CVE Database

110968+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-31691
5.5 MEDIUM

In the Linux kernel, the following vulnerability has been resolved: igb: remove napi_synchronize() in igb_down() When an AF_XDP zero-copy application terminates abruptly (e.g., kill -9), …

Apr 27, 2026
CVE-2026-31690
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: firmware: thead: Fix buffer overflow and use standard endian macros Addresses two issues in the …

Apr 27, 2026
CVE-2026-31689
5.5 MEDIUM

In the Linux kernel, the following vulnerability has been resolved: EDAC/mc: Fix error path ordering in edac_mc_alloc() When the mci->pvt_info allocation in edac_mc_alloc() fails, the …

Apr 27, 2026
CVE-2026-31688
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: driver core: enforce device_lock for driver_match_device() Currently, driver_match_device() is called from three sites. One site …

Apr 27, 2026
CVE-2026-31687
5.5 MEDIUM

In the Linux kernel, the following vulnerability has been resolved: gpio: omap: do not register driver in probe() Commit 11a78b794496 ("ARM: OMAP: MPUIO wake updates") …

Apr 27, 2026
CVE-2026-31686
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: mm/kasan: fix double free for kasan pXds kasan_free_pxd() assumes the page table is always struct …

Apr 27, 2026
CVE-2026-25908
6.7 MEDIUM

Dell Alienware Command Center (AWCC), versions prior to 6.13.8.0, contain an Execution with Unnecessary Privileges vulnerability in the AWCC. A low privileged attacker with local …

Apr 27, 2026
CVE-2025-69689
8.8 HIGH

The Fan Control application V251 contains an improper privilege handling vulnerability in its Open File Dialog. The dialog processes user-supplied paths with elevated permissions, which …

Apr 27, 2026
CVE-2026-7142
6.3 MEDIUM

A vulnerability was determined in Wooey up to 0.13.2. The impacted element is the function add_or_update_script of the file wooey/api/scripts.py of the component API Endpoint. …

Apr 27, 2026
CVE-2026-7141
5.6 MEDIUM

A vulnerability was found in vllm up to 0.19.0. The affected element is the function has_mamba_layers of the file vllm/v1/kv_cache_interface.py of the component KV Block …

Apr 27, 2026
CVE-2026-7140
9.8 CRITICAL

A vulnerability has been found in Totolink A8000RU 7.1cu.643_b20200521. Impacted is the function CsteSystem of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation …

Apr 27, 2026
CVE-2026-7139
9.8 CRITICAL

A flaw has been found in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function setWiFiAclRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This …

Apr 27, 2026
CVE-2026-38936
6.1 MEDIUM

A reflected cross-site scripting (XSS) vulnerability exists in diskover-community <= 2.3.5 in public/selectindices.php via the namecontains parameter

Apr 27, 2026
CVE-2026-38935
6.1 MEDIUM

A reflected cross-site scripting (XSS) vulnerability exists in diskover-community <= 2.3.5 in public/view.php via the doctype parameter

Apr 27, 2026
CVE-2026-38934
8.8 HIGH

Cross Site Request Forgery vulnerability in diskoverdata diskover-community v.2.3.5. and before allows a remote attacker to escalate privileges and obtain sensitive information via the public/settings_process.php

Apr 27, 2026
CVE-2026-30462
4.3 MEDIUM

A path traversal vulnerability in the Blocks module of Daylight Studio FuelCMS v1.5.2 allows attackers to execute a directory traversal.

Apr 27, 2026
CVE-2026-30346
4.3 MEDIUM

An open redirect in the /api/google/authorize endpoint of hunvreus DevPush v0.3.2 allows attackers to redirect users to malicious sites via supplying a crafted URL.

Apr 27, 2026
CVE-2026-7138
9.8 CRITICAL

A vulnerability was detected in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the function setNtpCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation …

Apr 27, 2026
CVE-2026-7137
9.8 CRITICAL

A security vulnerability has been detected in Totolink A8000RU 7.1cu.643_b20200521. This affects the function setStorageCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The …

Apr 27, 2026
CVE-2026-7136
9.8 CRITICAL

A weakness has been identified in Totolink A8000RU 7.1cu.643_b20200521. Affected by this issue is the function setDmzCfg of the file /cgi-bin/cstecgi.cgi of the component CGI …

Apr 27, 2026
CVE-2026-7135
5.3 MEDIUM

A security flaw has been discovered in GPAC up to 26.03-DEV-rev105-g8f39a1eb3-master. Affected by this vulnerability is the function elng_box_read of the file src/isomedia/box_code_base.c of the …

Apr 27, 2026
CVE-2026-7134
4.7 MEDIUM

A vulnerability was identified in code-projects Online Lot Reservation System 1.0. Affected is an unknown function of the file /edithousepic.php. Such manipulation of the argument …

Apr 27, 2026
CVE-2026-6970

authd prior to version 0.6.4 contains a logic error in primary group ID assignment that can lead to local privilege escalation. When a user's primary …

Apr 27, 2026
CVE-2026-41467
5.4 MEDIUM

ProjeQtor versions 7.0 through 12.4.3 contain a stored cross-site scripting vulnerability in the file upload functionality where the checkValidFileName() function fails to restrict HTML and …

Apr 27, 2026
CVE-2026-41466
5.4 MEDIUM

ProjeQtor versions 7.0 through 12.4.3 contain a stored cross-site scripting vulnerability in the checkValidHtmlText() function within Security.php that fails to properly sanitize user input by …

Apr 27, 2026
CVE-2026-41465
6.5 MEDIUM

ProjeQtor versions 7.0 through 12.4.3 contains a path traversal vulnerability in the log file viewer at dynamicDialog.php where the logname parameter is not validated against …

Apr 27, 2026
CVE-2026-41464
6.5 MEDIUM

ProjeQtor versions 7.0 through 12.4.3 contain a missing authorization vulnerability in the objectDetail.php endpoint that allows authenticated users with guest-level privileges to retrieve sensitive data …

Apr 27, 2026
CVE-2026-41463
8.8 HIGH

ProjeQtor versions 7.0 through 12.4.3 contain a ZipSlip path traversal vulnerability in the plugin upload functionality that allows authenticated attackers with upload permissions to write …

Apr 27, 2026
CVE-2026-41462
9.8 CRITICAL

ProjeQtor versions 7.0 through 12.4.3 contain an unauthenticated SQL injection vulnerability in the login functionality where the login variable is directly concatenated into a SQL …

Apr 27, 2026
CVE-2026-30352
9.8 CRITICAL

A remote code execution (RCE) vulnerability in the /devserver/start endpoint of leonvanzyl autocoder commit 79d02a allows attackers to execute arbitrary code via providing a crafted …

Apr 27, 2026
CVE-2026-30351
7.5 HIGH

A path traversal vulnerability in the UI/static component of leonvanzyl autocoder commit 79d02a allows attackers to read arbitrary files via sending crafted URL path containing …

Apr 27, 2026
CVE-2025-54505

A transient execution vulnerability within AMD CPUs may allow a local user-privileged attacker to leak data via the floating point divisor unit, potentially resulting in …

Apr 27, 2026
CVE-2026-7133
4.7 MEDIUM

A vulnerability was determined in code-projects Online Lot Reservation System 1.0. This impacts an unknown function of the file /activity.php. This manipulation of the argument …

Apr 27, 2026
CVE-2026-7132
5.3 MEDIUM

A vulnerability was found in code-projects Online Lot Reservation System up to 1.0. This affects the function readfile of the file /download.php. The manipulation of …

Apr 27, 2026
CVE-2026-7131
7.3 HIGH

A vulnerability has been found in code-projects Online Lot Reservation System up to 1.0. The impacted element is an unknown function of the file /loginuser.php. …

Apr 27, 2026
CVE-2026-6357

pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were …

Apr 27, 2026
CVE-2026-40514
5.9 MEDIUM

SmarterTools SmarterMail builds prior to 9610 contain a cryptographic weakness in the file and email sharing endpoints that use DES-CBC encryption with keys and initialization …

Apr 27, 2026
CVE-2026-30350
7.5 HIGH

An issue in the /store/items/search endpoint of Agent Protocol server commit e9a89f allows attackers to cause a Denial of Service (DoS) via a crafted POST …

Apr 27, 2026
CVE-2026-7130
7.3 HIGH

A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. The affected element is an unknown function of the file /ajax.php?action=delete_category. Executing …

Apr 27, 2026
CVE-2026-7129
4.3 MEDIUM

A vulnerability was detected in SourceCodester Pharmacy Sales and Inventory System 1.0. Impacted is an unknown function of the file /index.php?page=categories. Performing a manipulation of …

Apr 27, 2026
CVE-2026-7128
7.3 HIGH

A security vulnerability has been detected in SourceCodester Pharmacy Sales and Inventory System 1.0. This issue affects some unknown processing of the file /ajax.php?action=save_type. Such …

Apr 27, 2026
CVE-2026-7127
7.3 HIGH

A weakness has been identified in SourceCodester Pharmacy Sales and Inventory System 1.0. This vulnerability affects unknown code of the file /ajax.php?action=delete_receiving. This manipulation of …

Apr 27, 2026
CVE-2026-7126
7.3 HIGH

A security flaw has been discovered in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects an unknown part of the file /ajax.php?action=save_category. The manipulation …

Apr 27, 2026
CVE-2026-6265
8.8 HIGH

Insecure preserved inherited permissions vulnerability in Cerberus FTP Server on Windows allows Privilege Escalation.This issue has been resolved in Cerberus FTP Server: 2026.1

Apr 27, 2026
CVE-2026-41081
6.5 MEDIUM

Improper Handling of TLS Client Authentication Failure Leading to Anonymous Principal Assignment in Apache Storm Versions Affected: up to 2.8.7 Description: When TLS transport is …

Apr 27, 2026
CVE-2026-40557
4.8 MEDIUM

Improper Certificate Validation via Global SSL Context Downgrade in Apache Storm Prometheus Reporter Versions Affected: from 2.6.3 to 2.8.6 Description: In production deployments where an …

Apr 27, 2026
CVE-2026-32688

Allocation of Resources Without Limits or Throttling vulnerability in elixir-plug plug_cowboy allows unauthenticated remote denial of service via atom table exhaustion. Plug.Cowboy.Conn.conn/1 in lib/plug/cowboy/conn.ex calls …

Apr 27, 2026
CVE-2025-15626

Authenticated user can bypass authorization in Ribblr - Crochet & Knitting iOS application

Apr 27, 2026
CVE-2026-7125
9.8 CRITICAL

A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. Affected by this issue is the function setWiFiEasyCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. …

Apr 27, 2026
CVE-2026-7124
9.8 CRITICAL

A vulnerability was determined in Totolink A8000RU 7.1cu.643_b20200521. Affected by this vulnerability is the function setIpv6LanCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. …

Apr 27, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.