CVE Database

108577+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-12225

syracom AG Secure Login (2FA) for Atlassian Jira, Confluence, and Bitbucket 3.4.0.x contains an authentication bypass vulnerability. An attacker with valid credentials for a user …

Jun 16, 2026
CVE-2026-10829

A stack-based buffer overflow vulnerability has been found in the NPort W2150A-W4/W2250A-W4 Series version 1.5 and earlier. This vulnerability stems from insufficient input validation of …

Jun 16, 2026
CVE-2026-10828

A format string vulnerability has been found in the "alias" parameter of the Serial Param configuration page in the NPort W2150A-W4/W2250A-W4 Series version 1.5 and …

Jun 16, 2026
CVE-2026-8442
8.1 HIGH

The WP Review Slider Pro plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to and including 12.6.8. This is due to …

Jun 16, 2026
CVE-2026-8176
7.5 HIGH

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Privilege Escalation to Administrator in versions up to, and …

Jun 16, 2026
CVE-2026-5416
8.8 HIGH

Due to the improper neutralization of special elements used in a name parameter a low privileged remote attacker can exploit a command injection vulnerability in …

Jun 16, 2026
CVE-2026-54198
7.1 HIGH

Unauthenticated Cross Site Scripting (XSS) in Media LIbrary Assistant <= 3.35 versions.

Jun 16, 2026
CVE-2026-54197
6.5 MEDIUM

Unauthenticated Sensitive Data Exposure in GetGenie <= 4.4.1 versions.

Jun 16, 2026
CVE-2026-54191
7.1 HIGH

Unauthenticated Cross Site Scripting (XSS) in Pods <= 3.3.8 versions.

Jun 16, 2026
CVE-2026-54190
6.5 MEDIUM

Unauthenticated Broken Access Control in Envira Photo Gallery <= 1.12.5 versions.

Jun 16, 2026
CVE-2026-52715
9.3 CRITICAL

Unauthenticated SQL Injection in GEO my WordPress <= 4.5.5 versions.

Jun 16, 2026
CVE-2026-52714
5.9 MEDIUM

Unauthenticated Broken Access Control in SEO Plugin by Squirrly SEO <= 12.4.16 versions.

Jun 16, 2026
CVE-2026-52712
7.6 HIGH

Subscriber SQL Injection in Attendance Manager <= 0.6.2 versions.

Jun 16, 2026
CVE-2026-52711
7.5 HIGH

Unauthenticated Broken Access Control in WooCommerce POS <= 1.8.14 versions.

Jun 16, 2026
CVE-2026-49774
9.9 CRITICAL

Improper Control of Generation of Code ('Code Injection') vulnerability in Filipe Nasc RD Station allows Remote Code Inclusion. This issue affects RD Station: from n/a …

Jun 16, 2026
CVE-2026-49772
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Liquid Web / StellarWP The Events Calendar allows Blind SQL Injection. …

Jun 16, 2026
CVE-2026-40809
6.5 MEDIUM

Missing Authorization vulnerability in Rara Themes Metro Magazine allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Metro Magazine: from n/a through 1.4.1.

Jun 16, 2026
CVE-2026-39581
8.5 HIGH

Subscriber SQL Injection in WP Sessions Time Monitoring Full Automatic <= 1.1.4 versions.

Jun 16, 2026
CVE-2026-39574
9.3 CRITICAL

Unauthenticated SQL Injection in InPost Gallery <= 2.1.4.6 versions.

Jun 16, 2026
CVE-2026-39490
7.5 HIGH

Unauthenticated Broken Access Control in JupiterX Core <= 4.14.1 versions.

Jun 16, 2026
CVE-2026-39437
7.1 HIGH

Unauthenticated Cross Site Scripting (XSS) in Min Max Step Quantity Limits Manager for WooCommerce <= 5.2.2 versions.

Jun 16, 2026
CVE-2026-2381
6.5 MEDIUM

The WooCommerce Stripe Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `ajax_pay_for_order()` function …

Jun 16, 2026
CVE-2026-10825

A denial-of-service vulnerability exists in the WebSocket API due to insufficient validation and handling of JSON-based requests. A low-privileged authenticated attacker can send a specially …

Jun 16, 2026
CVE-2025-68045
7.5 HIGH

Unauthenticated Broken Access Control in WP Event SOlution <= 4.1.12 versions.

Jun 16, 2026
CVE-2026-8444
8.8 HIGH

The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via the 'curselrevs[]' parameter of the wpfb_find_reviews AJAX action in versions up …

Jun 16, 2026
CVE-2026-46331

In the Linux kernel, the following vulnerability has been resolved: net/sched: fix pedit partial COW leading to page cache corruption tcf_pedit_act() computes the COW range …

Jun 16, 2026
CVE-2026-10093
6.4 MEDIUM

The File Sharing & Download Manager – User Private Files plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'fldr_ttl' parameter in all …

Jun 16, 2026
CVE-2025-9912
6.3 MEDIUM

Nokia SR Linux is vulnerable to a local privilege escalation vulnerability. Successful exploitation of this vulnerability may allow an authenticated user to execute arbitrary commands …

Jun 16, 2026
CVE-2026-9187
5.3 MEDIUM

The Abandoned Contact Form 7 plugin for WordPress is vulnerable to unauthorized arbitrary post deletion in versions up to, and including, 2.2. This is due …

Jun 16, 2026
CVE-2026-8443
8.8 HIGH

The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via the 'stypes' and 'slocations' parameters of the wppro_get_overall_chart_data AJAX action in …

Jun 16, 2026
CVE-2026-6933
8.8 HIGH

The Premmerce Dev Tools plugin for WordPress is vulnerable to Remote Code Execution via missing authorization in versions up to and including 2.0. This is …

Jun 16, 2026
CVE-2026-5149
6.5 MEDIUM

The RTMKit plugin for WordPress is vulnerable to Incorrect Authorization in all versions up to, and including, 2.0.7 This is due to the get_submission_content AJAX …

Jun 16, 2026
CVE-2026-50255
6.7 MEDIUM

Incorrect default permissions issue exists in Optical Disc Archive Software for Windows 5.5.3 and earlier. If this vulnerability is exploited, arbitrary code may be executed …

Jun 16, 2026
CVE-2026-10780
4.3 MEDIUM

The Static Block plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2. This is due to …

Jun 16, 2026
CVE-2026-10635
6.3 MEDIUM

On Xtensa targets with CONFIG_USERSPACE and CONFIG_XTENSA_MMU, the page-table code (arch/xtensa/core/ptables.c) maintains a global list, xtensa_domain_list, of active memory domains using a list node embedded …

Jun 16, 2026
CVE-2025-10262
6.3 MEDIUM

Nokia SR Linux is vulnerable to local privilege escalation vulnerability due to unsanitized format validation. Successful exploitation of this vulnerability may allow an authenticated user …

Jun 16, 2026
CVE-2026-6964
5.3 MEDIUM

The Video Conferencing with Zoom plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.6.7. This is due to …

Jun 16, 2026
CVE-2026-7273
8.8 HIGH

A stack-based buffer overflow vulnerability in the CGI program of Zyxel GS1900-48HPv2 firmware versions through 2.90(ABTQ.1)C0 could allow a LAN-based, unauthenticated attacker to exploit the …

Jun 16, 2026
CVE-2026-42014
6.6 MEDIUM

A flaw was found in GnuTLS. The `gnutls_pkcs11_token_set_pin` function, used for changing the Security Officer PIN, can lead to a use-after-free vulnerability. This occurs when …

Jun 16, 2026
CVE-2026-1767
5.6 MEDIUM

A flaw was found in the GNOME localsearch (previously known as tracker-miners) MP3 Extractor `tracker-extract-mp3` component. A remote attacker could exploit this heap buffer overflow …

Jun 16, 2026
CVE-2026-1766
5.6 MEDIUM

A flaw was found in GNOME localsearch (previously known as tracker-miners) MP3 Extractor, specifically within the tracker-extract-mp3 component. This heap buffer overflow vulnerability occurs when …

Jun 16, 2026
CVE-2026-1765
5.6 MEDIUM

A flaw was found in the `tracker-extract-mp3` component of GNOME localsearch (previously known as tracker-miners). This vulnerability, a heap buffer overflow, occurs when processing specially …

Jun 16, 2026
CVE-2026-1764
5.6 MEDIUM

A flaw was found in GNOME localsearch (previously known as tracker-miners) MP3 Extractor. When processing specially crafted MP3 files containing ID3v2.4 tags, a missing bounds …

Jun 16, 2026
CVE-2026-12162
5.5 MEDIUM

Improper host validation in the social login autofill feature in Devolutions Remote Desktop Manager 2026.2.8 allows an attacker to disclose stored social login credentials via …

Jun 16, 2026
CVE-2026-12161
8.8 HIGH

Improper input validation in the SSH Elevate Shell feature in Devolutions Remote Desktop Manager 2026.2.7 allows an authenticated user with permission to create or modify …

Jun 16, 2026
CVE-2026-9262
6.5 MEDIUM

Use of a non-secure protocol as the default FTP configuration in Canon EOS Network Setting Tool Version 1.5.0 or earlier

Jun 16, 2026
CVE-2026-9261
6.8 MEDIUM

Use of weak SSH cryptographic algorithms in Canon EOS Network Setting Tool Version 1.5.0 or earlier

Jun 16, 2026
CVE-2026-9260
6.2 MEDIUM

Use of hard-coded cryptographic keys in Canon EOS Network Setting Tool Version 1.5.0 or earlier

Jun 16, 2026
CVE-2026-9259
6.5 MEDIUM

Improper validation of server certificates in Canon EOS Network Setting Tool Version 1.5.0 or earlier

Jun 16, 2026
CVE-2026-9258
6.5 MEDIUM

Improper validation of SSH host keys in Canon EOS Network Setting Tool Version 1.5.0 or earlier

Jun 16, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.