CVE Database

108224+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-12244
8.8 HIGH

If NSD is configured as secondary for a zone, the primary of that zone can crash NSD with an AXFR containing a DNS message with …

Jun 25, 2026
CVE-2026-10824
6.5 MEDIUM

The Masteriyo LMS WordPress plugin before 2.2.1 does not perform authorization checks in a course-progress REST API controller, allowing unauthenticated users to read and permanently …

Jun 25, 2026
CVE-2026-8330
4.4 MEDIUM

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.3 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain …

Jun 25, 2026
CVE-2026-5952
4.3 MEDIUM

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.11 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain …

Jun 25, 2026
CVE-2026-5796
4.3 MEDIUM

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.6 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain …

Jun 25, 2026
CVE-2026-5309
5.4 MEDIUM

GitLab has remediated an issue in GitLab EE affecting all versions from 18.6 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain …

Jun 25, 2026
CVE-2026-3176
3.1 LOW

GitLab has remediated an issue in GitLab EE affecting all versions from 18.6 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain …

Jun 25, 2026
CVE-2026-2238
5.3 MEDIUM

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.5 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain …

Jun 25, 2026
CVE-2026-1606
4.3 MEDIUM

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 14.8 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain …

Jun 25, 2026
CVE-2026-13311
7.5 HIGH

shell-quote prior to 1.8.5 finalizes parsed tokens in parse() using Array.prototype.concat as a reduce accumulator, which reallocates and copies the entire growing array on every …

Jun 25, 2026
CVE-2026-12635
0.0 NONE

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.3 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain …

Jun 25, 2026
CVE-2026-12053
8.6 HIGH

GitLab has remediated an issue in GitLab EE affecting all versions from 19.1 before 19.1.1 that under certain conditions could have allowed a user to …

Jun 25, 2026
CVE-2026-11379
5.3 MEDIUM

GitLab has remediated an issue in GitLab EE affecting all versions from 13.11 prior to 18.11.6, 19.0 prior to 19.0.3, and 19.1 prior to 19.1.1 …

Jun 25, 2026
CVE-2026-10712
8.0 HIGH

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.10 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain …

Jun 25, 2026
CVE-2026-10086
8.7 HIGH

GitLab has remediated an issue in GitLab EE affecting all versions from 16.4 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain …

Jun 25, 2026
CVE-2026-0934
3.8 LOW

GitLab has remediated an issue in GitLab EE affecting all versions from 17.9 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain …

Jun 25, 2026
CVE-2026-2508
6.5 MEDIUM

The Gravity Forms Booking plugin for WordPress is vulnerable to time-based SQL Injection via the ‘staff_id’ parameter in all versions up to, and including, 2.7.1 …

Jun 25, 2026
CVE-2026-12079
6.5 MEDIUM

The Dokan Pro plugin for WordPress is vulnerable to time-based SQL Injection via the ’orderby’ parameter in all versions up to, and including, 5.0.4 due …

Jun 25, 2026
CVE-2026-12077
7.5 HIGH

The Dokan Pro plugin for WordPress is vulnerable to time-based SQL Injection via the via 'latitude' and 'longitude' parameters in all versions up to, and …

Jun 25, 2026
CVE-2026-10833
6.4 MEDIUM

The Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'configurablePrefix' Block …

Jun 25, 2026
CVE-2026-8662
3.3 LOW

Path Traversal vulnerability in the create_archive function of Rapid7 InsightConnect Compression Plugin on Linux allows authenticated attackers to write to unintended file paths via crafted …

Jun 25, 2026
CVE-2026-8658
6.0 MEDIUM

OS Command Injection vulnerability in Rapid7 InsightConnect Tcpdump Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the options or filter parameters …

Jun 25, 2026
CVE-2026-8666
7.7 HIGH

OS Command Injection vulnerability in the traceroute action of Rapid7 InsightConnect Traceroute Plugin on Linux allows remote attackers to execute arbitrary OS commands via the …

Jun 25, 2026
CVE-2026-8665
7.7 HIGH

OS Command Injection vulnerability in the TR action of Rapid7 InsightConnect Translate Plugin on Linux allows remote attackers to execute arbitrary OS commands via the …

Jun 25, 2026
CVE-2026-8664
6.0 MEDIUM

OS Command Injection vulnerability in Rapid7 InsightConnect Finger Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the user or host parameters …

Jun 25, 2026
CVE-2026-8660
7.7 HIGH

OS Command Injection vulnerability in the ping action of Rapid7 InsightConnect Ping Plugin on Linux allows remote attackers to execute arbitrary OS commands via the …

Jun 25, 2026
CVE-2026-8592
7.7 HIGH

OS Command Injection vulnerability in the process_string action of Rapid7 InsightConnect AWK Plugin on Linux allows remote attackers to execute arbitrary OS commands via the …

Jun 25, 2026
CVE-2026-9155
8.8 HIGH

OS Command Injection vulnerability in Rapid7 InsightConnect Sed Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the expression parameter due to …

Jun 25, 2026
CVE-2026-9154
7.1 HIGH

Arbitrary File Write vulnerability in Rapid7 InsightConnect Sed Plugin on Linux allows authenticated attackers to write attacker-controlled content to arbitrary file paths via the expression …

Jun 25, 2026
CVE-2026-9153
6.5 MEDIUM

Arbitrary File Read vulnerability in Rapid7 InsightConnect Sed Plugin on Linux allows authenticated attackers to read arbitrary files via the expression parameter due to insufficient …

Jun 25, 2026
CVE-2026-57589
7.4 HIGH

sys/kern/sysv_sem.c in OpenBSD through 7.9 has a use-after-free allowing local privilege escalation to root. This is a context switch use-after-free after tsleep in sys_semget().

Jun 25, 2026
CVE-2026-9787
8.8 HIGH

Quest NetVault Backup NVBULogDaemon Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault …

Jun 25, 2026
CVE-2026-9786
8.8 HIGH

Quest NetVault Backup NVBUDashboard SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault …

Jun 25, 2026
CVE-2026-9785
8.8 HIGH

Quest NetVault Backup NVBULibrarySlot SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault …

Jun 25, 2026
CVE-2026-9784
8.8 HIGH

Quest NetVault Backup NVBULibraryPort SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault …

Jun 25, 2026
CVE-2026-9783
8.8 HIGH

Quest NetVault Backup NVBURemovableMedia SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault …

Jun 25, 2026
CVE-2026-9782
8.8 HIGH

Quest NetVault Backup NVBUDeviceDrive SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault …

Jun 25, 2026
CVE-2026-9781
8.8 HIGH

Quest NetVault Backup NVBURASDevice SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault …

Jun 25, 2026
CVE-2026-9780
8.8 HIGH

Quest NetVault Backup addclient3 Cross-Site Scripting Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Quest NetVault Backup. User …

Jun 25, 2026
CVE-2026-8663
6.0 MEDIUM

OS Command Injection vulnerability in Rapid7 InsightConnect RPM Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the repo, key, or name …

Jun 25, 2026
CVE-2026-8659
6.0 MEDIUM

OS Command Injection vulnerability in Rapid7 InsightConnect SQLmap Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the api_host or api_port parameters …

Jun 25, 2026
CVE-2026-7570
8.8 HIGH

Quest NetVault Backup NVBUDashboard SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault …

Jun 25, 2026
CVE-2026-7569
8.8 HIGH

Quest NetVault Backup viewclient Cross-Site Scripting Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Quest NetVault Backup. User …

Jun 25, 2026
CVE-2026-40079
9.8 CRITICAL

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Command Injection due to lack of sanitization in …

Jun 25, 2026
CVE-2026-39951
7.6 HIGH

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have a Stored SQL Injection vulnerability through graph_name_regexp in the Reports …

Jun 25, 2026
CVE-2025-60473
5.5 MEDIUM

A NULL pointer dereference in the gf_filter_in_parent_chain function (/filter_core/filter_pid.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying …

Jun 25, 2026
CVE-2025-60466
5.0 MEDIUM

A use-after-free in the gf_filter_pid_get_packet function (/filter_core/filter_pid.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted …

Jun 25, 2026
CVE-2026-39955
9.8 CRITICAL

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have pre-authentication SQL Injection via unanchored FILTER_VALIDATE_REGEXP in graph_view.php. This issue …

Jun 24, 2026
CVE-2026-39948
9.8 CRITICAL

Cacti is an open source performance and fault management framework. In versions 1.2.30 and prior, the rfilter request parameter is retrieved via the raw accessor …

Jun 24, 2026
CVE-2026-39938
9.8 CRITICAL

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have unauthenticated LFI through graph_theme and rrdtool IPC serialization hardening. This …

Jun 24, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.