CVE Database

36304+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-58283
8.1 HIGH

Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

Jul 3, 2026
CVE-2026-58282
8.1 HIGH

Improper access control in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

Jul 3, 2026
CVE-2026-58276
7.5 HIGH

Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

Jul 3, 2026
CVE-2026-57993
7.4 HIGH

Server-side request forgery (ssrf) in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

Jul 3, 2026
CVE-2026-57992
7.5 HIGH

Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

Jul 3, 2026
CVE-2026-57991
7.4 HIGH

Improper link resolution before file access ('link following') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network.

Jul 3, 2026
CVE-2026-57988
7.1 HIGH

Relative path traversal in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

Jul 3, 2026
CVE-2026-57986
7.5 HIGH

Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

Jul 3, 2026
CVE-2026-57985
7.6 HIGH

Improper input validation in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

Jul 3, 2026
CVE-2026-57984
7.5 HIGH

Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

Jul 3, 2026
CVE-2026-57983
8.7 HIGH

Improper authorization in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network.

Jul 3, 2026
CVE-2026-57981
8.8 HIGH

Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

Jul 3, 2026
CVE-2026-57977
7.1 HIGH

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

Jul 3, 2026
CVE-2026-57975
7.5 HIGH

Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

Jul 3, 2026
CVE-2026-57974
8.8 HIGH

Integer overflow or wraparound in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

Jul 3, 2026
CVE-2026-56645
8.8 HIGH

Heap-based buffer overflow in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

Jul 3, 2026
CVE-2026-28744
8.1 HIGH

Gitea versions up to and including 1.26.1 allow Git smart HTTP requests authenticated with bearer tokens to bypass repository token scope checks.

Jul 3, 2026
CVE-2026-28740
7.1 HIGH

Gitea versions up to and including 1.26.2 allow Git LFS object reuse to authorize private source objects for users who have repository access but lack …

Jul 3, 2026
CVE-2026-28737
8.7 HIGH

Gitea versions from 1.25.0 before 1.26.0 allow stored cross-site scripting through the extensionsRequired field in glTF files rendered by the 3D file viewer.

Jul 3, 2026
CVE-2026-28699
8.1 HIGH

Gitea versions up to and including 1.26.1 allow OAuth2 access token scope enforcement to be bypassed through HTTP Basic authentication.

Jul 3, 2026
CVE-2026-27779
7.5 HIGH

Gitea versions before 1.25.5 accept malformed or injected forwarded-proto values when detecting public URLs, allowing spoofed canonical URL generation.

Jul 3, 2026
CVE-2026-27775
8.8 HIGH

Gitea 1.25.5 caches a branch-specific write-permission result across multiple refs in one pre-receive hook session, allowing a per-branch maintainer-edit grant to be reused for other …

Jul 3, 2026
CVE-2026-27771
8.2 HIGH

Gitea versions up to and including 1.26.1 have insufficient permission checks for Composer package source links, which can expose private or internal package source information.

Jul 3, 2026
CVE-2026-26231
8.5 HIGH

Gitea versions up to and including 1.26.1 allow the Allow edits from maintainers permission path to authorize commits to repositories that the user can read …

Jul 3, 2026
CVE-2026-22555
8.1 HIGH

Gitea versions before 1.26.0 allow API users to fork a repository into an organization without first passing the CanCreateOrgRepo check, which can expose organization secrets.

Jul 3, 2026
CVE-2026-20779
7.1 HIGH

Gitea versions from 1.5.0 before 1.26.3 have a TOTP single-use enforcement defect that allows a valid TOTP code to be accepted more than once across …

Jul 3, 2026
CVE-2026-12481
8.8 HIGH

A vulnerability in keras-team/keras version 3.14.0 allows for arbitrary code execution due to improper handling of deserialization in the `Lambda` layer. Specifically, the `_raise_for_lambda_deserialization()` function …

Jul 3, 2026
CVE-2026-14606
7.8 HIGH

A security flaw has been discovered in RT-Thread up to 5.0.2. Affected by this issue is the function CAN_Receive in the library bsp/synwit/libraries/SWM341_CSL/CMSIS/DeviceSupport/SWM341.h of the …

Jul 3, 2026
CVE-2026-14605
7.8 HIGH

A vulnerability was identified in RT-Thread up to 5.0.2. Affected by this vulnerability is the function recvmsg in the library bsp/loongson/ls1cdev/libraries/ls1c_can.h of the component ls1c …

Jul 3, 2026
CVE-2026-58379
7.3 HIGH

A flaw was found in GIMP's Paint Shop Pro (PSP) file format parser. This heap buffer overflow vulnerability allows a remote attacker to cause arbitrary …

Jul 3, 2026
CVE-2026-53478
7.2 HIGH

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through …

Jul 3, 2026
CVE-2026-49815
7.2 HIGH

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through …

Jul 3, 2026
CVE-2026-49814
7.2 HIGH

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through …

Jul 3, 2026
CVE-2026-14460
8.8 HIGH

Missing Authorization vulnerability in TUBITAK BILGEM Software Technologies Research Institute pardus-software allows Argument Injection. This issue affects pardus-software: from <= 1.0.4 before 1.0.5.

Jul 3, 2026
CVE-2026-14459
8.8 HIGH

Improper neutralization of argument delimiters in a command ('argument injection') vulnerability in TUBITAK BILGEM Software Technologies Research Institute pardus-software allows Argument Injection. This issue affects …

Jul 3, 2026
CVE-2026-13341
7.4 HIGH

A vulnerability exists in the Kong Konnect Model Context Protocol (MCP) server prior to version 1.0.0, which could allow a remote attacker to perform an …

Jul 3, 2026
CVE-2026-10055
8.5 HIGH

In Eclipse Theia since version 1.26.0, the backend /services/request-service RPC accepts an attacker-controlled URL from any client connected to the standard /services messaging endpoint, performs …

Jul 3, 2026
CVE-2026-10054
8.8 HIGH

In affected versions of Eclipse Theia (1.8.1 and later), the browser backend exposes privileged terminal RPC over WebSocket (/services/shell-terminal, /services/terminals/:id) without service-level authentication. WebSocket origin …

Jul 3, 2026
CVE-2026-9148
7.2 HIGH

The Comments – wpDiscuz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the guest commenter 'Website' field in versions up to, and including, …

Jul 3, 2026
CVE-2026-9547
7.4 HIGH

When a libcurl-based application performs transfers via `SCP://` or `SFTP://` and utilizes the `CURLOPT_SSH_KEYFUNCTION` callback, it may silently accept an untrusted server. This vulnerability occurs …

Jul 3, 2026
CVE-2026-9546
7.5 HIGH

A vulnerability in libcurl caused the HTTP `Referer:` header to persist even when explicitly cleared. While the documentation states that passing NULL to `CURLOPT_REFERER` suppresses …

Jul 3, 2026
CVE-2026-9545
7.5 HIGH

In this scenario, libcurl first uses a proper HTTP/3 server for the initial transfers, and when it makes a second transfer to the same site …

Jul 3, 2026
CVE-2026-9080
7.3 HIGH

Calling `curl_easy_pause()` within the event-based `CURLMOPT_SOCKETFUNCTION` callback triggers a use-after-free vulnerability, where libcurl attempts to store a flag using a dangling struct pointer immediately after …

Jul 3, 2026
CVE-2026-8932
7.5 HIGH

libcurl would reuse a previously created connection even when some mTLS config related option had been changed that should have prohibited reuse. libcurl keeps previously …

Jul 3, 2026
CVE-2026-8286
8.1 HIGH

A vulnerability exists where a new transfer that uses STARTTLS to upgrade the connection might reuse an existing live connection even though the TLS configuration …

Jul 3, 2026
CVE-2026-4967
7.5 HIGH

In IMS, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with …

Jul 3, 2026
CVE-2026-12064
7.5 HIGH

When a user invokes curl using a schemeless URL combined with `--proto-default` sftp (or scp), a disconnect occurs between the tool layer and libcurl. The …

Jul 3, 2026
CVE-2026-11586
7.5 HIGH

By default, curl automatically responds to WebSocket PING frames. Because curl lacks an upper bound on memory allocation for unacknowledged frames, a malicious server can …

Jul 3, 2026
CVE-2026-11352
7.5 HIGH

An issue in curl’s QUIC UDP receive function allows a malicious HTTP/3 server to trigger a remote denial of service against a curl or libcurl …

Jul 3, 2026
CVE-2026-14352
7.5 HIGH

The AR for WooCommerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 8.40 via the 'file' parameter parameter. …

Jul 3, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.