CVE Database

108224+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-55748
6.0 MEDIUM

OpenStack Horizon before 25.7.4 produces scripts for OpenStack RC file downloading that may have a crafted project name with shell metacharacters. NOTE: some parties consider …

Jun 17, 2026
CVE-2026-55743
9.6 CRITICAL

The shell tool command allowlist in the SecurityPolicy of OpenHuman desktop agent through 0.54.0 (default Supervised security policy) can be bypassed to execute arbitrary OS …

Jun 17, 2026
CVE-2026-54812
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in StylemixThemes Motors allows Blind SQL Injection. This issue affects Motors: from …

Jun 17, 2026
CVE-2026-54810
7.5 HIGH

Missing Authorization vulnerability in Nexi Payments Nexi XPay allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Nexi XPay: from n/a through 8.3.1.

Jun 17, 2026
CVE-2026-54415
8.1 HIGH

Missing Authorization in the server management routes (routes/admin.php) in Azuriom Azuriom CMS before 1.2.11 on all platforms allows an authenticated attacker with the admin.access permission …

Jun 17, 2026
CVE-2026-49502
7.4 HIGH

Dell PowerFlex Manager, version(s) [Versions], contain(s) an Improper Authentication vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Information …

Jun 17, 2026
CVE-2026-48142
4.8 MEDIUM

NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_charset_module module. When content is served or proxied through a location block with both …

Jun 17, 2026
CVE-2026-48117
6.8 MEDIUM

DroneAware is a drone detection platform. The centralized DroneAware server backing droneaware.io was vulnerable to an account pre-hijacking attack in which an attacker could register …

Jun 17, 2026
CVE-2026-47103
9.8 CRITICAL

Python StateMachine versions 3.0.0 before 3.2.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary code by supplying malicious SCXML documents containing …

Jun 17, 2026
CVE-2026-42530
8.1 HIGH

NGINX Open Source has a vulnerability in the ngx_http_v3_module module. When NGINX Open Source is configured to use the HTTP/3 QUIC module, a remote unauthenticated …

Jun 17, 2026
CVE-2026-42055
8.1 HIGH

NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_proxy_v2_module and ngx_http_grpc_module modules. This vulnerability exists when the proxy_http_version to 2 or grpc_pass …

Jun 17, 2026
CVE-2026-40641
4.8 MEDIUM

Dell PowerFlex Manager, version(s) 4.6.0.1, contain(s) an Use of a Broken or Risky Cryptographic Algorithm vulnerability. An unauthenticated attacker with remote access could potentially exploit …

Jun 17, 2026
CVE-2026-35162
4.3 MEDIUM

Dell PowerFlex Manager, version(s) [Versions], contain(s) an Improper Access Control vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to …

Jun 17, 2026
CVE-2026-35067
5.7 MEDIUM

Dell PowerFlex Manager, version(s) [Versions], contain(s) an Improper Access Control vulnerability. A low privileged attacker with adjacent network access could potentially exploit this vulnerability, leading …

Jun 17, 2026
CVE-2026-35066
7.1 HIGH

Dell PowerFlex Manager, version(s) [Versions], contain(s) an Improper Access Control vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to …

Jun 17, 2026
CVE-2026-35065
8.8 HIGH

Dell PowerFlex Manager, version(s) [Versions], contain(s) a Missing Authentication for Critical Function vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, …

Jun 17, 2026
CVE-2026-32804
8.1 HIGH

Dell PowerFlex Manager, version(s) [Versions], contain(s) an Improper Authentication vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Unauthorized …

Jun 17, 2026
CVE-2026-22283
7.5 HIGH

Dell PowerFlex Manager, version(s) Version prior to 4.8, contain(s) an Inclusion of Functionality from Untrusted Control Sphere vulnerability. An unauthenticated attacker with remote access could …

Jun 17, 2026
CVE-2026-12528
5.4 MEDIUM

A flaw was found in 389 Directory Server in the __aclp__normalize_acltxt() function of aclparse.c. A malformed ACI (Access Control Instruction) string can trigger heap-buffer-overflow writes …

Jun 17, 2026
CVE-2026-11311
8.1 HIGH

When NGINX Plus is configured as the data plane for NGINX Gateway Fabric, an injection vulnerability exists in the NGINX configuration generator component of NGINX …

Jun 17, 2026
CVE-2026-10850

Plane CE 1.3.1 allows a low-privileged project member to submit arbitrary HTML/JS in the description_html field when creating an intake work item through the API …

Jun 17, 2026
CVE-2024-47477
6.5 MEDIUM

Dell PowerFlex Manager, versions prior to 4.5.1.1, contain an improper certificate validation vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability leading to man-in-the-middle …

Jun 17, 2026
CVE-2026-9591

Cross-site request forgery (CSRF) in NewsItemApiController in SimplCommerce prior to commit 6233d73e allows an unauthenticated remote attacker to create or modify news items as an …

Jun 17, 2026
CVE-2026-55738
8.8 HIGH

A stack-based buffer overflow exists in the raw_to_header() function in src/microtar.c in rxi microtar 0.1.0. The function copies the 100-byte name and linkname fields of …

Jun 17, 2026
CVE-2026-54819
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Webilia Inc. Listdom allows Blind SQL Injection. This issue affects Listdom: …

Jun 17, 2026
CVE-2026-54818
8.5 HIGH

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VeronaLabs Slimstat Analytics allows Blind SQL Injection. This issue affects Slimstat …

Jun 17, 2026
CVE-2026-54817
6.5 MEDIUM

Authentication Bypass Using an Alternate Path or Channel vulnerability in FluxBuilder MStore API allows Password Recovery Exploitation. This issue affects MStore API: from n/a through …

Jun 17, 2026
CVE-2026-54816
7.5 HIGH

Improper Control of Generation of Code ('Code Injection') vulnerability in Monetizemore Advanced Ads allows Remote Code Inclusion. This issue affects Advanced Ads: from n/a through …

Jun 17, 2026
CVE-2026-54815
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cargo RD Cargo Shipping Location for WooCommerce allows Blind SQL Injection. …

Jun 17, 2026
CVE-2026-54814
8.1 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in StylemixThemes Motors allows PHP Local File Inclusion. This issue …

Jun 17, 2026
CVE-2026-54813
8.5 HIGH

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Brainstorm Force SureDash allows Blind SQL Injection. This issue affects SureDash: …

Jun 17, 2026
CVE-2026-54809
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VillaTheme GIFT4U allows Blind SQL Injection. This issue affects GIFT4U: from …

Jun 17, 2026
CVE-2026-54808
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Travel WP Travel Gutenberg Blocks allows Blind SQL Injection. This …

Jun 17, 2026
CVE-2026-54417
7.5 HIGH

An integer overflow in the mtar_next() function in src/microtar.c in rxi microtar 0.1.0 allows a remote attacker to cause a denial of service (uncontrolled CPU …

Jun 17, 2026
CVE-2026-54193
7.7 HIGH

Contributor Arbitrary File Deletion in Fusion Builder <= 3.15.4 versions.

Jun 17, 2026
CVE-2026-52716
6.5 MEDIUM

Unauthenticated Arbitrary File Deletion in WorkScout-Core <= 1.7.11 versions.

Jun 17, 2026
CVE-2026-52707
8.1 HIGH

Unauthenticated Local File Inclusion in Kastell <= 2.0 versions.

Jun 17, 2026
CVE-2026-49268

A remote attacker can inject LDAP special characters into the Distinguished Name (DN) construction in DefaultLdapRealm class. User-supplied username input is directly concatenated into the …

Jun 17, 2026
CVE-2026-49108
9.8 CRITICAL

Unauthenticated PHP Object Injection in Moderno < 1.43 versions.

Jun 17, 2026
CVE-2026-40757
8.1 HIGH

Unauthenticated PHP Object Injection in Château <= 1.2.1 versions.

Jun 17, 2026
CVE-2026-40756
8.1 HIGH

Unauthenticated PHP Object Injection in Zoya <= 1.4 versions.

Jun 17, 2026
CVE-2026-40752
8.1 HIGH

Unauthenticated PHP Object Injection in Manufaktur Solutions <= 1.1.1 versions.

Jun 17, 2026
CVE-2026-40738
8.1 HIGH

Unauthenticated PHP Object Injection in Eldon <= 1.4.1 versions.

Jun 17, 2026
CVE-2026-40733
8.1 HIGH

Unauthenticated PHP Object Injection in ShiftUp <= 1.3 versions.

Jun 17, 2026
CVE-2026-40720
7.1 HIGH

Unauthenticated Cross Site Scripting (XSS) in Royal Elementor Addons Pro < 1.7.1041 versions.

Jun 17, 2026
CVE-2026-39590
8.1 HIGH

Unauthenticated Local File Inclusion in Atomlab <= 2.4.5 versions.

Jun 17, 2026
CVE-2026-39576
8.1 HIGH

Unauthenticated PHP Object Injection in SingleMalt <= 1.5 versions.

Jun 17, 2026
CVE-2026-39560
8.1 HIGH

Unauthenticated PHP Object Injection in Hiroshi <= 1.5.1 versions.

Jun 17, 2026
CVE-2026-39559
8.1 HIGH

Unauthenticated Local File Inclusion in Uppercase < 1.2.2 versions.

Jun 17, 2026
CVE-2026-39556
8.1 HIGH

Unauthenticated PHP Object Injection in Konsept <= 1.9 versions.

Jun 17, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.