CVE Database

36500+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-44575
7.5 HIGH

Next.js is a React framework for building full-stack web applications. From 15.2.0 to before 15.5.16 and 16.2.5, App Router applications that rely on middleware or …

May 13, 2026
CVE-2026-44574
8.1 HIGH

Next.js is a React framework for building full-stack web applications. From 15.4.0 to before 15.5.16 and 16.2.5, applications that rely on middleware to protect dynamic …

May 13, 2026
CVE-2026-44573
7.5 HIGH

Next.js is a React framework for building full-stack web applications. From 12.2.0 to before 15.5.16 and 16.2.5, Applications using the Pages Router with i18n configured …

May 13, 2026
CVE-2026-6282
8.1 HIGH

A potential improper file path validation vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow a remote authenticated user to move …

May 13, 2026
CVE-2026-6281
8.8 HIGH

A potential vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow a remote authenticated user on the local network to execute …

May 13, 2026
CVE-2026-44432
7.5 HIGH

urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress the whole response instead of the requested portion (1) …

May 13, 2026
CVE-2026-44295
8.7 HIGH

protobufjs-cli is the command line add-on for protobuf.js. Prior to 1.2.1 and 2.0.2, pbjs static code generation could emit unsafe JavaScript identifiers derived from schema-controlled …

May 13, 2026
CVE-2026-44293
8.8 HIGH

protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.5.6 and 8.0.2, protobufjs generated JavaScript for toObject conversion could include an unsafe expression derived …

May 13, 2026
CVE-2026-44291
8.1 HIGH

protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.5.6 and 8.0.2, protobufjs used plain objects with inherited prototypes for internal type lookup tables …

May 13, 2026
CVE-2026-44290
7.5 HIGH

protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.5.6 and 8.0.2, protobufjs allowed certain schema option paths to traverse through inherited object properties …

May 13, 2026
CVE-2026-44289
7.5 HIGH

protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.5.6 and 8.0.2, protobufjs could recurse without a depth limit while decoding nested protobuf data. …

May 13, 2026
CVE-2026-42945
8.1 HIGH

NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vulnerability exists when the rewrite directive is followed by a rewrite, …

May 13, 2026
CVE-2026-42930
8.7 HIGH

When running in Appliance mode, an authenticated attacker assigned the 'Administrator' role may be able to bypass Appliance mode restrictions on a BIG-IP system. Note: …

May 13, 2026
CVE-2026-42924
8.7 HIGH

An authenticated attacker with the Resource Administrator or Administrator role can create SNMP configuration objects through iControl SOAP resulting in privilege escalation. Note: Software versions …

May 13, 2026
CVE-2026-42920
7.5 HIGH

When a Client SSL profile is configured with Allow Dynamic Record Sizing on a UDP virtual server, undisclosed traffic can cause the Traffic Management Microkernel …

May 13, 2026
CVE-2026-42409
7.5 HIGH

When an HTTP/2 profile and an iRule containing the HTTP::redirect or HTTP::respond command are configured on a virtual server, undisclosed requests can cause the Traffic …

May 13, 2026
CVE-2026-42406
8.7 HIGH

A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Certificate Manager role can modify configuration objects …

May 13, 2026
CVE-2026-42290
7.8 HIGH

protobufjs-cli is the command line add-on for protobuf.js. Prior to 1.2.1 and 2.0.2, pbts invoked JSDoc by building a shell command string from input file …

May 13, 2026
CVE-2026-42266
8.8 HIGH

jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. From 4.0.0 to 4.5.6, the allow-list of extensions that …

May 13, 2026
CVE-2026-41957
8.8 HIGH

An authenticated remote code execution vulnerability through undisclosed vectors exists in the BIG-IP and BIG-IQ Configuration utility. Note: Software versions which have reached End of …

May 13, 2026
CVE-2026-41956
7.5 HIGH

When a classification profile is configured on a UDP virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions …

May 13, 2026
CVE-2026-41953
8.7 HIGH

A vulnerability exists in BIG-IP systems where a highly privileged, authenticated attacker with at least the Resource Administrator role can modify configuration objects resulting in …

May 13, 2026
CVE-2026-41227
7.5 HIGH

On an HTTP/2 virtual server with Layer 7 DoS Protection configured, undisclosed traffic can result in an increase in memory consumption causing the Traffic Management …

May 13, 2026
CVE-2026-41218
7.5 HIGH

When BIG-IP PEM iRules are configured on a virtual server (iRules using commands starting with CLASSIFICATION::, CLASSIFY::, PEM::, PSC::, and the urlcatquery command), undisclosed traffic …

May 13, 2026
CVE-2026-41217
7.9 HIGH

A vulnerability exists in an undisclosed BIG-IP TMOS Shell (tmsh) command that may allow an authenticated attacker with resource administrator or administrator role to execute …

May 13, 2026
CVE-2026-40698
8.7 HIGH

A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Resource Administrator role can create SNMP configuration …

May 13, 2026
CVE-2026-40631
8.7 HIGH

An authenticated attacker with the Resource Administrator or Administrator role can modify configuration objects through iControl SOAP resulting in privilege escalation. Note: Software versions which …

May 13, 2026
CVE-2026-40629
7.5 HIGH

When SSL profiles are configured on a virtual server, undisclosed traffic can cause the virtual server to stop processing new client connections. Note: Software versions …

May 13, 2026
CVE-2026-40618
7.5 HIGH

When an SSL profile is configured on a virtual server on BIG-IP Virtual Edition (VE) without Intel QuickAssist Technology (QAT) or on BIG-IP hardware platforms …

May 13, 2026
CVE-2026-40423
7.5 HIGH

When a SIP profile is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which …

May 13, 2026
CVE-2026-40067
7.5 HIGH

When a BIG-IP APM access policy is configured on a virtual server, undisclosed traffic can cause the apmd process to terminate. Note: Software versions which …

May 13, 2026
CVE-2026-40061
8.7 HIGH

When BIG-IP DNS is provisioned, a vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS Shell (tmsh) command that may allow an authenticated attacker …

May 13, 2026
CVE-2026-40060
7.5 HIGH

When a BIG-IP Advanced WAF or ASM security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate. Note: …

May 13, 2026
CVE-2026-39459
7.2 HIGH

A vulnerability exists in iControl REST and the TMOS Shell (tmsh) where a highly privileged, authenticated attacker with at least the Manager role can create …

May 13, 2026
CVE-2026-39458
7.5 HIGH

When a BIG-IP DNS profile enabled with DNS cache is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to …

May 13, 2026
CVE-2026-39455
7.5 HIGH

When the BIG-IP Configuration utility is configured to use Lightweight Directory Access Protocol (LDAP) authentication, undisclosed traffic can cause the httpd process to exhaust the …

May 13, 2026
CVE-2026-36741
7.2 HIGH

U-SPEED AC1200 Gigabit Wi-Fi Router (Model: T18-21K) V1.0 is vulnerable to Command Injection. The Network Time Protocol (NTP) configuration interface does not properly sanitize user-supplied …

May 13, 2026
CVE-2026-34176
8.7 HIGH

When running in Appliance mode, an authenticated remote command injection vulnerability exists in an undisclosed iControl REST endpoint. A successful exploit can allow the attacker …

May 13, 2026
CVE-2026-32673
8.7 HIGH

A vulnerability exists in BIG-IP scripted monitors that may allow an authenticated attacker with the Resource Administrator or Administrator role to execute arbitrary system commands …

May 13, 2026
CVE-2026-32643
8.7 HIGH

A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Certificate Manager role can modify configuration objects …

May 13, 2026
CVE-2026-20916
8.1 HIGH

An authenticated iControl REST user with low privileges can create or modify arbitrary files through an undisclosed iControl REST endpoint on the BIG-IQ system. Note: …

May 13, 2026
CVE-2025-28344
7.5 HIGH

striso-control-firmware 54c9722 is vulnerable to Buffer Overflow in function AuxJack.

May 13, 2026
CVE-2025-28343
7.5 HIGH

striso-control-firmware 54c9722 is vulnerable to Buffer Overflow in function ThreadReadButtons.

May 13, 2026
CVE-2024-55045
7.3 HIGH

Firmament-Autopilot FMT-Firmware commit de5aec was discovered to contain a buffer overflow via the task_mavobc_entry function at /comm/task_comm.c.

May 13, 2026
CVE-2020-37226
7.1 HIGH

Joomla J2 JOBS 1.3.0 contains an authenticated SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'sortby' …

May 13, 2026
CVE-2020-37224
7.1 HIGH

Joomla J2 JOBS 1.3.0 contains an authenticated SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'sortby' …

May 13, 2026
CVE-2020-37223
7.8 HIGH

IObit Uninstaller 9.5.0.15 contains an unquoted service path vulnerability in the IObitUnSvr service that allows local attackers to escalate privileges to SYSTEM level. Attackers can …

May 13, 2026
CVE-2020-37222
7.2 HIGH

Kuicms Php EE 2.0 contains a persistent cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted content through the bbs …

May 13, 2026
CVE-2020-37221
8.4 HIGH

Atomic Alarm Clock 6.3 contains a stack overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string to the display …

May 13, 2026
CVE-2020-37220
7.5 HIGH

Huawei HG630 V2 router contains an authentication bypass vulnerability that allows unauthenticated attackers to obtain administrative access by retrieving the device serial number. Attackers can …

May 13, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.