CVE Database

36304+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-14400
8.3 HIGH

Out of bounds write in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform …

Jul 1, 2026
CVE-2026-14395
8.8 HIGH

Out of bounds write in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a …

Jul 1, 2026
CVE-2026-14394
8.8 HIGH

Use after free in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. …

Jul 1, 2026
CVE-2026-14393
8.8 HIGH

Use after free in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted …

Jul 1, 2026
CVE-2026-14389
8.3 HIGH

Integer overflow in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox …

Jul 1, 2026
CVE-2026-14385
8.8 HIGH

Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 150.0.7871.46 allowed a remote attacker to perform out of bounds memory access via …

Jul 1, 2026
CVE-2026-14383
8.8 HIGH

Inappropriate implementation in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML …

Jul 1, 2026
CVE-2026-54263
7.3 HIGH

Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, reflected cross-site scripting (XSS) vulnerability exists …

Jul 1, 2026
CVE-2026-52190
7.5 HIGH

Buffer Overflow vulnerability in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service via the gohead/sub_448384 component

Jul 1, 2026
CVE-2026-38891
7.5 HIGH

An improper input validation in the gazebo_ros_diff_drive.cpp component of gazebo_plugins v3.9.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted geometry_msgs::Twist …

Jul 1, 2026
CVE-2026-36912
7.5 HIGH

A NULL pointer dereference in the AP4_AtomSampleTable::GetSample() function of Aleksoid1978 MPC-BE before commit 4341cb3 allows attackers to cause a Denial of Service (DoS) via a …

Jul 1, 2026
CVE-2026-58263
7.2 HIGH

Jodit Editor is a WYSIWYG editor with written in pure TypeScript file and image editing capabilities. In versions prior to 4.12.28, the built-in clean-html sanitizer …

Jul 1, 2026
CVE-2026-55153
7.1 HIGH

mchange-commons-java is a Java library of shared utility classes used by mchange projects like the c3p0 connection pool. Prior to version 0.6.0, its JNDI ObjectFactory …

Jul 1, 2026
CVE-2026-54074
7.8 HIGH

Tina is a headless content management system. @tinacms/cli versions prior to 2.4.3 contain a Remote Code Execution vulnerability in the Forestry-to-Tina migration command. The internal …

Jul 1, 2026
CVE-2026-50521
8.3 HIGH

Use after free in Microsoft Edge (Chromium-based) allows an authorized attacker to execute code over a network.

Jul 1, 2026
CVE-2026-58593
7.5 HIGH

NodeBB does not bind the claimed author of an inbound ActivityPub object to the authenticated remote actor. The inbound middleware verifies the HTTP-signature actor and …

Jul 1, 2026
CVE-2026-58592
8.3 HIGH

Ladybird contains a dangling-reference memory-safety flaw in its WebAssembly ESM-integration module loader. When a JavaScript function is imported into a WebAssembly module via the ESM …

Jul 1, 2026
CVE-2026-14265
7.5 HIGH

Deserialization of untrusted data in the RemoteQueryCachePlugin in Amazon Web Services AWS Advanced JDBC Wrapper 3.3.0 through 4.0.0 might allow an actor with write access …

Jul 1, 2026
CVE-2026-49119
7.5 HIGH

Gradio before 6.16.0 contain a path traversal vulnerability in the FileExplorer component's preprocess() method that allows unauthenticated attackers to escape the configured root directory by …

Jul 1, 2026
CVE-2026-41121
7.3 HIGH

Dell Device Management Agent, versions prior to DDMA 26.05, contain an Improper Link Resolution Before File Access ('Link Following’) vulnerability. A low privileged attacker with …

Jul 1, 2026
CVE-2026-13760
7.3 HIGH

OS command injection in the NodejsFunction Docker bundling pipeline (OsCommand helper) in AWS aws-cdk-lib on all platforms might allow a actor who controls dependency version …

Jul 1, 2026
CVE-2026-57736
7.4 HIGH

Insertion of Sensitive Information Into Sent Data vulnerability in HubSpot allows Retrieve Embedded Sensitive Data. This issue affects HubSpot: from n/a through 11.3.51.

Jul 1, 2026
CVE-2026-57723
7.4 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS allows Path Traversal. This issue affects VikBooking Hotel Booking Engine & PMS: …

Jul 1, 2026
CVE-2026-54428
7.5 HIGH

Allocation of resources without limits or throttling in the HTTP/2 HPACK decoder in Apache HttpComponents Core (5.4.2 and earlier, 5.5-beta1 and earlier) allows an remote …

Jul 1, 2026
CVE-2026-49091
8.0 HIGH

Improper Output Neutralization for Logs (CWE-117) in Kibana can lead to log injection via Log Injection-Tampering-Forging (CAPEC-93). An attacker can supply specially crafted input that …

Jul 1, 2026
CVE-2026-46680
7.8 HIGH

containerd is an open-source container runtime. In versions prior to 1.7.32, 2.0.9, 2.2.4 and 2.3.1, containers launched with a numeric User directive that cannot be …

Jul 1, 2026
CVE-2026-58454
7.5 HIGH

JAIOTlink C492A-W6 Wi-Fi IP cameras running firmware 4.8.30.57701411 contain a remote code execution vulnerability that allows authenticated attackers to execute arbitrary shell scripts by writing …

Jul 1, 2026
CVE-2026-58452
8.8 HIGH

JAIOTlink C492A-W6 Wi-Fi IP cameras running firmware 4.8.30.57701411 contain an OS command injection vulnerability that allows authenticated attackers to achieve remote code execution by supplying …

Jul 1, 2026
CVE-2026-57516
8.8 HIGH

Ray prior to 2.56.0 contains an unsafe deserialization vulnerability in the WebDataset reader that allows attackers to achieve remote code execution by supplying a malicious …

Jul 1, 2026
CVE-2026-54399
7.5 HIGH

Uncontrolled Resource Consumption vulnerability in the HTTP/1.1 message parser in Apache HttpComponents Core (5.4.2 and earlier, 5.5-beta1 and earlier) allows an remote attacker to cause …

Jul 1, 2026
CVE-2026-20244
7.5 HIGH

A vulnerability in the DMG file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded …

Jul 1, 2026
CVE-2026-20243
7.5 HIGH

A vulnerability in the ALZ file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded …

Jul 1, 2026
CVE-2026-20217
7.5 HIGH

A vulnerability in the PESpin file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded …

Jul 1, 2026
CVE-2026-20216
7.5 HIGH

A vulnerability in the InstallShield file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device. …

Jul 1, 2026
CVE-2026-20215
7.5 HIGH

A vulnerability in the 7z file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded …

Jul 1, 2026
CVE-2026-20214
7.5 HIGH

A vulnerability in the FSG file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded …

Jul 1, 2026
CVE-2026-20213
7.5 HIGH

A vulnerability in the PE file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded …

Jul 1, 2026
CVE-2026-20191
7.5 HIGH

A vulnerability in Cisco Catalyst Center could allow an unauthenticated, remote attacker to read arbitrary files from a restricted container.  This vulnerability is due to …

Jul 1, 2026
CVE-2026-24264
7.5 HIGH

NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause improper handling of highly compressed data. A successful exploit of this …

Jul 1, 2026
CVE-2026-24260
8.5 HIGH

NVIDIA Container Toolkit for Linux contains a vulnerability where an attacker could cause a time-of-check time-of-use race condition. A successful exploit of this vulnerability might …

Jul 1, 2026
CVE-2026-24251
7.8 HIGH

NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause improper control of dynamically managed code resources. A successful exploit of this …

Jul 1, 2026
CVE-2026-24250
7.8 HIGH

NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause improper validation of allowed inputs. A successful exploit of this vulnerability might …

Jul 1, 2026
CVE-2026-24249
7.8 HIGH

NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead …

Jul 1, 2026
CVE-2026-24248
7.8 HIGH

NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause improper control of code generation. A successful exploit of this vulnerability might …

Jul 1, 2026
CVE-2026-24247
7.8 HIGH

NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead …

Jul 1, 2026
CVE-2026-24246
7.8 HIGH

NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause improper control of dynamically managed code resources. A successful exploit of this …

Jul 1, 2026
CVE-2026-24245
7.8 HIGH

NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead …

Jul 1, 2026
CVE-2026-24244
7.8 HIGH

NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead …

Jul 1, 2026
CVE-2026-24243
7.8 HIGH

NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead …

Jul 1, 2026
CVE-2026-24242
7.8 HIGH

NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause server-side request forgery. A successful exploit of this vulnerability might lead to …

Jul 1, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.