CVE Database

108224+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-53846
7.1 HIGH

OpenClaw before 2026.4.29 contains a path traversal vulnerability in the install helper that allows workspace .env files to override the npm_execpath configuration used for bundled …

Jun 16, 2026
CVE-2026-53845
4.3 MEDIUM

OpenClaw before 2026.5.6 contains a hook bypass vulnerability where skill commands routed through the affected dispatch path skip before-tool-call hook coverage. Attackers can exploit this …

Jun 16, 2026
CVE-2026-53844
6.5 MEDIUM

OpenClaw before 2026.4.29 contains a session visibility check bypass vulnerability in shared memory search that allows authenticated callers to access memory entries without proper authorization. …

Jun 16, 2026
CVE-2026-53843
8.8 HIGH

OpenClaw before 2026.5.26 contains an authorization bypass vulnerability where a surviving pairing-scoped device session can re-establish node token authority after revocation. Attackers with a paired …

Jun 16, 2026
CVE-2026-53842
7.1 HIGH

OpenClaw before 2026.5.2 contains an environment variable injection vulnerability allowing workspace .env files to influence Python runtime selection through CLOUDSDK_PYTHON during Gmail setup gcloud execution. …

Jun 16, 2026
CVE-2026-53841
6.1 MEDIUM

OpenClaw before 2026.5.12 contains a cross-site scripting vulnerability in exported session HTML that preserves unsafe javascript: and data: links in generated content. Attackers can execute …

Jun 16, 2026
CVE-2026-53840
7.1 HIGH

OpenClaw before 2026.5.12 contains an information disclosure vulnerability in streamable-http MCP servers that forwards operator-configured custom headers during cross-origin redirects. Attackers controlling or compromising an …

Jun 16, 2026
CVE-2026-50656
7.8 HIGH

Microsoft is aware of an elevation of privilege in the Microsoft Malware Protection Engine in Microsoft Defender publicly referred to as "RoguePlanet ". We are …

Jun 16, 2026
CVE-2026-4367
5.5 MEDIUM

A flaw was found in libXpm. A local user with low privileges could exploit an Out-of-Bounds Read vulnerability in the `xpmNextWord()` function by processing a …

Jun 16, 2026
CVE-2026-48775
6.8 MEDIUM

LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB (both sync and async, via aiosqlite). In versions 4.1.0 and prior, the …

Jun 16, 2026
CVE-2026-47964
7.8 HIGH

DNG SDK versions 1.7.1 2536 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context …

Jun 16, 2026
CVE-2026-47963
5.5 MEDIUM

DNG SDK versions 1.7.1 2536 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could …

Jun 16, 2026
CVE-2026-47934
5.5 MEDIUM

DNG SDK versions 1.7.1 2536 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could …

Jun 16, 2026
CVE-2026-47927
5.5 MEDIUM

DNG SDK versions 1.7.1 2536 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could …

Jun 16, 2026
CVE-2026-47749
7.8 HIGH

stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more) inference. Versions prior to master-584-0a7ae07 are …

Jun 16, 2026
CVE-2026-47748
5.5 MEDIUM

stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more) inference. Versions prior to master-584-0a7ae07 are …

Jun 16, 2026
CVE-2026-10748

An authenticated user with the nx-licensing-create privilege can upload a specially crafted license file to execute arbitrary operating system commands as the Nexus process user …

Jun 16, 2026
CVE-2024-39575
7.4 HIGH

update_disk_psu_baseline.sh requires password in plain text

Jun 16, 2026
CVE-2026-53776
9.1 CRITICAL

Perry before 0.5.1166 contains a JWT validation vulnerability that allows remote attackers to bypass token expiration by exploiting the unconditional setting of validate_exp = false …

Jun 16, 2026
CVE-2026-44932
8.8 HIGH

Passing of unsanitized strings from DHCP replies into the wicked dhcp client before wicked 0.6.79 could be used by attackers operating a malicious DHCP server …

Jun 16, 2026
CVE-2026-42089
8.6 HIGH

Yeoman Environment provides an API to discover, create, and run generators, and to configure where and how a generator is resolved. Versions 2.9.0 through 6.0.0 …

Jun 16, 2026
CVE-2026-39927

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Jun 16, 2026
CVE-2026-39926

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Jun 16, 2026
CVE-2026-24228
7.8 HIGH

NVIDIA NeMo Framework for Linux contains a vulnerability where an attacker may cause deserialization of untrusted data. A successful exploit of this vulnerability may lead …

Jun 16, 2026
CVE-2026-24155
7.8 HIGH

NVIDIA NeMo Framework for all platforms contains a code injection vulnerability. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, …

Jun 16, 2026
CVE-2026-12412

Rejected reason: loading template...

Jun 16, 2026
CVE-2026-12003

To allow builds of Python to be run from an in-tree layout (rather than an installed file layout), the VPATH variable is defined at build …

Jun 16, 2026
CVE-2026-10649
8.6 HIGH

A flaw was found in Pacemaker. An unauthenticated remote attacker can exploit an integer overflow vulnerability in the remote message decompression process. By sending a …

Jun 16, 2026
CVE-2025-71261
8.6 HIGH

An attacker with network-level access between the SUSE Virtualization and Rancher Manager in SUSE Harvester before 1.8.0 could interfere with the TLS handshake and abuse …

Jun 16, 2026
CVE-2024-38487
7.0 HIGH

api-gateway container running with root privilege would allow an attacker to escape the container and access host system to perform unintended actions.

Jun 16, 2026
CVE-2024-30476
5.4 MEDIUM

PowerStore contains a Stored Cross-Site Scripting Vulnerability in the PowerStore Manager. A remote authenticated low-privileged malicious actor could potentially exploit this vulnerability, it could lead …

Jun 16, 2026
CVE-2024-24909
8.8 HIGH

Dell OpenManage Integration with Microsoft Windows Admin Center contains a Remote Code Execution vulnerability in the gateway plugin. A remote authenticated user could potentially exploit …

Jun 16, 2026
CVE-2024-22451
6.7 MEDIUM

Dell Peripheral Manager, versions from 1.5.1 to 1.7.2, contain an uncontrolled search path element vulnerability. An attacker could potentially exploit this vulnerability through preloading malicious …

Jun 16, 2026
CVE-2026-9307

A sensitive information disclosure security issue exists within the affected CompactLogix controllers. The controller's web server exposes CIP Connection IDs on the diagnostics webpage, which …

Jun 16, 2026
CVE-2026-48780
8.2 HIGH

Forem is open source software for building communities. Prior to commit a2ab6d4, a maliciously crafted email address could allow an attacker to bypass domain allowlist …

Jun 16, 2026
CVE-2026-47684
7.7 HIGH

Sync-in Server is a secure, open-source platform for file storage, sharing, collaboration, and syncing. Prior to version 2.3.0, the private IP blocklist regex used in …

Jun 16, 2026
CVE-2026-12398
7.5 HIGH

A command injection vulnerability was found in galaxy_ng. The do_git_checkout() function in the legacy role import API (v1) interpolates unsanitized git ref names (branch/tag names) …

Jun 16, 2026
CVE-2026-11317

A denial of service security issue exists in the affected product. The security issue stems from a fault occurring when a crafted CIP message is …

Jun 16, 2026
CVE-2026-10831

A denial-of-service vulnerability exists in NPort devices because of improper access control on the command port. The command interface does not properly validate whether a …

Jun 16, 2026
CVE-2026-10640
4.2 MEDIUM

Zephyr's IPv6 Neighbor Discovery send paths (net_ipv6_send_na, net_ipv6_send_ns, net_ipv6_send_rs in subsys/net/ip/ipv6_nbr.c) updated the per-interface ICMP-sent statistics by calling net_pkt_iface(pkt) after net_send_data(pkt) had already returned successfully. …

Jun 16, 2026
CVE-2026-10639
4.8 MEDIUM

In Zephyr's native IPv4 stack, icmpv4_handle_echo_request() in subsys/net/ip/icmpv4.c builds an echo-reply packet (reply), hands it to net_try_send_data(), and then, on success, calls net_stats_update_icmp_sent(net_pkt_iface(reply)). net_try_send_data() transfers …

Jun 16, 2026
CVE-2026-10638
5.9 MEDIUM

subsys/net/ip/icmpv6.c reads the network interface from a net_pkt after that packet has been handed to net_try_send_data(). In icmpv6_handle_echo_request() and net_icmpv6_send_error(), the post-send statistics update calls …

Jun 16, 2026
CVE-2026-10637
5.9 MEDIUM

subsys/net/ip/ipv6_mld.c:mld_send() read the packet interface via net_pkt_iface(pkt) after net_send_data(pkt) returned successfully. Per the network stack's ownership contract (include/zephyr/net/net_core.h, and the explicit warning in subsys/net/ip/net_core.c:453-460 'do …

Jun 16, 2026
CVE-2026-10636
3.7 LOW

In Zephyr's IPv4 IGMP implementation, igmp_send() in subsys/net/ip/igmp.c read the network interface back out of the packet via net_pkt_iface(pkt) after the packet had been handed …

Jun 16, 2026
CVE-2026-0647

An improper authentication security issue exists within the 1794-AENTR adapter's embedded web server. The vulnerability allows an unauthenticated attacker to change the device's web interface …

Jun 16, 2026
CVE-2026-0646

A denial-of-service security issue exists within the 1794-AENTR adapter due to improper memory handling of CIP protocol requests. This vulnerability can result in the adapter …

Jun 16, 2026
CVE-2025-14272

A security issue was identified in Pavilion due to improper authorization enforcement in API endpoints. This vulnerability can allow an unauthorized actor to execute privileged …

Jun 16, 2026
CVE-2025-13036

An authentication bypass security issue exists within FactoryTalk Historian Site Edition. By continually sending requests to the login endpoint, an attacker may obtain a valid …

Jun 16, 2026
CVE-2025-11694

A security issue exists within 1769 CompactLogix controllers due to the missing validation of sequence numbers and source IP addresses in the CIP protocol. This …

Jun 16, 2026
CVE-2024-22447
6.7 MEDIUM

Dell Peripheral Manager, versions prior to 1.7.3, contain an uncontrolled search path element vulnerability. An attacker could potentially exploit this vulnerability through preloading malicious dll., …

Jun 16, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.