CVE Database

4399+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-6976
3.7 LOW

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.9 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain …

Jun 11, 2026
CVE-2026-3553
3.1 LOW

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.0 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain …

Jun 11, 2026
CVE-2026-41000
3.7 LOW

Wss4jSecurityInterceptor did not consistently wire Apache WSS4J ReplayCache instances into RequestData for validation-time checks. As a result, protections against replay of UsernameToken nonces and creation …

Jun 11, 2026
CVE-2026-47712
3.3 LOW

Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.24.0 and prior to version 1.2.5, dulwich.porcelain.format_patch(outdir=...) derives each patch …

Jun 10, 2026
CVE-2026-48011
3.7 LOW

Shopware is an open commerce platform. Prior to versions 6.6.10.18 and 6.7.10.1, an attacker is able to enumerate the usernames of administrator users by performing …

Jun 10, 2026
CVE-2026-45380
3.6 LOW

bit7z is a cross-platform C++ static library that allows the compression/extraction of archive files. Prior to version 4.0.12, a one-byte off-by-one error in SafeOutPathBuilder::restoreSymlink() allows …

Jun 10, 2026
CVE-2022-48575
3.5 LOW

A person with access to a Mac may be able to bypass Login Window. A consistency issue was addressed with improved state handling. This issue …

Jun 10, 2026
CVE-2026-50568
3.6 LOW

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.25.0, SanitizeFilePath in pkg/utils/utils.go validated …

Jun 10, 2026
CVE-2026-49497
3.3 LOW

Ghidra before 12.1 contains a path traversal vulnerability in SameDirDebugInfoProvider that fails to validate filenames from ELF binary .gnu_debuglink sections before constructing file paths. Attackers …

Jun 10, 2026
CVE-2024-58350
2.9 LOW

Ghidra before 11.2 contains a use after free vulnerability in the Sleigh backend caused by undefined static initialization order of the SleighArchitecture::translators and XmlArchitectureCapability singletons. …

Jun 10, 2026
CVE-2026-9060
3.5 LOW

The Store Locator WordPress plugin before 1.6.6 does not sanitize and escape one of its settings before storing it and outputting it on the Store …

Jun 10, 2026
CVE-2026-41694
3.7 LOW

Since Spring Security SAML decrypts SAML Responses as well as elements of SAML LogoutRequests and LogoutResponses without requiring a valid signature, attackers may be able …

Jun 10, 2026
CVE-2026-48289
3.5 LOW

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature …

Jun 9, 2026
CVE-2026-48288
3.5 LOW

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature …

Jun 9, 2026
CVE-2026-45642
3.9 LOW

Improper input validation in Microsoft Azure Attestation service and Device Health Attestation Service allows an authorized attacker to perform spoofing with a physical attack.

Jun 9, 2026
CVE-2026-45485
3.3 LOW

Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.

Jun 9, 2026
CVE-2026-45466
3.3 LOW

Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to disclose information locally.

Jun 9, 2026
CVE-2026-45459
3.3 LOW

Protection mechanism failure in Microsoft Office Excel allows an unauthorized attacker to bypass a security feature locally.

Jun 9, 2026
CVE-2026-45455
3.3 LOW

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network.

Jun 9, 2026
CVE-2026-42770
3.7 LOW

Issue summary: When EVP_PKEY_derive_set_peer() is called with a DHX (X9.42) peer key, the peer key is not properly checked for the subgroup membership. Impact summary: …

Jun 9, 2026
CVE-2026-42768
3.7 LOW

Issue summary: The CMS_decrypt and PKCS7_decrypt functions are vulnerable to Bleichenbacher-style attack when an attacker is able to provide the CMS or S/MIME messages and …

Jun 9, 2026
CVE-2026-11792
3.3 LOW

A heap buffer overflow flaw was found in 389 Directory Server. When audit logging is enabled, the create_masked_entry_string() function in auditlog.c copies a fixed-length password …

Jun 9, 2026
CVE-2026-11786
1.9 LOW

A flaw was found in 389 Directory Server. The LDIF parser reads past the end of a heap buffer when processing attribute types with trailing …

Jun 9, 2026
CVE-2026-41986
2.4 LOW

Logic bypass vulnerability in the file system. Impact: Successful exploitation of this vulnerability may affect availability.

Jun 9, 2026
CVE-2026-41974
3.6 LOW

Permission control vulnerability in service notifications. Impact: Successful exploitation of this vulnerability may affect availability.

Jun 9, 2026
CVE-2026-8981
3.5 LOW

The Custom Block Builder WordPress plugin before 4.3.0 does not consistently check the unfiltered_html capability across all paths that write to its block template code …

Jun 9, 2026
CVE-2026-41852
3.7 LOW

A vulnerability in Spring Expression Language (SpEL) evaluation logic allows for arbitrary zero-argument method invocation, even within restricted or read-only contexts, which may allow an …

Jun 9, 2026
CVE-2026-41848
3.7 LOW

Applications may be vulnerable to a Regular Expression Denial of Service (ReDoS) attack if an attacker is able to provide a pattern which is then …

Jun 9, 2026
CVE-2026-44743
3.7 LOW

Under certain conditions, when an unauthorized attacker accesses a specific endpoint, SAP Business Objects application leaks sensitive information .This has a low impact on the …

Jun 9, 2026
CVE-2026-11691
3.1 LOW

Insufficient validation of untrusted input in New Tab Page in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process …

Jun 9, 2026
CVE-2026-11686
3.1 LOW

Insufficient validation of untrusted input in Dawn in Google Chrome on macOS prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process …

Jun 9, 2026
CVE-2026-11684
3.1 LOW

Insufficient policy enforcement in Network in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the utility process to leak cross-origin data …

Jun 9, 2026
CVE-2026-11675
3.1 LOW

Out of bounds read in Skia in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to leak cross-origin …

Jun 9, 2026
CVE-2026-11555
3.7 LOW

A vulnerability was identified in D-Link DGS-1100-08PD 1.00.006. This issue affects some unknown processing of the file /etc/boa.conf of the component Web Interface. Such manipulation …

Jun 8, 2026
CVE-2026-11534
3.5 LOW

A vulnerability was detected in imvks786 student_management_system up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. Affected by this issue is some unknown functionality of the file /add.php. The manipulation of …

Jun 8, 2026
CVE-2026-11520
3.5 LOW

A weakness has been identified in SourceCodester Inventory System 1.0. Affected by this issue is some unknown functionality of the file header.php. This manipulation causes …

Jun 8, 2026
CVE-2026-11511
3.5 LOW

A weakness has been identified in Bolt CMS up to 3.7.5. This vulnerability affects unknown code of the file src/Storage/Field/Type/TextType.php of the component HTML Attribute …

Jun 8, 2026
CVE-2026-11502
3.1 LOW

A weakness has been identified in JeecgBoot up to 3.9.2. Impacted is the function HttpServletResponse.sendRedirect of the file jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/ThirdLoginController.java of the component Third-Party Login. This …

Jun 8, 2026
CVE-2026-11491
2.4 LOW

A vulnerability was identified in CodeAstro Human Resource Management System 1.0. Impacted is an unknown function of the file /notice/All_notice of the component Notice Board …

Jun 8, 2026
CVE-2026-11481
2.5 LOW

A vulnerability was determined in yoanbernabeu grepai up to 0.35.0. The affected element is the function PostgresStore.LookupByContentHash of the file indexer/chunker.go of the component Postgres …

Jun 8, 2026
CVE-2026-11478
3.3 LOW

A flaw has been found in kokke tiny-regex-c up to f2632c6d9ed25272987471cdb8b70395c2460bdb. This vulnerability affects the function matchstar of the file re.c of the component Pattern …

Jun 8, 2026
CVE-2026-11468
2.4 LOW

A vulnerability was detected in SourceCodester Hospitals Patient Records Management System 1.0. This issue affects some unknown processing of the file /admin/?page=room_types. Performing a manipulation …

Jun 8, 2026
CVE-2026-11465
3.1 LOW

A security flaw has been discovered in songquanpeng one-api up to 0.6.11-preview.7. Affected by this issue is the function Redeem of the file model/redemption.go of …

Jun 7, 2026
CVE-2026-11464
3.1 LOW

A vulnerability was identified in JeecgBoot up to 3.9.2. Affected by this vulnerability is the function queryPageList of the file src\main\java\org\jeecg\modules\system\controller\SysUserController.java of the component User …

Jun 7, 2026
CVE-2026-11459
3.3 LOW

A security vulnerability has been detected in SecureAge CatchPulse up to 10.9.3. Impacted is an unknown function in the library saappctl.sys of the component IOCTL …

Jun 7, 2026
CVE-2026-11434
2.4 LOW

A weakness has been identified in FluentCMS 0.0.5. The impacted element is an unknown function of the file /admin/blocks of the component Blocks Plugin. This …

Jun 6, 2026
CVE-2025-12656
3.8 LOW

The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to arbitrary directory deletion due to insufficient file path validation in …

Jun 6, 2026
CVE-2026-11338
2.4 LOW

A security vulnerability has been detected in SourceCodester Ship Ferry Ticket Reservation System 1.0. Impacted is an unknown function of the file /admin/?page=user/manage_user. The manipulation …

Jun 5, 2026
CVE-2026-48102
3.1 LOW

7-Zip is a file archiver with a high compression ratio. Versions 9.11 through 26.00 contain a heap out-of-bounds read of up to 3 bytes in …

Jun 5, 2026
CVE-2026-11330
3.6 LOW

A weakness has been identified in thedotmack claude-mem up to 11.0.1. The affected element is the function computeObservationContentHash of the file src/services/sqlite/observations/store.ts of the component …

Jun 5, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.