CVE Database

108042+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-57329
6.5 MEDIUM

Subscriber Cross Site Scripting (XSS) in WooCommerce Designer Pro <= 1.9.34 versions.

Jun 29, 2026
CVE-2026-57328
6.5 MEDIUM

Subscriber Cross Site Scripting (XSS) in Business Directory <= 6.4.22 versions.

Jun 29, 2026
CVE-2026-57327
6.3 MEDIUM

Subscriber Broken Access Control in MainWP <= 6.1.1 versions.

Jun 29, 2026
CVE-2026-57326
6.1 MEDIUM

Unauthenticated Cross Site Scripting (XSS) in Business Directory <= 6.4.22 versions.

Jun 29, 2026
CVE-2026-57320
7.1 HIGH

Unauthenticated Cross Site Scripting (XSS) in BEAR <= 1.1.8 versions.

Jun 29, 2026
CVE-2026-56290
9.8 CRITICAL

The Joomla extension Page Builder CK is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE.

Jun 29, 2026
CVE-2026-56124
7.5 HIGH

phpUploader before 2.0.2 contains an unauthenticated information disclosure vulnerability that allows remote attackers to access the full contents of the uploaded-files database table by visiting …

Jun 29, 2026
CVE-2026-55844
7.5 HIGH

Home Assistant is open source home automation software that puts local control and privacy first. Prior to 2025.5.0, The iOS companion app ignores the SSID …

Jun 29, 2026
CVE-2026-55607
8.8 HIGH

Claude Code is an agentic coding tool. From 2.1.38 until 2.1.163, Claude Code's worktree handling allowed creation of worktrees named ".git" and navigation to worktrees …

Jun 29, 2026
CVE-2026-49049
7.5 HIGH

The Helix3 plugin for Joomla exposes an ajax handler task, that allows unauthenticated attackers to delete arbitrary files, write arbitrary JSON files and update template …

Jun 29, 2026
CVE-2026-46406
6.1 MEDIUM

Claude Code is an agentic coding tool. From 2.1.59 until 2.1.128, the Claude Code /copy command wrote responses to a hardcoded, predictable path (/tmp/claude/response.md) without …

Jun 29, 2026
CVE-2026-13579
6.3 MEDIUM

A weakness has been identified in itsourcecode Hospital Management System 1.0. Affected by this issue is some unknown functionality of the file /patientchangepassword.php. Executing a …

Jun 29, 2026
CVE-2026-13578
6.3 MEDIUM

A security flaw has been discovered in itsourcecode Hospital Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /patientdetail.php. Performing …

Jun 29, 2026
CVE-2026-13574
3.3 LOW

A vulnerability was determined in llvm llvm-project up to 22.1.6. This impacts the function GCRelocateInst::getBasePtr in the library llvm/lib/IR/IntrinsicInst.cpp of the component Bitcode File Handler. …

Jun 29, 2026
CVE-2026-13573
3.3 LOW

A vulnerability was found in llvm llvm-project up to 22.1.6. This affects the function llvm::StringMap::insert in the library /lib/IR/ValueSymbolTable.cpp of the component ValueSymbolTable Module. The …

Jun 29, 2026
CVE-2026-13572
6.3 MEDIUM

A vulnerability has been found in itsourcecode Hospital Management System 1.0. The impacted element is an unknown function of the file /insertbillingrecord.php. The manipulation of …

Jun 29, 2026
CVE-2026-13571
5.3 MEDIUM

A flaw has been found in SourceCodester Simple Food Ordering System 1.0. The affected element is an unknown function of the file /cart.php. Executing a …

Jun 29, 2026
CVE-2026-56457
4.3 MEDIUM

HCL DevOps Deploy / HCL Launch is susceptible to an exposure of sensitive information vulnerability in output logs. This exposure could allow an attacker with …

Jun 29, 2026
CVE-2026-54371
7.1 HIGH

attr before version 2.6.0 contains a symlink traversal vulnerability in the getfattr and setfattr utilities that allows local attackers to escalate privileges by replacing a …

Jun 29, 2026
CVE-2026-54370
6.3 MEDIUM

acl before version 2.4.0 contains a time-of-check to time-of-use (TOCTOU) race condition vulnerability that allows local attackers to escalate privileges by replacing a pathname component …

Jun 29, 2026
CVE-2026-54369
7.1 HIGH

acl before version 2.4.0 contains a symlink traversal vulnerability in the libacl pathname-based functions acl_get_file(), acl_set_file(), acl_extended_file(), and acl_delete_def_file() that allows local attackers to escalate …

Jun 29, 2026
CVE-2026-40524
8.1 HIGH

FrontAccounting before 2.4.20 contains a SQL injection vulnerability in the get_gl_transactions() function where the filter_type parameter is concatenated directly into a SQL IN() clause without …

Jun 29, 2026
CVE-2026-40523
8.1 HIGH

FrontAccounting before 2.4.20 contains a SQL injection vulnerability in the Audit Trail report handler that allows authenticated attackers with SA_GLANALYTIC permission to execute arbitrary SQL …

Jun 29, 2026
CVE-2026-40522
7.1 HIGH

FrontAccounting before 2.4.20 contains a SQL injection vulnerability in the Bank Statement report handler that allows authenticated attackers to extract arbitrary database data by injecting …

Jun 29, 2026
CVE-2026-40521
8.8 HIGH

FrontAccounting before 2.4.20 contains a path traversal vulnerability in the attachment upload handler that allows authenticated attackers to execute arbitrary code by uploading files with …

Jun 29, 2026
CVE-2026-13676
7.5 HIGH

fast-uri versions 2.3.1 through 3.1.2 and 4.0.0 fail to canonicalize Unicode (IDN) hostnames for HTTP-family URLs. The IDN conversion path calls a helper that does …

Jun 29, 2026
CVE-2026-13570
3.5 LOW

A vulnerability was detected in SourceCodester Inventory Management System 1.0. Impacted is an unknown function of the file /api/users_handler.php of the component User Registration Endpoint. …

Jun 29, 2026
CVE-2026-13569
4.7 MEDIUM

A security vulnerability has been detected in weng-xianhu EyouCMS up to 1.7.1. This issue affects some unknown processing of the file /index.php of the component …

Jun 29, 2026
CVE-2026-13568
7.3 HIGH

A weakness has been identified in SourceCodester Inventory Management System 1.0. This vulnerability affects unknown code of the file /api/users_handler.php of the component User Registration …

Jun 29, 2026
CVE-2026-13567
4.3 MEDIUM

A security flaw has been discovered in code-projects Online Music Site 1.0. This affects an unknown part of the file /Frontend/Feedback.php of the component POST …

Jun 29, 2026
CVE-2026-13566
7.3 HIGH

A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0. Affected by this issue is some unknown functionality of the file /preview3.php. The …

Jun 29, 2026
CVE-2026-13565
7.3 HIGH

A vulnerability was determined in SourceCodester Class and Exam Timetabling System 1.0/1.php. Affected by this vulnerability is an unknown functionality of the file /edit_class1.php. Executing …

Jun 29, 2026
CVE-2026-13165

SzafirHost verifies the downloaded native library archive with one JarFile parser (reading the Central Directory) but extracts native libraries with JarInputStream parser (reading sequentially from …

Jun 29, 2026
CVE-2026-12856
8.8 HIGH

A flaw was found in the vscode-java extension, which provides Java language support for Visual Studio Code. The extension incorrectly trusts all Markdown content in …

Jun 29, 2026
CVE-2026-12616

The /v1/upload/sbom endpoint extracts the iss claim from the attacker-supplied JWT with signature verification disabled, then interpolates that string into three log statements before any …

Jun 29, 2026
CVE-2026-11979
7.8 HIGH

libxml2 is vulnerable to multiple stack-based buffer overflows in the xmlcatalog utility when running in --shell mode. The usershell() function processes user input using fixed-size …

Jun 29, 2026
CVE-2026-41992
7.5 HIGH

GNU gzip contains a global buffer overflow vulnerability in the LZH decompression logic caused by improper reuse of shared global state between different decompression formats …

Jun 29, 2026
CVE-2026-41991
4.7 MEDIUM

GNU gzip contains a vulnerability in the gzexe utility related to insecure temporary file handling. When the mktemp utility is not available in the user’s …

Jun 29, 2026
CVE-2026-13564
8.8 HIGH

A vulnerability was found in Edimax EW-7478APC 1.04. Affected is the function formPPPoESetup of the file /goform/formPPPoESetup of the component POST Request Handler. Performing a …

Jun 29, 2026
CVE-2026-13563
8.8 HIGH

A vulnerability has been found in Edimax EW-7478APC 1.04. This impacts the function formL2TPSetup of the file /goform/formL2TPSetup of the component POST Request Handler. Such …

Jun 29, 2026
CVE-2026-13562
8.8 HIGH

A flaw has been found in Edimax EW-7478APC 1.04. This affects the function formiNICSiteSurvey of the file /goform/formiNICSiteSurvey of the component POST Request Handler. This …

Jun 29, 2026
CVE-2026-13561
6.3 MEDIUM

A vulnerability was detected in Edimax EW-7478APC 1.04. The impacted element is the function formiNICbasic of the file /goform/formiNICbasic of the component POST Request Handler. …

Jun 29, 2026
CVE-2026-13560
6.3 MEDIUM

A security vulnerability has been detected in Edimax EW-7478APC 1.04. The affected element is the function formAccept of the file /goform/formAccept of the component POST …

Jun 29, 2026
CVE-2026-13559
7.3 HIGH

A weakness has been identified in code-projects Real State Services 1.0. Impacted is an unknown function of the file /single-list_sale.php?action=add. Executing a manipulation of the …

Jun 29, 2026
CVE-2026-13558
3.5 LOW

A security flaw has been discovered in CodeAstro Complaint Management System 1.0. This issue affects some unknown processing of the file /report/addreport of the component …

Jun 29, 2026
CVE-2026-57346
7.1 HIGH

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Epiphyt Embed Privacy allows Path Traversal. This issue affects Embed Privacy: from …

Jun 29, 2026
CVE-2026-25707
8.8 HIGH

A relative path traversal bug problem when processing repository metadata in libzypp before 17.38.10 could be used by remote attackers supplying repositories to overwrite files …

Jun 29, 2026
CVE-2026-13601
7.1 HIGH

A flaw was found in Yelp due to an overly permissive Content Security Policy (CSP) implementation provided by yelp-xsl. A malicious Flatpak application can open …

Jun 29, 2026
CVE-2026-13557
4.3 MEDIUM

A vulnerability was identified in itsourcecode Online Hotel Management System 1.0. This vulnerability affects unknown code of the file /admin/mod_room/controller.php?action=add of the component POST Request …

Jun 29, 2026
CVE-2026-13556
4.3 MEDIUM

A vulnerability was determined in itsourcecode Online Hotel Management System 1.0. This affects an unknown part of the file /admin/mod_users/controller.php?action=edit of the component POST Request …

Jun 29, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.