CVE Database

36368+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-50645
7.5 HIGH

There is no restriction on the amount of attachment headers that a message can contain when being deserialized by Apache CXF, which can lead to …

Jun 12, 2026
CVE-2026-50633
8.1 HIGH

A JNDI Injection vulnerability has been discovered in Apache CXF's JCA integration module, which can allow for code execution, if an attacker is able to …

Jun 12, 2026
CVE-2026-50632
8.1 HIGH

A further incomplete fix for a previous advisory CVE-2026-44417 (Untrusted JMS configuration can lead to RCE) for Apache CXF has been identified, which can allow …

Jun 12, 2026
CVE-2026-50631
7.4 HIGH

A race condition in AbstractOAuthDataProvider allows concurrent requests using the same Refresh Token to bypass single-use semantics and generate multiple valid Access Tokens, when 'recycleRefreshTokens' …

Jun 12, 2026
CVE-2026-11846
8.1 HIGH

The iVEC-IEI Virtualization Edge Computer developed by IEI Integration Corp has an Arbitrary File Deletion vulnerability, allowing authenticated remote attackers to exploit this vulnerability to …

Jun 12, 2026
CVE-2026-11845
7.2 HIGH

The iVEC-IEI Virtualization Edge Computer developed by IEI Integration Corp has a OS Command Injection vulnerability, allowing privileged remote attackers to inject arbitrary OS commands …

Jun 12, 2026
CVE-2026-12059
8.8 HIGH

The SSH service of CelloOS developed by Cellopoint has an Improper Access Control vulnerability, allowing authenticated remote attackers to bypass the enforced command restrictions and …

Jun 12, 2026
CVE-2026-44892
7.5 HIGH

Netty is a network application framework for development of protocol servers and clients. Prior to version 4.2.15.Final, the default configuration of the `Http3ConnectionHandler` in the …

Jun 12, 2026
CVE-2026-48612
8.0 HIGH

Improper state verification in the OAuth implementation could allow an attacker to manipulate the authentication flow and cause a victim’s account to be linked to …

Jun 12, 2026
CVE-2026-48610
8.1 HIGH

Under certain network configurations, a malicious actor with access to network could exploit an Improper Access Control vulnerability found in certain devices running UniFi OS …

Jun 12, 2026
CVE-2026-47368
8.6 HIGH

A malicious actor with access to the network could exploit a Path Traversal vulnerability found in certain devices running UniFi OS to obtain data from …

Jun 12, 2026
CVE-2026-47366
7.2 HIGH

Improper verification of access permissions when modifying permissions through the Administration Control Panel (ACP) allowed an authenticated administrator to grant permissions beyond the level authorized …

Jun 12, 2026
CVE-2026-11933
8.8 HIGH

A use-after-free vulnerability exists in MongoDB Server's server-side JavaScript engine when converting BSON documents to JavaScript arrays. An authenticated user with read privileges who is …

Jun 12, 2026
CVE-2026-45418
8.8 HIGH

ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - #132, any authenticated user who can upload videos can add multiple …

Jun 11, 2026
CVE-2026-6250
8.1 HIGH

An authenticated format string vulnerability exists in the ONVIF service of Tapo C110 v2 due to improper handling of user-controlled input. Externally controlled data is …

Jun 11, 2026
CVE-2026-44890
7.5 HIGH

Netty is a network application framework for development of protocol servers and clients. In netty-codec-redis prior to versions 4.1.135.Final and 4.2.15.Final, an attacker can cause …

Jun 11, 2026
CVE-2026-44250
7.5 HIGH

Netty is a network application framework for development of protocol servers and clients. In netty-codec-redis prior to versions 4.1.135.Final and 4.2.15.Final, an attacker can cause …

Jun 11, 2026
CVE-2026-44249
8.1 HIGH

Netty is a network application framework for development of protocol servers and clients. In netty-handler prior to versions 4.1.135.Final and 4.2.15.Final, an attacker can bypass …

Jun 11, 2026
CVE-2026-42653
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in iova.Mihai SliceWP allows Stored XSS. This issue affects SliceWP: from n/a through 1.2.6.

Jun 11, 2026
CVE-2026-12035
8.8 HIGH

Use after free in Views in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker to potentially exploit heap corruption via a crafted …

Jun 11, 2026
CVE-2026-12034
8.3 HIGH

Insufficient validation of untrusted input in Linux Toolkit Theming in Google Chrome on Linux prior to 149.0.7827.115 allowed a remote attacker who had compromised the …

Jun 11, 2026
CVE-2026-12031
8.3 HIGH

Inappropriate implementation in Views in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform …

Jun 11, 2026
CVE-2026-12030
8.3 HIGH

Out of bounds write in GPU in Google Chrome on Android prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to …

Jun 11, 2026
CVE-2026-12029
8.3 HIGH

Use after free in Video in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially …

Jun 11, 2026
CVE-2026-12028
8.3 HIGH

Use after free in GPU in Google Chrome on Android prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially …

Jun 11, 2026
CVE-2026-12023
8.3 HIGH

Use after free in GPU in Google Chrome on Mac prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially …

Jun 11, 2026
CVE-2026-12022
8.3 HIGH

Race in Safe Browsing in Google Chrome on Mac prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform …

Jun 11, 2026
CVE-2026-12020
8.8 HIGH

Use after free in Autofill in Google Chrome on Mac prior to 149.0.7827.115 allowed a remote attacker to potentially exploit heap corruption via a crafted …

Jun 11, 2026
CVE-2026-12019
8.3 HIGH

Heap buffer overflow in Codecs in Google Chrome on Linux and ChromeOS prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process …

Jun 11, 2026
CVE-2026-12018
8.8 HIGH

Inappropriate implementation in Mojo in Google Chrome on Windows prior to 149.0.7827.115 allowed a local attacker to perform OS-level privilege escalation via a malicious file. …

Jun 11, 2026
CVE-2026-12016
8.3 HIGH

Inappropriate implementation in DevTools in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox …

Jun 11, 2026
CVE-2026-12014
8.3 HIGH

Use after free in Cast in Google Chrome prior to 149.0.7827.115 allowed an attacker on the local network segment to potentially perform a sandbox escape …

Jun 11, 2026
CVE-2026-12012
8.1 HIGH

Use after free in Network in Google Chrome prior to 149.0.7827.115 allowed an attacker in a privileged network position to potentially exploit heap corruption via …

Jun 11, 2026
CVE-2026-12011
8.3 HIGH

Use after free in WebMIDI in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially …

Jun 11, 2026
CVE-2026-12010
8.3 HIGH

Heap buffer overflow in GPU in Google Chrome on Android prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially …

Jun 11, 2026
CVE-2026-12009
8.3 HIGH

Insufficient validation of untrusted input in Accessibility in Google Chrome on Mac prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process …

Jun 11, 2026
CVE-2026-12008
8.3 HIGH

Use after free in DigitalCredentials in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a …

Jun 11, 2026
CVE-2026-12007
8.8 HIGH

Use after free in Core in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker to execute arbitrary code via a crafted HTML …

Jun 11, 2026
CVE-2026-53819
8.8 HIGH

OpenClaw before 2026.5.27 contains an arbitrary code execution vulnerability in skill install flows where workspace .env files can override the Homebrew executable selection. Attackers with …

Jun 11, 2026
CVE-2026-53817
8.8 HIGH

OpenClaw before 2026.5.22 contains a locality validation vulnerability in Control UI pairing that allows attackers with network access to spoof locality information and obtain durable …

Jun 11, 2026
CVE-2026-53816
7.2 HIGH

OpenClaw before 2026.5.18 contains an insufficient provenance validation vulnerability in node event handling that allows paired nodes to forge exec lifecycle events without system.run authorization. …

Jun 11, 2026
CVE-2026-53814
8.3 HIGH

OpenClaw before 2026.5.20 contains a privilege escalation vulnerability where hook-triggered agent runs incorrectly receive owner-scoped MCP loopback authority instead of hook-appropriate scope. Attackers with a …

Jun 11, 2026
CVE-2026-53813
7.8 HIGH

OpenClaw before 2026.4.25 contains a path traversal vulnerability in memory-core artifact loading where workspace state influences local package root resolution. Attackers with access to affected …

Jun 11, 2026
CVE-2026-53812
7.7 HIGH

OpenClaw before 2026.5.18 contains a server-side request forgery vulnerability in browser control that allows authenticated users to bypass private-network navigation checks through Playwright act interactions. …

Jun 11, 2026
CVE-2026-53811
8.8 HIGH

OpenClaw before 2026.5.7 contains a privilege escalation vulnerability in the Matrix allowFrom feature that allows authenticated accounts to match policy entries through mutable display name …

Jun 11, 2026
CVE-2026-53810
8.8 HIGH

OpenClaw before 2026.5.18 contains a code execution vulnerability where marketplace runtime extension metadata can redirect loading toward unscanned package payloads. Attackers with trusted operator access …

Jun 11, 2026
CVE-2026-53807
8.8 HIGH

OpenClaw before 2026.5.6 contains an authorization bypass vulnerability in Telegram interactive callbacks that allows authenticated users to skip commands.allowFrom validation. Attackers can invoke affected callbacks …

Jun 11, 2026
CVE-2026-53806
8.8 HIGH

OpenClaw before 2026.5.12 contains a shell option parsing vulnerability that allows combined POSIX shell flags to bypass exec revalidation checks. Attackers can exploit this by …

Jun 11, 2026
CVE-2026-50245
7.7 HIGH

Brickcom cameras allow unauthenticated access to live snapshot images via the /ONVIF endpoint and no authentication is required to retrieve still images from the camera …

Jun 11, 2026
CVE-2026-50005
7.7 HIGH

Brickcom cameras ship with default credentials that allows any unauthenticated remote attacker to silently access camera feeds.

Jun 11, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.