CVE Database

9177+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-58426
9.6 CRITICAL

Gitea Actions Artifacts V4 signed URL HMAC ambiguity allows cross-repository artifact read and cross-task upload-state write

Jul 3, 2026
CVE-2026-58289
9.0 CRITICAL

Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

Jul 3, 2026
CVE-2026-22874
9.6 CRITICAL

Gitea versions up to and including 1.26.2 have incomplete SSRF protection in webhook and migration allow-list filtering.

Jul 3, 2026
CVE-2026-20896
9.8 CRITICAL

Gitea Docker image versions up to and including 1.26.2 use REVERSE_PROXY_TRUSTED_PROXIES=* by default, allowing any source IP to impersonate a user when reverse-proxy authentication headers …

Jul 3, 2026
CVE-2026-4321
9.8 CRITICAL

Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Raera - Ankara Web Design and Digital Advertising Agency Destekz allows …

Jul 3, 2026
CVE-2026-14544
9.8 CRITICAL

A flaw was found in HPLIP (HP Linux Imaging and Printing Software). This vulnerability, an incomplete fix for CVE-2026-8631, may allow a remote attacker to …

Jul 3, 2026
CVE-2026-9725
9.1 CRITICAL

The Printcart Web to Print Product Designer for WooCommerce plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and including, 2.5.2 …

Jul 3, 2026
CVE-2026-13768
10.0 CRITICAL

Gardyn devices expose a privileged iothubowner key. Access to this key will allow a malicious user to invoke an IoTHub Registry Manager function which returns …

Jul 3, 2026
CVE-2026-57100
9.9 CRITICAL

Server-side request forgery (ssrf) in Microsoft Entra Provisioning Service (SyncFabric) allows an authorized attacker to elevate privileges over a network.

Jul 2, 2026
CVE-2026-45499
9.9 CRITICAL

Server-side request forgery (ssrf) in Azure OpenAI allows an authorized attacker to elevate privileges over a network.

Jul 2, 2026
CVE-2026-41106
9.3 CRITICAL

Url redirection to untrusted site ('open redirect') in M365 Copilot allows an unauthorized attacker to elevate privileges over a network.

Jul 2, 2026
CVE-2026-52830
9.4 CRITICAL

fast-mcp-telegram is a Telegram MCP Server. Prior to 0.19.1, fast-mcp-telegram validates HTTP Bearer tokens by joining the raw token string into a session-file path. The …

Jul 2, 2026
CVE-2026-59099
9.1 CRITICAL

Apereo CAS 7.3.0 before 8.0.0-RC6 contains a cryptographic vulnerability that allows remote unauthenticated attackers to recover plaintext conversation state by exploiting AES-GCM initialization vector reuse …

Jul 2, 2026
CVE-2026-58466
9.8 CRITICAL

AutoBangumi before 3.2.8 contains a hard-coded default credentials vulnerability that allows unauthenticated attackers to authenticate as the administrator by using the publicly known default credentials …

Jul 2, 2026
CVE-2026-44935
9.9 CRITICAL

Missing validation of "valuesFrom" references in Helm Deployer of SUSE Rancher Fleet 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.15 …

Jul 2, 2026
CVE-2024-14037
9.8 CRITICAL

Redsea Cloud eHR contains an arbitrary file upload vulnerability that allows unauthenticated attackers to achieve remote code execution by uploading malicious files through the PtFjk.mob …

Jul 2, 2026
CVE-2022-50973
9.8 CRITICAL

Yonyou KSOA 9.0 contains an unauthenticated arbitrary file upload vulnerability in the com.sksoft.bill.ImageUpload servlet that allows unauthenticated attackers to upload arbitrary files by submitting a …

Jul 2, 2026
CVE-2026-58455
9.8 CRITICAL

Dockwatch through 0.6.567 contains an unauthenticated OS command injection vulnerability that allows remote attackers to execute arbitrary shell commands by exploiting a missing exit() after …

Jul 2, 2026
CVE-2026-56004
10.0 CRITICAL

A shellcode injection in the mercurial handler of the obs tar_scm source service before version 0.12.4 could be used by attackers able to provide a …

Jul 2, 2026
CVE-2026-55116
9.0 CRITICAL

A malicious actor with access to the network and under certain network configurations could exploit an Improper Access Control vulnerability found in certain devices running …

Jul 2, 2026
CVE-2026-55115
9.9 CRITICAL

A malicious actor with access to the network and low privileges could exploit a Server-Side Request Forgery (SSRF) in UniFi Protect Application to escalate privileges …

Jul 2, 2026
CVE-2026-54402
9.9 CRITICAL

A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in UniFi OS to execute a …

Jul 2, 2026
CVE-2026-54400
9.1 CRITICAL

A malicious actor with access to the network and high privileges could exploit an Improper Access Control vulnerability found in UniFi Access Application to escalate …

Jul 2, 2026
CVE-2026-50748
9.9 CRITICAL

A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in UniFi Access Application to execute …

Jul 2, 2026
CVE-2026-50747
9.9 CRITICAL

A malicious actor with access to the network and low privileges could exploit a series of authenticated SQL Injection vulnerabilities found in UniFi Talk Application …

Jul 2, 2026
CVE-2026-50746
10.0 CRITICAL

A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi Connect Application to execute a Command Injection …

Jul 2, 2026
CVE-2026-4767
9.8 CRITICAL

Missing authentication for critical function vulnerability in TR7 Cyber ​​Defense Inc. WAF-ASP allows Authentication Abuse. This issue affects WAF-ASP: from v1.0.324.900 before v1.4.0.117.

Jul 2, 2026
CVE-2026-5524
9.8 CRITICAL

The Divi Form Builder plugin for WordPress is vulnerable to Arbitrary File Upload leading to Remote Code Execution in all versions up to and including …

Jul 2, 2026
CVE-2026-57683
9.3 CRITICAL

Unauthenticated SQL Injection in WP Fast Total Search <= 1.80.280 versions.

Jul 2, 2026
CVE-2026-57679
9.3 CRITICAL

Unauthenticated SQL Injection in GeekyBot <= 1.2.5 versions.

Jul 2, 2026
CVE-2026-57677
9.8 CRITICAL

Unauthenticated PHP Object Injection in Novalnet Payment Gateway for WooCommerce <= 12.10.3 versions.

Jul 2, 2026
CVE-2026-57625
9.6 CRITICAL

Unauthenticated Cross Site Scripting (XSS) in Admin and Site Enhancements (ASE) Pro <= 8.8.5 versions.

Jul 2, 2026
CVE-2026-57624
10.0 CRITICAL

Unauthenticated Remote Code Execution (RCE) in Blocksy Companion Pro <= 2.1.46 versions.

Jul 2, 2026
CVE-2026-57623
9.0 CRITICAL

Unauthenticated Arbitrary Code Execution in W3 Total Cache <= 2.9.4 versions.

Jul 2, 2026
CVE-2026-57621
9.8 CRITICAL

Unauthenticated PHP Object Injection in Booktics <= 1.0.21 versions.

Jul 2, 2026
CVE-2026-27436
9.1 CRITICAL

Editor Arbitrary Code Execution in Five Star Business Profile and Schema <= 2.3.19 versions.

Jul 2, 2026
CVE-2026-27419
9.9 CRITICAL

Subscriber Arbitrary File Upload in Zegen <= 1.1.9 versions.

Jul 2, 2026
CVE-2026-14425
9.6 CRITICAL

Use after free in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML …

Jul 1, 2026
CVE-2026-14424
9.6 CRITICAL

Use after free in Dawn in Google Chrome on Mac prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a …

Jul 1, 2026
CVE-2026-14423
9.6 CRITICAL

Type Confusion in Tint in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. …

Jul 1, 2026
CVE-2026-14420
9.6 CRITICAL

Out of bounds read and write in Dawn in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via …

Jul 1, 2026
CVE-2026-14419
9.6 CRITICAL

Use after free in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML …

Jul 1, 2026
CVE-2026-14417
9.6 CRITICAL

Use after free in Dawn in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML …

Jul 1, 2026
CVE-2026-14416
9.6 CRITICAL

Out of bounds read in Dawn in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted …

Jul 1, 2026
CVE-2026-14411
9.6 CRITICAL

Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a …

Jul 1, 2026
CVE-2026-14405
9.6 CRITICAL

Uninitialized Use in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML …

Jul 1, 2026
CVE-2026-14398
9.6 CRITICAL

Use after free in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML …

Jul 1, 2026
CVE-2026-14397
9.6 CRITICAL

Out of bounds write in ANGLE in Google Chrome on Mac prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via …

Jul 1, 2026
CVE-2026-14392
9.6 CRITICAL

Out of bounds write in Tint in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted …

Jul 1, 2026
CVE-2026-14390
9.6 CRITICAL

Use after free in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML …

Jul 1, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.