CVE Database

110968+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-33472
4.8 MEDIUM

Cryptomator is an open-source client-side encryption application for cloud storage. Version 1.19.1 contains a logic flaw in CheckHostTrustController.getAuthority() that allows an attacker to bypass the …

Apr 16, 2026
CVE-2026-40901
8.8 HIGH

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below ship the legacy velocity-1.7.jar, which pulls in commons-collections-3.2.1.jar containing the InvokerTransformer deserialization …

Apr 16, 2026
CVE-2026-40900
8.8 HIGH

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the /de2api/datasetData/previewSql endpoint. The user-supplied SQL …

Apr 16, 2026
CVE-2026-40899
6.5 MEDIUM

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a JDBC parameter blocklist bypass vulnerability in the MySQL datasource configuration. …

Apr 16, 2026
CVE-2026-33207
8.8 HIGH

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the /datasource/getTableField endpoint. The getTableFiledSql method …

Apr 16, 2026
CVE-2026-33122
9.8 CRITICAL

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the API datasource update process. When …

Apr 16, 2026
CVE-2025-54502

Incorrect use of boot service in the AMD Platform Configuration Blob (APCB) SMM driver could allow a privileged attacker with local access (Ring 0) to …

Apr 16, 2026
CVE-2026-6442
8.3 HIGH

Improper validation of bash commands in Snowflake Cortex Code CLI versions prior to 1.0.25 allowed subsequent commands to execute outside the sandbox. An attacker could …

Apr 16, 2026
CVE-2026-33121
8.8 HIGH

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the API datasource saving process. The …

Apr 16, 2026
CVE-2026-33084
8.8 HIGH

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the sort parameter of the /de2api/datasetData/enumValueObj …

Apr 16, 2026
CVE-2025-54510

A missing lock verification in AMD Secure Processor (ASP) firmware may permit a locally authenticated attacker with administrative privileges to alter MMIO routing on some …

Apr 16, 2026
CVE-2025-43937
6.6 MEDIUM

Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an insertion of sensitive information into log file vulnerability. A low privileged attacker with local access could …

Apr 16, 2026
CVE-2025-43935
4.4 MEDIUM

Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an improper resource shutdown or release vulnerability. A high privileged attacker with local access could potentially exploit …

Apr 16, 2026
CVE-2023-20585

Insufficient checks of the RMP on host buffer access in IOMMU may allow an attacker with privileges and a compromised hypervisor to trigger an out …

Apr 16, 2026
CVE-2026-41082
7.3 HIGH

In OCaml opam before 2.5.1, a .install field containing a destination filepath can use ../ to reach a parent directory.

Apr 16, 2026
CVE-2026-33083
8.8 HIGH

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the orderDirection parameter used in dataset-related …

Apr 16, 2026
CVE-2026-33082
9.8 CRITICAL

DataEase is an open source data visualization analysis tool. Versions 2.10.20 and below contain a SQL injection vulnerability in the dataset export functionality. The expressionTree …

Apr 16, 2026
CVE-2026-2336

A privilege escalation vulnerability in Microchip IStaX allows an authenticated low-privileged user to recover a shared per-device cookie secret from their own webstax_auth session cookie …

Apr 16, 2026
CVE-2026-27820

zlib is a Ruby interface for the zlib compression/decompression library. Versions 3.0.0 and below, 3.1.0, 3.1.1, 3.2.0 and 3.2.1 contain a buffer overflow vulnerability in …

Apr 16, 2026
CVE-2026-24749
5.3 MEDIUM

The Silverstripe Assets Module is a required component of Silverstripe Framework. In versions prior to 2.4.5 and 3.0.0-rc1 through 3.1.2, images rendered in templates or …

Apr 16, 2026
CVE-2025-43883
4.1 MEDIUM

Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an improper check for unusual or exceptional conditions vulnerability. A high privileged attacker with local access could …

Apr 16, 2026
CVE-2026-41080
2.9 LOW

libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.

Apr 16, 2026
CVE-2025-36579
5.1 MEDIUM

Dell Client Platform BIOS contains a Weak Password Recovery Mechanism vulnerability. An unauthenticated attacker with physical access to the system could potentially exploit this vulnerability, …

Apr 16, 2026
CVE-2026-5426
7.5 HIGH

Hard-coded ASP.NET/IIS machineKey value in Digital Knowledge KnowledgeDeliver deployments prior to February 24, 2026 allows adversaries to circumvent ViewState validation mechanisms and achieve remote code …

Apr 16, 2026
CVE-2026-37100
6.5 MEDIUM

An issue in the Bluetooth Low Energy (BLE) control interface of the Yamaha SR-B30A sound bar firmware 2.40 (Mobile App: Sound Bar Remote / version: …

Apr 16, 2026
CVE-2026-6409

A Denial of Service (DoS) vulnerability exists in the Protobuf PHP library during the parsing of untrusted input. Maliciously structured messages—specifically those containing negative varints …

Apr 16, 2026
CVE-2026-3324
8.2 HIGH

Zohocorp ManageEngine Log360 versions 13000 through 13013 are vulnerable to authentication bypass on certain actions due to improper filter configuration.

Apr 16, 2026
CVE-2026-37347
9.1 CRITICAL

SourceCodester Payroll Management and Information System v1.0 is vulnerable to SQL Injection in the file /payroll/view_employee.php.

Apr 16, 2026
CVE-2026-37346
4.7 MEDIUM

SourceCodester Payroll Management and Information System v1.0 is vulnerable to SQL Injection in the file /payroll/view_account.php?emp_id=.

Apr 16, 2026
CVE-2026-37345
9.8 CRITICAL

SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the file /parking/manage_park.php.

Apr 16, 2026
CVE-2026-37344
7.2 HIGH

SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the file /parking/manage_location.php.

Apr 16, 2026
CVE-2026-37343
7.2 HIGH

SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the file /parking/manage_user.php.

Apr 16, 2026
CVE-2026-37342
7.2 HIGH

SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the file /parking/view_parked_details.php.

Apr 16, 2026
CVE-2026-37341
7.2 HIGH

SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the file /parking/manage_category.php.

Apr 16, 2026
CVE-2026-37340
9.8 CRITICAL

SourceCodester Simple Music Cloud Community System v1.0 is vulnerable to SQL Injection in the file /music/edit_music.php.

Apr 16, 2026
CVE-2026-37339
9.8 CRITICAL

SourceCodester Simple Music Cloud Community System v1.0 is vulnerable to SQL Injection in the file /music/view_genre.php.

Apr 16, 2026
CVE-2026-37338
9.4 CRITICAL

SourceCodester Simple Music Cloud Community System v1.0 is vulnerable to SQL Injection in the file /music/view_user.php.

Apr 16, 2026
CVE-2026-37337
7.3 HIGH

SourceCodester Simple Music Cloud Community System v1.0 is vulnerable to SQL Injection in the file /music/view_playlist.php.

Apr 16, 2026
CVE-2026-37336
7.3 HIGH

SourceCodester Simple Music Cloud Community System v1.0 is vulnerable to SQL Injection in the file /music/view_music.php.

Apr 16, 2026
CVE-2026-33804
7.4 HIGH

@fastify/middie versions 9.3.1 and earlier are vulnerable to middleware bypass when the deprecated Fastify ignoreDuplicateSlashes option is enabled. The middleware path matching logic does not …

Apr 16, 2026
CVE-2026-30656
7.5 HIGH

A NULL pointer dereference vulnerability exists in fio (Flexible I/O Tester) v3.41 when parsing job files containing the fdp_pli option. The callback function str_fdp_pli_cb() does …

Apr 16, 2026
CVE-2026-30459
7.1 HIGH

An issue in the Forgot Password feature of Daylight Studio FuelCMS v1.5.2 allows unauthenticated attackers to obtain the password reset token of a victim user …

Apr 16, 2026
CVE-2026-2840
6.4 MEDIUM

The Email Encoder – Protect Email Addresses and Phone Numbers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'eeb_mailto' shortcode in all …

Apr 16, 2026
CVE-2026-6410
5.3 MEDIUM

@fastify/static versions 8.0.0 through 9.1.0 allow path traversal when directory listing is enabled via the list option. The dirList.path() function resolves directories outside the configured …

Apr 16, 2026
CVE-2026-6270
9.1 CRITICAL

@fastify/middie versions 9.3.1 and earlier do not register inherited middleware directly on child plugin engine instances. When a Fastify application registers authentication middleware in a …

Apr 16, 2026
CVE-2026-5785
8.1 HIGH

Zohocorp ManageEngine PAM360 versions before 8531 and ManageEngine Password Manager Pro versions from 8600 to 13230 are vulnerable to Authenticated SQL injection in the query …

Apr 16, 2026
CVE-2026-4160
5.3 MEDIUM

The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference via the …

Apr 16, 2026
CVE-2026-31987
7.5 HIGH

JWT Tokens used by tasks were exposed in logs. This could allow UI users to act as Dag Authors. Users are advised to upgrade to …

Apr 16, 2026
CVE-2026-6414
5.9 MEDIUM

@fastify/static versions 8.0.0 through 9.1.0 decode percent-encoded path separators (%2F) before filesystem resolution, while Fastify's router treats them as literal characters. This mismatch allows attackers …

Apr 16, 2026
CVE-2026-31843
9.8 CRITICAL

The goodoneuz/pay-uz Laravel package (<= 2.2.24) contains a critical vulnerability in the /payment/api/editable/update endpoint that allows unauthenticated attackers to overwrite existing PHP payment hook files. …

Apr 16, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.