CVE Database

36304+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-42204
8.8 HIGH

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. From 4.0.0-beta.471 through 4.0.0-beta.473, a regression in SHELL_SAFE_COMMAND_PATTERN allowed ampersands in custom …

Jul 6, 2026
CVE-2026-42153
8.8 HIGH

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, PostgreSQL healthcheck command generation used attacker-controlled database settings (postgres_user …

Jul 6, 2026
CVE-2026-34599
8.8 HIGH

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, there is an authenticated command injection vulnerability in the …

Jul 6, 2026
CVE-2026-34153
8.8 HIGH

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, LocalFileVolume::saveStorageOnServer builds shell commands using unescaped fs_path and parent_dir …

Jul 6, 2026
CVE-2026-59713
8.1 HIGH

Leantime contains an OIDC login CSRF vulnerability in the verifyState() method that unconditionally returns true without validating state parameters. Attackers can craft malicious callback URLs …

Jul 6, 2026
CVE-2026-59712
8.1 HIGH

Leantime's Users::getUser method in the JSON-RPC API lacks proper authorization checks, allowing authenticated users to retrieve full user credential rows including password hashes, TOTP secrets, …

Jul 6, 2026
CVE-2026-57573
8.6 HIGH

Crawl4AI is an open-source LLM-friendly web crawler and scraper. Prior to 0.9.0, the Docker API server applied its SSRF destination check on the non-streaming /crawl …

Jul 6, 2026
CVE-2026-55727
7.5 HIGH

A flaw in the authentication mechanism for video stream requests in Genetec Security Center 5.14.0.0 prior to build 5.14.178.18 may allow an unauthenticated attacker to …

Jul 6, 2026
CVE-2026-54234
7.5 HIGH

vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Prior to 0.24.0, a frontend-legal multi-request speculative decoding workload can cause the rejection …

Jul 6, 2026
CVE-2026-25271
7.8 HIGH

Memory Corruption when processing asynchronous input parameters due to improper handling of modified values between check and use.

Jul 6, 2026
CVE-2026-25268
8.8 HIGH

Memory Corruption when processing invalid HT40 channel layouts during dynamic channel switching operations.

Jul 6, 2026
CVE-2026-21383
7.1 HIGH

Cryptographic Issue when using a static initialization vector for AES-GCM key wrapping, which requires a unique value for each call to ensure security.

Jul 6, 2026
CVE-2026-21379
7.8 HIGH

Memory Corruption when allocating memory with sizes that exceed the maximum allowed value.

Jul 6, 2026
CVE-2026-14471
8.1 HIGH

Improper Neutralization of Special Elements in the metrics-service retention policy management component in Amazon mcp-gateway-registry before 1.0.13 might allow an authenticated remote user to execute …

Jul 6, 2026
CVE-2026-14468
7.7 HIGH

HashiCorp Terraform Enterprise contained an issue in its version control system (VCS) ingestion of registry modules that did not correctly enforce the intended boundary on …

Jul 6, 2026
CVE-2026-55380
7.5 HIGH

Pillow is a Python imaging library. Prior to 12.3.0, PIL/GdImageFile.py GdImageFile._open() read image dimensions from the GD 2.x header and stored them in self._size without …

Jul 6, 2026
CVE-2026-55379
7.5 HIGH

Pillow is a Python imaging library. Prior to 12.3.0, PIL/BdfFontFile.py bdf_char() read the BBX width and height field from a BDF font file and passed …

Jul 6, 2026
CVE-2026-54060
7.5 HIGH

Pillow is a Python imaging library. Prior to 12.3.0, PIL/FontFile.py FontFile.compile() assembled per-glyph images into a combined bitmap with Image.new("1", (xsize, ysize)) without calling Image._decompression_bomb_check(), …

Jul 6, 2026
CVE-2026-54059
7.5 HIGH

Pillow is a Python imaging library. Prior to 12.3.0, PIL/PcfFontFile.py _load_bitmaps() read glyph dimensions from the PCF METRICS section and passed them directly to Image.frombytes() …

Jul 6, 2026
CVE-2026-13753
7.5 HIGH

A missing authorization vulnerability exists in the embedded webserver of HP Deskjet 2800 Series Printers running firmware version <=TBP1CN2612AR. An unauthenticated attacker with network access …

Jul 6, 2026
CVE-2026-43825
7.3 HIGH

Untrusted Java Deserialization in Apache OpenNLP SvmDoccatModel Versions Affected: before 3.0.0-M4 (libsvm document categorization module; introduced in OPENNLP-1808 and only present on the 3.x line) …

Jul 6, 2026
CVE-2025-53831
8.2 HIGH

DrawIO for ownCloud is an application for using DrawIO with the file storage, synchronization, and sharing application ownCloud Classic. In DrawIO for ownCloud prior to …

Jul 6, 2026
CVE-2026-59196
7.1 HIGH

pnpm is a package manager. Prior to 10.34.4 and 11.7.0, a crafted lockfile alias could be joined directly under a hoisted node_modules directory. Traversal aliases …

Jul 6, 2026
CVE-2026-59195
8.2 HIGH

pnpm is a package manager. Prior to 10.34.4 and 11.8.0, pnpm accepts package names from the env lockfile configDependencies section and uses those names directly …

Jul 6, 2026
CVE-2026-59194
7.1 HIGH

pnpm is a package manager. Prior to 10.34.4 and 11.7.0, a crafted patch entry could resolve outside the configured patches directory and cause pnpm patch-remove …

Jul 6, 2026
CVE-2025-53829
8.0 HIGH

ownCloud is a file storage, synchronization, and sharing application. In ownCloud 10 prior to version 10.15.3, an attacker with administrative privileges can exploit a path …

Jul 6, 2026
CVE-2025-53828
8.5 HIGH

SharePoint for ownCloud is an application for using SharePoint with the file storage, synchronization, and sharing application ownCloud Classic. In SharePoint for ownCloud prior to …

Jul 6, 2026
CVE-2026-58380
7.3 HIGH

A flaw was found in GIMP's PNM file format parser. When parsing a specially crafted PNM file, the pnmscanner_gettoken() function writes a null terminator one …

Jul 6, 2026
CVE-2026-13708
7.5 HIGH

Imager::File::JPEG versions before 1.003 for Perl leak heap memory when reading a JPEG with repeated APP13 markers in i_readjpeg_wiol. i_readjpeg_wiol walks the marker list libjpeg …

Jul 6, 2026
CVE-2026-13705
7.1 HIGH

Imager versions before 1.032 for Perl have a heap out-of-bounds read in the bundled Imager::File::SGI reader via a 16-bit RLE literal run in read_rgb_16_rle. read_rgb_16_rle …

Jul 6, 2026
CVE-2026-6901
7.7 HIGH

Untrusted Search Path vulnerability in B&R Industrial Automation GmbH APROL. This issue affects APROL: before R 4.4-01P5.

Jul 6, 2026
CVE-2026-6900
7.4 HIGH

Improper certificate validation vulnerability in B&R Industrial Automation GmbH APROL. This issue affects APROL: before R 4.4-01P5.

Jul 6, 2026
CVE-2026-4249
8.6 HIGH

The throttling event handling mechanism in multiple WSO2 products accepts user-supplied JSON payloads without sufficient validation of their structure and content. This allows an unauthenticated …

Jul 6, 2026
CVE-2026-49297
8.1 HIGH

Apache Airflow's Google provider operators `GCSToSFTPOperator` and `GCSTimeSpanFileTransformOperator` joined GCS object names returned by the bucket listing API directly to a destination filesystem path without …

Jul 6, 2026
CVE-2026-49042
7.3 HIGH

Improper Input Validation vulnerability in Apache Camel. This issue affects Apache Camel: from 4.8.0 through 4.18.2, from 4.19.0 through 4.20.0. Users are recommended to upgrade …

Jul 6, 2026
CVE-2026-46588
7.3 HIGH

Improper Input Validation vulnerability in Apache Camel. This issue affects Apache Camel: through 4.14.7, from 4.15.0 through 4.18.2, from 4.19.0 through 4.20.0. Users are recommended …

Jul 6, 2026
CVE-2026-46587
7.3 HIGH

Improper Input Validation vulnerability in Apache Camel. This issue affects Apache Camel: through 4.14.7, from 4.15.0 through 4.18.2, from 4.19.0 through 4.20.0. Users are recommended …

Jul 6, 2026
CVE-2026-9165
7.7 HIGH

A flaw was found in Red Hat Advanced Cluster Security for Kubernetes (RHACS). Central does not limit the depth of GraphQL queries served on the …

Jul 6, 2026
CVE-2026-55994
7.5 HIGH

Improper Input Validation, Exposure of Sensitive Information to an Unauthorized Actor, Server-Side Request Forgery (SSRF) vulnerability in Apache Camel in Iggy component. The camel-iggy consumer …

Jul 6, 2026
CVE-2026-46726
7.5 HIGH

Improper Input Validation, Exposure of Sensitive Information to an Unauthorized Actor, Server-Side Request Forgery (SSRF) vulnerability in Apache Camel in Vertx Websocket component. The camel-vertx-websocket …

Jul 6, 2026
CVE-2026-46592
7.5 HIGH

Improper Input Validation, Unintended Proxy or Intermediary ('Confused Deputy') vulnerability in Apache Camel CXF SOAP component. The camel-cxf producer selects which SOAP operation to invoke …

Jul 6, 2026
CVE-2026-46591
8.2 HIGH

Improper Neutralization of Special Elements in Data Query Logic vulnerability in Apache Camel Neo4J component. The camel-neo4j producer builds the Cypher WHERE clause for its …

Jul 6, 2026
CVE-2026-46590
8.8 HIGH

Deserialization of Untrusted Data vulnerability in Apache Camel PQC component. The camel-pqc component persists post-quantum key metadata (KeyMetadata) through pluggable KeyLifecycleManager implementations. HashicorpVaultKeyLifecycleManager and AwsSecretsManagerKeyLifecycleManager …

Jul 6, 2026
CVE-2026-46585
7.5 HIGH

Improper Input Validation, Authorization Bypass Through User-Controlled Key vulnerability in Apache Camel Lucene Component. The camel-lucene producer reads the search phrase from an Exchange header …

Jul 6, 2026
CVE-2026-46457
7.5 HIGH

Improper Input Validation vulnerability in Apache Camel NATS component. The camel-nats component maps inbound NATS message headers into the Camel Exchange but defaulted its headerFilterStrategy …

Jul 6, 2026
CVE-2026-43866
7.3 HIGH

Deserialization of Untrusted Data vulnerability in Apache Camel, Apache Camel JMS component. JmsBinding.extractBodyFromJms() in camel-jms - and the equivalent JmsBinding in camel-sjms - deserializes the …

Jul 6, 2026
CVE-2026-43865
8.1 HIGH

Deserialization of Untrusted Data vulnerability in Apache Camel Hazelcast component. The camel-hazelcast component creates and manages Hazelcast instances using a default configuration that applies no …

Jul 6, 2026
CVE-2026-42527
8.1 HIGH

Deserialization of Untrusted Data vulnerability in Apache Camel. The default ObjectInputFilter pattern shipped with several Apache Camel components for defense-in-depth deserialization filtering ('java.**;javax.**;org.apache.camel.**;!*', or the …

Jul 6, 2026
CVE-2026-40859
8.1 HIGH

Deserialization of Untrusted Data vulnerability in Apache Camel. The camel-vertx-http component deserializes HTTP response bodies carrying the Content-Type application/x-java-serialized-object using a raw java.io.ObjectInputStream, without applying …

Jul 6, 2026
CVE-2026-24012
7.5 HIGH

Uncontrolled Resource Consumption vulnerability in Apache IoTDB. Some interface fails to impose reasonable limits on the time span and aggregation interval of the query. An …

Jul 6, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.