CVE Database

110968+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-6589
4.3 MEDIUM

A security vulnerability has been detected in ComfyUI up to 0.13.0. This affects the function create_origin_only_middleware of the file server.py. The manipulation leads to cross-site …

Apr 20, 2026
CVE-2026-6588
6.5 MEDIUM

A weakness has been identified in serge-chat serge up to 1.4TB. The impacted element is the function download_model/delete_model of the file api/src/serge/routers/model.py of the component …

Apr 20, 2026
CVE-2026-6587
6.3 MEDIUM

A security flaw has been discovered in vibrantlabsai RAGAS up to 0.4.3. The affected element is the function _try_process_local_file/_try_process_url of the file src/ragas/metrics/collections/multi_modal_faithfulness/util.py of the …

Apr 20, 2026
CVE-2026-6586
6.3 MEDIUM

A vulnerability was identified in TransformerOptimus SuperAGI up to 0.0.14. Impacted is the function get_budget/update_budget of the file superagi/controllers/budget.py of the component Budget Endpoint. Such …

Apr 20, 2026
CVE-2026-6585
5.4 MEDIUM

A vulnerability was determined in TransformerOptimus SuperAGI up to 0.0.14. This issue affects the function update_organisation of the file superagi/controllers/organisation.py of the component Organisation Update …

Apr 20, 2026
CVE-2026-6584
5.4 MEDIUM

A vulnerability was found in TransformerOptimus SuperAGI up to 0.0.14. This vulnerability affects the function update_user of the file superagi/controllers/user.py of the component User Update …

Apr 20, 2026
CVE-2026-6583
5.4 MEDIUM

A vulnerability has been found in TransformerOptimus SuperAGI up to 0.0.14. This affects the function delete_api_key/edit_api_key of the file superagi/controllers/api_key.py of the component API Key …

Apr 19, 2026
CVE-2026-6582
7.3 HIGH

A flaw has been found in TransformerOptimus SuperAGI up to 0.0.14. Affected by this issue is the function get_vector_db_details of the file superagi/controllers/vector_dbs.py of the …

Apr 19, 2026
CVE-2026-6581
8.8 HIGH

A vulnerability was detected in H3C Magic B1 up to 100R004. Affected by this vulnerability is the function SetMobileAPInfoById of the file /goform/aspForm. Performing a …

Apr 19, 2026
CVE-2026-6580
7.3 HIGH

A security vulnerability has been detected in liangliangyy DjangoBlog up to 2.1.0.0. Affected is an unknown function of the file owntracks/views.py of the component Amap …

Apr 19, 2026
CVE-2026-6579
6.5 MEDIUM

A weakness has been identified in liangliangyy DjangoBlog up to 2.1.0.0. This impacts an unknown function of the file blog/views.py of the component Clean Endpoint. …

Apr 19, 2026
CVE-2026-6578
5.6 MEDIUM

A security flaw has been discovered in liangliangyy DjangoBlog up to 2.1.0.0. This affects an unknown function of the file djangoblog/settings.py of the component Setting …

Apr 19, 2026
CVE-2026-6577
7.3 HIGH

A vulnerability was identified in liangliangyy DjangoBlog up to 2.1.0.0. The impacted element is an unknown function of the file owntracks/views.py of the component logtracks …

Apr 19, 2026
CVE-2026-6576
6.3 MEDIUM

A vulnerability was determined in liangliangyy DjangoBlog up to 2.1.0.0. The affected element is the function CommandHandler of the file servermanager/api/commonapi.py of the component WeChat …

Apr 19, 2026
CVE-2026-6574
7.3 HIGH

A vulnerability has been found in osuuu LightPicture up to 1.2.2. This issue affects some unknown processing of the file /public/install/lp.sql of the component API …

Apr 19, 2026
CVE-2026-6573
6.3 MEDIUM

A vulnerability was detected in PHPEMS 11.0. This affects the function temppage of the file /app/exam/controller/exams.master.php of the component Instant Exam Creation Handler. The manipulation …

Apr 19, 2026
CVE-2026-6572
5.6 MEDIUM

A security vulnerability has been detected in Collabora KodExplorer up to 4.52. Affected by this issue is some unknown functionality of the file /app/controller/share.class.php of …

Apr 19, 2026
CVE-2026-6571
6.3 MEDIUM

A weakness has been identified in kodcloud KodExplorer up to 4.52. Affected by this vulnerability is the function roleGroupAction of the file /app/controller/systemRole.class.php. Executing a …

Apr 19, 2026
CVE-2026-6570
2.7 LOW

A security flaw has been discovered in kodcloud KodExplorer up to 4.52. Affected is the function initInstall of the file /app/controller/systemMember.class.php. Performing a manipulation of …

Apr 19, 2026
CVE-2026-6569
7.3 HIGH

A vulnerability was identified in kodcloud KodExplorer up to 4.52. This impacts the function fileGet of the file /app/controller/share.class.php of the component fileGet Endpoint. Such …

Apr 19, 2026
CVE-2026-6568
7.3 HIGH

A vulnerability was determined in kodcloud KodExplorer up to 4.52. This affects the function share.class.php::initShareOld of the file /app/controller/share.class.php of the component Public Share Handler. …

Apr 19, 2026
CVE-2026-6564
4.3 MEDIUM

A vulnerability was found in EMQ EMQX Enterprise up to 6.1.0. The impacted element is an unknown function of the component Session Handling. The manipulation …

Apr 19, 2026
CVE-2026-6563
8.8 HIGH

A vulnerability has been found in H3C Magic B1 up to 100R004. The affected element is the function SetAPWifiorLedInfoById of the file /goform/aspForm. The manipulation …

Apr 19, 2026
CVE-2026-6562
7.3 HIGH

A flaw has been found in dameng100 muucmf 1.9.5.20260309. Impacted is the function getListByPage of the file /index/Search/index.html. Executing a manipulation of the argument keyword …

Apr 19, 2026
CVE-2026-6561
4.7 MEDIUM

A vulnerability was detected in EyouCMS up to 1.7.1. This issue affects the function edit_adminlogo of the file application/admin/controller/Index.php. Performing a manipulation of the argument …

Apr 19, 2026
CVE-2026-6560
8.8 HIGH

A security vulnerability has been detected in H3C Magic B0 up to 100R002. This vulnerability affects the function Edit_BasicSSID of the file /goform/aspForm. Such manipulation …

Apr 19, 2026
CVE-2026-6559
4.3 MEDIUM

A weakness has been identified in Wavlink WL-WN579A3 220323. This affects the function sub_401F80 of the file /cgi-bin/login.cgi. This manipulation of the argument Hostname causes …

Apr 19, 2026
CVE-2026-0868
6.4 MEDIUM

The EMC – Easily Embed Calendly Scheduling Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's calendly shortcode in all versions …

Apr 19, 2026
CVE-2026-6056

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Apr 18, 2026
CVE-2026-41242
9.8 CRITICAL

protobufjs compiles protobuf definitions into JavaScript (JS) functions. In versions prior to 8.0.1 and 7.5.5, attackers can inject arbitrary code in the "type" fields of …

Apr 18, 2026
CVE-2026-40948
5.4 MEDIUM

The Keycloak authentication manager in `apache-airflow-providers-keycloak` did not generate or validate the OAuth 2.0 `state` parameter on the login / login-callback flow, and did not …

Apr 18, 2026
CVE-2026-2986
6.4 MEDIUM

The Contextual Related Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'other_attributes' parameter in versions up to, and including, 4.2.1 due …

Apr 18, 2026
CVE-2026-2505
5.4 MEDIUM

The Categories Images plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.3.1, via the 'z_taxonomy_image' shortcode. This is …

Apr 18, 2026
CVE-2026-0894
6.4 MEDIUM

The Content Blocks (Custom Post Widget) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's content_block shortcode in all versions up to, …

Apr 18, 2026
CVE-2026-41254
4.0 MEDIUM

Little CMS (lcms2) through 2.18 has an integer overflow in CubeSize in cmslut.c because the overflow check is performed after the multiplication.

Apr 18, 2026
CVE-2026-32690
3.7 LOW

Secrets in Variables saved as JSON dictionaries were not properly redacted - in case thee variables were retrieved by the user the secrets stored as …

Apr 18, 2026
CVE-2026-32228
7.5 HIGH

UI / API User with asset materialize permission could trigger dags they had no access to. Users are advised to migrate to Airflow version 3.2.0 …

Apr 18, 2026
CVE-2026-30912
7.5 HIGH

In case of SQL errors, exception/stack trace of errors was exposed in API even if "api/expose_stack_traces" was set to false. That could lead to exposing …

Apr 18, 2026
CVE-2026-30898
8.8 HIGH

An example of BashOperator in Airflow documentation suggested a way of passing dag_run.conf in the way that could cause unsanitized user input to be used …

Apr 18, 2026
CVE-2026-25917
7.2 HIGH

Dag Authors, who normally should not be able to execute code in the webserver context could craft XCom payload causing the webserver to execute arbitrary …

Apr 18, 2026
CVE-2026-41253
6.9 MEDIUM

In iTerm2 through 3.6.9, displaying a .txt file can cause code execution via DCS 2000p and OSC 135 data, if the working directory contains a …

Apr 18, 2026
CVE-2026-6518
8.8 HIGH

The CMP – Coming Soon & Maintenance Plugin by NiteoThemes plugin for WordPress is vulnerable to arbitrary file upload and remote code execution in all …

Apr 18, 2026
CVE-2026-6048
6.4 MEDIUM

The Flipbox Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Flipbox widget's button URL `custom_attributes` field in all versions …

Apr 18, 2026
CVE-2026-4801
6.4 MEDIUM

The Page Builder Gutenberg Blocks – CoBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via external iCal feed data in all versions up …

Apr 18, 2026
CVE-2026-40494
9.8 CRITICAL

SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. Prior to commit 45d48d1f2e8e0d73e80bc1fd5310cb57f4547302, the TGA codec's …

Apr 18, 2026
CVE-2026-40493
9.8 CRITICAL

SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. Prior to commit c930284445ea3ff94451ccd7a57c999eca3bc979, the PSD codec …

Apr 18, 2026
CVE-2026-40492
9.8 CRITICAL

SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. Prior to commit 36aa5c7ec8a2bb35f6fb867a1177a6f141156b02, the XWD codec …

Apr 18, 2026
CVE-2026-40491
6.5 MEDIUM

gdown is a Google Drive public file/folder downloader. Versions prior to 5.2.2 are vulnerable to a Path Traversal attack within the extractall functionality. When extracting …

Apr 18, 2026
CVE-2026-40490
6.8 MEDIUM

The AsyncHttpClient (AHC) library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. When redirect following is enabled (followRedirect(true)), versions of …

Apr 18, 2026
CVE-2026-40489

editorconfig-core-c is an EditorConfig core library for use by plugins supporting EditorConfig parsing. Versions up to and including 0.12.10 have a stack-based buffer overflow in …

Apr 18, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.