CVE search
361,645 resultsCVE-2026-53577MEDIUMKestra: Cross-Execution File Read via Preview Endpoint (IDOR)EPSS 0.3%CVE-2026-55069HIGHKestra BasicAuth Password Stored as SHA-512 Enables Offline Brute-Force AttackEPSS 0.2%CVE-2026-54351HIGHBudibase: Mass Assignment in Webhook Trigger Allows Cross-Workspace Automation Execution via appId OverrideEPSS 0.4%CVE-2026-54353HIGHBudibase: Potential SSRF DNS rebinding bypass in outbound fetch validationEPSS 0.2%CVE-2026-54350CRITICALBudibase: Anonymous NoSQL operator injection via published-app query templatesEPSS 0.4%CVE-2026-50137HIGHBudibase: POST /api/attachments/:datasourceId/url is unauthenticated and lets anonymous callers mint S3 PUT pre-signed URLs using stored datasource IAM credentialsEPSS 0.3%CVE-2024-23581MEDIUMHCL Traveler for Microsoft Outlook (HTMO) is susceptible to an application modification vulnerabilityEPSS 0.1%CVE-2026-50136HIGHBudibase: Unauthenticated S3 signed upload URL generation allows arbitrary writes with stored datasource credentialsEPSS 0.3%CVE-2026-50132HIGHBudibase: Chat Identity Link Hijacking via Missing Consent & CSRF — Account Impersonation in BudibaseEPSS 0.2%CVE-2026-54352CRITICALBudibase: Arbitrary file read by workspace-builder via PWA-zip symlink uploadEPSS 0.5%CVE-2026-46604HIGHPanic decoding image with out-of-bounds strip offset in x/image/tiff in golang.org/x/imageEPSS 0.2%CVE-2026-48770MEDIUMNotepad++ WM_COPYDATA COPYDATA_FULL_CMDLINE local DoS crashEPSS 0.3%CVE-2026-48778HIGHNotepad++: Arbitrary Code Execution via config.xml commandLineInterpreterEPSS 1.4%CVE-2026-52885HIGHNotepad++ TOCTOU: HMAC Checks Disk, Executes from MemoryEPSS 0.2%CVE-2026-46710HIGHNotepad++: Privilege Escalation in the Installer via Uncontrolled Executable Search PathEPSS 0.1%CVE-2026-48800HIGHNotepad++: Arbitrary Code Execution via shortcuts.xml UserCommand InjectionEPSS 0.4%CVE-2026-52884HIGHNotepad++: CVE-2026-48800 BypassEPSS 0.1%CVE-2026-55188HIGHRustFS: ListRemoteTargetHandler authorization bypass leaks replication target credentialsEPSS 0.2%CVE-2026-49991HIGHRustFS Snowball Auto-Extract: Path Traversal allows cross-bucket object injectionEPSS 0.3%CVE-2026-55189HIGHRustFS: FTP frontend skips IAM authorization on object readsEPSS 0.2%