CVE Database

36368+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-59604
7.8 HIGH

Memory Corruption when running a memory copy operation due to invalid writes caused by a null pointer.

Jun 1, 2026
CVE-2019-25718
8.4 HIGH

Dräger Infinity Explorer C700 contains a privilege escalation vulnerability that allows attackers to break out of kiosk mode and access the underlying operating system through …

Jun 1, 2026
CVE-2026-49491
8.2 HIGH

Pixa Bank 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to extract sensitive data by injecting SQL code into the 'rib' parameter. Attackers …

Jun 1, 2026
CVE-2026-40964
7.5 HIGH

Authentication Bypass in cf-auth-proxy in Cloud Foundry Foundation all installations allows an unauthenticated remote attacker to gain read access to every log and metric for …

Jun 1, 2026
CVE-2026-28580
7.8 HIGH

In multiple functions, there is a possible desync in persistence due to an incorrect bounds check. This could lead to local escalation of privilege with …

Jun 1, 2026
CVE-2026-28577
7.8 HIGH

In addWindow of WindowManagerService.java, there is a possible tapjacking issue due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no …

Jun 1, 2026
CVE-2026-10293
8.8 HIGH

A flaw has been found in UTT HiPER 1200GW up to 2.5.3-170306. This impacts the function strcpy of the file /goform/formFireWall. This manipulation of the …

Jun 1, 2026
CVE-2026-10292
8.8 HIGH

A vulnerability was detected in UTT HiPER 1200GW up to 2.5.3-170306. This affects the function strcpy of the file /goform/formTaskEdit. The manipulation results in stack-based …

Jun 1, 2026
CVE-2026-10290
7.3 HIGH

A weakness has been identified in code-projects Hotel and Tourism Reservation System 1.0. The affected element is an unknown function of the file tour.php of …

Jun 1, 2026
CVE-2026-0100
7.8 HIGH

In Load of LoadedArsc.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of …

Jun 1, 2026
CVE-2026-0099
7.8 HIGH

In onNullBinding of HostEmulationManager.java, there is a possible way to launch an activity from the background due to a logic error in the code. This …

Jun 1, 2026
CVE-2026-0098
7.8 HIGH

In getCallingPackageName of Shared.java, there is a possible way to bypass activity start restrictions due to a confused deputy. This could lead to local escalation …

Jun 1, 2026
CVE-2026-0097
8.0 HIGH

In multiple locations, there is a possible way to bypass user interaction when pairing an LE device due to a logic error. This could lead …

Jun 1, 2026
CVE-2026-0096
7.8 HIGH

In getAppLabel of ForgetDeviceDialogFragment.java, there is a possible trick the user into forgetting a device due to misleading or insufficient UI. This could lead to …

Jun 1, 2026
CVE-2026-0095
8.0 HIGH

In l2c_fcr_clone_buf of l2c_fcr.cc, there is a possible way to trigger controlled heap corruption within the privileged Bluetooth process due to an integer overflow. This …

Jun 1, 2026
CVE-2026-0094
7.8 HIGH

In getApplicationLabel of KeyChainActivity.java, there is a possible way to trick the user into approving access to certificates due to misleading or insufficient UI. This …

Jun 1, 2026
CVE-2026-0093
7.8 HIGH

In multiple locations, there is a possible misleading UI due to obfuscation. This could lead to local escalation of privilege with no additional execution privileges …

Jun 1, 2026
CVE-2026-0091
7.8 HIGH

In multiple locations, there is a possible way to execute code in the launcher process due to an over-privileged shell user. This could lead to …

Jun 1, 2026
CVE-2026-0089
7.8 HIGH

In multiple functions of PackageInstallerService.java, there is a possible way to install unverified apps due to a missing permission check. This could lead to local …

Jun 1, 2026
CVE-2026-0088
7.8 HIGH

In getCallingAppLabel of CertInstaller.java, there is a possible way to hide a sensitive security dialogue due to misleading or insufficient UI. This could lead to …

Jun 1, 2026
CVE-2026-0087
7.8 HIGH

In approvalLevelForDomainInternal of DomainVerificationService.java, there is a possible way to hijack an arbitrary app link due to a logic error in the code. This could …

Jun 1, 2026
CVE-2026-0078
7.8 HIGH

In setGlobalProxy of DevicePolicyManagerService.java, there is a possible desync in persistence due to improper input validation. This could lead to local escalation of privilege with …

Jun 1, 2026
CVE-2026-0077
7.8 HIGH

In resumeConfigurationDispatch of ActivityRecord.java, there is a possible background application launch (bal) due to a logic error in the code. This could lead to local …

Jun 1, 2026
CVE-2026-0076
7.8 HIGH

In validateNode of ResourceTypes.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local escalation of …

Jun 1, 2026
CVE-2026-0059
8.0 HIGH

In multiple functions of sdp_discovery.cc, there is a possible way to achieve code execution due to a heap buffer overflow. This could lead to remote …

Jun 1, 2026
CVE-2026-0045
7.8 HIGH

In bta_jv_rfcomm_connect of bta_jv_act.cc, there is a possible bypass of bonding for a secure connection due to a logic error in the code. This could …

Jun 1, 2026
CVE-2026-0036
7.8 HIGH

In startAnimation of StageCoordinator.java, there is a possible tapjacking issue due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no …

Jun 1, 2026
CVE-2026-0009
7.8 HIGH

In multiple locations, there is a possible tapjacking due to a logic error in the code. This could lead to local escalation of privilege with …

Jun 1, 2026
CVE-2025-48652
7.8 HIGH

In performPreInstallChecks of InstallRepository.kt, there is a possible way to bypass MDM policy due to a logic error in the code. This could lead to …

Jun 1, 2026
CVE-2025-48649
7.8 HIGH

In multiple locations, there is a possible way to reset user-selected permissions selections due to a permissions bypass. This could lead to local escalation of …

Jun 1, 2026
CVE-2025-48595
8.4 HIGH KEV

In multiple locations, there is a possible way to achieve code execution due to an integer overflow. This could lead to local escalation of privilege …

Jun 1, 2026
CVE-2025-48570
7.8 HIGH

In multiple functions of PipTaskOrganizer.java, there is a possible way to launch an activity from the background due to a confused deputy. This could lead …

Jun 1, 2026
CVE-2025-32348
7.8 HIGH

In multiple locations, there is a possible background activity launch due to a missing permission check. This could lead to local escalation of privilege with …

Jun 1, 2026
CVE-2025-26418
7.8 HIGH

In setUserDisclaimerAcknowledged of CarDevicePolicyService.java, there is a possible way to bypass the user dialog when adding an account to a managed device due to a …

Jun 1, 2026
CVE-2025-22426
7.8 HIGH

In many functions of ComputerEngine.java, there is a possible way to access URIs across users due to a logic error in the code. This could …

Jun 1, 2026
CVE-2025-22424
7.8 HIGH

In multiple locations, there is a possible way to reveal images across users due to improper input validation. This could lead to local escalation of …

Jun 1, 2026
CVE-2018-25434
8.2 HIGH

WP AutoSuggest 0.24 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the wpas_keys parameter. …

Jun 1, 2026
CVE-2018-25433
8.2 HIGH

Joomla Component JE Photo Gallery 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting malicious SQL code through …

Jun 1, 2026
CVE-2018-25432
8.4 HIGH

Arm Whois 3.11 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by overwriting the structured exception handler. Attackers can craft …

Jun 1, 2026
CVE-2018-25431
7.1 HIGH

No-Cms 1.0 contains an SQL injection vulnerability in the order_by parameter of the manage_privilege export endpoint that allows authenticated attackers to manipulate database queries. Attackers …

Jun 1, 2026
CVE-2018-25430
7.1 HIGH

Paroiciel 11.20 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the eGeqIdEquipe parameter. Attackers …

Jun 1, 2026
CVE-2018-25429
7.1 HIGH

Paroiciel 11.20 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the zProIdPro parameter. Attackers …

Jun 1, 2026
CVE-2018-25428
8.2 HIGH

Paroiciel 11.20 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the tRecIdListe parameter. Attackers …

Jun 1, 2026
CVE-2026-49136
7.5 HIGH

Banana Slides through 0.4.0, patched in commit e8bc490, contains a path traversal vulnerability in the generate_image() function within the AI service backend that allows unauthenticated …

Jun 1, 2026
CVE-2026-49135
7.1 HIGH

CodexBar prior to 0.32.0 contains an insecure temporary file handling vulnerability that allows local attackers to access sensitive credentials or tamper with build artifacts by …

Jun 1, 2026
CVE-2026-49134
7.1 HIGH

CodexBar prior to 0.32.0 contains a privilege escalation vulnerability in the CLI installer that allows local attackers to execute arbitrary commands as root by exploiting …

Jun 1, 2026
CVE-2026-37234
8.2 HIGH

FlexRIC v2.0.0 allows a single SCTP connection to bind multiple xapp_ids by sending multiple E42_SETUP_REQUESTs. On disconnect, only the first registered xapp_id's resources are cleaned …

Jun 1, 2026
CVE-2026-24751
8.2 HIGH

Kiteworks is a private data network (PDN). Prior to version 9.3.0, a reflected XSS vulnerability in Kiteworks Secure Data Forms could allow an external attacker …

Jun 1, 2026
CVE-2026-10288
7.3 HIGH

A vulnerability was identified in code-projects Hotel and Tourism Reservation System 1.0. This issue affects the function password_verify of the file /admin/login.php of the component …

Jun 1, 2026
CVE-2026-10287
7.3 HIGH

A vulnerability was determined in SourceCodester SEO Meta Tag Extractor 1.0. This vulnerability affects the function get_headers of the file /index.php. This manipulation of the …

Jun 1, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.