CVE Database

36500+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-14361
7.1 HIGH

Missing Authorization vulnerability in AA-Team Woocommerce Envato Affiliates allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Woocommerce Envato Affiliates: from n/a through …

May 26, 2026
CVE-2026-9575
7.3 HIGH

A vulnerability has been found in itsourcecode Student Transcript Processing System 1.0. This issue affects some unknown processing of the file /admin/modules/class/index.php?view=view. The manipulation of …

May 26, 2026
CVE-2026-9574
7.3 HIGH

A flaw has been found in itsourcecode Student Transcript Processing System 1.0. This vulnerability affects unknown code of the file /admin/modules/student/trans.php. Executing a manipulation of …

May 26, 2026
CVE-2026-9573
7.3 HIGH

A vulnerability was detected in itsourcecode Student Transcript Processing System 1.0. This affects an unknown part of the file /admin/modules/student/index.php?view=view. Performing a manipulation of the …

May 26, 2026
CVE-2026-44832
8.8 HIGH

Snipe-IT is an IT asset/license management system. Prior to 8.4.1, aAn authenticated user with only users.edit permission can escalate their own privileges to admin by …

May 26, 2026
CVE-2026-8890
8.2 HIGH

code100x contains an authentication bypass vulnerability in the Mobile API that allows unauthenticated attackers to impersonate arbitrary users by supplying a crafted JSON payload in …

May 26, 2026
CVE-2026-4051
7.2 HIGH

IBM Engineering Lifecycle Management 7.0.3, 7.1.0, and 7.2.0 could allow an attacker with administrative privileges to execute remote code due to exposed method that is …

May 26, 2026
CVE-2026-3603
7.1 HIGH

IBM Engineering Lifecycle Management 7.0.3 Interim Fix 001 through Interim Fix 021, 7.1.0 Interim Fix 001 through Interim Fix 009, and 7.2.0 and 7.2.0 Interim …

May 26, 2026
CVE-2026-9560
7.8 HIGH

Privilege escalation via background service of OpenVPN Connect 3.5.1 through 3.8.1 on macOS allows attackers to execute arbitrary commands with elevated privileges via local IPC …

May 26, 2026
CVE-2026-8856
7.7 HIGH

IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service in configurations where an attacker has write access to parts of the server …

May 26, 2026
CVE-2026-8855
8.1 HIGH

IBM HTTP Server 8.5, and 9.0 is vulnerable to remote code execution and denial of service in configurations with TLS mutual authentication (client authentication).

May 26, 2026
CVE-2026-8854
7.5 HIGH

IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service via the optional module mod_mem_cache.

May 26, 2026
CVE-2026-8835
7.3 HIGH

IBM HTTP Server 8.5, and 9.0 is vulnerable to invalid pointer dereference. A privileged user, authenticated to the Administration Server, could exploit this vulnerability to …

May 26, 2026
CVE-2026-8834
8.0 HIGH

IBM HTTP Server 8.5, and 9.0 contains a buffer overflow vulnerability. A privileged user, authenticated to the Administration Server, could exploit this vulnerability to execute …

May 26, 2026
CVE-2026-8620
7.5 HIGH

IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5, 9.0 IBM WebSphere Application Server and WebSphere Application Server Liberty are vulnerable to …

May 26, 2026
CVE-2026-7454
7.8 HIGH

A maliciously crafted WRL file, when parsed through Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to …

May 26, 2026
CVE-2026-7452
7.8 HIGH

A maliciously crafted WRL file, when parsed through Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to …

May 26, 2026
CVE-2026-7451
7.8 HIGH

A maliciously crafted TIF file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to …

May 26, 2026
CVE-2026-48695
8.1 HIGH

FastNetMon Community Edition through 1.2.9 contains an OS command injection vulnerability in the MikroTik router integration plugin. The _log() function in src/mikrotik_plugin/fastnetmon_mikrotik.php (lines 107-108) constructs …

May 26, 2026
CVE-2026-48694
8.1 HIGH

FastNetMon Community Edition through 1.2.9 contains a configuration injection vulnerability in the Juniper router integration plugin. In src/juniper_plugin/fastnetmon_juniper.php, the $IP_ATTACK variable (received from argv[1]) is …

May 26, 2026
CVE-2026-44730
7.2 HIGH

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 6.9.7, an organization admin can escalate their privileges by …

May 26, 2026
CVE-2026-44728
8.2 HIGH

Babel is a compiler for writing next generation JavaScript. From 7.12.0 to before 7.29.4 and 8.0.0-alpha.13, using Babel to compile code that was specifically crafted …

May 26, 2026
CVE-2026-44706
8.5 HIGH

Chatwoot is a customer engagement suite. From 2.2.0 to before 4.11.2, a SQL injection vulnerability exists in the conversation and contact filter APIs. When filtering …

May 26, 2026
CVE-2026-44669
8.7 HIGH

FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, Faction is vulnerable to stored cross-site scripting (XSS) via attachment filenames in assessment …

May 26, 2026
CVE-2026-44667
8.7 HIGH

FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, Faction is vulnerable to stored cross-site scripting (XSS) via attachment filenames in remediation …

May 26, 2026
CVE-2026-24200
7.0 HIGH

NVIDIA vGPU software contains a vulnerability in the virtual GPU manager, where an attacker could cause a use-after-free for stack memory. A successful exploit of …

May 26, 2026
CVE-2026-24196
7.1 HIGH

NVIDIA Display Driver for Linux contains a vulnerability where a user could cause an out-of-bounds read. A successful exploit of this vulnerability might lead to …

May 26, 2026
CVE-2026-24195
7.1 HIGH

NVIDIA Display Driver for Linux contains a vulnerability in UVM, where a user could cause improper input validation. A successful exploit of this vulnerability might …

May 26, 2026
CVE-2026-24194
7.8 HIGH

NVIDIA Display Driver for Linux contains a vulnerability in a kernel mode layer handler, where a user could cause improper permission handling. A successful exploit …

May 26, 2026
CVE-2026-24193
7.8 HIGH

NVIDIA Display Driver for Windows and Linux contains a vulnerability where an attacker could cause an out-of-bounds write. A successful exploit of this vulnerability might …

May 26, 2026
CVE-2026-24192
7.8 HIGH

NVIDIA Display Driver for Linux contains a vulnerability where an attacker could cause an incorrect conversion between numeric types, leading to a heap buffer overflow. …

May 26, 2026
CVE-2026-24191
7.8 HIGH

NVIDIA Display Driver for Windows contains a vulnerability where an attacker could cause a time-of-check time-of-use issue. A successful exploit of this vulnerability might lead …

May 26, 2026
CVE-2026-24190
7.8 HIGH

NVIDIA Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a user could cause improper access to GPU resources. …

May 26, 2026
CVE-2026-24187
8.8 HIGH

NVIDIA Display Driver for Linux contains a vulnerability where an attacker could cause a use-after-free. A successful exploit of this vulnerability might lead to denial …

May 26, 2026
CVE-2026-9562
7.3 HIGH

A vulnerability has been found in sambitraj STUDENT-MANAGEMENT-SYSTEM up to 56ba287f2e9031523ccb4244cb6e3fe530e4e5d5. The affected element is an unknown function of the component Dashboard. Such manipulation leads …

May 26, 2026
CVE-2026-8850
7.5 HIGH

IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service via the optional module mod_ibm_upload.

May 26, 2026
CVE-2026-48901
7.5 HIGH

The InputFilter::getInstance() method omitted a security sensitive parameter from the instance cache key.

May 26, 2026
CVE-2026-48897
7.5 HIGH

Insufficient state checks lead to a vector that allows to bypass 2FA checks.

May 26, 2026
CVE-2026-48896
7.5 HIGH

Insufficient state checks lead to a vector that allows to bypass 2FA checks.

May 26, 2026
CVE-2026-48864
7.8 HIGH

A flaw was found in libsolv. This heap buffer overflow occurs during the decompression of attacker-controlled compressed data within `.solv` files due to insufficient input …

May 26, 2026
CVE-2026-48697
7.4 HIGH

FastNetMon Community Edition through 1.2.9 does not verify TLS certificates on outbound HTTPS connections. The execute_web_request_secure() function in src/fast_library.cpp creates a boost::asio::ssl::context with tls_client mode …

May 26, 2026
CVE-2026-48690
7.1 HIGH

FastNetMon Community Edition through 1.2.9 contains an integer overflow vulnerability in the packet capture buffer allocation. In src/packet_storage.hpp, the allocate_buffer() function computes memory_size_in_bytes as 'buffer_size_in_packets …

May 26, 2026
CVE-2026-48126
8.2 HIGH

Algernon is a small self-contained pure-Go web server. Prior to 1.17.8, when algernon is started with --domain (or --letsencrypt, which silently turns on --domain at …

May 26, 2026
CVE-2026-45728
7.5 HIGH

Algernon is a small self-contained pure-Go web server. Prior to 1.17.7, when Algernon is invoked with a single file path instead of a directory, singleFileMode …

May 26, 2026
CVE-2026-44729
8.7 HIGH

Twenty is an open source CRM. In 1.18.0 and earlier, the file serving endpoints in Twenty CRM at /files/* and /file/:fileFolder/:id serve uploaded files using …

May 26, 2026
CVE-2026-44680
7.6 HIGH

MikroORM is a TypeScript ORM for Node.js based on Data Mapper, Unit of Work and Identity Map patterns. Prior to @mikro-orm/knex 6.6.14 and @mikro-orm/sql 7.0.14, …

May 26, 2026
CVE-2026-40384
7.5 HIGH

An improper validation of the search parameter of the com_media files API endpoint leads to a path traversal vulnerability.

May 26, 2026
CVE-2026-24212
7.5 HIGH

NVIDIA Isaac Launchable for Linux contains a vulnerability where sensitive information is transmitted in clear text. A successful exploit of this vulnerability might lead to …

May 26, 2026
CVE-2026-24162
7.8 HIGH

NVIDIA Transformers4Rec for Linux contains a vulnerability where an attacker could cause improper deserialization of untrusted data. A successful exploit of this vulnerability might lead …

May 26, 2026
CVE-2026-48692
8.1 HIGH

FastNetMon Community Edition through 1.2.9 exposes a gRPC API server on port 50052 with no authentication mechanism. The server is initialized with grpc::InsecureServerCredentials() (src/fastnetmon.cpp line …

May 26, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.