CVE & CISA-KEV Catalog
Search and filter the full vulnerability catalog by severity, EPSS exploit-prediction score, and CISA Known Exploited Vulnerabilities status. Click any CVE for the full record.
360,210 CVEs1,627 actively exploited (KEV)
Sorted by published (desc)
| Severity | Exploited | Description | ||||
|---|---|---|---|---|---|---|
| CVE-2026-50699 | Medium | 4.6 v4 | - | - | 2026-06-24 | A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev. An authenticated attacker with write access to Auto Repeat can persist HTML/JavaScript in reference_document using a whitelisted write path and trigger script execution when users open the affected Auto Repeat form. |
| CVE-2026-50698 | Medium | 4.6 v4 | - | - | 2026-06-24 | A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input before generating HTML output in the Audit Trail component. |
| CVE-2026-12986 | High | 7.3 v4 | - | - | 2026-06-24 | A critical vulnerability in Admin GUI in Payara Server Full 4.x, 5.x, 6.x, 7.x, 7.2026.x, 6.2025.x, 6.2024.x on All platforms that allows the attacker to leak the admin gfresttoken to an attacker-controlled host that can result in a full unauthenticated takeover of Payara admin domain. A Server-Side Request Forgery (SSRF) vulnerability in the DownloadServlet of the Admin GUI in Payara Server allows a remote attacker to exfiltrate the administrator's REST session token (gfresttoken) to an attacker-controlled host via a crafted request URL. Combined with the absence of CSRF protection on DownloadServlet, an unauthenticated attacker can trick a logged-in administrator into triggering the token leak, then replay the stolen token to gain full administrative access to the Payara domain, leading |
| CVE-2026-11878 | High | 8.2 v4 | - | - | 2026-06-24 | Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in OpenText Access Manager allows Cross-Site Scripting (XSS). This issue affects Access Manager: from 5.1 through 5.1.2. |
| CVE-2026-11877 | Medium | 6.3 v4 | - | - | 2026-06-24 | An unauthorized user can modify configuration through API calls that affects the OpenText Access Manager. This issue affects Access Manager before 5.1.3. |
| CVE-2026-57307 | Medium | 4.2 v3 | - | - | 2026-06-24 | A missing permission check in Jenkins Zowe zDevOps Plugin 1.1.3.50.ve350c9b_450b_1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. |
| CVE-2026-57306 | Medium | 4.2 v3 | - | - | 2026-06-24 | A cross-site request forgery (CSRF) vulnerability in Jenkins Zowe zDevOps Plugin 1.1.3.50.ve350c9b_450b_1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. |
| CVE-2026-57305 | Medium | 5.4 v3 | - | - | 2026-06-24 | A cross-site request forgery (CSRF) vulnerability in Jenkins Assembla Plugin 1.4 and earlier allows attackers to connect to an attacker-specified URL using an attacker-specified username and password. |
| CVE-2026-57304 | Medium | 5.4 v3 | - | - | 2026-06-24 | A missing permission check in Jenkins Assembla Plugin 1.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using an attacker-specified username and password. |
| CVE-2026-57303 | High | 7.1 v3 | - | - | 2026-06-24 | Jenkins Assembla Plugin 1.4 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks, allowing attackers able to control the responses of the configured Assembla server to extract secrets from the Jenkins controller or perform server-side request forgery. |
| CVE-2026-57302 | Unscored | - | - | - | 2026-06-24 | Jenkins FitNesse Plugin 1.36 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Extended Read permission or access to the Jenkins controller file system. |
| CVE-2026-57301 | Unscored | - | - | - | 2026-06-24 | Jenkins OWASP ZAP Plugin 1.0.7 and earlier performs build operations on the Jenkins controller rather than the assigned agent, allowing attackers with Item/Configure permission to execute arbitrary code on the Jenkins controller. |
| CVE-2026-57300 | Unscored | - | - | - | 2026-06-24 | A missing permission check in Jenkins MCP Server Plugin 0.177.v629fdb_2557fe and earlier allows attackers with Item/Read permission to read the Pipeline replay scripts of jobs they can access. |
| CVE-2026-57299 | Unscored | - | - | - | 2026-06-24 | Missing permission checks in Jenkins Contrast Continuous Application Security Plugin 3.11 and earlier allow attackers with Overall/Read permission to enumerate the names of configured Contrast metadata. |
| CVE-2026-57298 | Unscored | - | - | - | 2026-06-24 | A cross-site request forgery (CSRF) vulnerability in Jenkins Contrast Continuous Application Security Plugin 3.11 and earlier allows attackers to have Jenkins connect to an attacker-specified URL using an attacker-specified username, API key, and service key. |
| CVE-2026-57297 | Unscored | - | - | - | 2026-06-24 | A missing permission check in Jenkins Contrast Continuous Application Security Plugin 3.11 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using an attacker-specified username, API key, and service key. |
| CVE-2026-57296 | Unscored | - | - | - | 2026-06-24 | Jenkins External Workspace Manager Plugin 1.3.2 and earlier does not reject path traversal sequences in the custom workspace path provided to the exwsAllocate Pipeline step, allowing attackers with Item/Configure permission to read arbitrary files on the Jenkins controller file system, which can lead to remote code execution. |
| CVE-2026-57295 | Unscored | - | - | - | 2026-06-24 | A cross-site request forgery (CSRF) vulnerability in Jenkins EC2 Fleet Plugin 4.2.3.539.v8fedff2a_81c3 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing AWS credentials stored in Jenkins. |
| CVE-2026-57294 | Unscored | - | - | - | 2026-06-24 | A missing permission check in Jenkins EC2 Fleet Plugin 4.2.3.539.v8fedff2a_81c3 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing AWS credentials stored in Jenkins. |
| CVE-2026-57293 | Unscored | - | - | - | 2026-06-24 | An incorrect permission check in Jenkins Gitee Plugin 1288.v18b_deb_c9069b_ and earlier allows attackers with global Item/Configure permission (while lacking Item/Configure permission on any particular job) to enumerate credentials IDs of credentials stored in Jenkins. |
| CVE-2026-57292 | Unscored | - | - | - | 2026-06-24 | A cross-site request forgery (CSRF) vulnerability in Jenkins Gitee Plugin 1288.v18b_deb_c9069b_ and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method. |
| CVE-2026-57291 | Unscored | - | - | - | 2026-06-24 | Missing permission checks in Jenkins Gitee Plugin 1288.v18b_deb_c9069b_ and earlier allow attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method. |
| CVE-2026-57290 | Unscored | - | - | - | 2026-06-24 | A cross-site request forgery (CSRF) vulnerability in Jenkins Priority Sorter Plugin 936.v2c01c6b_84449 and earlier allows attackers to overwrite the global job priority configuration. |
| CVE-2026-57289 | Medium | 4.8 v3 | - | - | 2026-06-24 | Jenkins Bitbucket Push and Pull Request Plugin 3.3.8 and earlier unconditionally disables SSL/TLS certificate and hostname validation for connections sending Bearer token authenticated requests to the configured Bitbucket Server endpoint, allowing attackers able to intercept network traffic to capture the token. |
| CVE-2026-57288 | Low | 3.7 v3 | - | - | 2026-06-24 | Jenkins Active Directory Plugin 2.41.1 and earlier does not escape the user name before building the LDAP search filter in the Windows native (ADSI) authentication path, allowing unauthenticated attackers to inject LDAP wildcard characters to enumerate directory entries and to authenticate as a matching user whose password they know without knowing their exact user name. |
| CVE-2026-57287 | Medium | 4.3 v3 | - | - | 2026-06-24 | Jenkins Job Configuration History Plugin 1356.ve360da_6c523a_ and earlier does not redact the encrypted values of secrets when displaying historical job and agent configurations, allowing attackers with Extended Read permission to view encrypted secret values that would otherwise be redacted. |
| CVE-2026-57286 | Medium | 4.3 v3 | - | - | 2026-06-24 | A missing permission check in Jenkins Git Parameter Plugin 462.vdcf3df2ed2ca_ and earlier allows attackers with Item/Read permission to obtain information about the SCM repository used by a job, such as branch names, tag names, and revision metadata. |
| CVE-2026-57285 | Medium | 4.3 v3 | - | - | 2026-06-24 | A missing permission check in Jenkins GitHub Branch Source Plugin 1967.1969.v205fd594c821 and earlier allows attackers with Overall/Read permission to obtain the URLs of GitHub Enterprise servers configured in the global plugin configuration. |
| CVE-2026-57284 | Medium | 4.3 v3 | - | - | 2026-06-24 | Jenkins Pipeline: Groovy Plugin 4331.v9d06ed4658ff and earlier does not restrict the types that can be instantiated through the Pipeline Snippet Generator, allowing attackers to instantiate types related to job or system configuration other than Pipeline steps. |
| CVE-2026-57283 | Medium | 4.3 v3 | - | - | 2026-06-24 | A cross-site request forgery (CSRF) vulnerability in Jenkins Pipeline: Groovy Plugin 4331.v9d06ed4658ff and earlier allows attackers to instantiate types related to job or system configuration other than Pipeline steps through the Pipeline Snippet Generator. |
| CVE-2026-57282 | Medium | 5.0 v3 | - | - | 2026-06-24 | Jenkins Git client Plugin 6.6.0 and earlier does not correctly escape the workspace directory name when it is embedded into a generated SSH wrapper script, allowing attackers able to control the name of a build's working directory to execute arbitrary operating system commands on the agent. |
| CVE-2026-57281 | High | 7.5 v3 | - | - | 2026-06-24 | Jenkins Script Security Plugin 1402.v94c9ce464861 and earlier does not reject Groovy AST transformation annotations carrying an extensions member, allowing attackers able to run sandboxed Groovy scripts to execute code outside the sandbox if a suitable script is present on the classpath of the component that evaluates the script. |
| CVE-2026-57280 | High | 8.8 v3 | - | - | 2026-06-24 | Jenkins Script Security Plugin 1402.v94c9ce464861 and earlier does not intercept the implicit type casts applied to the elements of typed for-each loops in sandboxed Groovy scripts, allowing attackers able to provide such scripts to invoke arbitrary constructors and bypass the sandbox protection. |
| CVE-2026-42450 | High | 8.4 v4 | - | - | 2026-06-24 | OpenColorIO is a color management framework for visual effects and animation. Prior to version 2.5.2, `FileFormatSpi3D.cpp:163` uses `sscanf` with `%s` into 64-byte stack buffers when parsing LUT data lines. Input comes from `lineBuffer[4096]`, so a crafted .spi3d file can overflow by ~4000 bytes on non-Windows. Version 2.5.2 fixes the issue. |
| CVE-2026-35025 | High | 8.1 v3 | - | - | 2026-06-24 | ProFTPD through 1.3.9b and 1.3.10rc2 contains an access control bypass vulnerability that allows authenticated FTP users to circumvent Directory ACL restrictions by prefixing paths with /proc/self/root in the RNFR command handler. Attackers can exploit the unresolved symlink components in dir_canonical_path() to cause dir_check() to perform lexical path comparisons that match no configured Directory block, enabling rename operations on files in DenyAll-protected directories and subsequent retrieval of those files. Mitigation: Sessions configured with DefaultRoot (chroot) are not affected, as chroot changes the directory to which /proc/self/root resolves. |
| CVE-2026-29034 | Unscored | - | - | - | 2026-06-24 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. |
| CVE-2026-12537 | Critical | 10.0 v4 | - | - | 2026-06-24 | Improper Neutralization used in an OS Command in the container launcher in Google Gemini CLI (versions prior to 0.39.1) and run-gemini-cli GitHub Action (versions prior to 0.1.22) on headless CI platforms allows an unprivileged attacker to achieve pre-sandbox host-level code execution a maliciously crafted .gemini/.env file. |
| CVE-2026-56761 | Medium | 4.3 v3 | - | - | 2026-06-24 | hono before 4.12.14 contains an html injection vulnerability in jsx server-side rendering that allows attackers to inject unintended html by using malformed attribute names. Attackers can craft specially crafted attribute keys containing characters like quotes or angle brackets to break html tag boundaries and inject arbitrary attributes or elements. |
| CVE-2026-56370 | Low | 3.3 v3 | - | - | 2026-06-24 | ImageMagick before 7.1.2-19 contains an out-of-bounds access vulnerability in ConnectedComponentsImage() when processing connected-components artifacts with invalid indices. Attackers can trigger access violations by specifying malformed connected-components definitions via CLI, causing denial of service or potential code execution. |
| CVE-2026-56368 | Low | 3.7 v3 | - | - | 2026-06-24 | ImageMagick before 7.1.2-15 contains a memory leak vulnerability in multiple coders that write raw pixel data where allocated objects are not properly freed. Attackers can trigger this leak by processing specially crafted images, causing memory exhaustion and denial of service. |
| CVE-2026-56358 | Medium | 5.4 v3 | - | - | 2026-06-24 | n8n before 1.123.25 (1.x) and before 2.11.2 (2.x), with the fix also included in 2.12.0, contains a stored cross-site scripting vulnerability in the Form Trigger node's CSS sanitization that allows authenticated users to inject malicious scripts. Attackers with workflow creation permissions can inject XSS payloads that execute persistently for all form visitors, enabling form hijacking and phishing attacks. |
| CVE-2026-56351 | High | 8.2 v3 | - | - | 2026-06-24 | n8n before version 2.4.0 contains a sql injection vulnerability in MySQL, PostgreSQL, and Microsoft SQL nodes that allows authenticated users to inject arbitrary SQL through unescaped identifier values in node configuration parameters. Attackers with workflow creation permissions can supply specially crafted table or column names to execute unauthorized database commands and compromise data integrity. |
| CVE-2026-56338 | Medium | 5.3 v3 | - | - | 2026-06-24 | Capgo before 12.128.2 contains a denial of service vulnerability in the /auth/v1/otp endpoint that prevents email verification for two-factor authentication due to captcha validation failures. Authenticated users cannot complete 2FA enrollment as the backend consistently returns HTTP 500 errors with captcha verification process failed messages, blocking access to security controls. |
| CVE-2026-56337 | Medium | 5.3 v3 | - | - | 2026-06-24 | Capgo before 12.128.2 contains an information disclosure vulnerability in the public.exist_app_v2 RPC function that allows unauthenticated attackers to enumerate app_ids by calling POST /rest/v1/rpc/exist_app_v2 with arbitrary appid parameters. Remote attackers can exploit this SECURITY DEFINER function to determine whether specific app_ids exist in the public.apps table, enabling cross-tenant app enumeration and privacy violations. |
| CVE-2026-56310 | Medium | 4.3 v3 | - | - | 2026-06-24 | Cap-go before 12.128.2 contains an authorization bypass vulnerability in the GET /organization/members endpoint that allows org-limited API keys to bypass limited_to_orgs restrictions. Attackers with org-limited API keys can read membership data including uid, email, image_url, role, and is_tmp from organizations outside their assigned scope. |
| CVE-2026-56302 | Medium | 6.5 v3 | - | - | 2026-06-24 | Capgo before 12.128.2 contains an unsecured images bucket lacking any row level security controls, allowing unauthenticated attackers to read, insert, and delete stored app icons. Remote attackers can exploit this misconfiguration to delete all icons and leak sensitive app IDs and user IDs. |
| CVE-2026-56272 | Medium | 4.1 v3 | - | - | 2026-06-24 | Flowise before 3.0.13 uses bcrypt with default salt rounds of 5, providing only 32 iterations instead of the OWASP-recommended minimum of 10 rounds. Attackers can crack password hashes approximately 30 times faster with modern GPU hardware, potentially compromising all user accounts in a database breach scenario. |
| CVE-2026-56270 | High | 7.5 v3 | - | - | 2026-06-24 | Flowise before 3.1.0 (versions 3.0.13 and earlier) contains a missing authentication vulnerability in the /api/v1/loginmethod endpoint that allows unauthenticated users to retrieve an organization's complete SSO configuration, including OAuth client secrets in cleartext, by providing an organizationId parameter. Remote attackers can send a GET request to harvest sensitive API credentials for Google, Microsoft/Azure, GitHub, and Auth0 integrations. This affects FlowiseAI Cloud and self-hosted instances where the endpoint is exposed. |
| CVE-2026-56269 | Medium | 4.6 v3 | - | - | 2026-06-24 | Flowise before 3.1.0 (npm package flowise, versions 3.0.13 and earlier) uses a weak hardcoded default value 'Secre$t' for the TOKEN_HASH_SECRET environment variable in packages/server/src/enterprise/utils/tempTokenUtils.ts when the variable is not configured. This secret derives the AES-256-CBC key used to encrypt user IDs and workspace IDs in the 'meta' field of JWT tokens. An attacker who knows the default secret can decrypt this metadata to extract internal user and workspace identifiers, and re-encrypt manipulated values such as altered user or workspace IDs. Because the JWT signature is validated separately, decrypting or tampering with this metadata does not by itself grant access, but the disclosure of internal identifiers and possible metadata manipulation could aid privilege escal |
| CVE-2026-56262 | Medium | 6.5 v3 | - | - | 2026-06-24 | Crawl4AI before 0.8.7 contains an authentication bypass vulnerability in the monitor router endpoints that allows unauthenticated attackers to access destructive operations. Remote attackers can invoke the /monitor/actions/cleanup endpoint and manipulate monitoring state without authentication, causing service disruption. |
This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog.
Look up any CVE, CVSS score, EPSS score, or CISA KEV status
This free CVE lookup tool covers the full vulnerability catalog of 360,210 CVEs, including 1,627 actively exploited vulnerabilities on the CISA Known Exploited Vulnerabilities (KEV) list. Search by CVE ID, or filter by severity, EPSS exploit-prediction score, KEV and ransomware status, and year, then open any CVE for its CVSS vector, references, and remediation context. Data is sourced from the NVD, FIRST.org EPSS, and the CISA KEV catalog.
- What is a CVE?
- A CVE (Common Vulnerabilities and Exposures) is a unique identifier for a publicly disclosed security vulnerability, in the form CVE-YYYY-NNNN. Each CVE record describes the flaw, the affected software, and references to advisories and fixes.
- What is CVSS severity?
- The Common Vulnerability Scoring System (CVSS) rates how severe a vulnerability is on a 0 to 10 scale, mapped to Low, Medium, High, and Critical. The score is derived from a vector describing how the flaw can be exploited and its impact.
- What is an EPSS score?
- The Exploit Prediction Scoring System (EPSS), published by FIRST.org, estimates the probability that a CVE will be exploited in the next 30 days. A high EPSS percentile means a vulnerability is far more likely to be attacked than most others.
- What is the CISA KEV catalog?
- The CISA Known Exploited Vulnerabilities (KEV) catalog lists CVEs that are confirmed to be actively exploited in the wild. KEV entries include a remediation due date and flag vulnerabilities tied to known ransomware campaigns.
How to use this CVE lookup
Type a CVE ID such as CVE-2021-44228 into the search box to jump straight to its record, or use the filters to browse by severity, EPSS, or CISA KEV status. Sort by EPSS to see the vulnerabilities most likely to be exploited, or filter to KEV to focus on what is already being attacked. Every CVE page shows its CVSS score and vector, EPSS probability and percentile, CISA KEV remediation timeline, CWE weakness types, and reference links.
Need to find and fix these vulnerabilities across your own fleet? TridentStack Control continuously scans Windows, macOS, and Linux endpoints for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.