CVE Database

110968+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-7092
6.3 MEDIUM

A vulnerability has been found in code-projects Invoice System in Laravel 1.0. Affected is an unknown function of the file /profile/ of the component Profile …

Apr 27, 2026
CVE-2026-7091
6.3 MEDIUM

A flaw has been found in code-projects Invoice System in Laravel 1.0. This impacts an unknown function of the file /user of the component User …

Apr 27, 2026
CVE-2026-42371
5.1 MEDIUM

uriparser before 1.0.1 has numeric truncation in text range comparison, if an application accepts URIs with a length in gigabytes.

Apr 27, 2026
CVE-2026-3008
6.6 MEDIUM

Successful exploitation of the string injection vulnerability could allow an attacker to obtain memory address information or crash the application.

Apr 27, 2026
CVE-2026-7090
2.4 LOW

A vulnerability was detected in code-projects Chat System 1.0. This affects an unknown function of the file /admin/send_message.php of the component Chat Interface. The manipulation …

Apr 27, 2026
CVE-2026-7089
4.3 MEDIUM

A security vulnerability has been detected in code-projects Home Service System 1.0. The impacted element is an unknown function of the file /booking.php of the …

Apr 27, 2026
CVE-2026-7088
7.3 HIGH

A weakness has been identified in SourceCodester Pharmacy Sales and Inventory System 1.0. The affected element is an unknown function of the file /ajax.php?action=save_receiving. Executing …

Apr 27, 2026
CVE-2026-7087
7.3 HIGH

A security flaw has been discovered in SourceCodester Pharmacy Sales and Inventory System 1.0. Impacted is an unknown function of the file /ajax.php?action=save_sales. Performing a …

Apr 27, 2026
CVE-2026-7086
4.3 MEDIUM

A vulnerability was identified in HBAI-Ltd Toonflow-app up to 1.1.1. This issue affects the function updateStoryboardUrl of the file replaceUrl.ts of the component Storyboard Export. …

Apr 27, 2026
CVE-2026-7085
5.0 MEDIUM

A vulnerability was determined in HBAI-Ltd Toonflow-app up to 1.1.1. This vulnerability affects the function z.url of the file src/routes/setting/about/downloadApp.ts of the component downloadApp Endpoint. …

Apr 27, 2026
CVE-2026-7084
6.3 MEDIUM

A vulnerability was found in HBAI-Ltd Toonflow-app up to 1.1.1. This affects the function fetch of the file src/routes/setting/vendorConfig/getCodeByLink.ts of the component getCodeByLink Endpoint. The …

Apr 27, 2026
CVE-2026-7083
4.7 MEDIUM

A vulnerability has been found in likeadmin-likeshop likeadmin_php up to 1.9.6. Affected by this issue is the function queryResult of the file server\app\adminapi\lists\tools\DataTableLists.php of the …

Apr 27, 2026
CVE-2026-7082
8.8 HIGH

A flaw has been found in Tenda F456 1.0.0.5. Affected by this vulnerability is the function formWrlExtraSet of the file /goform/WrlExtraSet of the component httpd. …

Apr 27, 2026
CVE-2026-7081
8.8 HIGH

A vulnerability was detected in Tenda F456 1.0.0.5. Affected is the function fromGstDhcpSetSer of the file /goform/GstDhcpSetSer of the component httpd. Performing a manipulation of …

Apr 27, 2026
CVE-2026-3868

An improper handling of the length parameter inconsistency vulnerability has been identified in Moxa’s Secure Router. Because of improper validation of length parameters in the …

Apr 27, 2026
CVE-2026-3867

An improper ownership management vulnerability has been identified in Moxa’s Secure Router. Because of improper ownership management, a low-privileged authenticated user may access a configuration …

Apr 27, 2026
CVE-2026-7106
8.8 HIGH

The Highland Software Custom Role Manager plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 1.0.0. This is due to …

Apr 27, 2026
CVE-2026-7080
8.8 HIGH

A security vulnerability has been detected in Tenda F456 1.0.0.5. This impacts the function fromPPTPUserSetting of the file /goform/PPTPUserSetting of the component httpd. Such manipulation …

Apr 27, 2026
CVE-2026-7079
8.8 HIGH

A weakness has been identified in Tenda F456 1.0.0.5. This affects the function fromAdvSetWan of the file /goform/AdvSetWan of the component httpd. This manipulation of …

Apr 27, 2026
CVE-2026-7078
8.8 HIGH

A security flaw has been discovered in Tenda F456 1.0.0.5. The impacted element is the function fromSetIpBind of the file /goform/SetIpBind of the component httpd. …

Apr 27, 2026
CVE-2026-7077
7.3 HIGH

A vulnerability was identified in itsourcecode Courier Management System 1.0. The affected element is an unknown function of the file /edit_parcel.php. The manipulation of the …

Apr 27, 2026
CVE-2026-3006
7.0 HIGH

Successful exploitation of the race condition vulnerability could allow an attacker to trigger a kernel heap overflow, potentially leading to local privilege escalation and granting …

Apr 27, 2026
CVE-2026-7076
7.3 HIGH

A vulnerability was determined in itsourcecode Courier Management System 1.0. Impacted is an unknown function of the file /edit_branch.php. Executing a manipulation of the argument …

Apr 27, 2026
CVE-2026-7075
7.3 HIGH

A vulnerability was found in itsourcecode Construction Management System 1.0. This issue affects some unknown processing of the file /locations.php. Performing a manipulation of the …

Apr 27, 2026
CVE-2026-7074
7.3 HIGH

A vulnerability has been found in itsourcecode Construction Management System 1.0. This vulnerability affects unknown code of the file /execute1.php. Such manipulation of the argument …

Apr 27, 2026
CVE-2026-7073
7.3 HIGH

A flaw has been found in itsourcecode Construction Management System 1.0. This affects an unknown part of the file /execute.php. This manipulation of the argument …

Apr 27, 2026
CVE-2026-7072
7.3 HIGH

A vulnerability was detected in CodePanda Source canteen_management_system 1.0. Affected by this issue is some unknown functionality of the file /api/login.php. The manipulation of the …

Apr 27, 2026
CVE-2026-7071
5.3 MEDIUM

A security vulnerability has been detected in CodeAstro Online Job Portal 1.0. Affected by this vulnerability is an unknown functionality of the file /users/user-cvs/. The …

Apr 27, 2026
CVE-2026-7070
7.3 HIGH

A weakness has been identified in code-projects Inventory Management System 1.0. Affected is an unknown function of the component Login. Executing a manipulation of the …

Apr 27, 2026
CVE-2026-7069
8.0 HIGH

A security flaw has been discovered in D-Link DIR-825 up to 3.00b32. This impacts the function AddPortMapping of the file upnpsoap.c of the component miniupnpd. …

Apr 27, 2026
CVE-2026-7068
8.8 HIGH

A vulnerability was identified in D-Link DIR-825 3.00b32. This affects the function NMBD_process of the file sserver.c of the component nmbd. Such manipulation leads to …

Apr 27, 2026
CVE-2026-7067
7.3 HIGH

A vulnerability was determined in D-Link DIR-822 A_101. The impacted element is the function system of the file /udhcpcd/dhcpd.c of the component udhcpd DHCP Service. …

Apr 27, 2026
CVE-2026-7066
7.3 HIGH

A vulnerability was found in choieastsea simple-openstack-mcp up to 767b2f4a8154cca344344b9725537a58399e6036. The affected element is the function exec_openstack of the file server.py. The manipulation results in …

Apr 27, 2026
CVE-2026-7065
7.3 HIGH

A vulnerability has been found in BidingCC BuildingAI up to 26.0.1. Impacted is the function uploadRemoteFile of the file packages/core/src/modules/upload/services/file-storage.service.ts of the component Remote Upload …

Apr 27, 2026
CVE-2026-42363
9.3 CRITICAL

An insufficient encryption vulnerability exists in the Device Authentication functionality of GeoVision GV-IP Device Utility 9.0.5. Listening to broadcast packets can lead to credentials leak. …

Apr 27, 2026
CVE-2026-33566
4.3 MEDIUM

There is a cypher injection issue in LogonTracer prior to v2.0.0. If specially crafted Windows event log data is loaded, the contents of the database …

Apr 27, 2026
CVE-2026-33277
8.8 HIGH

An OS command Injection issue exists in LogonTracer prior to v2.0.0. An arbitrary OS command may be executed by a logged-in user.

Apr 27, 2026
CVE-2026-7064
7.3 HIGH

A flaw has been found in AgentDeskAI browser-tools-mcp up to 1.2.0. This issue affects some unknown processing of the file browser-tools-server/browser-connector.ts. Executing a manipulation can …

Apr 26, 2026
CVE-2026-7063
7.3 HIGH

A vulnerability was detected in code-projects Employee Management System 1.0. This vulnerability affects unknown code of the file /370project/process/eprocess.php of the component Endpoint. Performing a …

Apr 26, 2026
CVE-2026-7062
7.3 HIGH

A security vulnerability has been detected in Intina47 context-sync up to 2.0.0. This affects an unknown part of the file src/git-integration.ts of the component Git …

Apr 26, 2026
CVE-2026-7061
7.3 HIGH

A weakness has been identified in Toowiredd chatgpt-mcp-server up to 0.1.0. Affected by this issue is some unknown functionality of the file src/services/docker.service.ts of the …

Apr 26, 2026
CVE-2026-7060
7.3 HIGH

A vulnerability was determined in liyupi yu-picture up to a053632c41340152bf75b66b3c543d129123d8ec. This impacts the function PageRequest of the file yu-picture-backend/src/main/java/com/yupi/yupicturebackend/service/impl/PictureServiceImpl.java of the component MyBatis-Plus. Executing a …

Apr 26, 2026
CVE-2026-7059
5.3 MEDIUM

A vulnerability was found in 666ghj MiroFish up to 0.1.2. This affects the function get_simulation_posts of the file backend/app/api/simulation.py of the component Query Parameter Handler. …

Apr 26, 2026
CVE-2026-7058
7.3 HIGH

A vulnerability has been found in 666ghj MiroFish up to 0.1.2. The impacted element is the function SimulationIPCClient.send_command of the file backend/app/services/simulation_ipc.py of the component …

Apr 26, 2026
CVE-2026-7057
8.8 HIGH

A flaw has been found in Tenda F456 1.0.0.5. The affected element is an unknown function of the file /goform/setcfm of the component httpd. This …

Apr 26, 2026
CVE-2026-7056
8.8 HIGH

A vulnerability was detected in Tenda F456 1.0.0.5. Impacted is the function fromSafeUrlFilter of the file /goform/SafeUrlFilter of the component httpd. The manipulation of the …

Apr 26, 2026
CVE-2026-7055
8.8 HIGH

A security vulnerability has been detected in Tenda F456 1.0.0.5. This issue affects the function fromVirtualSer of the file /goform/VirtualSer of the component httpd. The …

Apr 26, 2026
CVE-2026-7054
8.8 HIGH

A weakness has been identified in Tenda F456 1.0.0.5. This vulnerability affects the function fromPptpUserAdd of the file /goform/PPTPDClient of the component httpd. Executing a …

Apr 26, 2026
CVE-2026-7053
8.8 HIGH

A security flaw has been discovered in Tenda F456 1.0.0.5. This affects the function frmL7ProtForm of the file /goform/L7Prot of the component httpd. Performing a …

Apr 26, 2026
CVE-2026-7045
6.3 MEDIUM

A vulnerability was determined in baomidou dynamic-datasource 2.5.0. Affected by this vulnerability is the function DsSpelExpressionProcessor#doDetermineDatasource of the file dynamic-datasource-spring/src/main/java/com/baomidou/dynamic/datasource/processor/DsSpelExpressionProcessor.java of the component StandardEvaluationContext/SpelExpressionParser. This …

Apr 26, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.