CVE Database

108042+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-43731
8.8 HIGH

A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing …

Jun 29, 2026
CVE-2026-43727
6.5 MEDIUM

A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing …

Jun 29, 2026
CVE-2026-43726
6.5 MEDIUM

A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing …

Jun 29, 2026
CVE-2026-43725
7.1 HIGH

The issue was addressed with improved input validation. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. A malicious …

Jun 29, 2026
CVE-2026-43724
7.8 HIGH

The issue was addressed with improved input sanitization. This issue is fixed in iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. An app may be …

Jun 29, 2026
CVE-2026-43722
5.5 MEDIUM

The issue was addressed with improved input sanitization. This issue is fixed in iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. An app may be …

Jun 29, 2026
CVE-2026-43721
6.5 MEDIUM

This issue was addressed through improved state management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. A malicious …

Jun 29, 2026
CVE-2026-43720
6.5 MEDIUM

A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing …

Jun 29, 2026
CVE-2026-43718
6.5 MEDIUM

A stack overflow was addressed with improved input validation. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing …

Jun 29, 2026
CVE-2026-43717
6.5 MEDIUM

A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing …

Jun 29, 2026
CVE-2026-43716
6.5 MEDIUM

The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously …

Jun 29, 2026
CVE-2026-43715
8.8 HIGH

A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing …

Jun 29, 2026
CVE-2026-43713
6.5 MEDIUM

A permissions issue was addressed with additional restrictions. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Visiting a …

Jun 29, 2026
CVE-2026-43712
6.5 MEDIUM

The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously …

Jun 29, 2026
CVE-2026-43709
6.5 MEDIUM

A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing …

Jun 29, 2026
CVE-2026-43708
4.3 MEDIUM

The issue was addressed with improved input validation. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. A malicious …

Jun 29, 2026
CVE-2026-43707
6.5 MEDIUM

A memory corruption issue was addressed with improved memory handling. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. …

Jun 29, 2026
CVE-2026-43706
6.5 MEDIUM

A double free issue was addressed with improved memory management. This issue is fixed in iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously …

Jun 29, 2026
CVE-2026-43705
8.8 HIGH

A type confusion issue was addressed with improved checks. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing …

Jun 29, 2026
CVE-2026-43704
5.3 MEDIUM

A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. A …

Jun 29, 2026
CVE-2026-43703
6.5 MEDIUM

The issue was addressed with improved memory handling. This issue is fixed in iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web …

Jun 29, 2026
CVE-2026-43701
7.1 HIGH

The issue was addressed with improved checks. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. A malicious website …

Jun 29, 2026
CVE-2026-43700
6.5 MEDIUM

A cross-origin issue was addressed with improved tracking of security origins. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe …

Jun 29, 2026
CVE-2026-43699
6.5 MEDIUM

A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing …

Jun 29, 2026
CVE-2026-43676
6.5 MEDIUM

An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. …

Jun 29, 2026
CVE-2026-43663
6.5 MEDIUM

The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously …

Jun 29, 2026
CVE-2026-39872
6.5 MEDIUM

The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously …

Jun 29, 2026
CVE-2026-39868
9.1 CRITICAL

This issue was addressed with improved input validation. This issue is fixed in iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. An app may be …

Jun 29, 2026
CVE-2026-37637
9.1 CRITICAL

An issue in Alexantr filemanager v.1.0 allows a remote attacker to execute arbitrary code via the filemanager.php component

Jun 29, 2026
CVE-2026-31016
6.5 MEDIUM

Cross Site Request Forgery vulnerability in Squidex.io Squidex CMS v.7.21.0 and before allows a remote attacker to escalate privileges via the IdentityServer account profile endpoint

Jun 29, 2026
CVE-2026-28979
6.5 MEDIUM

An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. …

Jun 29, 2026
CVE-2026-13763
9.8 CRITICAL

Inconsistent interpretation of HTTP/2 requests in AWS Application Load Balancer with AWS WAF enabled might allow remote actors to bypass AWS WAF managed rule body …

Jun 29, 2026
CVE-2026-13762
9.8 CRITICAL

Inconsistent interpretation of HTTP/2 requests in Amazon CloudFront with AWS WAF enabled might allow remote actors to bypass AWS WAF managed rule body inspection via …

Jun 29, 2026
CVE-2026-13593
6.5 MEDIUM

CSS::Minifier::XS versions before 0.14 for Perl have a memory leak when the entire document is minified away. The minify function has a memory leak when …

Jun 29, 2026
CVE-2026-58000
8.8 HIGH

luci-proto-openvpn through 0.11.1, fixed in commit e4ff45e, contains a command injection vulnerability in the generateKey ubus method where the cl_meta parameter is interpolated into a …

Jun 29, 2026
CVE-2026-57999
8.8 HIGH

luci-app-tailscale-community contains a command injection vulnerability in the tailscale.do_login RPC method that allows authenticated users to execute arbitrary commands as root. The vulnerability exists because …

Jun 29, 2026
CVE-2026-53428

Memory Allocation with Excessive Size Value vulnerability in leandrocp mdex allows an unauthenticated attacker to cause a denial of service through unbounded memory allocation. comrak_nif::lumis_adapter::LumisAdapter::parse_highlight_lines …

Jun 29, 2026
CVE-2026-53427

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in leandrocp MDEx allows stored or reflected cross-site scripting via attacker-controlled Markdown. When syntax …

Jun 29, 2026
CVE-2026-13757
6.2 MEDIUM

A flaw was found in p11-kit. The RPC message attribute parsing functions p11_rpc_message_get_attribute() and p11_rpc_message_get_attribute_array_value() form a mutually-recursive call chain with no recursion depth limit …

Jun 29, 2026
CVE-2026-57960
6.5 MEDIUM

Hi.Events through 1.9.0 public check-in list endpoints use short_id as sole access control, allowing unauthenticated access to retrieve full attendee lists including emails and personal …

Jun 29, 2026
CVE-2026-57959
5.9 MEDIUM

Hi.Events through 1.9.0 contains a promo code validation vulnerability where reservation validates usage count before asynchronous UpdateEventStatisticsJob increments it, allowing attackers to redeem limited promo …

Jun 29, 2026
CVE-2026-57958
6.1 MEDIUM

Mixpost through 2.6.0 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript in authenticated users' browsers by crafting malicious OAuth …

Jun 29, 2026
CVE-2026-57957
4.7 MEDIUM

Papermark through 0.22.0 contains a cross-origin resource sharing (CORS) misconfiguration vulnerability that allows unauthenticated remote attackers to perform credentialed cross-origin requests by exploiting the TUS-based …

Jun 29, 2026
CVE-2026-57956
6.4 MEDIUM

SigNoz through 0.130.1 contains a broken access control vulnerability that allows authenticated users to access other organizations' alert rules by supplying a target rule UUID, …

Jun 29, 2026
CVE-2026-57955
8.5 HIGH

SigNoz through 0.130.1 contains a SQL injection vulnerability that allows authenticated attackers to execute arbitrary ClickHouse queries by injecting URL-encoded quotes into the rule ID …

Jun 29, 2026
CVE-2026-57954
4.3 MEDIUM

Elide through 7.1.17 fails to enforce @ReadPermission on client-supplied sort expressions in SortingImpl.getValidSortingRules, allowing attackers to sort collections by forbidden fields. Attackers can infer hidden …

Jun 29, 2026
CVE-2026-57953
5.4 MEDIUM

Mythic before 3.4.0.60 contains an authorization bypass vulnerability that allows authenticated spectator-role users to perform unauthorized write operations by accessing the eventing_import_automatic_webhook endpoint registered under …

Jun 29, 2026
CVE-2026-57952
5.3 MEDIUM

Mythic before 3.4.0.60 contains an authorization bypass vulnerability in four REST endpoints (c2profile_config_check_webhook, c2profile_redirect_rules_webhook, c2profile_get_ioc_webhook, c2profile_sample_message_webhook) that fail to verify payload ownership. An operator in …

Jun 29, 2026
CVE-2026-57951
6.5 MEDIUM

Mythic before 3.4.0.60 contains a broken hasura permission filter on the payload_build_step table with an always-satisfied _or condition that bypasses operation-scoped access controls. Authenticated operators …

Jun 29, 2026
CVE-2026-57950
8.1 HIGH

ruoyi-vue-pro through 2026.05, fixed in commit 5d1fd70 contains a broken access control vulnerability in ErpSaleOrderController that allows attackers with erp:sale-out permissions to gain unauthorized access …

Jun 29, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.