CVE search

363,349 results
CVE-2026-12576HIGHDVP80ES3 Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerabilityEPSS 0.2%CVE-2026-12575HIGHDVP80ES3 Improper Resource Shutdown or Release VulnerabilityEPSS 0.3%CVE-2026-50043HIGHImproper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in SkyBridge MB-A100/MB-A110. If thiEPSS 1.1%CVE-2026-12224HIGHDokan Pro <= 5.0.4 - Authenticated (Vendor+) Privilege Escalation via update_capabilities REST EndpointEPSS 0.2%CVE-2026-56016MEDIUMCGI::Session::ID::md5 versions before 4.49 for Perl generate predictable session ids from low-entropy sourcesEPSS 0.3%CVE-2026-11887MEDIUMSalon Booking System < 10.30.20 - Subscriber+ Booking Approval BypassEPSS 0.2%CVE-2026-11883HIGHWebAuthn Provider for Two Factor < 2.5.6 - 2FA BypassEPSS 0.4%CVE-2026-11880LOWFluent Forms < 6.2.1 - Subscriber+ Subscription Cancellation via IDOREPSS 0.1%CVE-2026-11794HIGHAdvanced Form Integration < 2.1.1 - Unauthenticated Privilege Escalation via Breakdance Form Role MappingEPSS 0.2%CVE-2026-11570MEDIUMUser Submitted Posts < 20260608 - Unauthenticated Stored XSS via Author NameEPSS 0.1%CVE-2026-11568HIGHProduct Configurator for WooCommerce < 1.7.3 - Unauthenticated Private/Draft Product Data Disclosure via pc_get_dataEPSS 0.3%CVE-2026-11562MEDIUMWS Form LITE < 1.11.8 - Subscriber+ Arbitrary Settings UpdateEPSS 0.2%CVE-2026-10750HIGHRoyal MCP < 1.4.26 - Subscriber+ Insufficient Authorization in MCP ToolsEPSS 0.3%CVE-2025-15666MEDIUMOpen Asset Import Library Assimp Model File SceneCombiner.cpp Copy heap-based overflowEPSS 0.1%CVE-2026-1239HIGHNinja Forms <= 3.14.1 - Missing Authorization to Unauthenticated Sensitive Information Disclosure via token/refresh REST EndpointEPSS 0.3%CVE-2026-11823HIGHBookingPress Appointment Booking Pro <= 5.7.1 - Unauthenticated SQL Injection via 'store_service_date' ParameterEPSS 0.3%CVE-2026-14193HIGHDVP80ES300T - Improper Validation of Array Index VulnerabilityEPSS 0.3%CVE-2026-12579HIGHAS228T - Authentication Bypass VulnerabilityEPSS 0.3%CVE-2026-11380MEDIUMJetWidgets For Elementor <= 1.0.21 - Authenticated (Author+) Stored Cross-Site Scripting via Animated Box 'animation_effect' SettingEPSS 0.2%CVE-2026-6070CRITICALWP-BusinessDirectory <= 4.0.1 - Unauthenticated Arbitrary File Deletion via Path Traversal via '_filename' ParameterEPSS 0.4%