CVE Database

110968+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-7230
4.3 MEDIUM

A vulnerability was found in SourceCodester Safety Anger Pad 1.0. The affected element is an unknown function. The manipulation of the argument angerDisplay results in …

Apr 28, 2026
CVE-2026-7229
6.3 MEDIUM

A vulnerability was found in code-projects Coaching Management System 1.0. This affects an unknown function of the file /cims/modules/admin/reply.php of the component POST Handler. Performing …

Apr 28, 2026
CVE-2026-5306
5.4 MEDIUM

The Check & Log Email WordPress plugin before 2.0.13 does not properly handle email replacement, which could allow unauthenticated users to perform Stored XSS attacks …

Apr 28, 2026
CVE-2026-40967
8.6 HIGH

In Spring AI, various FilterExpressionConverter implementations accept a filter expression object and translate them to specific vector store query languages. In several cases, keys and …

Apr 28, 2026
CVE-2026-40356
5.9 MEDIUM

In MIT Kerberos 5 (aka krb5) before 1.22.3, there is an integer underflow and resultant out-of-bounds read if an application calls gss_accept_sec_context() on a system …

Apr 28, 2026
CVE-2026-7228
7.3 HIGH

A flaw has been found in SourceCodester Pizzafy Ecommerce System 1.0. The affected element is the function get_cart_count of the file /admin/ajax.php?action=get_cart_count. This manipulation of …

Apr 28, 2026
CVE-2026-7227
7.3 HIGH

A vulnerability was detected in SourceCodester Pizzafy Ecommerce System 1.0. Impacted is the function Login of the file /admin/ajax.php?action=login. The manipulation of the argument e-mail …

Apr 28, 2026
CVE-2026-7226
7.3 HIGH

A security vulnerability has been detected in SourceCodester Pizzafy Ecommerce System 1.0. This issue affects the function login2 of the file /admin/ajax.php?action=login2. The manipulation of …

Apr 28, 2026
CVE-2026-7225
7.3 HIGH

A weakness has been identified in SourceCodester Pizzafy Ecommerce System 1.0. This vulnerability affects the function delete_menu of the file /admin/ajax.php?action=delete_menu. Executing a manipulation of …

Apr 28, 2026
CVE-2026-7224
7.3 HIGH

A security flaw has been discovered in SourceCodester Pizzafy Ecommerce System 1.0. This affects the function delete_cart of the file /admin/ajax.php?action=delete_cart. Performing a manipulation of …

Apr 28, 2026
CVE-2026-6809
6.4 MEDIUM

The Social Post Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Threads embed handler in all versions up to, and including, …

Apr 28, 2026
CVE-2026-6725
6.4 MEDIUM

The WPC Smart Messages for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'text' attribute of the `wpcsm_text_rotator` shortcode in all …

Apr 28, 2026
CVE-2026-6551
6.4 MEDIUM

The Timeline Blocks for Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'titleTag' attribute of the timeline-blocks/tb-timeline-blocks block in all versions …

Apr 28, 2026
CVE-2026-42510
6.6 MEDIUM

OpenStack Ironic before 35.0.1 allows ipmitool execution in a non-default configuration that has a console interface.

Apr 28, 2026
CVE-2026-40355
5.9 MEDIUM

In MIT Kerberos 5 (aka krb5) before 1.22.3, there is a NULL pointer dereference if an application calls gss_accept_sec_context() on a system with a NegoEx …

Apr 28, 2026
CVE-2026-7223
7.3 HIGH

A vulnerability was identified in BigSweetPotatoStudio HyperChat up to 2.0.0-alpha.63. Affected by this issue is the function fetch of the file packages/core/src/http/aiProxyMiddleware.mts of the component …

Apr 28, 2026
CVE-2026-7222
3.5 LOW

A vulnerability was determined in code-projects Coaching Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /cims/modules/student/complaint.php of the component …

Apr 28, 2026
CVE-2026-7221
7.3 HIGH

A vulnerability was found in TencentCloudBase CloudBase-MCP up to 2.17.0. Affected is the function openUrl of the file mcp/src/interactive-server.ts of the component open-url API Endpoint. …

Apr 28, 2026
CVE-2026-7220
7.3 HIGH

A vulnerability has been found in jackwrichards FastlyMCP up to 6f3d0b0e654fc51076badc7fa16c03c461f95620. This impacts an unknown function of the file fastly-mcp.mjs of the component fastly_cli Tool. …

Apr 28, 2026
CVE-2026-7219
7.2 HIGH

A flaw has been found in Totolink N300RT 3.4.0-B20250430. This affects an unknown function of the file /boafrm/formIpQoS. Executing a manipulation of the argument entry_name …

Apr 28, 2026
CVE-2026-7218
7.2 HIGH

A vulnerability was detected in Totolink N300RT 3.4.0-B20250430. The impacted element is the function is_cmd_string_valid of the file /boafrm/formWsc of the component libapmib.so. Performing a …

Apr 28, 2026
CVE-2026-7217
5.3 MEDIUM

A security vulnerability has been detected in Deepractice PromptX up to 2.4.0. The affected element is the function read_docx/read_xlsx/read_pptx/list_xlsx_sheets/read_pdf of the file packages/mcp-office/src/index.ts of the …

Apr 28, 2026
CVE-2026-7216
7.3 HIGH

A weakness has been identified in donchelo processing-claude-mcp-bridge up to e017b20a4b592a45531a6392f494007f04e661bd. Impacted is an unknown function of the file processing_server.py of the component create_sketch Tool. …

Apr 28, 2026
CVE-2026-7215
7.3 HIGH

A security flaw has been discovered in egtai gmx-vmd-mcp up to 0.1.0. This issue affects the function launch_vmd_gui_tool of the file mcp_server.py of the component …

Apr 28, 2026
CVE-2026-1460
7.2 HIGH

A post-authentication command injection vulnerability in the “DomainName” parameter of the DHCP configuration file in Zyxel DX3301-T0 and EX3301-T0 firmware versions through 5.50(ABVY.7.1)C0 could allow …

Apr 28, 2026
CVE-2026-0711
6.8 MEDIUM

A post-authentication command injection vulnerability in the EasyMesh-related APIs of Zyxel DX3300-T0 firmware versions through 5.50(ABVY.7.1)C0 could allow an authenticated, adjacent attacker with administrator privileges …

Apr 28, 2026
CVE-2026-7214
7.3 HIGH

A vulnerability was identified in eghuzefa engineer-your-data up to 0.1.3. This vulnerability affects the function read_file/write_file/list_files/file_inf of the file src/server.py. The manipulation of the argument …

Apr 28, 2026
CVE-2026-7213
7.3 HIGH

A vulnerability was detected in ef10007 MLOps_MCP 1.0.0. This impacts an unknown function of the file fastmcp_server.py of the component save_file Tool. The manipulation of …

Apr 28, 2026
CVE-2026-7212
7.3 HIGH

A security vulnerability has been detected in edvardlindelof notes-mcp up to 0.1.4. This affects an unknown function of the file notes_mcp.py. The manipulation of the …

Apr 28, 2026
CVE-2026-7211
7.3 HIGH

A weakness has been identified in dvladimirov MCP up to 0.1.0. The impacted element is the function GitSearchRequest of the file mcp_server.py of the component …

Apr 28, 2026
CVE-2026-7206
7.3 HIGH

A security flaw has been discovered in dubydu sqlite-mcp up to 0.1.0. The affected element is the function extract_to_json of the file src/entry.py. Performing a …

Apr 28, 2026
CVE-2026-7205
7.3 HIGH

A vulnerability was identified in duartium papers-mcp-server 9ceb3812a6458ba7922ca24a7406f8807bc55598. Impacted is the function search_papers of the file src/main.py. Such manipulation of the argument topic leads to …

Apr 28, 2026
CVE-2026-7204
9.8 CRITICAL

A vulnerability was determined in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function setPptpServerCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation …

Apr 28, 2026
CVE-2026-7203
9.8 CRITICAL

A vulnerability was found in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the function setUrlFilterRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation …

Apr 28, 2026
CVE-2026-7202
9.8 CRITICAL

A vulnerability has been found in Totolink A8000RU 7.1cu.643_b20200521. This affects the function setWiFiWpsStart of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation …

Apr 28, 2026
CVE-2026-32649
6.8 MEDIUM

A command injection vulnerability exists in the web server of specific firmware versions of Milesight cameras.

Apr 28, 2026
CVE-2026-32644
9.8 CRITICAL

Specific firmware versions of Milesight AIOT cameras use SSL certificates with default private keys.

Apr 28, 2026
CVE-2026-20766
8.8 HIGH

An out-of-bounds memory access vulnerability exists in specific firmware versions of Milesight AIOT cameras.

Apr 28, 2026
CVE-2026-7200
4.3 MEDIUM

A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. Affected by this issue is some unknown functionality of the file /index.php?page=types. …

Apr 28, 2026
CVE-2026-7199
7.3 HIGH

A vulnerability was detected in SourceCodester Pharmacy Sales and Inventory System 1.0. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=delete_product. Performing …

Apr 28, 2026
CVE-2026-7196
6.3 MEDIUM

A security vulnerability has been detected in CodeAstro Online Classroom 1.0. Affected is an unknown function of the file /guestdetails. Such manipulation of the argument …

Apr 28, 2026
CVE-2026-41372
5.8 MEDIUM

OpenClaw before 2026.4.2 fails to normalize trailing-dot localhost hosts in remote CDP discovery responses, allowing bypass of loopback protections. Attackers can craft hostile discovery responses …

Apr 28, 2026
CVE-2026-41371
8.5 HIGH

OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in chat.send that allows write-scoped gateway callers to trigger admin-only session reset operations. Attackers can rotate target …

Apr 28, 2026
CVE-2026-41370
6.5 MEDIUM

OpenClaw before 2026.3.31 contains a path traversal vulnerability in ACP dispatch that allows attackers to read arbitrary files by manipulating inbound channel attachment paths. Remote …

Apr 28, 2026
CVE-2026-41369
6.5 MEDIUM

OpenClaw before 2026.3.31 contains insufficient environment variable sanitization in host exec operations, failing to filter package, registry, Docker, compiler, and TLS override variables. Attackers can …

Apr 28, 2026
CVE-2026-41368
6.5 MEDIUM

OpenClaw before 2026.3.28 contains an environment variable disclosure vulnerability in the jq safe-bin policy that fails to block the $ENV filter. Attackers can bypass safe-bin …

Apr 28, 2026
CVE-2026-41367
5.0 MEDIUM

OpenClaw versions 2026.2.14 through 2026.3.24 fail to consistently apply guild and channel policy gates to Discord button and component interactions. Attackers can trigger privileged component …

Apr 28, 2026
CVE-2026-41366
5.5 MEDIUM

OpenClaw before 2026.3.31 contains a local roots self-whitelisting vulnerability in appendLocalMediaParentRoots that allows model-initiated arbitrary host file read. Attackers can exploit improper media parent directory …

Apr 28, 2026
CVE-2026-41365
5.4 MEDIUM

OpenClaw before 2026.3.31 contains a sender allowlist bypass vulnerability in MS Teams thread history fetched via Graph API. Attackers can retrieve thread messages that should …

Apr 28, 2026
CVE-2026-41364
8.1 HIGH

OpenClaw before 2026.3.31 contains a symlink following vulnerability in SSH sandbox tar upload that allows remote attackers to write arbitrary files. Attackers can exploit this …

Apr 28, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.