CVE Database

36304+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-13040
7.2 HIGH

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'real_val__' parameter in all versions up …

Jul 3, 2026
CVE-2026-14327
7.5 HIGH

The AR for WordPress plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 8.40 via the 'file' parameter parameter. …

Jul 3, 2026
CVE-2026-54998
8.8 HIGH

Incorrect authorization in Microsoft Exchange Online allows an authorized attacker to elevate privileges over a network.

Jul 2, 2026
CVE-2026-50722
8.1 HIGH

Libreswan, via the function RSA_authenticate_hash_signature_pkcs1_1_5_rsa(), did not correctly verify the DER encoding of the ASN.1 digest when the IKEv2 AUTH payload was encoded using RSASSA-PKCS1-v1_5 …

Jul 2, 2026
CVE-2026-50721
8.1 HIGH

Libreswan, via the function RSA_authenticate_hash_signature_raw_rsa(), did not correctly verify the length of the authentication hash when the SIG payload of an IKEv1 packet was encoded …

Jul 2, 2026
CVE-2026-12413
7.5 HIGH

An invalidly formatted IKEv2 fragment causes the Libreswan pluto daemon to crash and restart. Continued exploitation would cause a denial of service. The function reassemble_v2_incoming_fragments() …

Jul 2, 2026
CVE-2026-58460
7.7 HIGH

react-native-receive-sharing-intent contains a path traversal vulnerability that allows a co-resident malicious application to write files outside the intended cache directory by supplying a crafted _display_name …

Jul 2, 2026
CVE-2026-52192
7.5 HIGH

An issue in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service via the gohead/sub_445C5C component

Jul 2, 2026
CVE-2026-52191
7.5 HIGH

Buffer Overflow vulnerability in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service via the gohead/sub_444C8C component

Jul 2, 2026
CVE-2026-52189
7.5 HIGH

Buffer Overflow vulnerability in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service via the gohead/sub_487330 component

Jul 2, 2026
CVE-2026-38972
7.8 HIGH

Notepad3 through 6.25.822.1 contains a DLL search-order hijacking vulnerability in the About-dialog code path in src/Notepad3.c. The application calls LoadLibrary(L"MSFTEDIT.DLL") with a bare DLL name, …

Jul 2, 2026
CVE-2026-38970
7.5 HIGH

pdfcpu through v0.11.1 contains an uncontrolled-recursion denial-of-service issue in pkg/pdfcpu/model/parse.go. The parser descends recursively through nested PDF objects, including arrays, via ParseObjectContext() and parseArray() without …

Jul 2, 2026
CVE-2026-38969
7.5 HIGH

ruby webrick through v1.9.2 WEBrick reparses trailer Content-Length into canonical request state, enabling request smuggling.

Jul 2, 2026
CVE-2026-59096
7.5 HIGH

Dapr Sentry's OIDC discovery endpoint derives the issuer and jwks_uri of the /.well-known/openid-configuration document from the request Host, honoring an attacker-controlled X-Forwarded-Host header without validation …

Jul 2, 2026
CVE-2026-59095
7.7 HIGH

LobeChat before 2.2.10-canary.18 contains a server-side request forgery vulnerability that allows authenticated attackers to direct internal HTTP requests to arbitrary URLs by supplying user-controlled input …

Jul 2, 2026
CVE-2026-59094
7.5 HIGH

Pathway through 0.31.1, fixed in commit d09722e, document store applies a caller-supplied glob pattern to indexed document paths using a hand-written recursive matcher that branches …

Jul 2, 2026
CVE-2026-59093
8.8 HIGH

Weaviate before 1.38.0 does not verify that a principal performing an RBAC role assignment holds the permissions granted by the assigned role. The assignRoleToUser and …

Jul 2, 2026
CVE-2026-59092
7.7 HIGH

JuiceFS through 1.3.1, fixed in commit a46979c, contains an authentication bypass vulnerability that allows unauthenticated remote attackers to access sensitive debug and metrics endpoints by …

Jul 2, 2026
CVE-2026-58467
7.5 HIGH

Cockpit CMS before release 364 contains a path traversal and local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files or execute PHP …

Jul 2, 2026
CVE-2026-52187
7.5 HIGH

Buffer Overflow vulnerability in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service via the gohead/sub_483ba0 component

Jul 2, 2026
CVE-2026-7311
8.1 HIGH

The TinyPNG – JPEG, PNG & WebP image compression plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in …

Jul 2, 2026
CVE-2026-58465
7.5 HIGH

Eclipse Wakaama before snapshot/2026-05-26 contains an unbounded memory allocation vulnerability in the CoAP Block1 handler within coap/block.c that allows unauthenticated remote attackers to exhaust server …

Jul 2, 2026
CVE-2024-58352
7.5 HIGH

Landray OA contains an unauthenticated HQL injection vulnerability that allows unauthenticated attackers to query arbitrary Hibernate entity classes by injecting malicious HQL syntax into the …

Jul 2, 2026
CVE-2026-44941
8.4 HIGH

A relative path traversal in the "keyhint" option in repomd.xml parsing of libzypp before 17.38.12 can be used by attackers able to supply a malicious …

Jul 2, 2026
CVE-2026-8079
7.3 HIGH

In Progress Flowmon versions prior to 12.5.9 and 13.0.11, a vulnerability exists whereby an authenticated low-privileged user may craft a request during the PDF generation …

Jul 2, 2026
CVE-2026-56842
7.5 HIGH

A malicious actor with access to the network and under certain conditions could exploit an Incorrect Authorization vulnerability found in UniFi Network Application to persist …

Jul 2, 2026
CVE-2026-56841
8.8 HIGH

A malicious actor with access to the network and low privileges could exploit an authenticated SQL Injection vulnerability found in UniFi Protect Application to escalate …

Jul 2, 2026
CVE-2026-55119
8.1 HIGH

A malicious actor with access to the network and low privileges could exploit an Improper Access Control vulnerability found in UniFi Talk Application to escalate …

Jul 2, 2026
CVE-2026-55118
8.3 HIGH

A malicious actor with access to the network,low privileges and under certain conditions could exploit an Improper Access Control vulnerability found in UniFi Network Application …

Jul 2, 2026
CVE-2026-55117
8.6 HIGH

A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi Access Application to access files on the host …

Jul 2, 2026
CVE-2026-55114
8.8 HIGH

A malicious actor with access to the network and low privileges could exploit an Improper Access Control vulnerability found in UniFi Network Application to escalate …

Jul 2, 2026
CVE-2026-55113
7.5 HIGH

A malicious actor with access to the network could exploit a Server-Side Request Forgery (SSRF) vulnerability found in UniFi Talk Application to execute a Denial …

Jul 2, 2026
CVE-2026-55112
7.5 HIGH

A malicious actor with access to the network and low privileges and under certain conditions could exploit an Improper Access Control vulnerability found in UniFi …

Jul 2, 2026
CVE-2026-55111
7.5 HIGH

A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi Protect Floodlight devices to access files on the …

Jul 2, 2026
CVE-2026-55110
7.5 HIGH

A malicious actor who lures an authenticated user to a malicious page could exploit a Cross-Origin Resource Sharing (CORS) misconfiguration found in UniFi OS to …

Jul 2, 2026
CVE-2026-54409
7.5 HIGH

A malicious actor with access to the network and under certain conditions could exploit an Improper Initialization vulnerability found in UniFi Protect Application to bypass …

Jul 2, 2026
CVE-2026-54408
8.6 HIGH

A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi Protect Application to bypass authentication for data …

Jul 2, 2026
CVE-2026-54407
8.6 HIGH

A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi Protect Application to bypass authentication in certain …

Jul 2, 2026
CVE-2026-54406
8.7 HIGH

A malicious actor with access to the network and high privileges could exploit a Path Traversal vulnerability found in self-hosted instances of UniFi Network Application …

Jul 2, 2026
CVE-2026-54405
7.5 HIGH

A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi Network Application to execute a Denial of …

Jul 2, 2026
CVE-2026-54404
8.8 HIGH

A malicious actor with access to the network and low privileges could exploit a series of authenticated SQL Injection vulnerabilities found in UniFi OS to …

Jul 2, 2026
CVE-2026-54403
8.6 HIGH

A malicious actor with access to the network could exploit a Path Traversal vulnerability found in certain devices running UniFi OS to bypass authentication of …

Jul 2, 2026
CVE-2026-54401
7.7 HIGH

A malicious actor with access to the network and low privileges could exploit a Server-Side Request Forgery (SSRF) to escalate privileges within such UniFi OS …

Jul 2, 2026
CVE-2026-12168
7.8 HIGH

An improper validation vulnerability for driver `GFAC_Sys_x64.sys` in Little Orbit GFAC allows a local attacker to escalate privileges to SYSTEM and execute arbitrary code in …

Jul 2, 2026
CVE-2026-12167
7.8 HIGH

The Minifilter communication port for driver `GFAC_Sys_x64.sys` in Little Orbit GFAC allows a local attacker to access privileged driver functionality via a communication interface that …

Jul 2, 2026
CVE-2026-58652
7.5 HIGH

luci-app-travelmate (and the travelmate package) contain a privilege-escalation flaw: a LuCI/rpcd session holding the luci-app-travelmate write ACL is granted config-wide UCI write access to the …

Jul 2, 2026
CVE-2026-57766
8.8 HIGH

Unauthenticated Cross Site Request Forgery (CSRF) in WPIDE – File Manager & Code Editor <= 3.5.6 versions.

Jul 2, 2026
CVE-2026-57765
8.5 HIGH

Contributor SQL Injection in WP EasyCart <= 5.9.0 versions.

Jul 2, 2026
CVE-2026-57761
7.1 HIGH

Unauthenticated Cross Site Request Forgery (CSRF) in SEOWP <= 3.12.2 versions.

Jul 2, 2026
CVE-2026-57759
8.8 HIGH

Unauthenticated Cross Site Request Forgery (CSRF) in ProfileGrid <= 5.9.9.7 versions.

Jul 2, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.