CVE Database

108042+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-47778
4.4 MEDIUM

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, a structural flaw was identified …

Jun 26, 2026
CVE-2026-47775
6.8 MEDIUM

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, the OAuth2 HTTP filter's encrypt()/decrypt() …

Jun 26, 2026
CVE-2026-47692
4.8 MEDIUM

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.34.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, PROXY Protocol v2 header …

Jun 26, 2026
CVE-2026-47221
5.9 MEDIUM

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.18.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, the router filter contains …

Jun 26, 2026
CVE-2026-47207
6.5 MEDIUM

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.34.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, Envoy crashes if an …

Jun 26, 2026
CVE-2026-47206

Dragonfly is an in-memory data store built for modern application workloads. Prior to 1.39.9, Dragonfly has a RESP Protocol Injection via Lua redis.error_reply() in EvalSerializer. …

Jun 26, 2026
CVE-2026-47204
6.5 MEDIUM

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.26.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, the envoy.filters.http.grpc_stats filter crashes …

Jun 26, 2026
CVE-2026-33646
9.6 CRITICAL

mise manages dev tools like node, python, cmake, and terraform. Prior to 2026.3.10, mise processes .tool-versions files through the Tera template engine during parsing, with …

Jun 26, 2026
CVE-2026-57518
8.8 HIGH

Pagekit CMS 1.0.18 contains a privilege escalation vulnerability that allows authenticated users with the 'user: manage users' permission to escalate privileges by assigning arbitrary custom …

Jun 26, 2026
CVE-2026-57231
7.5 HIGH

Podman is a tool for managing OCI containers and pods. From 1.8.1 until 5.8.4, a container image that contains a environment variable with just a …

Jun 26, 2026
CVE-2026-56823
5.4 MEDIUM

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to , the `POST /api/integrations/webhooks/{webhook_id}/ping` endpoint fetches the target …

Jun 26, 2026
CVE-2026-56663
8.5 HIGH

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.52, an authenticated user can bypass the SSRF …

Jun 26, 2026
CVE-2026-55686
5.3 MEDIUM

Podman is a tool for managing OCI containers and pods. From 3.0.0 until 5.7.1, running a malicious container image where the WORKDIR path contains a …

Jun 26, 2026
CVE-2026-55677
7.5 HIGH

Echo is a Go web framework. Prior to 4.15.3 and 5.2.0, Echo's router and static file handler disagree on URL path decoding. The router matches …

Jun 26, 2026
CVE-2026-54636
9.0 CRITICAL

Dokku is a docker-powered PaaS. Prior to 0.38.7, the cron plugin utilizes commands in the app.json file to manage system cron running as the Dokku …

Jun 26, 2026
CVE-2026-48529
6.0 MEDIUM

GitHub MCP Server is GitHub's official MCP Server. From 0.22.0 until 1.1.2, when running in HTTP mode with --lockdown-mode enabled, the RepoAccessCache is implemented as …

Jun 26, 2026
CVE-2026-45408
9.0 CRITICAL

Dokku is a docker-powered PaaS. Prior to 0.38.2, the app name validation regex (^[a-z0-9][^/:_A-Z]*$) permits shell metacharacters. When an authenticated user pushes to a git …

Jun 26, 2026
CVE-2026-45407
5.0 MEDIUM

Dokku is a docker-powered PaaS. Prior to 0.38.2, the git:auth command creates $DOKKU_ROOT/.netrc using bash's touch command, which applies the default umask of 0644. This …

Jun 26, 2026
CVE-2026-45406
9.0 CRITICAL

Dokku is a docker-powered PaaS. Prior to 0.38.2, the openresty-vhosts plugin copies files from an app's openresty/http-includes/ git repository directory to the host and then …

Jun 26, 2026
CVE-2026-45405
9.0 CRITICAL

Dokku is a docker-powered PaaS. Prior to 0.38.2, the git:from-archive and certs:add commands extract user-supplied tar/zip archives into temporary directories without sanitizing member paths or …

Jun 26, 2026
CVE-2026-28385
5.0 MEDIUM

In Canonical LXD versions 4.12 through 6.9, a Server-Side Request Forgery (SSRF) vulnerability in the image import functionality allows authenticated users with the can_create_images entitlement …

Jun 26, 2026
CVE-2026-13434
4.9 MEDIUM

A flaw was found in KubeVirt's network annotation generator. When a tenant creates a VirtualMachineInstance with a Multus network configuration, the supplied networkName value is …

Jun 26, 2026
CVE-2026-11779

An Improper Authorization vulnerability exists in PayloadCMS version 3.84.1 due to insufficient access control on the account unlock operation.

Jun 26, 2026
CVE-2025-32423

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.32, there is a DoS vulnerability in ExtractTextInformationBlock. …

Jun 26, 2026
CVE-2025-32394

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.32, there is a DoS vulnerability in AITextSummarizerBlock. …

Jun 26, 2026
CVE-2026-9640
7.2 HIGH

A privilege escalation vulnerability exists in LXD from 6.0 before 6.9, 5.21.0 before 5.21.5, and 5.0.0 before 5.0.7 regarding the handling of project-restriction policies during …

Jun 26, 2026
CVE-2026-9639
6.5 MEDIUM

Nil-pointer dereference in CreateCustomVolumeFromBackup in LXD up to version 6.8 and 5.21 on Linux allows an authenticated user with can_create_storage_volumes permissions to cause a denial …

Jun 26, 2026
CVE-2026-5757
7.5 HIGH

Unauthenticated remote information disclosure vulnerability in Ollama's model quantization engine allows an attacker to read and exfiltrate the server's heap memory, potentially leading to sensitive …

Jun 26, 2026
CVE-2026-47214
7.1 HIGH

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. Prior to 2.94.0, the HTML backend has unsafe URI …

Jun 26, 2026
CVE-2026-45195
7.8 HIGH

Kernel software installed and running inside a Host VM may post improper commands to the GPU Firmware to trigger a memory read or write outside …

Jun 26, 2026
CVE-2026-44018
5.5 MEDIUM

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. From 2.45.0 until 2.91.0, the METS-GBS backend's XML parsing …

Jun 26, 2026
CVE-2026-21734
7.7 HIGH

A web page that contains unusual GPU shader code is loaded into the GPU compiler process and can trigger a write out-of-bounds write crash in …

Jun 26, 2026
CVE-2026-12411
8.4 HIGH

Broken Access Control in the devLXDInstancePatchHandler component of Canonical LXD allows an untrusted guest to mount, read, and overwrite another guest's custom storage volume via …

Jun 26, 2026
CVE-2026-0828
7.5 HIGH

Kernel driver ProcessMonitorDriver.sys in Safetica's endpoint client x64 , versions 10.5.75.0 and 11.11.4.0, allows unprivileged user to abuse IOCTL path and terminate protected system processes.

Jun 26, 2026
CVE-2026-0685
9.8 CRITICAL

Server side template inject (SSTI) in the expression evaluation component in Genshi Template Engine version 0.7.9 allows a remote attacker to achieve remote code execution …

Jun 26, 2026
CVE-2025-11919
9.6 CRITICAL

The default JVM can access files and directories under `/tmp/` including the `$TemporaryDirectory` of other users on the same cloud instance (`/tmp/UserTemporaryFiles/`). The `-init` file …

Jun 26, 2026
CVE-2023-20572

An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against the hash message authentication code, allowing the …

Jun 26, 2026
CVE-2023-20540

An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against the hash message authentication code, allowing arbitrary …

Jun 26, 2026
CVE-2026-9699
6.8 MEDIUM

Mattermost Plugins versions <=11.6 10.18.11 11.3.6 11.6.5.0 fail to sanitize error responses from the OpenAI API before logging, which allows a user with access to …

Jun 26, 2026
CVE-2026-57667
8.5 HIGH

Sales Representative SQL Injection in Groundhogg <= 4.5 versions.

Jun 26, 2026
CVE-2026-57665
5.3 MEDIUM

Unauthenticated Insecure Direct Object References (IDOR) in GravityView <= 3.0.0 versions.

Jun 26, 2026
CVE-2026-57664
4.3 MEDIUM

Unauthenticated Sensitive Data Exposure in Bopo – WooCommerce Product Bundle Builder <= 1.1.6 versions.

Jun 26, 2026
CVE-2026-57663
8.5 HIGH

Contributor SQL Injection in Recipe Maker For Your Food Blog from Zip Recipes <= 8.2.7 versions.

Jun 26, 2026
CVE-2026-57662
8.5 HIGH

Contributor SQL Injection in Contest Gallery <= 30.0.0 versions.

Jun 26, 2026
CVE-2026-57661
5.4 MEDIUM

Subscriber Broken Access Control in WPComplete <= 2.9.5.5 versions.

Jun 26, 2026
CVE-2026-57660
5.3 MEDIUM

Unauthenticated Broken Access Control in Booking and Rental Manager <= 2.7.1 versions.

Jun 26, 2026
CVE-2026-57659
8.8 HIGH

Unauthenticated Cross Site Request Forgery (CSRF) in Paid Memberships Pro - Add Member From Admin <= 0.7.2 versions.

Jun 26, 2026
CVE-2026-57658
9.1 CRITICAL

Administrator Arbitrary File Upload in TemplateSpare <= 4.2.0 versions.

Jun 26, 2026
CVE-2026-57657
4.3 MEDIUM

Unauthenticated Cross Site Request Forgery (CSRF) in Gmail SMTP <= 1.2.3.19 versions.

Jun 26, 2026
CVE-2026-57656
5.9 MEDIUM

Author Cross Site Scripting (XSS) in Hester Core <= 1.1.8 versions.

Jun 26, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.