CVE Database

36368+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-30652
8.8 HIGH

A remote buffer overflow vulnerability exists in the /cgi-bin/dido/setdo.cgi endpoint of the admin interface of Vivotek FD8136 cameras running firmware version FD8136-VVTK-0300a. This flaw allows …

Jun 2, 2026
CVE-2026-30650
8.8 HIGH

A post-authentication remote buffer overflow vulnerability exists in the /cgi-bin/admin/eventtask.cgi endpoint of the admin interface of Vivotek FD8136 cameras running firmware version FD8136-VVTK-0300a. This flaw …

Jun 2, 2026
CVE-2026-30649
7.3 HIGH

Buffer Overflow vulnerability in VIVOTEK INC FD8136-VVTK-0300a allows a remote attacker to execute arbitrary code via the set_getparam.cgi component

Jun 2, 2026
CVE-2026-10629
7.4 HIGH

SIP signaling stack in Verizon IMS (unspecified version) implements SIP signaling without IPsec integrity protection (missing Security-Client/Security-Server headers and ESP traffic), which allows an on-path …

Jun 2, 2026
CVE-2026-10591
8.8 HIGH

Insufficient access control restrictions in the file write tool in Amazon Kiro IDE before version 0.11 might allow remote unauthenticated actors to execute arbitrary commands …

Jun 2, 2026
CVE-2026-10047
7.8 HIGH

The Bitdefender Napoca bare-metal hypervisor contains an out-of-bounds write vulnerability in the real-mode hook handler, implemented in napoca/kernel/handler.c. The handler uses a guest-controlled SS:SP-derived offset …

Jun 2, 2026
CVE-2026-10046
7.8 HIGH

Bitdefender Napoca bare-metal hypervisor contains an out-of-bounds write vulnerability in the BIOS INT 0x15 / E820 memory map handler, implemented in napoca/guests/bios_handlers.c. The handler computes …

Jun 2, 2026
CVE-2026-7313
8.7 HIGH

CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity version from 8.0.5700 to 13.3.7652 allows a remote authenticated attacker to obtain plain-text credentials used …

Jun 2, 2026
CVE-2026-7201
8.8 HIGH

CWE-639: Authorization Bypass Through User-Controlled Key in web services in Progress Sitefinity 15.2.x before 15.2.8441, 15.3.x before 15.3.8531, and 15.4.x before 15.4.8630 allows a remote …

Jun 2, 2026
CVE-2026-7195
8.8 HIGH

CWE-20: Improper Input Validation in web services in Progress Sitefinity 14.1.x through 14.3.x, 14.4.x before 14.4.8152, 15.0.x before 15.0.8234, 15.1.x before 15.1.8335, 15.2.x before 15.2.8441, …

Jun 2, 2026
CVE-2026-39555
8.1 HIGH

Deserialization of Untrusted Data vulnerability in Elated-Themes Askka allows Object Injection. This issue affects Askka: from n/a through 1.3.1.

Jun 2, 2026
CVE-2026-39553
8.1 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Select-Themes WaveRide allows PHP Local File Inclusion. This issue …

Jun 2, 2026
CVE-2026-39552
8.1 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Code Supply Co. Blueprint allows PHP Local File Inclusion. …

Jun 2, 2026
CVE-2026-10622
8.2 HIGH

Improper Authentication in REST API in Collibra Agent, allows a remote unauthenticated attacker to access privileged functionality via exposed '/rest/* endpoints.

Jun 2, 2026
CVE-2026-10621
7.5 HIGH

Path traversal in restore handler in Collibra Agent, allows an attacker to write arbitrary files via a crafted ZIP archive. Collibra Agent fails to properly …

Jun 2, 2026
CVE-2025-69369
8.1 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes Racquet allows PHP Local File Inclusion. This issue …

Jun 2, 2026
CVE-2025-68886
8.1 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in androThemes Cookiteer allows PHP Local File Inclusion. This issue …

Jun 2, 2026
CVE-2025-58897
8.1 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes Fermentio allows PHP Local File Inclusion. This issue …

Jun 2, 2026
CVE-2025-58707
8.1 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes Spin allows PHP Local File Inclusion. This issue …

Jun 2, 2026
CVE-2019-25719
8.6 HIGH

Dräger Infinity Acute Care System and Standalone Infinity M540 patient monitors running software versions VG4.1.1, VG4.0.3, and lower contain network message handling vulnerabilities that allow …

Jun 2, 2026
CVE-2026-42685
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ahmad WP Job Portal allows Reflected XSS. This issue affects WP Job Portal: …

Jun 2, 2026
CVE-2026-42670
7.5 HIGH

Missing Authorization vulnerability in Etoile Web Design Incorporated Five Star Restaurant Reservations allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Five Star …

Jun 2, 2026
CVE-2026-42669
7.5 HIGH

Missing Authorization vulnerability in EventPrime allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects EventPrime: from n/a through 4.3.2.0.

Jun 2, 2026
CVE-2026-39551
8.1 HIGH

Deserialization of Untrusted Data vulnerability in Elated-Themes Töbel allows Object Injection. This issue affects Töbel: from n/a through 1.8.1.

Jun 2, 2026
CVE-2026-39550
8.1 HIGH

Deserialization of Untrusted Data vulnerability in Elated-Themes Aperitif allows Object Injection. This issue affects Aperitif: from n/a through 1.6.

Jun 2, 2026
CVE-2025-58705
8.1 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes Crafti allows PHP Local File Inclusion. This issue …

Jun 2, 2026
CVE-2025-58024
7.5 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in UnboundStudio Accordion FAQ allows PHP Local File Inclusion. This …

Jun 2, 2026
CVE-2025-53440
8.1 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes Confidant allows PHP Local File Inclusion. This issue …

Jun 2, 2026
CVE-2026-5422
8.1 HIGH

A path traversal vulnerability exists in jupyter-server version 2.17.0 due to an incorrect root directory boundary check in the _get_os_path() function within jupyter_server/services/contents/fileio.py. The check …

Jun 2, 2026
CVE-2025-53345
8.8 HIGH

Missing Authorization vulnerability leading to code execution after installing malicious vulnerable plugin in ThimPress Thim Core. This issue affects Thim Core: from n/a through 2.3.3.

Jun 2, 2026
CVE-2025-52759
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in UnboundStudio Accordion FAQ allows Reflected XSS. This issue affects Accordion FAQ: from n/a …

Jun 2, 2026
CVE-2026-3514
7.5 HIGH

In version 3.6.19 of prefecthq/prefect, an authentication bypass vulnerability exists due to the improper handling of URL path exemptions for health check probes. Specifically, the …

Jun 2, 2026
CVE-2026-1784
8.8 HIGH

The Route OpenShift resource allows to define routes to make pods reachable at a subdomain through HAProxy. It was found that the checks performed on …

Jun 2, 2026
CVE-2026-8293
7.5 HIGH

The Really Simple Security WordPress plugin before 9.5.10.1 does not enforce the second-factor challenge in two of its two-factor authentication REST endpoints, allowing an attacker …

Jun 2, 2026
CVE-2026-25277
8.8 HIGH

Memory corruption while using Strongbox due to buffer overflow.

Jun 1, 2026
CVE-2026-25276
8.8 HIGH

Memory corruption while using Strongbox due to missing bounds check.

Jun 1, 2026
CVE-2026-25260
7.8 HIGH

Memory Corruption when accessing shared buffers without validation of concurrent user-mode input modifications.

Jun 1, 2026
CVE-2026-25259
7.8 HIGH

Memory corruption while processing multiple IOCTL command for escape operations.

Jun 1, 2026
CVE-2026-25258
7.8 HIGH

Memory corruption while processing IOCTL calls for escape operations.

Jun 1, 2026
CVE-2026-24782
7.6 HIGH

Kiteworks is a private data network (PDN). Prior to version 9.3.0,ultiple SQL Injection vulnerabilities in Kiteworks Secure Data Forms could be exploited by an authenticated …

Jun 1, 2026
CVE-2026-24752
8.2 HIGH

Kiteworks is a private data network (PDN). Prior to version 9.3.0, a reflected XSS vulnerability in Kiteworks Secure Data Forms could allow an external attacker …

Jun 1, 2026
CVE-2026-24092
7.2 HIGH

Memory Corruption when processing fastboot commands to set display mode.

Jun 1, 2026
CVE-2026-24091
7.2 HIGH

Memory corruption while processing fastboot commands with improperly formatted input.

Jun 1, 2026
CVE-2026-24090
7.1 HIGH

Cryptographic issue while processing partition table entries allows unauthorized modification of boot flow.

Jun 1, 2026
CVE-2026-24089
7.2 HIGH

Memory corruption while processing fastboot commands with invalid input.

Jun 1, 2026
CVE-2026-24088
8.2 HIGH

Cryptographic Issue while processing a specific partition which allows unauthorized write access to load a customized bootloader.

Jun 1, 2026
CVE-2026-24087
7.2 HIGH

Memory corruption while processing fastboot OEM commands.

Jun 1, 2026
CVE-2026-24085
7.2 HIGH

Memory Corruption when processing display command line information due to improper initialization of a variable.

Jun 1, 2026
CVE-2025-59606
7.8 HIGH

Memory Corruption when writing to invalid memory locations occurs due to heap memory exhaustion during secure data initialization.

Jun 1, 2026
CVE-2025-59605
7.8 HIGH

Memory Corruption when processing device identifier strings that exceed the expected maximum length.

Jun 1, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.