CVE Database

110702+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-7378
5.5 MEDIUM

Crash in sharkd 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

Apr 30, 2026
CVE-2026-7376
5.5 MEDIUM

Crash in sharkd 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

Apr 30, 2026
CVE-2026-7375
5.5 MEDIUM

UDS protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

Apr 30, 2026
CVE-2026-6868
5.5 MEDIUM

HTTP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

Apr 30, 2026
CVE-2025-13030
7.1 HIGH

All versions of the package django-mdeditor are vulnerable to Missing Authentication for Critical Function in the image upload endpoint. An attacker can upload malicious files …

Apr 30, 2026
CVE-2026-7470
8.8 HIGH

A flaw has been found in Tenda 4G300 US_4G300V1.0Mt_V1.01.42_CN_TDC01. Affected is the function sub_427C3C of the file /goform/SafeMacFilter. This manipulation of the argument page causes …

Apr 30, 2026
CVE-2026-7469
6.3 MEDIUM

A vulnerability was detected in Tenda 4G300 US_4G300V1.0Mt_V1.01.42_CN_TDC01. This impacts the function sub_425A28 of the file /goform/DelFil. The manipulation of the argument delflag results in …

Apr 30, 2026
CVE-2026-7468
7.3 HIGH

A security vulnerability has been detected in 1024-lab smart-admin up to 3.30.0. This affects an unknown function of the file /smart-admin-api/druid/index.html of the component Demo …

Apr 30, 2026
CVE-2026-7447
6.3 MEDIUM

A flaw has been found in SourceCodester Pet Grooming Management Software 1.0. This vulnerability affects unknown code of the file /admin/update_customer.php. This manipulation of the …

Apr 30, 2026
CVE-2026-7446
7.3 HIGH

A vulnerability was detected in VetCoders mcp-server-semgrep 1.0.0. This affects the function analyze_results/filter_results/export_results/compare_results/scan_directory/create_rule of the file src/index.ts of the component MCP Interface. The manipulation of …

Apr 30, 2026
CVE-2026-7445
6.3 MEDIUM

A security vulnerability has been detected in ZachHandley ZMCPTools up to 0.2.2. Affected by this issue is some unknown functionality of the file src/managers/ResourceManager.ts of …

Apr 30, 2026
CVE-2026-7443
7.3 HIGH

A weakness has been identified in BurtTheCoder mcp-dnstwist up to 1.0.4. Affected by this vulnerability is the function fuzz_domain of the file src/index.ts of the …

Apr 29, 2026
CVE-2026-7420
8.8 HIGH

A security flaw has been discovered in UTT HiPER 1250GW up to 3.2.7-210907-180535. Impacted is the function strcpy of the file route/goform/ConfigAdvideo. The manipulation of …

Apr 29, 2026
CVE-2026-7419
8.8 HIGH

A vulnerability was identified in UTT HiPER 1250GW up to 3.2.7-210907-180535. This issue affects the function strcpy of the file route/goform/formTaskEdit_ap. The manipulation of the …

Apr 29, 2026
CVE-2026-7381
9.1 CRITICAL

Plack::Middleware::XSendfile versions through 1.0053 for Perl can allow client-controlled path rewriting. Plack::Middleware::XSendfile allows the variation setting (sendfile type) to be set by the client via …

Apr 29, 2026
CVE-2026-6221

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Apr 29, 2026
CVE-2026-7418
8.8 HIGH

A vulnerability was determined in UTT HiPER 1250GW up to 3.2.7-210907-180535. This vulnerability affects the function strcpy of the file route/goform/NTP. Executing a manipulation of …

Apr 29, 2026
CVE-2026-7417
7.3 HIGH

A vulnerability was found in Algovate xhs-mcp 0.8.11. This affects the function xhs_publish_content of the file src/server/mcp.server.ts of the component MCP Interface. Performing a manipulation …

Apr 29, 2026
CVE-2026-7416
7.3 HIGH

A vulnerability was found in PolarVista xcode-mcp-server 1.0.0. This issue affects the function build_project/run_tests of the file src/index.ts of the component MCP Interface. The manipulation …

Apr 29, 2026
CVE-2026-7410
6.3 MEDIUM

A vulnerability has been found in SourceCodester Pizzafy Ecommerce System 1.0. This vulnerability affects unknown code of the file /admin/ajax.php?action=add_to_cart. The manipulation of the argument …

Apr 29, 2026
CVE-2026-7409
4.7 MEDIUM

A flaw has been found in SourceCodester Pizzafy Ecommerce System 1.0. This affects the function save_user of the file /admin/ajax.php?action=save_user. Executing a manipulation can lead …

Apr 29, 2026
CVE-2026-7408
4.7 MEDIUM

A vulnerability was detected in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this issue is the function save_menu of the file /admin/ajax.php?action=save_menu. Performing a manipulation …

Apr 29, 2026
CVE-2026-7407
4.7 MEDIUM

A security vulnerability has been detected in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this vulnerability is the function save_settings of the file /pizzafy/admin/ajax.php?action=save_settings of …

Apr 29, 2026
CVE-2026-7404
7.3 HIGH

A weakness has been identified in getsimpletool mcpo-simple-server up to 0.2.0. Affected is the function delete_shared_prompt of the file src/mcpo_simple_server/services/prompt_manager/base_manager.py. This manipulation of the argument …

Apr 29, 2026
CVE-2026-7403
5.3 MEDIUM

A security flaw has been discovered in geldata gel-mcp 0.1.0. This impacts the function list_rules/fetch_rule of the file src/gel_mcp/server.py. The manipulation of the argument rule_name …

Apr 29, 2026
CVE-2026-1858
4.8 MEDIUM

wget2 accepts a server certificate with incorrect Key Usage (KU) or Extended Key Usage (EKU). If the attackers compromise a certificate (with the associated private …

Apr 29, 2026
CVE-2025-50328
7.3 HIGH

A vulnerability in B1 Free Archiver v1.5.86 allows files extracted from downloaded archives to bypass Windows Mark of the Web (MotW) protections. When an archive …

Apr 29, 2026
CVE-2026-7426
8.1 HIGH

Insufficient validation of the prefix length field in IPv6 Router Advertisement processing in FreeRTOS-Plus-TCP before V4.2.6 and V4.4.1 allows an adjacent network actor to cause …

Apr 29, 2026
CVE-2026-7425
6.5 MEDIUM

Insufficient option length validation in the IPv6 Router Advertisement parser in FreeRTOS-Plus-TCP before V4.2.6 and V4.4.1 allows an adjacent network actor to cause a denial …

Apr 29, 2026
CVE-2026-7401
4.3 MEDIUM

A vulnerability was detected in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. This vulnerability affects unknown code of the file /index.php?action=register of …

Apr 29, 2026
CVE-2026-7400
7.3 HIGH

A security vulnerability has been detected in geekgod382 filesystem-mcp-server 1.0.0. This issue affects the function is_path_allowed of the file server.py of the component read_file_tool/write_file_tool. Such …

Apr 29, 2026
CVE-2026-34965
8.8 HIGH

Cockpit CMS contains an authenticated remote code execution vulnerability in the /cockpit/collections/save_collection endpoint that allows authenticated attackers with collection management privileges to inject arbitrary PHP …

Apr 29, 2026
CVE-2018-25318
9.8 CRITICAL

Tenda FH303/A300 firmware V5.07.68_EN contains a session weakness vulnerability that allows unauthenticated attackers to modify DNS settings by exploiting insufficient cookie validation. Attackers can send …

Apr 29, 2026
CVE-2018-25317
9.8 CRITICAL

Tenda W3002R/A302/W309R wireless routers version V5.07.64_en contain a cookie session weakness vulnerability that allows unauthenticated attackers to modify DNS settings by exploiting insufficient session validation. …

Apr 29, 2026
CVE-2018-25316
9.8 CRITICAL

Tenda W308R v2 V5.07.48 contains a cookie session weakness vulnerability that allows unauthenticated attackers to modify DNS settings by exploiting insufficient session validation. Attackers can …

Apr 29, 2026
CVE-2018-25315
8.4 HIGH

Alloksoft Video joiner 4.6.1217 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string in the License …

Apr 29, 2026
CVE-2018-25314
8.4 HIGH

Allok soft WMV to AVI MPEG DVD WMV Converter 4.6.1217 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying …

Apr 29, 2026
CVE-2018-25313
6.2 MEDIUM

SysGauge 4.5.18 contains a buffer overflow vulnerability in the proxy configuration handler that allows local attackers to cause a denial of service by supplying an …

Apr 29, 2026
CVE-2018-25312
6.5 MEDIUM

LifeSize ClearSea 3.1.4 contains directory traversal vulnerabilities that allow authenticated attackers to download and upload arbitrary files by manipulating path parameters in the smartgui interface. …

Apr 29, 2026
CVE-2018-25311
6.5 MEDIUM

VideoFlow Digital Video Protection DVP 2.10 contains an authenticated directory traversal vulnerability that allows authenticated attackers to disclose arbitrary files by injecting path traversal sequences …

Apr 29, 2026
CVE-2018-25310
4.3 MEDIUM

VideoFlow Digital Video Protection DVP 2.10 contains an authenticated remote code execution vulnerability that allows authenticated attackers to execute arbitrary system commands by exploiting a …

Apr 29, 2026
CVE-2018-25309
7.2 HIGH

MyBB Recent threads 17.0 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts by creating threads with crafted subject lines. Attackers …

Apr 29, 2026
CVE-2018-25308
8.8 HIGH

BuddyPress Xprofile Custom Fields Type 2.6.3 contains a remote code execution vulnerability that allows authenticated users to delete arbitrary files by manipulating unescaped POST parameters. …

Apr 29, 2026
CVE-2018-25307
8.4 HIGH

SysGauge Pro 4.6.12 contains a local buffer overflow vulnerability in the Register function that allows local attackers to overwrite the structured exception handler by supplying …

Apr 29, 2026
CVE-2018-25306
6.2 MEDIUM

PDFunite 0.41.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by processing malformed PDF files during merge operations. Attackers can …

Apr 29, 2026
CVE-2018-25305
6.2 MEDIUM

librsvg2-bin 2.40.13 contains a buffer overflow vulnerability that allows local attackers to cause a denial of service by processing malformed SVG files. Attackers can supply …

Apr 29, 2026
CVE-2018-25304
8.4 HIGH

Free Download Manager 2.0 Built 417 contains a local buffer overflow vulnerability in the URL import functionality that allows attackers to trigger a structured exception …

Apr 29, 2026
CVE-2018-25303
8.4 HIGH

Allok Video to DVD Burner 2.6.1217 contains a stack-based buffer overflow vulnerability in the License Name field that allows local attackers to execute arbitrary code …

Apr 29, 2026
CVE-2018-25302
7.8 HIGH

Allok AVI to DVD SVCD VCD Converter 4.0.1217 contains a structured exception handling (SEH) based buffer overflow vulnerability that allows local attackers to execute arbitrary …

Apr 29, 2026
CVE-2018-25301
8.4 HIGH

Easy MPEG to DVD Burner 1.7.11 contains a structured exception handling (SEH) local buffer overflow vulnerability that allows local attackers to execute arbitrary code by …

Apr 29, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.