CVE Database

108042+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-57949
6.5 MEDIUM

ruoyi-vue-pro through 2026.05, fixed in commit c779a47, contains a missing authorization vulnerability in the CRM module's GET /admin-api/crm/follow-up-record/get endpoint that allows authenticated users to read …

Jun 29, 2026
CVE-2026-57948
6.8 MEDIUM

Pinpoint through version 3.1.0 contains an insecure session management vulnerability that allows attackers to access the pinpointJwt session cookie due to missing HttpOnly and Secure …

Jun 29, 2026
CVE-2026-57947
8.5 HIGH

Pinpoint through 3.1.0 contains a server-side request forgery vulnerability in the webhook registration endpoint that allows authenticated users to register internal URLs due to missing …

Jun 29, 2026
CVE-2026-57946
3.7 LOW

Invidious before version 2.20260626.0 contains a broken access control vulnerability that allows unauthenticated attackers to retrieve private playlist contents by accessing the RSS feed playlist …

Jun 29, 2026
CVE-2026-57945
4.3 MEDIUM

PhotoPrism before 260601-a7d098548 contains a broken access control vulnerability that allows authenticated non-admin users to modify other users' profile information by sending requests to arbitrary …

Jun 29, 2026
CVE-2026-57943
5.9 MEDIUM

LibrePhotos before 1.0.0 contains a broken object level authorization vulnerability in the SetPhotosShared endpoint that allows authenticated users to grant themselves access to other users' …

Jun 29, 2026
CVE-2026-57942
5.3 MEDIUM

LibreTranslate through 1.9.7, fixed in commit 397fd22, contains an IP spoofing vulnerability in the get_remote_address() function that allows unauthenticated attackers to spoof client IP addresses …

Jun 29, 2026
CVE-2026-56783
6.5 MEDIUM

Parseable before 2.9.2 contains an information disclosure vulnerability in the notification-target API endpoints that returns webhook tokens and basic-auth credentials in cleartext due to commented-out …

Jun 29, 2026
CVE-2026-56782
9.8 CRITICAL

Gorse before 0.5.10 contains an authentication bypass vulnerability in the /api/dump and /api/restore endpoints that allows unauthenticated attackers to access protected functionality when admin_api_key is …

Jun 29, 2026
CVE-2026-56781
5.3 MEDIUM

Teable before 2026-06-15T04-43-24Z.1912 contains an improper access control vulnerability that allows anonymous attackers to access hidden field data by supplying arbitrary field IDs in the …

Jun 29, 2026
CVE-2026-56780
7.5 HIGH

Modoboa before 2.9.0 contains an insecure direct object reference vulnerability in the PUT /api/v1/accounts/{pk}/password/ endpoint that allows domain administrators to change any user's password. Attackers …

Jun 29, 2026
CVE-2026-56285
8.6 HIGH

Nitter's /video media proxy endpoint fails to validate target URLs against Twitter/X domains and uses a hardcoded default HMAC key, allowing unauthenticated attackers to compute …

Jun 29, 2026
CVE-2026-36848
7.5 HIGH

Gigamon GVOS v5.16.1 and below is vulnerable to Directory Traversal in the GVOS H-VUE subsystem.

Jun 29, 2026
CVE-2026-13592
7.3 HIGH

A vulnerability was detected in liftoff-sr CIPster up to e8e9dba09bf56962807d3504b783ccdb6287f3e4. Affected by this issue is the function BufWriter::append of the component EtherNet IP Message Handler. …

Jun 29, 2026
CVE-2026-11720
9.1 CRITICAL

A path traversal vulnerability exists in the HTTP tool URL builder of googleapis/mcp-toolbox. When constructing downstream API requests, the URL builder substitutes user-controlled pathParams into …

Jun 29, 2026
CVE-2026-13752
6.0 MEDIUM

Improper neutralization of parameters in Snowflake CLI versions prior to 3.19 allowed unintended SQL execution. An attacker could exploit this by supplying crafted values to …

Jun 29, 2026
CVE-2026-13751
4.1 MEDIUM

Improper handling of untrusted remote references in Snowflake CLI versions prior to 3.19 allowed server-side request forgery. The SQL statement reader's !source/!load directives could reference …

Jun 29, 2026
CVE-2026-13591
5.0 MEDIUM

A weakness has been identified in DeepMyst Mysti 0.4.0. Affected is the function _isTrackedConversation of the file src/managers/ChannelBridge.ts of the component Contact Tracking. This manipulation …

Jun 29, 2026
CVE-2026-13590
5.6 MEDIUM

A security flaw has been discovered in seladb PcapPlusPlus 25.05. This impacts the function pcpp::ModbusLayer::getLength in the library Packet++/header/ModbusLayer.h of the component Modbus Protocol Handler. …

Jun 29, 2026
CVE-2026-13589
5.6 MEDIUM

A vulnerability was identified in seladb PcapPlusPlus 25.05. This affects the function pcpp::TelnetLayer::getSubCommand of the file Packet++/src/TelnetLayer.cpp of the component Telnet Subnegotiation Packet Handler. The …

Jun 29, 2026
CVE-2026-13588
5.6 MEDIUM

A vulnerability was determined in seladb PcapPlusPlus 25.05. The impacted element is the function pcpp::SSLClientHelloMessage::getHandshakeVersion of the file Packet++/src/SSLHandshake.cpp of the component TLS Hello Handler. …

Jun 29, 2026
CVE-2026-12912
7.3 HIGH

A flaw was found in libtiff. A remote attacker could exploit this vulnerability by providing a specially crafted PixarLog-compressed TIFF image. This issue occurs when …

Jun 29, 2026
CVE-2026-9105
6.5 MEDIUM

An authenticated stack-based buffer overflow vulnerability exists in the web management interface of TP-Link TL-WR841N v14. A remote authenticated attacker can send crafted HTTP requests …

Jun 29, 2026
CVE-2026-41052
8.8 HIGH

Improper privilege handling could be used by users with Project Owner role to escalate privileges, in Rancher versions 2.14 before 2.14.2, 2.13 before 2.13.6, and …

Jun 29, 2026
CVE-2026-13750
5.5 MEDIUM

Insertion of sensitive information into log files in Snowflake CLI versions prior to 3.19 allowed plaintext credentials to be written to persistent local debug logs. …

Jun 29, 2026
CVE-2026-13749
8.8 HIGH

Improper neutralization in the Snowpark annotation processor callback template in Snowflake CLI versions prior to 3.19 allowed arbitrary code execution during application bundling or deployment. …

Jun 29, 2026
CVE-2026-13748
6.3 MEDIUM

Improper restriction of file path resolution in Snowflake CLI versions prior to 3.19 allowed arbitrary local file content to be read and transmitted to Snowflake …

Jun 29, 2026
CVE-2026-13746
3.6 LOW

Improper neutralization of local CLI parameters in Snowflake CLI versions prior to 3.19 allowed unintended SQL execution. A user could trigger this issue by supplying …

Jun 29, 2026
CVE-2026-13744
8.3 HIGH

Improper neutralization of attacker-controlled content in Snowflake CLI versions prior to 3.19 allowed unintended SQL execution. By supplying crafted repository content, project configuration, manifest data, …

Jun 29, 2026
CVE-2026-13742

Honeywell IQ MultiAccess, all versions prior to and including version 28, contain an improper digital signature verification vulnerability. An attacker could potentially exploit this vulnerability, …

Jun 29, 2026
CVE-2026-13587
3.7 LOW

A vulnerability was found in seladb PcapPlusPlus 25.05. The affected element is the function parse_by_block_type of the file light_pcapng.c of the component LightPcapNg Parser. Performing …

Jun 29, 2026
CVE-2026-13583
8.8 HIGH

A vulnerability has been found in Edimax EW-7478APC 1.04. Impacted is the function formUSBFolder of the file /goform/formUSBFolder of the component POST Request Handler. Such …

Jun 29, 2026
CVE-2026-13582
8.8 HIGH

A flaw has been found in Edimax EW-7478APC 1.04. This issue affects the function formUSBAccount of the file /goform/formUSBAccount of the component POST Request Handler. …

Jun 29, 2026
CVE-2026-13581
6.3 MEDIUM

A vulnerability was detected in Edimax EW-7478APC 1.04. This vulnerability affects the function formStaDrvSetup of the file /goform/formStaDrvSetup of the component POST Request Handler. The …

Jun 29, 2026
CVE-2026-13580
8.8 HIGH

A security vulnerability has been detected in Edimax EW-7478APC 1.04. This affects the function formQoS of the file /goform/formQoS of the component POST Request Handler. …

Jun 29, 2026
CVE-2026-13437
6.5 MEDIUM

Insertion of sensitive information into sent data in the AI Agent job API in Devolutions PowerShell Universal 2026.2.0 allows an authenticated user with AI Agent …

Jun 29, 2026
CVE-2026-57525

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Jun 29, 2026
CVE-2026-57523

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Jun 29, 2026
CVE-2026-57341
6.5 MEDIUM

Unauthenticated Insecure Direct Object References (IDOR) in Colissimo Officiel : Méthodes de livraison pour WooCommerce <= 2.9.0 versions.

Jun 29, 2026
CVE-2026-57340
6.5 MEDIUM

Unauthenticated Broken Access Control in Japanized For WooCommerce <= 2.9.12 versions.

Jun 29, 2026
CVE-2026-57339
6.5 MEDIUM

Unauthenticated Broken Access Control in Business Directory <= 6.4.23 versions.

Jun 29, 2026
CVE-2026-57338
7.1 HIGH

Unauthenticated Cross Site Scripting (XSS) in ARForms <= 7.1.2 versions.

Jun 29, 2026
CVE-2026-57337
7.1 HIGH

Unauthenticated Cross Site Scripting (XSS) in Landing Page Builder <= 1.5.3.5 versions.

Jun 29, 2026
CVE-2026-57336
7.1 HIGH

Unauthenticated Cross Site Scripting (XSS) in Jobify <= 4.3.2 versions.

Jun 29, 2026
CVE-2026-57335
6.5 MEDIUM

Subscriber Broken Access Control in Ads by WPQuads <= 3.0.3 versions.

Jun 29, 2026
CVE-2026-57334
6.5 MEDIUM

Unauthenticated Broken Access Control in WP User Frontend <= 4.3.7 versions.

Jun 29, 2026
CVE-2026-57333
7.1 HIGH

Unauthenticated Cross Site Scripting (XSS) in Link Whisper Free <= 0.9.4 versions.

Jun 29, 2026
CVE-2026-57332
7.1 HIGH

Subscriber Broken Access Control in Wallet System for WooCommerce <= 2.7.6 versions.

Jun 29, 2026
CVE-2026-57331
9.9 CRITICAL

Performer Arbitrary File Deletion in Paid Videochat Turnkey Site <= 7.4.8 versions.

Jun 29, 2026
CVE-2026-57330
6.5 MEDIUM

Subscriber Cross Site Scripting (XSS) in MasterStudy LMS <= 3.7.27 versions.

Jun 29, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.