CVE search
363,666 resultsCVE-2026-11379MEDIUMIncorrect Authorization in GitLabEPSS 0.2%CVE-2026-12053HIGHInsertion of Sensitive Information into Log File in GitLabEPSS 0.3%CVE-2026-12635NONEReliance on Reverse DNS Resolution for a Security-Critical Action in GitLabEPSS 0.2%CVE-2026-2508MEDIUMGravity Forms Booking <= 2.7.1 - Authenticated (Subscriber+) Time-Based SQL Injection via 'staff_id'EPSS 0.2%CVE-2026-12077HIGHDokan Pro <= 5.0.4 - Unauthenticated SQL Injection via 'latitude' and 'longitude' ParametersEPSS 0.3%CVE-2026-12079MEDIUMDokan Pro <= 5.0.4 - Authenticated (Subscriber+) SQL Injection via 'orderby' ParameterEPSS 0.2%CVE-2026-10833MEDIUMGutenberg Essential Blocks - Page Builder for Gutenberg Blocks & Patterns <= 6.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'configurablePrefix' Block AttributeEPSS 0.2%CVE-2026-8658MEDIUMOS Command Injection in Rapid7 InsightConnect Tcpdump PluginEPSS 0.8%CVE-2026-8662LOWPath Traversal in Rapid7 InsightConnect Compression PluginEPSS 0.2%CVE-2026-8666HIGHOS Command Injection in Rapid7 InsightConnect Traceroute PluginEPSS 0.7%CVE-2026-8592HIGHOS Command Injection in Rapid7 InsightConnect AWK PluginEPSS 0.7%CVE-2026-8664MEDIUMOS Command Injection in Rapid7 InsightConnect Finger PluginEPSS 0.8%CVE-2026-8665HIGHOS Command Injection in Rapid7 InsightConnect Translate PluginEPSS 0.7%CVE-2026-8660HIGHOS Command Injection in Rapid7 InsightConnect Ping PluginEPSS 0.7%CVE-2026-57589HIGHsys/kern/sysv_sem.c in OpenBSD through 7.9 has a use-after-free allowing local privilege escalation to root. This is a context switch use-afEPSS 0.1%CVE-2026-9153MEDIUMArbitrary File Read in Rapid7 InsightConnect Sed PluginEPSS 0.3%CVE-2026-9154HIGHArbitrary File Write in Rapid7 InsightConnect Sed PluginEPSS 0.3%CVE-2026-9155HIGHOS Command Injection in Rapid7 InsightConnect Sed Plugin via expression parameter.EPSS 0.9%CVE-2026-8659MEDIUMOS Command Injection in Rapid7 InsightConnect SQLmap PluginEPSS 0.8%CVE-2026-37453HIGHInsecure Permissions vulnerability in MSI NBFoundation Service v.2.0.2506.1201 allows a remote attacker to obtain sensitive information via EPSS 0.4%