CVE Database

4399+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-45278
3.3 LOW

Nextcloud is an open source content collaboration platform. From version 6.1.0 to before version 8.2.2, an attacker can craft links that would redirect users to …

Jun 1, 2026
CVE-2026-45277
3.3 LOW

Nextcloud is an open source content collaboration platform. Prior to version 2.7.2, authenticated users can check if arbitrary files are associated with specific approval workflows …

Jun 1, 2026
CVE-2026-30963
3.9 LOW

Capsule is a multi-tenancy and policy-based framework for Kubernetes. To defend against namespace hijacking achieved through update/patch operations on namespaces, Capsule uses a webhook to …

Jun 1, 2026
CVE-2026-45266
3.5 LOW

Nextcloud is an open source content collaboration platform. Prior to versions 21.1.10, 22.0.11, and 23.0.3, a low-privileged user can force other user's microphones to be …

Jun 1, 2026
CVE-2026-45159
3.5 LOW

Nextcloud is an open source content collaboration platform. From versions 1.15.0 to before 1.15.4, 1.16.0 to before 1.16.3, 1.17.0 to before 1.17.1, and 1.18.0 to …

Jun 1, 2026
CVE-2026-45155
2.6 LOW

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.7 and 33.0.0 to before 33.0.1, a missing access …

Jun 1, 2026
CVE-2026-45154
2.6 LOW

Nextcloud is an open source content collaboration platform. From version 2.6.0 to before version 4.3.0, when a previous collective pages was deleted and the collective …

Jun 1, 2026
CVE-2026-10268
3.3 LOW

A weakness has been identified in janet-lang janet up to 1.41.0. This vulnerability affects the function unmarshal_one_fiber of the file src/core/marsh.c. Executing a manipulation can …

Jun 1, 2026
CVE-2026-10267
3.3 LOW

A security flaw has been discovered in janet-lang janet up to 1.41.0. This affects the function doframe of the file src/core/debug.c. Performing a manipulation results …

Jun 1, 2026
CVE-2026-10264
3.5 LOW

A vulnerability was determined in lharries whatsapp-mcp 0.0.1. Affected by this vulnerability is the function SendMessageRequest of the file whatsapp-bridge/main.go of the component Send API …

Jun 1, 2026
CVE-2026-10247
3.5 LOW

A vulnerability was found in SourceCodester Pharmacy Sales and Inventory System 1.0. This vulnerability affects the function create_generic_name of the file /ShowForm/create_generic_name/main. The manipulation of …

Jun 1, 2026
CVE-2026-10246
3.5 LOW

A vulnerability has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects the function create_medicine_presentation of the file /ShowForm/create_medicine_presentation/main. The manipulation of …

Jun 1, 2026
CVE-2026-10245
3.5 LOW

A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. Affected by this issue is the function create_supplier of the file /ShowForm/create_supplier/main. …

Jun 1, 2026
CVE-2026-10244
3.5 LOW

A vulnerability was detected in SourceCodester Pharmacy Sales and Inventory System 1.0. Affected by this vulnerability is the function create_medicine_name of the file /ShowForm/create_medicine_name/main. Performing …

Jun 1, 2026
CVE-2026-45426
3.1 LOW

Exploitation requires the attacker to already be an authenticated Airflow worker holding a valid Log-server JWT issued for at least one Dag. Apache Airflow's Log …

Jun 1, 2026
CVE-2026-40963
3.1 LOW

The structure_data endpoint in the Airflow UI returned external dependency graph nodes for linked Dags without checking whether the caller had read permission on those …

Jun 1, 2026
CVE-2026-10234
3.5 LOW

A vulnerability was detected in Mettle sendportal up to 3.0.1. This affects an unknown part of the file /webview/ of the component Campaign Handler. The …

Jun 1, 2026
CVE-2026-10233
3.3 LOW

A security vulnerability has been detected in Assimp up to 6.0.4. Affected by this issue is the function HL1MDLLoader::read_sequence_infos of the file HL1MDLLoader.cpp of the …

Jun 1, 2026
CVE-2026-10228
3.5 LOW

A vulnerability was found in raisulislamg4 student_management_system_by_php up to 310d950e09013d5133c6b9210aff9444382d16d1. The impacted element is an unknown function of the file admission_form_check.php. The manipulation of the …

Jun 1, 2026
CVE-2026-48191
3.5 LOW

An incorrect handling of permissions in STORM powered by OTRS and in OTRS (2026.x and above) Document Search Article Meta Filters modules allows gaining knowledge …

Jun 1, 2026
CVE-2026-48190
3.5 LOW

An incorrect handling of permissions in OTRS External Interface and the ConfigItem List module allows an authenticated customer to query the system for CI information. …

Jun 1, 2026
CVE-2026-10216
3.7 LOW

A vulnerability was detected in unitedbyai droidclaw up to 0.5.3. The affected element is an unknown function of the file server/src/routes/pairing.ts of the component claim …

Jun 1, 2026
CVE-2026-10201
3.3 LOW

A vulnerability was determined in Assimp up to 6.0.4. This vulnerability affects the function FBXExporter::WriteObjects of the file FBXExporter.cpp of the component UV Channel Handler. …

Jun 1, 2026
CVE-2026-10199
3.3 LOW

A vulnerability has been found in Assimp up to 6.0.4. Affected by this issue is the function glTF2::LazyDict in the library glTF2Asset.h. Such manipulation of …

May 31, 2026
CVE-2026-10198
3.3 LOW

A flaw has been found in Assimp up to 6.0.4. Affected by this vulnerability is the function Assimp::glTFImporter::ImportMeshes of the file glTFImporter.cpp of the component …

May 31, 2026
CVE-2026-10197
3.3 LOW

A vulnerability was detected in Assimp up to 6.0.4. Affected is the function glTF2Importer::ImportEmbeddedTextures in the library code/AssetLib/glTF2/glTF2Importer.cpp of the component TF File Handler. The …

May 31, 2026
CVE-2026-10169
3.7 LOW

A vulnerability was detected in OUSL-GROUP-BrinaryBrains School Student Management System up to 1e70e5ad1125b86dca4ee086eb6bb121f17708b6. Affected by this vulnerability is the function ajax_forgot_password of the file application/controllers/Login.php …

May 31, 2026
CVE-2026-10112
2.4 LOW

A vulnerability has been found in sambitraj STUDENT-MANAGEMENT-SYSTEM 1.0. Affected is an unknown function of the component Dashboard Page. The manipulation of the argument Name …

May 30, 2026
CVE-2026-45613
3.3 LOW

Rizin is a UNIX-like reverse engineering framework and command-line toolset. There is a heap-buffer-overflow in librz/bin/format/omf/omf.c. This vulnerability is fixed by commit e6d0937c8a083e23ed76ccfb9f631cdc50c7af47.

May 29, 2026
CVE-2026-45324
3.3 LOW

Rizin is a UNIX-like reverse engineering framework and command-line toolset. There is a double free in librz/core/cmd/cmd_search.c:byte_pattern_search() due wrong pointer ownership declared. This vulnerability is …

May 29, 2026
CVE-2026-49383
3.3 LOW

In JetBrains IntelliJ IDEA before 2026.1 xXE in the UI Designer form parser was possible

May 29, 2026
CVE-2026-49381
3.4 LOW

In JetBrains TeamCity before 2026.1 stored XSS on the SAML login page was possible

May 29, 2026
CVE-2026-49380
3.1 LOW

In JetBrains TeamCity before 2026.1 open redirect in the SAML plugin was possible

May 29, 2026
CVE-2026-49370
3.4 LOW

In JetBrains YouTrack before 2026.1.13162 information disclosure was possible on fetchApp requests

May 29, 2026
CVE-2026-49318
2.4 LOW

Incorrect behavior order in the Infotainment / Digital Round display of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker …

May 29, 2026
CVE-2026-49317
2.4 LOW

Incorrect behavior order in the Infotainment / Digital Round display of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker …

May 29, 2026
CVE-2026-40528
3.8 LOW

OpenSC before 0.27.0, fixed in commit 0358817, contains a stack and heap buffer overrun vulnerability in the do_key_value() function in src/pkcs15init/profile.c that allows attackers to …

May 29, 2026
CVE-2026-40510
3.8 LOW

OpenSC before 0.27.0-rc1, fixed in commit 3f24f0b, contains a stack buffer overflow vulnerability in piv_process_history() in src/libopensc/card-piv.c that allows physically present attackers to trigger memory …

May 29, 2026
CVE-2026-10078
2.7 LOW

A flaw was found in the Quay config-tool's GitLab OAuth validator. This vulnerability causes sensitive credentials, specifically client_id and client_secret, to be transmitted as plaintext …

May 29, 2026
CVE-2026-9991
3.1 LOW

Inappropriate implementation in Media in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to leak cross-origin …

May 28, 2026
CVE-2026-9959
3.1 LOW

Race in WebRTC in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium …

May 28, 2026
CVE-2026-9950
3.1 LOW

Insufficient validation of untrusted input in iOS in Google Chrome on iOS prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process …

May 28, 2026
CVE-2026-9944
3.1 LOW

Uninitialized Use in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via …

May 28, 2026
CVE-2026-9920
3.1 LOW

Uninitialized Use in GPU in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to leak cross-origin …

May 28, 2026
CVE-2026-6816
3.8 LOW

An access bypass vulnerability in Drupal TFA Basic Plugins allows users with the administer users permission to view or generate recovery codes for other users. …

May 28, 2026
CVE-2026-10011
3.1 LOW

Inappropriate implementation in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via …

May 28, 2026
CVE-2026-47713
2.0 LOW

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to 1.13.0, an approved …

May 28, 2026
CVE-2026-45403
2.0 LOW

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to 1.13.0, the AnythingLLM …

May 28, 2026
CVE-2026-47337
3.3 LOW

Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches with a possible NULL pointer dereference in the handling of AF_INET/AF_INET6 socket mediation. The bug can …

May 28, 2026
CVE-2026-47336
3.3 LOW

Ubuntu Linux 6.8 contains SAUCE patches with a possible use of an uninitialized variable in AppArmor AF_INET/AF_INET6 socket mediation code. The bug can be triggered …

May 28, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.