CVE Database

110968+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-40320
7.8 HIGH

Giskard is an open-source testing framework for AI models. In versions prior to 1.0.2b1, the ConformityCheck class rendered the rule parameter through Jinja2's default Template() …

Apr 17, 2026
CVE-2026-40319
5.5 MEDIUM

Giskard is an open-source testing framework for AI models. In versions prior to 1.0.2b1, the RegexMatching check passes a user-supplied regular expression pattern directly to …

Apr 17, 2026
CVE-2025-65104
7.9 HIGH

Firebird is an open-source relational database management system. In versions FB3 of the client library placed incorrect data length values into XSQLDA fields when communicating …

Apr 17, 2026
CVE-2026-40518
7.1 HIGH

ByteDance DeerFlow before commit 2176b2b contains a path traversal and arbitrary file write vulnerability in bootstrap-mode custom-agent creation where the agent name validation is bypassed. …

Apr 17, 2026
CVE-2026-40516
8.3 HIGH

OpenHarness before commit bd4df81 contains a server-side request forgery vulnerability in the web_fetch and web_search tools that allows attackers to access private and localhost HTTP …

Apr 17, 2026
CVE-2026-40515
7.5 HIGH

OpenHarness before commit bd4df81 contains a permission bypass vulnerability that allows attackers to read sensitive files by exploiting incomplete path normalization in the permission checker. …

Apr 17, 2026
CVE-2026-3464
8.8 HIGH

The WP Customer Area plugin for WordPress is vulnerable to arbitrary file read and deletion due to insufficient file path validation in the 'ajax_attach_file' function …

Apr 17, 2026
CVE-2026-21733
7.3 HIGH

Vulnerability in Imagination Technologies Graphics DDK on Linux, Android -- RESERVED

Apr 17, 2026
CVE-2026-6497
6.3 MEDIUM

A vulnerability was determined in prasathmani TinyFileManager up to 2.6. Affected by this vulnerability is an unknown functionality of the file /filemanager.php?p= ajax=true&type=upload of the …

Apr 17, 2026
CVE-2026-6284
9.1 CRITICAL

An attacker with network access to the PLC is able to brute force discover passwords to gain unauthorized access to systems and services. The limited …

Apr 17, 2026
CVE-2026-21709
6.7 MEDIUM

A vulnerability allowing a local attacker with administrator privileges to bypass Windows Driver Signature Enforcement.

Apr 17, 2026
CVE-2026-6496
5.4 MEDIUM

A vulnerability was found in prasathmani TinyFileManager up to 2.6. Affected is an unknown function of the file /filemanager.php of the component POST Parameter Handler. …

Apr 17, 2026
CVE-2026-6493
3.5 LOW

A flaw has been found in lukevella rallly up to 4.7.4. This affects an unknown function of the file apps/web/src/app/[locale]/(auth)/reset-password/components/reset-password-form.tsx of the component Reset Password …

Apr 17, 2026
CVE-2026-41153
5.8 MEDIUM

In JetBrains Junie before 252.549.29 command execution was possible via malicious project file

Apr 17, 2026
CVE-2026-37749
9.8 CRITICAL

A SQL injection vulnerability in CodeAstro Simple Attendance Management System v1.0 allows remote unauthenticated attackers to bypass authentication via the username parameter in index.php.

Apr 17, 2026
CVE-2026-6492
5.3 MEDIUM

A vulnerability was detected in arnobt78 Hotel Booking Management System up to f8922d0e0f6ac1cc761974c7616f44c2bbc04bea. The impacted element is an unknown function of the file /api/health/detailed of …

Apr 17, 2026
CVE-2026-6491
5.3 MEDIUM

A security vulnerability has been detected in libvips up to 8.18.2. The affected element is the function im_minpos_vec of the file libvips/deprecated/vips7compat.c of the component …

Apr 17, 2026
CVE-2026-6490
7.3 HIGH

A weakness has been identified in QueryMine sms up to 7ab5a9ea196209611134525ffc18de25c57d9593. Impacted is an unknown function of the file admin/deletecourse.php of the component GET Request …

Apr 17, 2026
CVE-2026-40459
8.8 HIGH

PAC4J is vulnerable to LDAP Injection in multiple methods. A low-privileged remote attacker can inject crafted LDAP syntax into ID-based search parameters, potentially resulting in …

Apr 17, 2026
CVE-2026-40458
6.5 MEDIUM

PAC4J is vulnerable to Cross-Site Request Forgery (CSRF). A malicious attacker can craft a specially designed website which, when visited by a user, will automatically …

Apr 17, 2026
CVE-2026-31317
7.5 HIGH

Craftql v1.3.7 and before is vulnerable to Server-Side Request Forgery (SSRF) which allows an attacker to execute arbitrary code via the vendor/markhuot/craftql/src/Listeners/GetAssetsFieldSchema.php file

Apr 17, 2026
CVE-2025-70795
5.5 MEDIUM

STProcessMonitor 11.11.4.0, part of the Safetica Application suite, allows an admin-privileged user to send crafted IOCTL requests to terminate processes that are protected through a …

Apr 17, 2026
CVE-2026-6507
7.5 HIGH

A flaw was found in dnsmasq. A remote attacker could exploit an out-of-bounds write vulnerability by sending a specially crafted BOOTREPLY (Bootstrap Protocol Reply) packet …

Apr 17, 2026
CVE-2026-6489
6.3 MEDIUM

A security flaw has been discovered in QueryMine sms up to 7ab5a9ea196209611134525ffc18de25c57d9593. This issue affects some unknown processing of the file admin/addteacher.php of the component …

Apr 17, 2026
CVE-2026-6488
6.3 MEDIUM

A vulnerability was identified in QueryMine sms up to 7ab5a9ea196209611134525ffc18de25c57d9593. This vulnerability affects unknown code of the file admin/editcourse.php of the component GET Request Parameter …

Apr 17, 2026
CVE-2026-6487
4.3 MEDIUM

A flaw has been found in Qihui jtbc5 CMS 5.0.3.6. Affected is an unknown function of the file /dev/code/common/diplomat/manage.php of the component Code Endpoint. This …

Apr 17, 2026
CVE-2026-6486
3.5 LOW

A vulnerability was detected in classroombookings up to 2.17.0. This impacts the function read of the file crbs-core/application/views/layout.php of the component User Display Name Handler. …

Apr 17, 2026
CVE-2026-28263
5.9 MEDIUM

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 …

Apr 17, 2026
CVE-2026-23777
4.3 MEDIUM

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 …

Apr 17, 2026
CVE-2025-46641
6.6 MEDIUM

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 8.4 through 8.5 contain an improper authentication vulnerability. A high …

Apr 17, 2026
CVE-2025-46607
6.6 MEDIUM

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 8.4 through 8.5 contain an improper authentication vulnerability. A high …

Apr 17, 2026
CVE-2025-46606
6.2 MEDIUM

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 8.4 through 8.5 contain an improper restriction of excessive authentication …

Apr 17, 2026
CVE-2025-46605
6.2 MEDIUM

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 8.4 through 8.5 contain a session fixation vulnerability. A high …

Apr 17, 2026
CVE-2026-6483
7.2 HIGH

A vulnerability was found in Wavlink WL-WN530H4 20220721. This vulnerability affects the function strcat/snprintf of the file /cgi-bin/internet.cgi. The manipulation results in os command injection. …

Apr 17, 2026
CVE-2026-5131

GREENmod uses named pipes for communication between plugins, the web portal, and the system service, but the access control lists for these pipes are configured …

Apr 17, 2026
CVE-2026-35153
6.7 MEDIUM

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper neutralization of …

Apr 17, 2026
CVE-2026-35074
6.7 MEDIUM

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper neutralization of …

Apr 17, 2026
CVE-2026-35073
6.7 MEDIUM

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper neutralization of …

Apr 17, 2026
CVE-2026-35072
6.7 MEDIUM

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper neutralization of …

Apr 17, 2026
CVE-2026-23779
6.7 MEDIUM

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 …

Apr 17, 2026
CVE-2026-23776
7.2 HIGH

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 …

Apr 17, 2026
CVE-2026-6494
5.3 MEDIUM

A flaw was found in the AAP MCP server. An unauthenticated remote attacker can exploit a log injection vulnerability by sending specially crafted input to …

Apr 17, 2026
CVE-2026-6439
4.4 MEDIUM

The VideoZen plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 1.0.1. This is due to insufficient input sanitization …

Apr 17, 2026
CVE-2026-23778
7.2 HIGH

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 …

Apr 17, 2026
CVE-2026-23775
7.6 HIGH

Dell PowerProtect Data Domain appliances with Data Domain Operating System (DD OS) of Feature Release versions 8.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.10 …

Apr 17, 2026
CVE-2025-36568
7.8 HIGH

Dell PowerProtect Data Domain BoostFS for client of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through …

Apr 17, 2026
CVE-2025-15625

Unauthenticated user is able to execute arbitrary SQL commands in Sparx Pro Cloud Server database in certain cases.

Apr 17, 2026
CVE-2025-15624

Plaintext Storage of a Password vulnerability in Sparx Systems Pty Ltd. Sparx Pro Cloud Server. In a setup where OpenID is used as the primary …

Apr 17, 2026
CVE-2025-15623

Exposure of Private Personal Information to an Unauthorized Actor, : Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Sparx Systems Pty …

Apr 17, 2026
CVE-2025-15622

Insufficiently Protected Credentials vulnerability in Sparx Systems Pty Ltd. Sparx Enterprise Architect. Client reveals plaintext OAuth2 client secretDesktop client decodes the secret and uses the …

Apr 17, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.