CVE search
361,645 resultsCVE-2026-10820HIGHProfilePress < 4.16.17 - Subscriber+ Subscription Cancellation via IDOREPSS 0.1%CVE-2026-12404MEDIUMNEX-Forms <= 9.2.2 - Missing Authorization to Unauthenticated Sensitive Information Disclosure via CSVExport ClassEPSS 0.3%CVE-2026-13245MEDIUMMaxButtons <= 9.8.5 - Reflected Cross-Site Scripting via 'view' ParameterEPSS 0.2%CVE-2026-12415CRITICALInvoice Generator <= 1.0.0 - Unauthenticated Privilege Escalation via Account Takeover via 'user_id' ParameterEPSS 0.7%CVE-2025-59868MEDIUMHCL Traveler for Microsoft Outlook (HTMO) is susceptible to sensitive data exposureEPSS 0.1%CVE-2026-13422MEDIUMHD Quiz 2.2.0 - 2.2.1 - Cross-Site Request Forgery via Multiple AJAX HandlersEPSS 0.2%CVE-2026-11356MEDIUMIvory Search <= 5.5.15 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'menu_title' and 'menu_magnifier_color' SettingsEPSS 0.3%CVE-2026-13333MEDIUMGroundhogg <= 4.5.5 - Authenticated (Sales Rep+) SQL Injection via 'query[select]' ParameterEPSS 0.3%CVE-2026-13335MEDIUMCodePeople Post Map for Google Maps <= 1.2.6 - Authenticated (Contributor +) Stored Cross-Site Scripting via 'cpm_point' Post MetaEPSS 0.2%CVE-2026-13331MEDIUMGroundhogg <= 4.5.5 - Authenticated (Marketer+) SQL Injection via 'search' ParameterEPSS 0.3%CVE-2023-37524HIGHHCL Traveler for Microsoft Outlook (HTMO) is susceptible to vulnerabilities due to .NET Framework 4.5 being out of serviceEPSS 0.1%CVE-2026-56414HIGHH.VIEW HV-500S6 IP Camera Unrestricted Upload of File with Dangerous TypeEPSS 0.4%CVE-2026-55975HIGHH.VIEW HV-500S6 IP Camera OS Command InjectionEPSS 0.7%CVE-2026-31928CRITICALDaktronics Controller Firmware Use of Hard-coded CredentialsEPSS 0.4%CVE-2026-33560HIGHDaktronics Controller Firmware Unrestricted Upload of File with Dangerous TypeEPSS 0.3%CVE-2026-28701CRITICALDaktronics Controller Firmware Path TraversalEPSS 0.8%CVE-2026-49869CRITICALKestra: Unauthenticated Remote Code Execution via Authentication Bypass in `AuthenticationFilter`EPSS 0.7%CVE-2026-45807HIGHKestra: Path traversal via URL-encoded "%2E%2E" in execution and namespace file endpoints allows arbitrary file readEPSS 0.4%CVE-2026-49984HIGHKestra: Path traversal in `LocalStorage` allows any authenticated user to read arbitrary server files via the execution file-download API (`\..\` bypasses the `..` guard)EPSS 0.4%CVE-2026-53576CRITICALKestra: Unauthenticated RCE via /configs path-suffix auth-filter bypassEPSS 0.5%