVE-2026-10816
7.5 HIGH

Arbitrary File Read (Unauthenticated) in NetScaler ADC and NetScaler Gateway if the access to NSIP, Cluster Management IP or SNIP with management access is enabled

Jun 30, 2026
CVE-2026-8402
9.8 CRITICAL

Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Eksagate Electronic Engineering and Computer Industry Trade Inc. SYSGUARD 6001 allows …

Jun 30, 2026
CVE-2026-57082
5.9 MEDIUM

Net::BitTorrent versions through 2.0.1 for Perl generate the MSE Diffie-Hellman private key with a non-cryptographic PRNG. The MSE (Message Stream Encryption) handshake derives its 160-bit …

Jun 30, 2026
CVE-2026-57081
7.5 HIGH

Net::BitTorrent versions through 2.0.1 for Perl allow remote memory exhaustion via deeply nested bencoded input. bdecode recurses once per nested list or dictionary level with …

Jun 30, 2026
CVE-2026-57080
7.5 HIGH

Net::BitTorrent versions through 2.0.1 for Perl allow remote memory exhaustion via an uncapped peer-wire message-length prefix. The peer-wire framing in _process_messages trusts the 4-byte length …

Jun 30, 2026
CVE-2026-57079
5.3 MEDIUM

Net::BitTorrent versions through 2.0.1 for Perl write files outside the download directory via path traversal in peer-supplied metadata. Net::BitTorrent validates file path components only on …

Jun 30, 2026
CVE-2026-53692

Redeight CMS version 1.0 uses the MD5 algorithm without a salt to store user passwords. Because MD5 is a cryptographically broken algorithm and lacks salting, …

Jun 30, 2026
CVE-2026-53691

An Unrestricted File Upload vulnerability in Redeight CMS version 1.0 allows authenticated attackers to achieve Remote Code Execution via the POST "/admin/index.php?module=pages&mode=FileAdd" endpoint. The application …

Jun 30, 2026
CVE-2026-53690

An SQL Injection vulnerability exists in Redeight CMS version 1.0 via the "userEmail" parameter in the POST "/admin/index.php" login endpoint. The application fails to sanitize …

Jun 30, 2026
CVE-2026-41053
8.8 HIGH

Incorrect authentication caching in the team member ship expansion of the Rancher Github authentication provider caused it granting principal access to any logged in user, …

Jun 30, 2026
CVE-2026-14162
9.8 CRITICAL

Hospital Queuing Management developed by Advantech has a Sensitive Data Exposure vulnerability, allowing unauthenticated remote attackers to access a specific URL to obtain API documentation.

Jun 30, 2026
CVE-2026-14161
7.5 HIGH

Hospital Quening Management developed by Advantech has a Sensitive Data Exposure vulnerability, allowing unauthenticated remote attackers to access a specific URL to obtain API documentation.

Jun 30, 2026
CVE-2026-13766
9.8 CRITICAL

DBIx::QuickORM versions before 0.000026 for Perl allow SQL injection via unquoted SQL identifiers. The default SQL builder, a SQL::Abstract subclass, sets bindtype in its constructor …

Jun 30, 2026
CVE-2026-54475
7.5 HIGH

Missing Authorization vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. Apache ActiveMQ Classic temporary destinations are expected to be isolated to the connection …

Jun 30, 2026
CVE-2026-53917
7.5 HIGH

Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Client, Apache ActiveMQ Broker. An authenticated user can cause a …

Jun 30, 2026
CVE-2026-53916
7.5 HIGH

Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp. An unauthenticated client that opens a STOMP NIO connection …

Jun 30, 2026
CVE-2026-52760
6.1 MEDIUM

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache ActiveMQ, Apache ActiveMQ Web Console. The browse page in the web console …

Jun 30, 2026
CVE-2026-50750
7.5 HIGH

Denial of Service via Out of Memory vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All. Following the fix for CVE-2026-49270 an unauthenticated attacker …

Jun 30, 2026
CVE-2026-50734
7.5 HIGH

Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ Client, Apache ActiveMQ, Apache ActiveMQ All. An unauthenticated network attacker can cause a broker DoS …

Jun 30, 2026
CVE-2026-49877
8.1 HIGH

Improper Authorization vulnerability in Apache ActiveMQ. An authenticated low-privilege Web Console user by default can access /admin/* paths in the Web Console. The default Jetty …

Jun 30, 2026
CVE-2026-49434
7.5 HIGH

Improper Input Validation vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All. An attacker that has access to publish or modify entries in LDAP …

Jun 30, 2026
CVE-2026-49432
7.5 HIGH

Improper Input Validation vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp. A remote unauthenticated peer that can reach an exposed STOMP connector can …

Jun 30, 2026
CVE-2026-13316
4.4 MEDIUM

A flaw has been found in foreman when HTTP parameters are modified in http_proxies_controller and http_proxy files. Attackers can perform an SSRF attack and steal …

Jun 30, 2026
CVE-2026-9711
9.8 CRITICAL

The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress (full) is vulnerable to SQL Injection via the WordPress 'search' parameter in versions up …

Jun 30, 2026
CVE-2026-8141
7.2 HIGH

The Ajax Load More - Filters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'taxonomy_include_children' parameter in all versions up to, and …

Jun 30, 2026
CVE-2026-6954

Cross-Site Scripting (XSS) vulnerability in Intermark IT's WebControl CMS v3.5. This vulnerability allows an attacker to execute JavaScript code or inject a dynamic iframe into …

Jun 30, 2026
CVE-2026-6953

HTML injection vulnerability in Intermark IT's WebControl CMS v3.5. This vulnerability allows an attacker to send an email containing malicious HTML code to a victim …

Jun 30, 2026
CVE-2026-13149

brace-expansion through 5.0.6 is vulnerable to denial of service. The expand() function exhibits exponential-time complexity in the number of consecutive non-expanding '{}' brace groups. An …

Jun 30, 2026
CVE-2026-12610
6.4 MEDIUM

A flaw was found in sssd. When authenticating with a YubiKey, the SSSD PAM responder can crash due to a use-after-free vulnerability, where a memory …

Jun 30, 2026
CVE-2026-12076

Raytha CMS is vulnerable to SQL Injection within the OData filter parsing pipeline. The vulnerability allows a remote, unauthenticated attacker to execute arbitrary SQL statements …

Jun 30, 2026
CVE-2026-10763

PROMOD V is using insecure HTTP communication instead of HTTPS. The vulnerability is due to the lack of HTTPS support from 3rd party Digipede server.

Jun 30, 2026
CVE-2025-7406
7.8 HIGH

Nokia MantaRay NM is vulnerable to a sudo privilege escalation vulnerability where a local attacker possessing administrative (local admin) privileges can escalate to full root …

Jun 30, 2026
CVE-2025-24816
6.5 MEDIUM

Nokia MantaRay is subject to an Improper Access Control vulnerability due to insufficient authorization within the API. Successful exploitation could allow an authenticated attacker to …

Jun 30, 2026
CVE-2025-24815
7.8 HIGH

Nokia MantaRay NM is subject to an unrestricted file upload vulnerability due to insufficient file type validation. Successful exploitation could allow an authenticated attacker to …

Jun 30, 2026
CVE-2026-45822

decode-uri-component through 0.4.1 is vulnerable to denial of service. The decode() function splits input on '%' producing N tokens and calls decodeComponents(), exhibiting super-linear parsing …

Jun 30, 2026
CVE-2026-12578

The affected product is vulnerable to a deserialization of untrusted data, which may allow an attacker to execute arbitrary code.

Jun 30, 2026
CVE-2026-9576
4.9 MEDIUM

The Fluent Booking WordPress plugin before 2.1.2 does not verify ownership of the requested group_id before exporting attendee data via the export endpoint, allowing users …

Jun 30, 2026
CVE-2026-56809
6.1 MEDIUM

Multiple laser printers and MFPs (multifunction printers) which implement Ricoh Web Image Monitor contain a reflected cross-site scripting vulnerability. An arbitrary script may be executed …

Jun 30, 2026
CVE-2026-56808
7.2 HIGH

DGM3103SCT provided by AVTECH Security Corporation contains an OS command injection vulnerability, which may lead to arbitrary command execution with the root privilege by a …

Jun 30, 2026
CVE-2026-56137
7.8 HIGH

RPG MAKER MV and MZ provided by Gotcha Gotcha Games Inc. contain an OS command injection vulnerability. If a user loads a specially crafted save-file, …

Jun 30, 2026
CVE-2026-14164
7.5 HIGH

A double free issue has been identified in libarchive's RAR5 reader. During parsing of a specially crafted RAR5 archive, the filtered_buf pointer may remain stale …

Jun 30, 2026
CVE-2026-12819

Delta Electronics DVP12SE PLC exposes a Modbus TCP service over a specified port without authentication or access control, permitting unauthenticated interaction with security-sensitive PLC functions.

Jun 30, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.