CVE Database

36500+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-70950
7.3 HIGH

An issue in gohttp commit 34ea51 allows attackers to execute a directory traversal via supplying a crafted request.

May 19, 2026
CVE-2025-51427
7.3 HIGH

An issue was discovered in ModelScope 1.25.0 allowing attackers to execute arbitrary code via crafted module listed in the configuration file (dey_mini.yaml) under the key …

May 19, 2026
CVE-2026-8975
8.8 HIGH

Memory safety bugs present in Thunderbird 140.10 and Thunderbird 150. Some of these bugs showed evidence of memory corruption and we presume that with enough …

May 19, 2026
CVE-2026-8974
8.8 HIGH

Memory safety bugs present in Thunderbird 140.10 and Thunderbird 150. Some of these bugs showed evidence of memory corruption and we presume that with enough …

May 19, 2026
CVE-2026-8973
8.8 HIGH

Memory safety bugs present in Thunderbird 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of …

May 19, 2026
CVE-2026-8972
8.8 HIGH

Privilege escalation in the WebRTC: Audio/Video component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.

May 19, 2026
CVE-2026-8970
8.8 HIGH

Privilege escalation in the Security component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.

May 19, 2026
CVE-2026-8969
8.1 HIGH

Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.

May 19, 2026
CVE-2026-8968
7.5 HIGH

Denial-of-service due to invalid pointer in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird …

May 19, 2026
CVE-2026-8967
7.5 HIGH

Information disclosure in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.

May 19, 2026
CVE-2026-8966
7.5 HIGH

Information disclosure in the IP Protection component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.

May 19, 2026
CVE-2026-8965
7.5 HIGH

Information disclosure in the DOM: Security component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.

May 19, 2026
CVE-2026-8964
7.5 HIGH

Spoofing issue in the Popup Blocker component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.

May 19, 2026
CVE-2026-8963
7.5 HIGH

Spoofing issue in the Web Speech component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.

May 19, 2026
CVE-2026-8962
8.1 HIGH

Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.

May 19, 2026
CVE-2026-8960
7.5 HIGH

Spoofing issue in WebExtensions. This vulnerability was fixed in Firefox 151 and Thunderbird 151.

May 19, 2026
CVE-2026-8958
8.6 HIGH

Information disclosure, sandbox escape in the Security: Process Sandboxing component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.

May 19, 2026
CVE-2026-8957
8.8 HIGH

Privilege escalation in the Enterprise Policies component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.

May 19, 2026
CVE-2026-8955
8.8 HIGH

Privilege escalation in the DOM: Workers component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.

May 19, 2026
CVE-2026-8954
7.5 HIGH

Incorrect boundary conditions, integer overflow in the Audio/Video component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.

May 19, 2026
CVE-2026-8952
8.8 HIGH

Privilege escalation in the Application Update component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.

May 19, 2026
CVE-2026-8949
7.5 HIGH

Integer overflow in the Widget: Win32 component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.

May 19, 2026
CVE-2026-8947
7.3 HIGH

Use-after-free in the DOM: Bindings (WebIDL) component. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.

May 19, 2026
CVE-2026-8946
7.5 HIGH

Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird 151, and …

May 19, 2026
CVE-2026-8945
7.5 HIGH

Sandbox escape in Firefox and Firefox Focus for Android. This vulnerability was fixed in Firefox 151.

May 19, 2026
CVE-2026-23558
7.8 HIGH

The adjustments made for XSA-379 as well as those subsequently becoming XSA-387 still left a race window, when a HVM or PVH guest does a …

May 19, 2026
CVE-2026-8912
7.5 HIGH

The Contest Gallery plugin for WordPress is vulnerable to SQL Injection via the 'form_input' parameter in versions up to, and including, 28.1.6. This is due …

May 19, 2026
CVE-2026-7571
7.1 HIGH

A flaw was found in Keycloak. A low-privilege user, with knowledge of user credentials and client ID, can bypass a security control intended to disable …

May 19, 2026
CVE-2026-7507
7.5 HIGH

A session fixation vulnerability was found in Keycloak's login-actions endpoints. An unauthenticated attacker could exploit this flaw by pre-creating an authentication session and tricking a …

May 19, 2026
CVE-2026-7504
8.1 HIGH

A flaw was found in Keycloak's URL validation logic during redirect operations. By crafting a malicious request, an attacker could bypass validation to redirect users …

May 19, 2026
CVE-2026-7307
7.5 HIGH

A flaw was found in Keycloak. A remote, unauthenticated attacker can send a specially crafted XML input to the Security Assertion Markup Language (SAML) endpoint. …

May 19, 2026
CVE-2026-46586
8.8 HIGH

Improper Control of Generation of Code ('Code Injection'), Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') vulnerability in Apache OFBiz. This issue affects …

May 19, 2026
CVE-2026-31910
7.5 HIGH

Server-Side Request Forgery (SSRF) vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes …

May 19, 2026
CVE-2026-31909
7.5 HIGH

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to …

May 19, 2026
CVE-2026-29226
7.3 HIGH

Server-Side Request Forgery (SSRF) vulnerability in Apache OFBiz via Content component operations. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to …

May 19, 2026
CVE-2026-47314
7.8 HIGH

Out-of-bounds write vulnerability in Samsung Open Source Escargot allows Overflow Buffers. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3.

May 19, 2026
CVE-2026-8813
7.5 HIGH

This affects versions of the package exifreader before 4.39.0. A crafted image containing an ICC mluc tag can set an attacker-controlled record count together with …

May 19, 2026
CVE-2026-47311
7.8 HIGH

Heap-based buffer overflow vulnerability in Samsung Open Source Escargot allows Overflow Buffers. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3.

May 19, 2026
CVE-2026-47310
7.8 HIGH

Use after free vulnerability in Samsung Open Source Escargot allows Pointer Manipulation. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3.

May 19, 2026
CVE-2025-15609
7.5 HIGH

The Fortis for WooCommerce WordPress plugin before 1.3.1 may leak sensitive API keys to unauthenticated attackers, allowing them to query Fortis' API and retrieve sensitive …

May 19, 2026
CVE-2026-27648
8.8 HIGH

in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps.

May 19, 2026
CVE-2026-25781
8.4 HIGH

in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS and it cannot be recovered.

May 19, 2026
CVE-2026-24792
8.1 HIGH

in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps.

May 19, 2026
CVE-2026-22069
7.3 HIGH

A local privilege escalation vulnerability exists in O+ Connect because it fails to validate the identity of the caller on the pipe interface.

May 19, 2026
CVE-2026-33233
7.6 HIGH

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. In versions 0.6.34 through 0.6.51, the backend deserializes Redis cache …

May 19, 2026
CVE-2026-33232
7.5 HIGH

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Versions 0.4.2 through 0.6.51 are vulnerable to an unauthenticated Denial …

May 19, 2026
CVE-2026-32323
7.3 HIGH

Mullvad VPN is a VPN client app for desktop and mobile. When using macOS with versions 2026.1 and below, Mullvad VPN may allow local privilege …

May 19, 2026
CVE-2026-30950
7.1 HIGH

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Versions 0.6.36 through 0.6.50 are vulnerable to Authenticated Session Hijacking …

May 18, 2026
CVE-2026-27891
7.2 HIGH

FacturaScripts is an open source accounting and invoicing software. Versions 2026 and below contain a critical vulnerability in the Plugins::add() function. The system fails to …

May 18, 2026
CVE-2026-8851
8.1 HIGH

SOGo versions 5.12.7 and prior contains a SQL injection vulnerability in the Access Control List management functionality that allows authenticated users to extract arbitrary data …

May 18, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.