CVE Database

36304+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-54230
7.0 HIGH

A symlink following vulnerability was found in the ABRT post-create event handler scripts in libreport. Event scripts write output files using shell redirections without the …

Jun 13, 2026
CVE-2026-54229
7.0 HIGH

A race condition was found in the abrt-dbus D-Bus service's ChownProblemDir method. ChownProblemDir opens the dump directory with DD_OPEN_READONLY and calls dd_chown to change ownership …

Jun 13, 2026
CVE-2026-54228
7.8 HIGH

A time-of-check time-of-use (TOCTOU) race condition was found in the abrt-dbus D-Bus service's SetElement method. Between dump directory creation and post-create event execution, any local …

Jun 13, 2026
CVE-2026-6676
7.8 HIGH

Heap buffer out-of-bounds write vulnerability in Avira Antivirus engine when scanning a malformed POSIX tar archive may allow Local Execution of Code or Denial-of-Service of …

Jun 12, 2026
CVE-2026-12068
7.4 HIGH

Information disclosure vulnerability in Avira Password Manager when used with Mozilla Firefox may allow a remote attacker operating a cross-origin iframe to obtain credentials autofilled …

Jun 12, 2026
CVE-2025-9033
7.8 HIGH

Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed PDF file may allow Local Execution of Code or Denial-of-Service of the …

Jun 12, 2026
CVE-2025-9032
7.8 HIGH

Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed Windows PE file may allow Local Execution of Code or Denial-of-Service of …

Jun 12, 2026
CVE-2025-14098
7.8 HIGH

Heap buffer out-of-bounds write vulnerability due to integer overflow in Avira Antivirus engine when scanning a malformed MS-DOS executable file may allow Local Execution of …

Jun 12, 2026
CVE-2026-53868
7.5 HIGH

Capgo before 12.128.2 contains a denial of service vulnerability allowing attackers to register accounts using arbitrary email addresses without verification, then initiate deletion to lock …

Jun 12, 2026
CVE-2026-53836
8.8 HIGH

OpenClaw before 2026.5.12 contains an allowlist bypass vulnerability in PowerShell encoded-command handling that allows attackers to execute encoded commands using abbreviated flag aliases not recognized …

Jun 12, 2026
CVE-2026-53834
7.5 HIGH

OpenClaw before 2026.4.27 contains an authorization bypass vulnerability in QQBot pre-dispatch slash commands that allows authenticated senders to skip allowFrom policy checks. Attackers can invoke …

Jun 12, 2026
CVE-2026-53833
7.7 HIGH

OpenClaw before 2026.4.29 contains an authorization bypass vulnerability in the QQBot streaming command that allows authenticated senders to mutate configuration without explicit allowFrom restrictions. Attackers …

Jun 12, 2026
CVE-2026-53832
7.7 HIGH

OpenClaw before 2026.5.18 contains an identity header validation vulnerability allowing local same-host callers to forge trusted-proxy identity headers. Attackers with access to the proxy-facing Gateway …

Jun 12, 2026
CVE-2026-53831
8.3 HIGH

OpenClaw before 2026.5.18 contains a policy enforcement vulnerability in system.run safe-bin allowlist validation that allows shell expansion to modify command interpretation on POSIX nodes. Authenticated …

Jun 12, 2026
CVE-2026-53829
8.0 HIGH

OpenClaw before 2026.5.18 contains an approval display truncation vulnerability allowing authenticated users to hide command suffixes from approvers. Attackers can submit oversized exec commands with …

Jun 12, 2026
CVE-2026-53828
8.8 HIGH

OpenClaw before 2026.5.6 contains an authorization bypass vulnerability in native command handling that allows authenticated senders to execute owner-only commands without proper policy enforcement. Attackers …

Jun 12, 2026
CVE-2026-53823
8.1 HIGH

OpenClaw before 2026.5.3 contains a privilege escalation vulnerability in the allowFrom feature that binds to mutable Slack display names. Attackers with Slack account access can …

Jun 12, 2026
CVE-2026-53822
8.8 HIGH

OpenClaw before 2026.5.18 contains a command injection vulnerability where shell wrapper argv could change between approval and execution. Attackers can rebuild command arguments after allowlist …

Jun 12, 2026
CVE-2026-53821
8.8 HIGH

OpenClaw before 2026.5.18 accepts WebSocket client-declared operator scopes before binding to server-approved pairing or trusted-proxy authorization baseline. Unpaired or restricted trusted-proxy Control UI clients can …

Jun 12, 2026
CVE-2026-53608
8.7 HIGH

ApostropheCMS is an open-source Node.js content management system. Versions up to and including 1.4.2 of the `@apostrophecms/seo` package injects the Google Analytics Tracking ID (`seoGoogleTrackingId`) …

Jun 12, 2026
CVE-2026-49396
7.1 HIGH

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.0.0 to before version 2.0.14, cross-site GET request can trigger …

Jun 12, 2026
CVE-2026-48119
7.1 HIGH

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 0.20.0 to before version 2.0.12, authenticated agents can forge service-monitor …

Jun 12, 2026
CVE-2026-47120
7.1 HIGH

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.8, a RoleMember can fire other …

Jun 12, 2026
CVE-2026-46717
7.7 HIGH

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.8, nezha's dashboard supports two user …

Jun 12, 2026
CVE-2026-41158
7.8 HIGH

Software installed and run as a non-privileged user may conduct GPU system calls to write to arbitrary freed physical pages. Physical memory allocated and freed, …

Jun 12, 2026
CVE-2026-34195
8.8 HIGH

Software installed and run as a non-privileged user may conduct intentional GPU sparse memory API calls to cause out of bounds write in the kernel. …

Jun 12, 2026
CVE-2025-7017
7.8 HIGH

Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed Windows MSI file may allow Local Execution of Code or Denial-of-Service of …

Jun 12, 2026
CVE-2025-7011
7.8 HIGH

Heap out-of-bounds read vulnerability in Avast Antivirus when scanning a malformed zip file containing XML may allow Local Execution of Code or Denial-of-Service of the …

Jun 12, 2026
CVE-2025-7009
7.8 HIGH

Heap buffer out-of-bounds read vulnerability in Avast Antivirus when scanning a malformed Windows PE file may allow Local Execution of Code or Denial-of-Service of the …

Jun 12, 2026
CVE-2025-7008
7.8 HIGH

Heap buffer out-of-bounds read vulnerability in Avast Antivirus when scanning a malformed Windows PE file with .NET metadata may allow Local Execution of Code or …

Jun 12, 2026
CVE-2025-7004
7.8 HIGH

Heap buffer out-of-bounds write vulnerability in Avast Antivirus when scanning a malformed Windows PE file may allow Local Execution of Code or Denial-of-Service of the …

Jun 12, 2026
CVE-2025-7003
7.8 HIGH

Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed PDF file may allow Local Execution of Code or Denial-of-Service of the …

Jun 12, 2026
CVE-2025-7002
7.8 HIGH

Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed PDF file may allow Local Execution of Code or Denial-of-Service of the …

Jun 12, 2026
CVE-2026-54057
7.8 HIGH

Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.3, kitty's OSC 21 (color-control) query reply reflects attacker-controlled bytes, including newlines, into the …

Jun 12, 2026
CVE-2026-54056
7.6 HIGH

Kitty is a cross-platform GPU based terminal. In versions 0.47.0 and 0.47.1, `kitten dnd` can allow a malicious remote drag-and-drop source to overwrite or truncate …

Jun 12, 2026
CVE-2026-4870
7.5 HIGH

IBM Qiskit SDK 0.43.0 through 2.5.0 could allow an attacker to trigger a segmentation fault leading to a denial of service due to uncontrolled recursion …

Jun 12, 2026
CVE-2026-45013
8.1 HIGH

ApostropheCMS is an open-source Node.js content management system. Versions up to and including 4.29.0 have a password reset flow that constructs the reset URL using …

Jun 12, 2026
CVE-2026-45012
7.6 HIGH

ApostropheCMS is an open-source Node.js content management system. Versions up to and including 4.29.0 contain an authenticated server-side request forgery (SSRF) in the rich-text widget …

Jun 12, 2026
CVE-2026-45011
7.3 HIGH

ApostropheCMS is an open-source Node.js content management system. Version 4.29.0 has a stored cross-site scripting vulnerability in the image widget functionality. A user with the …

Jun 12, 2026
CVE-2026-44786
7.5 HIGH

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, chat events for public …

Jun 12, 2026
CVE-2026-47260
7.7 HIGH

Koel is a free, open-source music streaming solution. Prior to version 9.3.5, Koel validates the podcast feed URL via the SafeUrl rule (DNS resolution + …

Jun 12, 2026
CVE-2026-42851
7.8 HIGH

Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.0, a program able to write bytes to a kitty terminal — a remote …

Jun 12, 2026
CVE-2026-42850
8.8 HIGH

Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.0, it is possible to inject commands within the subshell through kitty error. A …

Jun 12, 2026
CVE-2026-53408
8.1 HIGH

Improper Authorization in Handler for Custom URL Scheme in Zoom Workplace before version 7.0.4 for Android and before 7.0.3 for iOS may allow an unauthenticated …

Jun 12, 2026
CVE-2026-53407
8.1 HIGH

Improper Authorization in Handler for Custom URL Scheme in Zoom Workplace before version 7.0.4 for Android and before 7.0.3 for iOS may allow an unauthenticated …

Jun 12, 2026
CVE-2026-50108
7.5 HIGH

The Naxclow platform API that returns device relay registration details exposes a persistent credential without verifying that the requester is the legitimate device or owner. …

Jun 12, 2026
CVE-2026-50101
8.1 HIGH

Naxclow devices use a server-side, per-device relay credential that never rotates and is re-issued to the device on each boot. Because this credential remains valid …

Jun 12, 2026
CVE-2026-42947
8.8 HIGH

A flaw in Naxclow's platform’s onboarding workflow allows an attacker to replay a confirm-then-bind sequence to silently reassign a device to an arbitrary account. Because …

Jun 12, 2026
CVE-2026-42306
7.2 HIGH

Moby is an open source container framework. In Docker Engine prior to version 29.5.1, Docker Daemon versions 28.5.2 and prior, and Moby Daemon prior to …

Jun 12, 2026
CVE-2026-12143
7.5 HIGH

form-data is a library for creating readable multipart/form-data streams. In versions through 4.0.5, the `field` argument to `FormData#append` and the `filename` option are concatenated verbatim …

Jun 12, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.