CVE Database

108224+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-49980
9.8 CRITICAL

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. From 1.46.0 until 1.74.3, rclone rcd --rc-serve accepts …

Jun 24, 2026
CVE-2026-49247
8.8 HIGH

Jellyfin is an open source self hosted media server. From 10.9.0 until 10.11.10, the POST /ClientLog/Document endpoint accepts the Authorization header's Client and Version fields …

Jun 24, 2026
CVE-2026-49246

Jellyfin is an open source self hosted media server. Prior to 10.11.10, a specifically crafted MKV file containing forged filename tags can be leveraged to …

Jun 24, 2026
CVE-2026-49220
5.7 MEDIUM

Jellyfin is an open source self hosted media server. Prior to 10.11.9, a potential XSS attack exists in Jellyfin which can allow a non-privileged user …

Jun 24, 2026
CVE-2026-48793
8.8 HIGH

Jellyfin is an open source self hosted media server. Prior to 10.11.10, a potential FFmpeg argument injection vulnerability exists in the subtitle conversion code path. …

Jun 24, 2026
CVE-2026-13038
8.8 HIGH

Use after free in Autofill in Google Chrome on Windows prior to 149.0.7827.197 allowed a remote attacker to execute arbitrary code via a crafted HTML …

Jun 24, 2026
CVE-2026-13037
7.8 HIGH

Use after free in WebView in Google Chrome on Android prior to 149.0.7827.197 allowed a local attacker to execute arbitrary code inside a sandbox via …

Jun 24, 2026
CVE-2026-13036
8.8 HIGH

Use after free in Blink in Google Chrome prior to 149.0.7827.197 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted …

Jun 24, 2026
CVE-2026-13035
8.8 HIGH

Use after free in Bluetooth in Google Chrome on Mac prior to 149.0.7827.197 allowed a remote attacker to execute arbitrary code via a malicious peripheral. …

Jun 24, 2026
CVE-2026-13034
4.7 MEDIUM

Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.197 allowed a remote attacker who had compromised the renderer process to bypass site isolation via …

Jun 24, 2026
CVE-2026-13033
8.8 HIGH

Out of bounds read and write in Blink>InterestGroups in Google Chrome prior to 149.0.7827.197 allowed a remote attacker to execute arbitrary code via a crafted …

Jun 24, 2026
CVE-2026-13032
9.6 CRITICAL

Use after free in WebGL in Google Chrome on Android prior to 149.0.7827.197 allowed a remote attacker to potentially perform a sandbox escape via a …

Jun 24, 2026
CVE-2026-13031
8.8 HIGH

Use after free in Blink in Google Chrome prior to 149.0.7827.197 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted …

Jun 24, 2026
CVE-2026-13030
5.3 MEDIUM

Uninitialized Use in GPU in Google Chrome on Android prior to 149.0.7827.197 allowed a remote attacker to obtain potentially sensitive information from process memory via …

Jun 24, 2026
CVE-2026-13029
7.5 HIGH

Use after free in Web Authentication in Google Chrome prior to 149.0.7827.197 allowed an attacker who convinced a user to install a malicious extension to …

Jun 24, 2026
CVE-2026-13028
9.6 CRITICAL

Use after free in WebGL in Google Chrome on Android prior to 149.0.7827.197 allowed a remote attacker to potentially perform a sandbox escape via a …

Jun 24, 2026
CVE-2026-13027
8.8 HIGH

Use after free in FileSystem in Google Chrome prior to 149.0.7827.197 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. …

Jun 24, 2026
CVE-2026-13026
8.8 HIGH

Use after free in Digital Credentials in Google Chrome on Mac prior to 149.0.7827.197 allowed a remote attacker to potentially exploit heap corruption via a …

Jun 24, 2026
CVE-2026-13025
8.3 HIGH

Race in DevTools in Google Chrome prior to 149.0.7827.197 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape …

Jun 24, 2026
CVE-2026-13024
4.2 MEDIUM

Insufficient validation of untrusted input in Navigation in Google Chrome prior to 149.0.7827.197 allowed a remote attacker who had compromised the renderer process to bypass …

Jun 24, 2026
CVE-2026-13023
5.3 MEDIUM

Uninitialized Use in GPU in Google Chrome prior to 149.0.7827.197 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information …

Jun 24, 2026
CVE-2026-13022
6.5 MEDIUM

Inappropriate implementation in Autofill in Google Chrome prior to 149.0.7827.197 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via …

Jun 24, 2026
CVE-2026-13021
4.3 MEDIUM

Inappropriate implementation in DeviceBoundSessionCredentials in Google Chrome prior to 149.0.7827.197 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium …

Jun 24, 2026
CVE-2026-12760
6.5 MEDIUM

A denial-of-service (DoS) vulnerability has been identified in Tapo C200 v3 in the network packet handling logic due to improper handling of IPv4 fragmented packets. …

Jun 24, 2026
CVE-2025-60471
5.5 MEDIUM

A use-after-free in the gf_filter_pid_reconfigure_task_discard function (/filter_core/filter_pid.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted …

Jun 24, 2026
CVE-2026-55611
0.0 NONE

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. From 1.11.1 until 1.14.1, userId/workspaceId …

Jun 24, 2026
CVE-2026-54699
7.7 HIGH

Warp is an agentic development environment. From 0.2024.03.12.08.02.stable_01 until 0.2026.05.06.15.42.stable_01, Warp contains an OS command injection vulnerability in the WSL URL-opening fallback. When Warp is …

Jun 24, 2026
CVE-2026-54686
4.3 MEDIUM

Warp is an agentic development environment. From 0.2021.04.25.23.05.stable_00 until 0.2026.05.06.15.42.stable_01, Warp accepted certain state-mutating terminal lifecycle hooks from the PTY stream without verifying that the …

Jun 24, 2026
CVE-2026-49851
7.5 HIGH

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, Mistune is vulnerable to a CPU exhaustion DoS due to superlinear (approximately …

Jun 24, 2026
CVE-2026-48789
4.3 MEDIUM

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to 1.13.0, on Windows, …

Jun 24, 2026
CVE-2026-48732
8.8 HIGH

Warp is an agentic development environment. From 0.2023.03.21.08.02.stable_00 until 0.2026.05.06.15.42.stable_01, Warp contains a command injection issue in the legacy SSH background command path. Warp used …

Jun 24, 2026
CVE-2026-48731
7.8 HIGH

Warp is an agentic development environment. From 0.2024.02.20.08.01.stable_01 until 0.2026.05.06.15.42.stable_01, Warp contains a command injection issue in the Linux external editor launcher. Warp expanded freedesktop …

Jun 24, 2026
CVE-2026-48725
8.1 HIGH

Warp is an agentic development environment. From 0.2021.04.25.23.05.stable_00 until 0.2026.05.06.15.42.stable_01, Warp allows terminal output to request access to the local system clipboard. A malicious remote …

Jun 24, 2026
CVE-2026-48721
8.6 HIGH

Warp is an agentic development environment. From 0.2025.10.08.08.12.stable_00 until 0.2026.05.06.15.42.stable_01, Warp contains a command execution permission-check bypass in the default unsandboxed CLI agent profile. The …

Jun 24, 2026
CVE-2026-48720
8.8 HIGH

Warp is an agentic development environment. From 0.2025.03.05.08.02.stable_00 until 0.2026.05.06.15.42.stable_01, Warp accepts non-inline `OSC 1337;File` payloads from terminal output and materialize the decoded payload as …

Jun 24, 2026
CVE-2026-48719
8.0 HIGH

Warp is an agentic development environment. From 0.2025.08.06.08.12.stable_00 until 0.2026.05.06.15.42.stable_01, Warp contains a command injection in the prompt branch selector. A user who can publish …

Jun 24, 2026
CVE-2026-48704
8.8 HIGH

Warp is an agentic development environment. From 0.2023.10.24.08.03.stable_00 until 0.2026.05.06.15.42.stable_01, Warp may open executable local files through the operating system default file handler. A malicious …

Jun 24, 2026
CVE-2026-48703
7.8 HIGH

Warp is an agentic development environment. From 0.2025.04.09.08.11.stable_00 until 0.2026.05.06.15.42.stable_01, Warp contains a command execution policy bypass in Agent code search tools. The affected Grep …

Jun 24, 2026
CVE-2026-44022
5.5 MEDIUM

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. From 2.73.0 until 2.91.0, he LaTeX backend's handling of …

Jun 24, 2026
CVE-2026-44020
7.5 HIGH

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. From 2.13.0 until 2.74.0, the USPTO patent XML parser …

Jun 24, 2026
CVE-2026-44017
7.5 HIGH

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. Prior to 2.91.0, the EasyOCR model download functionality extracted …

Jun 24, 2026
CVE-2026-44016
8.2 HIGH

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. FIn versions >= 2.82.0, < 2.91.0, if the HTML …

Jun 24, 2026
CVE-2026-54906
9.8 CRITICAL

concurrent-ruby is a modern concurrency tools for Ruby. Prior to 1.3.7, Concurrent::ReadWriteLock#release_write_lock does not verify that the calling thread acquired the write lock. Any thread …

Jun 24, 2026
CVE-2026-54905
5.5 MEDIUM

concurrent-ruby is a modern concurrency tools for Ruby. Prior to 1.3.7, Concurrent::ReentrantReadWriteLock can incorrectly grant a write lock after one thread acquires the read lock …

Jun 24, 2026
CVE-2026-54904
7.5 HIGH

concurrent-ruby is a modern concurrency tools for Ruby. Prior to 1.3.7, Concurrent::AtomicReference#update can enter a permanent busy retry loop when the current value is Float::NAN. …

Jun 24, 2026
CVE-2026-54297
7.5 HIGH

Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. From 1.0.0 until 1.10.6 and 2.14.3, Faraday::NestedParamsEncoder, the default …

Jun 24, 2026
CVE-2026-53130
7.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: fs/omfs: reject s_sys_blocksize smaller than OMFS_DIR_START omfs_fill_super() rejects oversized s_sys_blocksize values (> PAGE_SIZE), but it …

Jun 24, 2026
CVE-2026-53129

In the Linux kernel, the following vulnerability has been resolved: fs/mbcache: cancel shrink work before destroying the cache mb_cache_destroy() calls shrinker_free() and then frees all …

Jun 24, 2026
CVE-2026-53128

In the Linux kernel, the following vulnerability has been resolved: drbd: Balance RCU calls in drbd_adm_dump_devices() Make drbd_adm_dump_devices() call rcu_read_lock() before rcu_read_unlock() is called. This …

Jun 24, 2026
CVE-2026-53127

In the Linux kernel, the following vulnerability has been resolved: block: fix zones_cond memory leak on zone revalidation error paths When blk_revalidate_disk_zones() fails after disk_revalidate_zone_resources() …

Jun 24, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.