CVE Database

36368+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-9753
8.1 HIGH

The $_internalApplyOplogUpdate aggregation pipeline stage can be used to execute a document diff containing a malformed binary diff to return memory out-of-bounds or crash the …

Jun 9, 2026
CVE-2026-9742
7.5 HIGH

When OIDC authentication is enabled in configuration, clients may set specific values in the "mechanism" parameter of the "authenticate" command that lead to server crash. …

Jun 9, 2026
CVE-2026-9740
7.5 HIGH

A vulnerability in MongoDB Server's BSON validation logic allows an unauthenticated user to crash the mongod process by sending a specially crafted message. The BSON …

Jun 9, 2026
CVE-2026-46374
7.5 HIGH

SQLFluff is a modular SQL linter and auto-formatter with support for multiple dialects and templated code. Prior to version 4.2.0, in deployments where untrusted users …

Jun 9, 2026
CVE-2026-46373
7.5 HIGH

SQLFluff is a modular SQL linter and auto-formatter with support for multiple dialects and templated code. Prior to version 4.1.0, in deployments where untrusted users …

Jun 9, 2026
CVE-2026-34713
7.5 HIGH

CAI Content Credentials versions [email protected], c2pa-v0.80.1 and earlier are affected by an Uncontrolled Resource Consumption vulnerability. An attacker could exploit this vulnerability to exhaust system …

Jun 9, 2026
CVE-2026-34712
7.5 HIGH

CAI Content Credentials versions [email protected], c2pa-v0.80.1 and earlier are affected by an Improper Input Validation vulnerability. An attacker could exploit this vulnerability to crash the …

Jun 9, 2026
CVE-2026-34711
7.5 HIGH

CAI Content Credentials versions [email protected], c2pa-v0.80.1 and earlier are affected by an Integer Overflow or Wraparound vulnerability. An attacker could exploit this vulnerability to crash …

Jun 9, 2026
CVE-2026-48292
7.8 HIGH

Format Plugins versions 1.1.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of …

Jun 9, 2026
CVE-2026-48291
7.8 HIGH

Format Plugins versions 1.1.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of …

Jun 9, 2026
CVE-2026-47960
7.4 HIGH

ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could lead to arbitrary file …

Jun 9, 2026
CVE-2026-47959
7.8 HIGH

Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context …

Jun 9, 2026
CVE-2026-47955
7.8 HIGH

Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context …

Jun 9, 2026
CVE-2026-47952
7.8 HIGH

Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context …

Jun 9, 2026
CVE-2026-47937
7.4 HIGH

Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an Uncontrolled Search Path Element vulnerability that could result in arbitrary code execution in the …

Jun 9, 2026
CVE-2026-47932
8.8 HIGH

ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result …

Jun 9, 2026
CVE-2026-47931
8.4 HIGH

ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of …

Jun 9, 2026
CVE-2026-47930
8.1 HIGH

ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A low-privileged attacker …

Jun 9, 2026
CVE-2026-47929
8.4 HIGH

ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the …

Jun 9, 2026
CVE-2026-47921
7.8 HIGH

Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context …

Jun 9, 2026
CVE-2026-47920
7.8 HIGH

Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context …

Jun 9, 2026
CVE-2026-47919
7.8 HIGH

Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context …

Jun 9, 2026
CVE-2026-47918
7.8 HIGH

Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context …

Jun 9, 2026
CVE-2026-47917
7.8 HIGH

Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context …

Jun 9, 2026
CVE-2026-47916
7.8 HIGH

Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context …

Jun 9, 2026
CVE-2026-47915
7.8 HIGH

Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context …

Jun 9, 2026
CVE-2026-47914
7.8 HIGH

Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context …

Jun 9, 2026
CVE-2026-47913
7.8 HIGH

Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context …

Jun 9, 2026
CVE-2026-47912
7.8 HIGH

Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context …

Jun 9, 2026
CVE-2026-47911
7.8 HIGH

Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of …

Jun 9, 2026
CVE-2026-11799
7.5 HIGH

UXSS in Focus for iOS / Klar Webkit navigation. This vulnerability was fixed in Focus for iOS 151.3.1 and Klar for iOS 151.3.1.

Jun 9, 2026
CVE-2025-71319
7.5 HIGH

image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted …

Jun 9, 2026
CVE-2026-48306
7.8 HIGH

Substance3D - Sampler versions 6.0.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of …

Jun 9, 2026
CVE-2026-48305
7.8 HIGH

Substance3D - Sampler versions 6.0.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of …

Jun 9, 2026
CVE-2026-47908
7.8 HIGH

Dreamweaver Desktop versions 21.7 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context …

Jun 9, 2026
CVE-2026-47907
8.2 HIGH

Dreamweaver Desktop versions 21.7 and earlier are affected by an Improper Access Control vulnerability that could lead to arbitrary file system read. An attacker could …

Jun 9, 2026
CVE-2026-47906
8.6 HIGH

Dreamweaver Desktop versions 21.7 and earlier are affected by a Dependency on Vulnerable Third-Party Component vulnerability that could result in arbitrary code execution in the …

Jun 9, 2026
CVE-2026-34710
7.8 HIGH

Substance3D - Sampler versions 6.0.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of …

Jun 9, 2026
CVE-2026-34709
7.8 HIGH

Substance3D - Sampler versions 6.0.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of …

Jun 9, 2026
CVE-2026-11824
7.8 HIGH

SQLite before 3.53.2 contains a heap-based buffer overflow vulnerability in the FTS5 full-text search extension that allows attackers to cause a crash or execute arbitrary …

Jun 9, 2026
CVE-2026-11822
7.8 HIGH

SQLite before 3.53.2 contains memory corruption vulnerabilities in the FTS5 full-text search extension that allow attackers to cause process crashes, memory exhaustion, or arbitrary code …

Jun 9, 2026
CVE-2026-8863
7.8 HIGH

Multiple Microsoft-sigend UEFI SHIM bootloaders are vulnerable to SecureBoot bypass. An attacker with administrative privileges or the ability to modify the boot process could use …

Jun 9, 2026
CVE-2026-39169
7.5 HIGH

SEMCMS 5.0 is vulnerable to unauthorized access in SEMCMS_copy.php.

Jun 9, 2026
CVE-2026-36823
7.5 HIGH

Shenzhen Tenda Technology Co., Ltd Tenda W20E v15.11.0.6 was discovered to contain a buffer overflow in the webAuthUserInfo parameter of the formAddWebAuthUser function. This vulnerability …

Jun 9, 2026
CVE-2026-36822
7.5 HIGH

Shenzhen Tenda Technology Co., Ltd Tenda W20E v15.11.0.6 was discovered to contain a buffer overflow in the macAddr parameter of the formDelStaState function. This vulnerability …

Jun 9, 2026
CVE-2026-36821
7.5 HIGH

Shenzhen Tenda Technology Co., Ltd Tenda W20E v15.11.0.6 was discovered to contain a buffer overflow in the picCropName parameter of the formCropAndSetWewifiPic function. This vulnerability …

Jun 9, 2026
CVE-2026-36820
7.5 HIGH

Shenzhen Tenda Technology Co., Ltd Tenda W20E v15.11.0.6 was discovered to contain a buffer overflow in the webAuthWhiteUserInfo parameter of the formAddWebAuthWhiteUser function. This vulnerability …

Jun 9, 2026
CVE-2026-36819
7.5 HIGH

Shenzhen Tenda Technology Co., Ltd Tenda W20E v15.11.0.6 was discovered to contain a buffer overflow in the bindMACAddr parameter of the fromSetDhcpRules function. This vulnerability …

Jun 9, 2026
CVE-2026-36818
7.5 HIGH

Shenzhen Tenda Technology Co., Ltd Tenda W20E v15.11.0.6 was discovered to contain a buffer overflow in the wewifiWhiteUserInfo parameter of the formAddWewifiWhiteUser function. This vulnerability …

Jun 9, 2026
CVE-2026-36817
7.5 HIGH

Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the webAuthWhiteUserInfo parameter of the formAddWebAuthWhiteUser function. This vulnerability …

Jun 9, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.