CVE Database

36368+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-4035
7.7 HIGH

A vulnerability in mlflow/mlflow versions prior to 3.11.0 allows for the resolution of environment variables in AI Gateway secrets, which can be exploited to exfiltrate …

Jun 3, 2026
CVE-2025-15654
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fox-themes Prague allows Reflected XSS. This issue affects Prague: from n/a through 2.2.8.

Jun 3, 2026
CVE-2026-50031
7.5 HIGH

ipmi-oem in FreeIPMI before 1.6.18 has exploitable buffer overflows on response messages. The Intelligent Platform Management Interface (IPMI) specification defines a set of interfaces for …

Jun 3, 2026
CVE-2026-10704
7.3 HIGH

A vulnerability was detected in SourceCodester Pizzafy E-Commerce System 1.0. Affected by this vulnerability is the function Login of the file /admin/admin_class_novo.php of the component …

Jun 3, 2026
CVE-2026-9516
7.5 HIGH

Cpanel::JSON::XS versions before 4.41 for Perl allow denial of service via UTF-8 BOM prefixed input when a decode filter callback throws. To skip a leading …

Jun 3, 2026
CVE-2026-9334
7.3 HIGH

Cpanel::JSON::XS versions before 4.41 for Perl allow type confusion via duplicate object keys when dupkeys_as_arrayref is enabled. decode_hv() collapses duplicate object keys into an array …

Jun 3, 2026
CVE-2026-10694
7.3 HIGH

A vulnerability was detected in SourceCodester Online Food Ordering System 2.0. Affected by this issue is the function include of the file /index.php. The manipulation …

Jun 3, 2026
CVE-2026-44654
8.1 HIGH

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, a shared-agent editor can delete file records …

Jun 2, 2026
CVE-2026-42504
7.5 HIGH

Decoding a maliciously-crafted MIME header containing many invalid encoded-words can consume excessive CPU.

Jun 2, 2026
CVE-2026-35482
8.0 HIGH

alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to version 2.0-M5-2606, a sandbox escape vulnerability in the …

Jun 2, 2026
CVE-2026-31942
7.1 HIGH

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.7.6, an Insecure Direct Object Reference (IDOR) vulnerability …

Jun 2, 2026
CVE-2024-14036
7.5 HIGH

Dräger Core 1.0.5 and Dräger M540 Converter Service 1.0.9 contain a denial of service vulnerability that allows network-adjacent attackers to trigger high CPU load by …

Jun 2, 2026
CVE-2022-4992
8.6 HIGH

Dräger Infinity Acute Care System and Standalone Infinity M540 patient monitors versions VG4.1.1, VG4.0.3, and lower (with VG4.2 partially affected) contain a network message handling …

Jun 2, 2026
CVE-2021-4481
8.2 HIGH

Dräger Protector Software prior to version 6.4.2 contains a local privilege escalation vulnerability due to insecure file system permissions that allows local attackers to execute …

Jun 2, 2026
CVE-2021-4480
8.2 HIGH

Dräger Protector Software prior to version 6.4.2 contains a local privilege escalation vulnerability due to insecure file system permissions that allows local attackers to execute …

Jun 2, 2026
CVE-2026-49443
8.8 HIGH

authentik is an open-source identity provider. Prior to versions 2025.12.6, 2026.2.4, and 2026.5.1, an attacker with the ability to change a source connection, and an …

Jun 2, 2026
CVE-2026-49143
8.8 HIGH

BrowserStack Runner through 0.9.5 contains a remote code execution vulnerability in the /_log HTTP handler that allows unauthenticated network-adjacent attackers to execute arbitrary code by …

Jun 2, 2026
CVE-2026-47201
8.5 HIGH

authentik is an open-source identity provider. Prior to versions 2025.12.5, 2026.2.3, and 2026.5.1, authentik's SAML Source ACS endpoint is vulnerable to XML Signature Wrapping when …

Jun 2, 2026
CVE-2026-10620
7.3 HIGH

A flaw has been found in code-projects Student Admission System 1.0. Affected is an unknown function of the file /index.php. This manipulation of the argument …

Jun 2, 2026
CVE-2026-10619
7.3 HIGH

A vulnerability was detected in sayan365 student-management-system up to 7f3c9ce7d410332335c2affac93a385485051800. This impacts an unknown function. The manipulation results in improper authentication. The attack can be …

Jun 2, 2026
CVE-2026-8036
7.1 HIGH

Improper input validation in NI-PAL may allow a local authenticated user to access arbitrary system memory, potentially leading to privilege escalation. This vulnerability affects NI-PAL …

Jun 2, 2026
CVE-2026-8035
7.1 HIGH

Improper input validation in the NI-PAL kernel driver may allow a local authenticated user to cause a denial of service by triggering a crash due …

Jun 2, 2026
CVE-2026-5073
7.5 HIGH

The ARMember Premium plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the 'arm_directory_paging_action' AJAX action in all versions up to, …

Jun 2, 2026
CVE-2026-49120
8.5 HIGH

Medplum before 5.1.14 contains a server-side request forgery vulnerability in the subscription worker that allows authenticated users to perform unauthorized internal network requests by creating …

Jun 2, 2026
CVE-2026-47265
7.5 HIGH

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, cookies set with the `cookies` parameter on requests are sent …

Jun 2, 2026
CVE-2026-42342
7.5 HIGH

React Router is a router for React. In versions 7.0.0 through 7.14.x of react-router and versions 2.10.0 through 2.17.4 of @remix-run/server-runtime, certain crafted requests can …

Jun 2, 2026
CVE-2026-42211
8.1 HIGH

React Router is a router for React. In versions 7.0.0 through 7.14.1, when using Framework Mode, a combination of steps could potentially allow unauthorized remote …

Jun 2, 2026
CVE-2026-41577
7.5 HIGH

authentik is an open-source identity provider. Prior to versions 2025.12.5 and 2026.2.3, the SAML source response processor (ResponseProcessor.parse()) does not validate the Conditions element on …

Jun 2, 2026
CVE-2026-34077
7.5 HIGH

React Router is a router for React. In versions 7.7.0 through 7.13.1, when using React Router's unstable React Server Components (RSC) APIs, there is a …

Jun 2, 2026
CVE-2026-33245
8.0 HIGH

React Router is a router for React. In versions 7.7.0 through 7.13.1, when using React Router's unstable React Server Components (RSC) APIs, there is a …

Jun 2, 2026
CVE-2026-28299
8.2 HIGH

SolarWinds Web Help Desk is found to be affected by a denial-of-service vulnerability, which when exploited, could cause the Web Help Desk server to crash …

Jun 2, 2026
CVE-2026-1829
8.8 HIGH

The Content Visibility for Divi Builder plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.02 via the …

Jun 2, 2026
CVE-2026-10701
7.5 HIGH

Incorrect boundary conditions in the Graphics: Text component. This vulnerability was fixed in Firefox 151.0.3.

Jun 2, 2026
CVE-2026-10617
7.3 HIGH

A security vulnerability has been detected in nextlevelbuilder GoClaw up to 3.11.3. This affects the function resolveAuth of the file internal/http/auth.go of the component Webhook …

Jun 2, 2026
CVE-2026-10608
7.3 HIGH

A security flaw has been discovered in DedeCMS 5.7.88. This affects the function RemoveXSS of the file /plus/carbuyaction.php. The manipulation of the argument postname/des results …

Jun 2, 2026
CVE-2026-10607
7.3 HIGH

A vulnerability was identified in DedeCMS 5.7.88. The impacted element is the function dede_htmlspecialchars of the file /plus/flink.php. The manipulation of the argument msg leads …

Jun 2, 2026
CVE-2025-64390
7.4 HIGH

A privilege escalation vulnerability exists in PlayStation 4 firmware versions 13.00 through 13.02. The BD-J (Blu-ray Disc Java) sandbox can be escaped through a malformed …

Jun 2, 2026
CVE-2021-4478
8.2 HIGH

Dräger CC-Vision Basic before 7.5.3 and Dräger CC-Vision E-Cal before 7.2.5.0 contain an out-of-bounds write vulnerability when loading .gdt files. A crafted .gdt file can …

Jun 2, 2026
CVE-2019-25722
7.6 HIGH

Dräger SC Monitoring devices (SC 6002XL, SC 6802XL, SC 7000, SC 8000, SC 9000 XL) contain hard-coded plaintext credentials in source code and a denial-of-service …

Jun 2, 2026
CVE-2026-40715
7.8 HIGH

Dell ThinOS 10, versions prior to ThinOS10 2602_10.0765, contain an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this …

Jun 2, 2026
CVE-2026-24237
7.8 HIGH

NVIDIA NVTabular contains a vulnerability where an attacker could cause improper deserialization of untrusted data. A successful exploit of this vulnerability might lead to code …

Jun 2, 2026
CVE-2026-24221
7.8 HIGH

NVIDIA NVTabular contains a vulnerability where an attacker could cause improper deserialization of untrusted data. A successful exploit of this vulnerability might lead to code …

Jun 2, 2026
CVE-2026-10606
7.3 HIGH

A vulnerability was determined in DedeCMS 5.7.88. The affected element is the function TrimMsg of the file /plus/feedback.php of the component Feedback Handler. Executing a …

Jun 2, 2026
CVE-2026-45686
7.5 HIGH

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From version 0.7.0 to before version 0.9.0, a remotely reachable integer overflow in OBI's …

Jun 2, 2026
CVE-2026-45685
7.5 HIGH

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From version 0.1.0 to before version 0.9.0, malformed MongoDB wire messages can trigger uncaught …

Jun 2, 2026
CVE-2026-45678
7.5 HIGH

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, the Postgres protocol parser assumes BIND message payloads contain a …

Jun 2, 2026
CVE-2026-45553
7.5 HIGH

NiceGUI is a Python-based UI framework. Prior to version 3.12.0, ui.restructured_text() renders reStructuredText server-side with Docutils without disabling file insertion directives. When a NiceGUI application …

Jun 2, 2026
CVE-2026-42654
7.1 HIGH

Authentication Bypass Using an Alternate Path or Channel vulnerability in WP Swings Wallet System for WooCommerce allows Password Recovery Exploitation. This issue affects Wallet System …

Jun 2, 2026
CVE-2026-40780
7.5 HIGH

Authentication Bypass Using an Alternate Path or Channel vulnerability in Liquid Web / StellarWP BookIt allows Password Recovery Exploitation. This issue affects BookIt: from n/a …

Jun 2, 2026
CVE-2026-40619
7.8 HIGH

A high security vulnerability affecting Security Center main server installations has been identified. It could allow an attacker with local OS privileges to the main …

Jun 2, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.