CVE Database

110702+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2018-25300
8.2 HIGH

XATABoost CMS 1.0.0 contains a union-based SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the id parameter. …

Apr 29, 2026
CVE-2018-25299
8.4 HIGH

Prime95 29.4b8 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by exploiting structured exception handling (SEH) mechanisms. Attackers can inject …

Apr 29, 2026
CVE-2018-25298
5.3 MEDIUM

Merge PACS 7.0 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions by crafting malicious HTML forms targeting the merge-viewer endpoint. …

Apr 29, 2026
CVE-2026-7466
8.8 HIGH

AgentFlow contains an arbitrary code execution vulnerability that allows attackers to execute local Python pipeline files by supplying a user-controlled pipeline_path parameter to the POST …

Apr 29, 2026
CVE-2026-7439
4.4 MEDIUM

AgentFlow's local web API accepts non-JSON content types on POST /api/runs and POST /api/runs/validate endpoints without enforcing application/json validation, allowing attackers to bypass trust-boundary enforcement …

Apr 29, 2026
CVE-2026-7424
8.1 HIGH

Integer underflow in the DHCPv6 sub-option parser in FreeRTOS-Plus-TCP before V4.4.1 and V4.2.6 allows an adjacent network actor to corrupt the device's IPv6 address assignment, …

Apr 29, 2026
CVE-2026-7423
5.3 MEDIUM

Integer underflow in the ICMP and ICMPv6 echo reply handlers in FreeRTOS-Plus-TCP before V4.4.1 and V4.2.6 allows an adjacent network user to cause a denial …

Apr 29, 2026
CVE-2026-7422
6.5 MEDIUM

Insufficient packet validation in FreeRTOS-Plus-TCP before V4.2.6 and V4.4.1 allows an adjacent network actor to bypass all checksum and minimum-size validation by spoofing the Ethernet …

Apr 29, 2026
CVE-2026-7398
7.3 HIGH

A weakness has been identified in florensiawidjaja BioinfoMCP up to 7ada7918b9e515604d3c0ae264d3a9af10bf6e54. This vulnerability affects the function Upload of the file bioinfo_mcp_platform/app.py of the component Upload …

Apr 29, 2026
CVE-2026-7397
4.4 MEDIUM

A security flaw has been discovered in NousResearch hermes-agent 0.8.0. This affects the function _check_sensitive_path of the file tools/file_tools.py. The manipulation results in symlink following. …

Apr 29, 2026
CVE-2026-41499
6.5 MEDIUM

Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.0.0 to before version 4.14.4, multiple heap-based out-of-bounds …

Apr 29, 2026
CVE-2026-30893
9.0 CRITICAL

Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.4.0 to before version 4.14.4, a path traversal …

Apr 29, 2026
CVE-2026-28221
6.5 MEDIUM

Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.8.0 to before version 4.14.4, a stack-based buffer …

Apr 29, 2026
CVE-2026-27105
6.3 MEDIUM

Dell/Alienware Purchased Apps, versions prior to 1.1.31.0, contain an Improper Link Resolution Before File Access ('Link Following') vulnerability. A low privileged attacker with local access …

Apr 29, 2026
CVE-2026-26206
6.5 MEDIUM

Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.0.0 to before version 4.14.4, Wazuh's server API …

Apr 29, 2026
CVE-2026-7396
5.3 MEDIUM

A vulnerability was identified in NousResearch hermes-agent 0.8.0. Affected by this issue is some unknown functionality of the file gateway/platforms/wecom.py of the component WeChat Work …

Apr 29, 2026
CVE-2026-7394
4.7 MEDIUM

A vulnerability was determined in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/view_order.php of the component …

Apr 29, 2026
CVE-2026-5712
8.0 HIGH

This vulnerability impacts all versions of IdentityIQ and allows an authenticated identity that is the requestor or assignee of a work item to edit the …

Apr 29, 2026
CVE-2026-26204
4.4 MEDIUM

Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 1.0.0 to before version 4.14.4, a heap-based out-of-bounds …

Apr 29, 2026
CVE-2026-26015
9.8 CRITICAL

DocsGPT is a GPT-powered chat for documentation. From version 0.15.0 to before version 0.16.0, an attacker accessing both the official DocsGPT website or any local …

Apr 29, 2026
CVE-2026-7393
4.7 MEDIUM

A vulnerability was found in SourceCodester Pizzafy Ecommerce System 1.0. Affected is the function save_menu of the file /admin/admin_class_novo.php of the component File Extension Handler. …

Apr 29, 2026
CVE-2026-7392
6.3 MEDIUM

A vulnerability has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. This impacts the function delete_supplier of the file /ajax.php?action=delete_supplier. Such manipulation of …

Apr 29, 2026
CVE-2026-7391
6.3 MEDIUM

A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects the function save_supplier of the file /ajax.php?action=save_supplier. This manipulation of …

Apr 29, 2026
CVE-2026-6915
6.3 MEDIUM

An authorization flaw in the user management command could allow an authenticated user to make limited changes to authentication-related data associated with another user account. …

Apr 29, 2026
CVE-2026-6914
6.5 MEDIUM

Computing the MD5 checksum of a malformed BSON object under specific conditions may cause loss of availability in MongoDB server. This issue affects all MongoDB …

Apr 29, 2026
CVE-2026-0206
4.9 MEDIUM

A post-authentication Stack-based Buffer Overflow vulnerabilities in SonicOS allows a remote attacker to crash a firewall.

Apr 29, 2026
CVE-2026-0205
6.8 MEDIUM

A post-authentication Path Traversal vulnerability in SonicOS allows an attacker to interact with usually restricted services.

Apr 29, 2026
CVE-2026-0204
8.0 HIGH

A vulnerability in the access control mechanism of SonicOS may allow certain management interface functions to be accessible under specific conditions.

Apr 29, 2026
CVE-2026-7390
3.5 LOW

A vulnerability was detected in SourceCodester Pharmacy Sales and Inventory System 1.0. The impacted element is the function Customer of the file /index.php?page=customer. The manipulation …

Apr 29, 2026
CVE-2026-7389
7.3 HIGH

A security vulnerability has been detected in EyouCMS up to 1.7.9. The affected element is the function GetSortData of the file application/common.php. The manipulation of …

Apr 29, 2026
CVE-2026-7388
4.7 MEDIUM

A weakness has been identified in EyouCMS up to 1.7.9. Impacted is the function editFile of the file application/admin/logic/FilemanagerLogic.php of the component Template File Handler. …

Apr 29, 2026
CVE-2026-7386
7.3 HIGH

A flaw has been found in fatbobman mail-mcp-bridge up to 1.3.3. Affected is an unknown function of the file src/mail_mcp_server.py. Executing a manipulation of the …

Apr 29, 2026
CVE-2026-6849
8.8 HIGH

Improper neutralization of special elements used in an OS command ('OS command injection') vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus OS My Computer …

Apr 29, 2026
CVE-2026-5166
9.6 CRITICAL

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Software Center allows Path Traversal. …

Apr 29, 2026
CVE-2026-42198
7.5 HIGH

pgjdbc is an open source postgresql JDBC Driver. From version 42.2.0 to before version 42.7.11, pgjdbc is vulnerable to a client-side denial of service during …

Apr 29, 2026
CVE-2026-41940
9.8 CRITICAL KEV

cPanel and WHM versions after 11.40 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to …

Apr 29, 2026
CVE-2026-40230
5.4 MEDIUM

Helpy contains a stored cross-site scripting vulnerability in the knowledge base Doc rendering logic. An authenticated attacker with admin or agent editor privileges can persist …

Apr 29, 2026
CVE-2026-40229
5.4 MEDIUM

Helpy contains a stored cross-site scripting vulnerability in the post author display logic. Any registered user can persist arbitrary HTML in their account name field …

Apr 29, 2026
CVE-2026-38993
6.5 MEDIUM

Cockpit 2.13.5 and earlier is vulnerable to directory traversal via the Buckets component. This vulnerability allows authenticated attackers to write files to arbitrary locations within …

Apr 29, 2026
CVE-2026-38991
8.8 HIGH

Cockpit 2.13.5 and earlier is affected by a misconfiguration within the Bucket component _isFileTypeAllowed function where a specially crafted filename bypasses an extension filter. This …

Apr 29, 2026
CVE-2026-37555
7.5 HIGH

An issue was discovered in libsndfile 1.2.2 IMA ADPCM codec. The AIFF code path (line 241) was fixed with (sf_count_t) cast, but the WAV code …

Apr 29, 2026
CVE-2026-30769
7.8 HIGH

An issue in the TVicPort64.sys component of EnTech Taiwan TVicPort Product v4.0, File v5.2.1.0 allows attackers to escalate privileges via sending crafted IOCTL 0x80002008 requests.

Apr 29, 2026
CVE-2026-2810

Netskope was notified about a potential gap in the Endpoint DLP Module for Netskope Client on Windows systems. The successful exploitation of the gap can …

Apr 29, 2026
CVE-2025-56537
6.1 MEDIUM

A stored cross-site scripting (XSS) vulnerability in opennebula v6.10.0.1 and fixed in v.7.0 allows attackers to execute arbitrary web scripts or HTML via injecting a …

Apr 29, 2026
CVE-2025-56536
6.1 MEDIUM

A stored cross-site scripting (XSS) vulnerability in opennebula v6.10.0.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the …

Apr 29, 2026
CVE-2025-56535
6.1 MEDIUM

A cross-site scripting (XSS) vulnerability in opennebula v6.10.0.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the zone …

Apr 29, 2026
CVE-2025-56534
6.1 MEDIUM

A cross-site scripting (XSS) vulnerability in the custom authenticator driver of opennebula v6.10.0.1 allows attackers to execute arbitrary web scripts or HTML via a crafted …

Apr 29, 2026
CVE-2026-7384
7.3 HIGH

A vulnerability was detected in ezequiroga mcp-bases 357ca19c7a49a9b9cb2ef639b366f03aba8bea39/c630b8ab0f970614d42da8e566e9c0d15a16414c. This impacts the function search_papers of the file research_server.py. Performing a manipulation of the argument topic results …

Apr 29, 2026
CVE-2026-7111
8.4 HIGH

Text::CSV_XS versions before 1.62 for Perl have a use-after-free when registered callbacks extend the Perl argument stack, which may enable type confusion or memory corruption. …

Apr 29, 2026
CVE-2026-5161
8.8 HIGH

Improper link resolution before file access ('link following') vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus About allows Symlink Attack. This issue affects Pardus …

Apr 29, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.