CVE Database

110968+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-66954
6.5 MEDIUM

A vulnerability exists in the Buffalo Link Station version 1.85-0.01 that allows unauthenticated or guest-level users to enumerate valid usernames and their associated privilege roles. …

Apr 20, 2026
CVE-2026-6652
4.7 MEDIUM

A weakness has been identified in Pagekit CMS up to 1.0.18. This issue affects the function evaluate of the file app/modules/view/src/PhpEngine.php of the component StringStorage …

Apr 20, 2026
CVE-2026-6651
2.4 LOW

A security flaw has been discovered in erponline.xyz ERP Online up to 4.0.0. This vulnerability affects unknown code of the component Inventory Edit Item Page. …

Apr 20, 2026
CVE-2026-6650
4.7 MEDIUM

A vulnerability was identified in Z-BlogPHP 1.7.5. This affects the function App::UnPack of the file /zb_users/plugin/AppCentre/app_upload.php of the component ZBA File Handler. The manipulation leads …

Apr 20, 2026
CVE-2026-6066
7.1 HIGH

ConnectWise has released a security update for ConnectWise Automate™ that addresses a behavior in the ConnectWise Automate Solution Center where certain client-to-server communications could occur …

Apr 20, 2026
CVE-2026-41245
5.9 MEDIUM

Junrar is an open source java RAR archive library. Prior to version 7.5.10, a path traversal vulnerability in `LocalFolderExtractor` allows an attacker to write arbitrary …

Apr 20, 2026
CVE-2026-40896
6.5 MEDIUM

OpenProject is open-source, web-based project management software. Prior to version 17.3.0, a user with `manage_agendas` permission in any project can inject agenda items into meetings …

Apr 20, 2026
CVE-2026-3219

pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This …

Apr 20, 2026
CVE-2026-39918
9.8 CRITICAL

Vvveb prior to 1.0.8.1 contains a code injection vulnerability in the installation endpoint where the subdir POST parameter is written unsanitized into the env.php configuration …

Apr 20, 2026
CVE-2026-34429
5.4 MEDIUM

Vvveb prior to 1.0.8.1 contains a stored cross-site scripting vulnerability that allows authenticated users with media upload and rename permissions to execute arbitrary JavaScript by …

Apr 20, 2026
CVE-2026-34428
7.7 HIGH

Vvveb prior to 1.0.8.1 contains a server-side request forgery vulnerability in the oEmbedProxy action of the editor/editor module where the url parameter is passed directly …

Apr 20, 2026
CVE-2026-34427
8.8 HIGH

Vvveb prior to 1.0.8.1 contains a privilege escalation vulnerability in the admin user profile save endpoint that allows authenticated users to modify privileged fields on …

Apr 20, 2026
CVE-2026-26944
8.8 HIGH

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain a missing authentication for …

Apr 20, 2026
CVE-2026-25883
5.8 MEDIUM

Vexa is an open-source, self-hostable meeting bot API and meeting transcription API. Prior to 0.10.0-260419-1910, the Vexa webhook feature allows authenticated users to configure an …

Apr 20, 2026
CVE-2026-25058
7.5 HIGH

Vexa is an open-source, self-hostable meeting bot API and meeting transcription API. Prior to 0.10.0-260419-1910, the Vexa transcription-collector service exposes an internal endpoint `GET /internal/transcripts/{meeting_id}` …

Apr 20, 2026
CVE-2026-24468
5.3 MEDIUM

OpenAEV is an open source platform allowing organizations to plan, schedule and conduct cyber adversary simulation campaign and tests. Starting in version 1.11.0 and prior …

Apr 20, 2026
CVE-2026-24467
9.0 CRITICAL

OpenAEV is an open source platform allowing organizations to plan, schedule and conduct cyber adversary simulation campaign and tests. Starting in version 1.0.0 and prior …

Apr 20, 2026
CVE-2026-23774
7.2 HIGH

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.10, LTS2024 …

Apr 20, 2026
CVE-2026-6649
6.3 MEDIUM

A vulnerability was determined in Qibo CMS 1.0. Affected by this issue is some unknown functionality of the file /index/image/headers. Executing a manipulation of the …

Apr 20, 2026
CVE-2026-6369

An improper access control vulnerability in the canonical-livepatch snap client prior to version 10.15.0 allows a local unprivileged user to obtain a sensitive, root-level authentication …

Apr 20, 2026
CVE-2026-5760
9.8 CRITICAL

SGLang's reranking endpoint (/v1/rerank) achieves Remote Code Execution (RCE) when a model file containing a malcious tokenizer.chat_template is loaded, as the Jinja2 chat templates are …

Apr 20, 2026
CVE-2026-4048
8.4 HIGH

OS Command Injection Remote Code Execution Vulnerability in UI in Progress ADC Products allows an authenticated attacker with “All” permissions to execute arbitrary commands on …

Apr 20, 2026
CVE-2026-3519
8.4 HIGH

OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “VS Administration” permissions to execute arbitrary commands …

Apr 20, 2026
CVE-2026-3518
8.4 HIGH

OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “All” permissions to execute arbitrary commands on …

Apr 20, 2026
CVE-2026-3517
8.4 HIGH

OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “Geo Administration” permissions to execute arbitrary commands …

Apr 20, 2026
CVE-2026-33558
5.3 MEDIUM

Information exposure vulnerability has been identified in Apache Kafka. The NetworkClient component will output entire requests and responses information in the DEBUG log level in …

Apr 20, 2026
CVE-2026-33557
9.1 CRITICAL

A possible security vulnerability has been identified in Apache Kafka. By default, the broker property `sasl.oauthbearer.jwt.validator.class` is set to `org.apache.kafka.common.security.oauthbearer.DefaultJwtValidator`. It accepts any JWT token …

Apr 20, 2026
CVE-2025-66335
5.3 MEDIUM

Apache Doris MCP Server versions earlier than 0.6.1 are affected by an improper neutralization flaw in query context handling that may allow execution of unintended …

Apr 20, 2026
CVE-2026-6648
3.5 LOW

A vulnerability was found in Qibo CMS 1.0. Affected by this vulnerability is an unknown functionality of the component Internal Message Module. Performing a manipulation …

Apr 20, 2026
CVE-2026-6636
4.3 MEDIUM

A vulnerability was detected in p2r3 convert up to 6998584ace3e11db66dff0b423612a5cf91de75b. Affected is the function Bun.serve of the file buildCache.js of the component API. Performing a …

Apr 20, 2026
CVE-2026-6635
7.3 HIGH

A security vulnerability has been detected in rowboatlabs rowboat up to 0.1.67. This impacts the function tool_call of the file apps/experimental/tools_webhook/app.py of the component tools_webhook. …

Apr 20, 2026
CVE-2026-6634
6.3 MEDIUM

A weakness has been identified in usememos memos up to 0.22.1. This affects the function memos_access_token of the file src/App.tsx of the component UpdateInstanceSetting. This …

Apr 20, 2026
CVE-2026-6633
3.5 LOW

A security flaw has been discovered in Yifang CMS up to 2.0.5. The impacted element is the function store of the file plugins/yifang_backend_account/logic/admin/L_rbac_admin.php of the …

Apr 20, 2026
CVE-2026-5958

When sed is invoked with both -i (in-place edit) and --follow-symlinks, the function open_next_file() performs two separate, non-atomic filesystem operations on the same path: 1. …

Apr 20, 2026
CVE-2026-6654
5.1 MEDIUM

Double-Free / Use-After-Free (UAF) in the `IntoIter::drop` and `ThinVec::clear` functions in the thin_vec crate. A panic in `ptr::drop_in_place` skips setting the length to zero.

Apr 20, 2026
CVE-2026-6632
8.8 HIGH

A vulnerability was identified in Tenda F451 1.0.0.7_cn_svn7958. The affected element is the function fromSafeClientFilter of the file /goform/SafeClientFilter of the component httpd. The manipulation …

Apr 20, 2026
CVE-2026-6631
8.8 HIGH

A vulnerability was determined in Tenda F451 1.0.0.7_cn_svn7958. Impacted is the function fromwebExcptypemanFilter of the file /goform/webExcptypemanFilter of the component httpd. Executing a manipulation of …

Apr 20, 2026
CVE-2026-6630
8.8 HIGH

A vulnerability was found in Tenda F451 1.0.0.7_cn_svn7958. This issue affects the function fromGstDhcpSetSer of the file /goform/GstDhcpSetSer of the component httpd. Performing a manipulation …

Apr 20, 2026
CVE-2026-6629
7.3 HIGH

A vulnerability has been found in Metasoft 美特软件 MetaCRM up to 6.4.0. This vulnerability affects the function Statement.executeUpdate of the file sql.jsp of the component …

Apr 20, 2026
CVE-2026-6628
6.3 MEDIUM

A flaw has been found in phili67 Ecclesia CRM up to 8.0.0. This affects the function ValidateInput of the file /v2/query/view/ of the component Query …

Apr 20, 2026
CVE-2026-6626
6.3 MEDIUM

A vulnerability was detected in Cockpit-HQ Cockpit up to 2.13.5. Affected by this issue is some unknown functionality of the component Asset Handler/Aggregate Handler. The …

Apr 20, 2026
CVE-2026-6625
7.3 HIGH

A security vulnerability has been detected in moxi624 Mogu Blog v2 up to 5.2. Affected by this vulnerability is the function LocalFileServiceImpl.uploadPictureByUrl of the file …

Apr 20, 2026
CVE-2026-6624
2.4 LOW

A weakness has been identified in BichitroGan ISP Billing Software 2025.3.20. Affected is an unknown function of the file /?\_route=pool/add of the component Pool List …

Apr 20, 2026
CVE-2026-6623
2.4 LOW

A security flaw has been discovered in BichitroGan ISP Billing Software 2025.3.20. This impacts an unknown function of the file /?_route=settings/users-view/ of the component Profile …

Apr 20, 2026
CVE-2026-6622
2.4 LOW

A vulnerability was identified in BichitroGan ISP Billing Software 2025.3.20. This affects an unknown function of the file /?\_route=customers/edit/ of the component Customer Handler. Such …

Apr 20, 2026
CVE-2026-31430

In the Linux kernel, the following vulnerability has been resolved: X.509: Fix out-of-bounds access when parsing extensions Leo reports an out-of-bounds access when parsing a …

Apr 20, 2026
CVE-2026-31429

In the Linux kernel, the following vulnerability has been resolved: net: skb: fix cross-cache free of KFENCE-allocated skb head SKB_SMALL_HEAD_CACHE_SIZE is intentionally set to a …

Apr 20, 2026
CVE-2025-13480
6.5 MEDIUM

Fudo Enterprise in versions from 5.5.0 through 5.6.2 allows low privileged users to access certain administrator-only resources via improperly protected API endpoints. This includes sensitive …

Apr 20, 2026
CVE-2026-6621
7.3 HIGH

A vulnerability was determined in 1024bit extend-deep up to 0.1.6. The impacted element is an unknown function of the file index.js. This manipulation of the …

Apr 20, 2026
CVE-2026-6620
6.3 MEDIUM

A vulnerability was found in SonicCloudOrg sonic-server up to 2.0.0. The affected element is the function Upload of the file FileTool.java of the component File …

Apr 20, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.