Vulnerabilities database (CVE, CAPEC, CWE, Exploit-db)

9.8 CVE-2026-30117
scalar/astro v0.1.13 was discovered to contain an arbitrary file upload vulnerability in the the scalar_url...

2026-05-20T14:16:39.693

9.8 CVE-2026-30118
scalar/astro v0.1.13 was discovered to contain a Server-Side Request Forgery (SSRF) in the scalar_url...

2026-05-20T14:16:39.930

8.8 CVE-2026-31069
BillaBear (all versions prior to Jan 2026) contains a SQL Injection vulnerability in the EventRepository....

2026-05-20T14:16:40.150

9.8 CVE-2026-31070
The LalanaChami Pharmacy Management System (commit 5c3d028) allows unauthenticated remote attackers...

2026-05-20T14:16:40.350

9.1 CVE-2026-31071
API endpoints in LalanaChami Pharmacy Management System (commit 5c3d028) lack authentication middleware....

2026-05-20T14:16:40.560

CVE-2026-31072
The JSONSerializer and CBORSerializer in APScheduler (all versions including 3.10.x and 4.0.0a5) are...

2026-05-19T18:04:29.373

CVE-2026-37281
An OS command injection vulnerability in the /stream-to-vlc Express route in hitarth-gg Zenshin before...

2026-05-19T18:04:29.373

8.4 CVE-2026-5804
An improper authentication vulnerability was discovered in the Motorola Factory Test component (com.motorola.motocit)....

2026-05-19T17:57:25.143

6.5 CVE-2026-8706
Firefox for iOS hosted Reader mode on an unauthenticated local web server, allowing another application...

2026-05-20T14:23:35.800

5.4 CVE-2026-36827
A command injection vulnerability exists in Panabit PAP-XM320 up to and including V7.7. The web management...

2026-05-19T19:16:50.047

8.8 CVE-2026-36828
A command injection vulnerability exists in the /cgi-bin/tools/ajax_cmd endpoint of Panabit PAP-XM320...

2026-05-19T19:16:50.237

9.8 CVE-2026-36829
An authentication bypass vulnerability exists in the embedded HTTP server of Panabit PAP-XM320 up to...

2026-05-19T18:16:21.613

7.5 CVE-2026-47356
Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery (SSRF) via the webhook_url...

2026-05-20T14:23:20.603

7.5 CVE-2026-47357
Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery (SSRF) via the remote_url...

2026-05-20T14:23:12.183

7.5 CVE-2026-47358
Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery (SSRF) via external URL resolution...

2026-05-20T14:18:30.710

CVE-2026-5511
In the web management interface of Archer AX72 (SG) v1, the network diagnostic feature improperly handles...

2026-05-19T17:59:12.383

7.5 CVE-2025-61081
In BYD Atto3, an attacker can obtain an authentication key through Brute Force attack, which is permanently...

2026-05-19T21:05:49.167

5.9 CVE-2026-32134
NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. In versions 0.24.10 and below,...

2026-05-19T21:08:09.430

7.5 CVE-2026-33633
Kitty is a cross-platform GPU based terminal. Versions 0.46.2 and below contain a heap buffer overflow...

2026-05-19T21:08:41.030

8.1 CVE-2026-47107
Windmill prior to 1.703.2 contains an incorrect default permissions vulnerability in nsjail sandbox...

2026-05-20T13:16:38.933

CVE-2026-6009
Java Deserialisation Vulnerability in Jaspersoft Reports Library leads to Remote Code Execution...

2026-05-19T21:08:41.030