CVE Database

110968+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-7123
9.8 CRITICAL

A vulnerability was found in Totolink A8000RU 7.1cu.643_b20200521. Affected is the function setIptvCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation …

Apr 27, 2026
CVE-2026-7040
7.5 HIGH

Text::Minify::XS versions from 0.3.0 before 0.7.8 for Perl have a heap overflow when processing some malformed UTF-8 characters. The minify functions mishandled some malformed UTF-8 …

Apr 27, 2026
CVE-2026-7122
9.8 CRITICAL

A vulnerability has been found in Totolink A8000RU 7.1cu.643_b20200521. This impacts the function setUPnPCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation …

Apr 27, 2026
CVE-2026-7121
9.8 CRITICAL

A flaw has been found in Totolink A8000RU 7.1cu.643_b20200521. This affects the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation …

Apr 27, 2026
CVE-2026-7119
8.8 HIGH

A vulnerability was detected in Tenda HG3 2.0. The impacted element is an unknown function of the file /boaform/formCountrystr. The manipulation of the argument countrystr …

Apr 27, 2026
CVE-2026-7118
6.3 MEDIUM

A security vulnerability has been detected in code-projects Employee Management System 1.0. The affected element is an unknown function of the file 370project/cancel.php. The manipulation …

Apr 27, 2026
CVE-2026-7117
6.3 MEDIUM

A weakness has been identified in code-projects Employee Management System 1.0. Impacted is an unknown function of the file 370project/approve.php. Executing a manipulation of the …

Apr 27, 2026
CVE-2026-7116
4.3 MEDIUM

A security flaw has been discovered in code-projects Employee Management System 1.0. This issue affects some unknown processing of the file 370project/mark.php. Performing a manipulation …

Apr 27, 2026
CVE-2026-5943
7.8 HIGH

Document structural anomalies caused inconsistencies between page element relationships and internal index states. When scripts triggered document modifications, object reference validity was not properly maintained, …

Apr 27, 2026
CVE-2026-5942
5.5 MEDIUM

Flaws in page lifecycle management allow document structure changes to desynchronize internal component states, causing subsequent operations to access invalidated objects and crash the program.

Apr 27, 2026
CVE-2026-5941
7.8 HIGH

Parsing logic flaws cause non-signature data to be misidentified as valid signatures when processing malformed form field hierarchies, leading to invalid memory writes and program …

Apr 27, 2026
CVE-2026-5940
7.8 HIGH

Calling a function that triggers a UI refresh after removing comments via a script may access an invalidated object, leading to program crashes.

Apr 27, 2026
CVE-2026-5939
5.5 MEDIUM

A crafted XFA PDF can trigger a use-after-free condition during calculate event processing, causing the application to crash and resulting in an arbitrary code execution.

Apr 27, 2026
CVE-2026-5938
5.5 MEDIUM

Improper control flow management allows a crafted document action chain to cause modal dialog reentry on the main thread, resulting in UI freeze and denial …

Apr 27, 2026
CVE-2026-5937
5.5 MEDIUM

Insufficient parameter verification leads to the occurrence of format errors in files, which will trigger an unhandled "std::invalid_argument" exception, ultimately causing the program to terminate.

Apr 27, 2026
CVE-2026-42410
6.5 MEDIUM

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodexThemes TheGem Theme Elements (for Elementor) allows DOM-Based XSS.This issue affects TheGem Theme …

Apr 27, 2026
CVE-2026-7115
6.3 MEDIUM

A vulnerability was identified in code-projects Employee Management System 1.0. This vulnerability affects unknown code of the file 370project/delete.php. Such manipulation of the argument ID …

Apr 27, 2026
CVE-2026-7114
6.3 MEDIUM

A vulnerability was determined in code-projects Employee Management System 1.0. This affects an unknown part of the file 370project/edit.php. This manipulation of the argument ID …

Apr 27, 2026
CVE-2026-7113
5.6 MEDIUM

A vulnerability was found in NousResearch hermes-agent 0.8.0. Affected by this issue is some unknown functionality of the file gateway/platforms/webhook.py of the component Webhooks Endpoint. …

Apr 27, 2026
CVE-2026-33453
10.0 CRITICAL

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Apache Camel Camel-Coap component. Apache Camel's camel-coap component is vulnerable to Camel message header injection, leading …

Apr 27, 2026
CVE-2026-27172
8.8 HIGH

The ConsulRegistry in the camel-consul component (class org.apache.camel.component.consul.ConsulRegistry and its inner ConsulRegistryUtils.deserialize method) read Java-serialized values from the Consul KV store and passed them to …

Apr 27, 2026
CVE-2026-22337
9.8 CRITICAL

Incorrect Privilege Assignment vulnerability in Directorist Directorist Social Login allows Privilege Escalation.This issue affects Directorist Social Login: from n/a before 2.1.4.

Apr 27, 2026
CVE-2026-22336
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Directorist Booking allows SQL Injection.This issue affects Directorist Booking: from n/a …

Apr 27, 2026
CVE-2026-7112
5.6 MEDIUM

A vulnerability has been found in NousResearch hermes-agent 0.8.0. Affected by this vulnerability is the function _check_auth of the file gateway/platforms/api_server.py of the component API_SERVER_KEY …

Apr 27, 2026
CVE-2026-7110
3.5 LOW

A flaw has been found in code-projects Invoice System in Laravel 1.0. Affected is an unknown function of the file /item. Executing a manipulation of …

Apr 27, 2026
CVE-2026-7109
5.3 MEDIUM

A vulnerability was detected in code-projects Invoice System in Laravel 1.0. This impacts an unknown function of the file /item of the component API Endpoint. …

Apr 27, 2026
CVE-2026-41409
9.8 CRITICAL

The fix for CVE-2024-52046 in Apache MINA AbstractIoBuffer.getObject() was incomplete. The classname allowlist of classes allowed to be deserialized was applied too late after a …

Apr 27, 2026
CVE-2026-40858
8.8 HIGH

The camel-infinispan component's ProtoStream-based remote aggregation repository deserializes data read from a remote Infinispan cache using java.io.ObjectInputStream without applying any ObjectInputFilter. An attacker who can …

Apr 27, 2026
CVE-2026-40022
8.2 HIGH

When authentication is enabled on the Apache Camel embedded HTTP server or embedded management server (camel-platform-http-main) and a non-root context path such as /api or …

Apr 27, 2026
CVE-2026-33454
9.4 CRITICAL

The Camel-Mail component is vulnerable to Camel message header injection. The custom header filter strategy used by the component (MailHeaderFilterStrategy) only filters the 'out' direction …

Apr 27, 2026
CVE-2026-7108
4.3 MEDIUM

A security vulnerability has been detected in code-projects Invoice System in Laravel 1.0. This affects an unknown function. Such manipulation leads to cross-site request forgery. …

Apr 27, 2026
CVE-2026-7107
6.3 MEDIUM

A weakness has been identified in code-projects Invoice System in Laravel 1.0. The impacted element is an unknown function of the file /company. This manipulation …

Apr 27, 2026
CVE-2026-7103
3.7 LOW

A vulnerability was determined in code-projects Chat System 1.0. Affected is an unknown function of the file update_user.php of the component MD5 Hash Handler. This …

Apr 27, 2026
CVE-2026-7102
6.3 MEDIUM

A vulnerability was found in Tenda F456 1.0.0.5. This impacts the function FromWriteFacMac of the file /goform/WriteFacMac of the component httpd. The manipulation of the …

Apr 27, 2026
CVE-2026-7101
8.8 HIGH

A vulnerability has been found in Tenda F456 1.0.0.5. This affects the function fromWrlclientSet of the file /goform/WrlclientSet of the component httpd. The manipulation leads …

Apr 27, 2026
CVE-2026-7100
8.8 HIGH

A flaw has been found in Tenda F456 1.0.0.5. The impacted element is the function fromNatlimitof of the file /goform/Natlimit of the component httpd. Executing …

Apr 27, 2026
CVE-2026-7099
8.8 HIGH

A vulnerability was detected in Tenda F456 1.0.0.5. The affected element is the function formQuickIndex of the file /goform/QuickIndex of the component httpd. Performing a …

Apr 27, 2026
CVE-2026-7098
8.8 HIGH

A security vulnerability has been detected in Tenda F456 1.0.0.5. Impacted is the function fromDhcpListClient of the file /goform/DhcpListClient of the component httpd. Such manipulation …

Apr 27, 2026
CVE-2026-42379
7.7 HIGH

Insertion of Sensitive Information Into Sent Data vulnerability in WPDeveloper Templately allows Retrieve Embedded Sensitive Data.This issue affects Templately: from n/a through 3.6.1.

Apr 27, 2026
CVE-2026-41635
9.8 CRITICAL

Apache MINA's AbstractIoBuffer.resolveClass() contains two branches, one of them (for static classes or primitive types) does not check the class at all, bypassing the classname …

Apr 27, 2026
CVE-2026-40860
9.8 CRITICAL

JmsBinding.extractBodyFromJms() in camel-jms, and the equivalent JmsBinding class in camel-sjms, deserialized the payload of incoming JMS ObjectMessage values via javax.jms.ObjectMessage.getObject() without applying any ObjectInputFilter, class …

Apr 27, 2026
CVE-2026-40473
8.8 HIGH

The camel-mina component's MinaConverter.toObjectInput(IoBuffer) type converter wraps an IoBuffer in a java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. When a Camel route uses camel-mina …

Apr 27, 2026
CVE-2026-40453
9.9 CRITICAL

The fix for CVE-2025-27636 added setLowerCase(true) to HttpHeaderFilterStrategy so that case-variant header names such as 'CAmelExecCommandExecutable' are filtered out alongside 'CamelExecCommandExecutable'. The same setLowerCase(true) call …

Apr 27, 2026
CVE-2026-40048
7.8 HIGH

The Camel-PQC FileBasedKeyLifecycleManager class deserializes the contents of `<keyId>.key` files in the configured key directory using java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. The …

Apr 27, 2026
CVE-2026-7097
8.8 HIGH

A weakness has been identified in Tenda F456 1.0.0.5. This issue affects the function fromwebExcptypemanFilter of the file /goform/webExcptypemanFilter of the component httpd. This manipulation …

Apr 27, 2026
CVE-2026-7096
8.8 HIGH

A security flaw has been discovered in Tenda HG3 2.0 300003070. This vulnerability affects the function formgponConf of the file /boaform/admin/formgponConf. The manipulation of the …

Apr 27, 2026
CVE-2026-7095
4.3 MEDIUM

A vulnerability was identified in code-projects Employee Management System 1.0. This affects an unknown part of the file 370project/edit.php. The manipulation of the argument ID …

Apr 27, 2026
CVE-2026-22077

OPPO Wallet APP contains a trusted domain validation flaw that allows attackers to bypass protected interface access restrictions, which may lead to account token hijacking …

Apr 27, 2026
CVE-2026-7094
7.3 HIGH

A vulnerability was determined in ShadowCloneLabs GlutamateMCPServers up to e2de73280b01e5d943593dd1aa2c01c5b9112f78. Affected by this issue is some unknown functionality of the file src/puppeteer/index.ts of the component …

Apr 27, 2026
CVE-2026-7093
6.3 MEDIUM

A vulnerability was found in code-projects Invoice System in Laravel 1.0. Affected by this vulnerability is an unknown functionality of the file /invoice/ of the …

Apr 27, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.