SophiaX
🔍
LIVE
· New victim: sansilvestre.edu.pe — krybit· New victim: JMS Southeast — akira· New victim: Padget Technologies — akira· New victim: Delegal Poindexter & Underkofler, P.A. — morpheus· New victim: ISOPLUS — qilin· New KEV: CVE-2025-67038 · Lantronix· New KEV: CVE-2026-34908 · Ubiquiti· New KEV: CVE-2026-34910 · Ubiquiti· New KEV: CVE-2026-34909 · Ubiquiti· New KEV: CVE-2026-20253 · Splunk· New victim: 2,598 new IOCs ingested in last 24h sansilvestre.edu.pe — krybit· New victim: JMS Southeast — akira· New victim: Padget Technologies — akira· New victim: Delegal Poindexter & Underkofler, P.A. — morpheus· New victim: ISOPLUS — qilin· New KEV: CVE-2025-67038 · Lantronix· New KEV: CVE-2026-34908 · Ubiquiti· New KEV: CVE-2026-34910 · Ubiquiti· New KEV: CVE-2026-34909 · Ubiquiti· New KEV: CVE-2026-20253 · Splunk· 2,598 new IOCs ingested in last 24h

Vulnerability Intelligence

Comprehensive CVE database enriched with CVSS scores, EPSS exploit probability, CISA KEV status, and ransomware association flags. Prioritize patch management with actionable vulnerability intelligence for security teams and SOC analysts.

Global Database
166,729
1,627 in CISA KEV
High EPSS (≥50%)
4,317
across full database
Ransomware-Linked
327
across full database
EPSS vs CVSS1,500 CVEs
Critical / Ransomware
High
Medium / KEV
Low
600 / 1,500 CVEs
⚡ CVE Intelligence166,729 total
🔍
CVSS ≥
EPSS ≥
CVE IDVendor / ProductCVSSEPSSKEVModifiedDue DateFlags
CVE-2026-56450AIL did not restrict repeated failed attempts to verify2026-06-22
CVE-2026-56448A path traversal vulnerability exists in AIL Framework 2026-06-22
CVE-2026-56447MISP allowed an authenticated site administrator to set2026-06-22
CVE-2026-56446MISP allowed a site administrator to configure an arbit2026-06-22
CVE-2026-56425The Azure Active Directory (AAD) authentication impleme2026-06-22
CVE-2026-56424MISP core contained multiple broken access-control flaw2026-06-22
CVE-2026-56423MISP Core contained broken access-control checks in the2026-06-22
CVE-2026-56422Multiple MISP core controllers and model capture paths 2026-06-22
CVE-2026-56412libexpat before 2.8.2 does not consider XML_TOK_DATA_CH4.92026-06-22
CVE-2026-56411xmlwf in libexpat before 2.8.2 has an integer overflow 6.92026-06-22
CVE-2026-56410xmlwf in libexpat before 2.8.2 has an integer overflow 6.92026-06-22
CVE-2026-56409xmlwf in libexpat before 2.8.2 has an integer overflow 6.52026-06-22
CVE-2026-56408libexpat before 2.8.2 has an integer overflow in copySt6.92026-06-22
CVE-2026-56407libexpat before 2.8.2 has an integer overflow in doProl6.92026-06-22
CVE-2026-56406libexpat before 2.8.2 has an integer overflow in XML_Pa6.92026-06-22
CVE-2026-56405libexpat before 2.8.2 has an integer overflow in getAtt6.92026-06-22
CVE-2026-56404libexpat before 2.8.2 has an integer overflow in addBin6.92026-06-22
CVE-2026-56403libexpat before 2.8.2 has an integer overflow in storeA6.92026-06-22
CVE-2026-56397SiYuan before v3.6.1 fails to sanitize package metadata9.62026-06-22
CVE-2026-56396phpMyFAQ before 4.1.4 contains missing authorization vu8.82026-06-22
CVE-2026-56395SiYuan before v3.6.1 fails to sanitize package metadata9.62026-06-22
CVE-2026-56394Craft CMS from 4.0.0-RC1 contains an authenticated path6.52026-06-22
CVE-2026-56393Craft CMS 4.x (>= 4.0.0-RC1, < 4.17.0-beta.1) and 5.x (4.82026-06-22
CVE-2026-56385Craft CMS versions >= 5.0.0-RC1, <= 5.9.13 and >= 4.0.04.32026-06-22
CVE-2026-56384Craft CMS contains a missing authorization vulnerabilit4.32026-06-22
CVE-2026-56383Craft CMS contains a stored cross-site scripting (XSS) 4.82026-06-22
CVE-2026-56382Craft CMS (composer package craftcms/cms) versions >= 57.22026-06-22
CVE-2026-56381Craft CMS from version 5.0.0-RC1 contains a stored cros4.82026-06-22
CVE-2026-56378ImageMagick before 7.1.2-15 (and 6.x before 6.9.13-40) 3.72026-06-22
CVE-2026-56367ImageMagick before 7.1.2-15 and 6.9.x before 6.9.13-40 3.72026-06-22
Page 1 / 5,558166,729 Records globally
💣 Public Exploits46,617 total
TitlePlatformTypeCVE IDsMax CVSSDateVerified
OpenEMR 7.0.2 - Arbitrary File Readmultiplewebapps
CVE-2026-24849
2026-06-08
WordPress Contest Gallery 28.1.4 - Unauthenticated Blind SQL Injectionmultiplewebapps
CVE-2026-3180
2026-06-05
WordPress OrderConvo 14 - Path Traversalmultiplewebapps
CVE-2025-10162
2026-06-01
Drupal Core 10.5.5 - Error-Based SQL Injectionphpwebapps
CVE-2026-9082
9.82026-06-01
YAMCS yamcs-core 5.12.7 - No Rate Limitingmultiplewebapps
CVE-2026-44596
2026-05-30
YAMCS yamcs-core 5.12.7 - LDAP Injectionmultiplewebapps
CVE-2026-42568
4.32026-05-30
Notepad++ 8.9.6 - Arbitrary Code Executionwindowsremote
CVE-2026-48778
2026-05-30
YAMCS yamcs-core 5.12.7 - User Enumerationmultiplewebapps
CVE-2026-44595
2026-05-30
CubeCart < 6.7.0 - Reflected Cross-Site Scripting (XSS) (Unauthenticated)multiplewebapps
CVE-2026-44376
6.12026-05-29
Prodigy Commerce 3.3.0 - Local File Inclusionmultiplewebapps
CVE-2026-0926
2026-05-29
strongSwan 5.9.13 - DoSmultipledos
CVE-2026-35333
2026-05-29
Microsoft - NTLMv2 Hash Capturewindowsremote
CVE-2026-32202
4.32026-05-29
ZTE H298A / H108N - Unauthenticated Credential Exposuremultiplelocal
CVE-2026-34474
7.52026-05-29
Linux Kernel - Local Privilege Escalationlinuxlocal
CVE-2026-43284CVE-2026-43500CVE-2026-46300
8.82026-05-29
ImageMagick - Infinite Loop in the MIFF decoder can lead to CPU exhaustionmultiplelocal
CVE-2026-46522
7.52026-05-29
Wing FTP Server 8.1.3 - Authenticated Remote Code Executionmultipleremote
CVE-2026-44403
7.22026-05-29
Quick Playground for WordPress 1.3.1 - Unauthenticated Remote Code Executionmultiplewebapps
CVE-2026-1830
2026-05-29
ZTE Routers - Unauthenticated Denial of Servicemultiplelocal
CVE-2026-34473
7.52026-05-29
strongSwan 5.9.13 - libsimaka EAP-SIM/AKA heap buffer overflowmultipleremote
CVE-2026-35330
2026-05-29
MikroORM 7.0.13 - SQL Injectionmultiplewebapps
CVE-2026-44680
7.62026-05-29
Langflow 1.3.0 - Remote Code Executionmultiplewebapps
CVE-2026-0770
2026-05-29
MixPHP Framework 2.2.17 - Unsafe Deserialization Remote Code Executionphpwebapps
CVE-2026-42471
2026-05-29
ZTE ZXHN H188A V6 - Authentication Bypassmultiplelocal
CVE-2026-34472
7.12026-05-29
Casdoor 3.54.1 - Arbitrary File Write via Path Traversalgowebapps
CVE-2026-6815
5.92026-05-27
MeiG Smart FORGE_SLT711 - OS Command Injectionlinuxhardware
CVE-2026-36356
2026-05-27
OpenCATS 0.9.7.4 - SQL Injectionmultiplewebapps
2026-05-27
Realtek rtl819x - Local Privilegelinuxlocal
CVE-2026-36355
2026-05-27
Linux Kernel - Local Privilege Escalationlinuxlocal
CVE-2026-43284CVE-2026-43500
8.82026-05-27
EspoCRM 9.3.3 - SSRFmultiplewebapps
CVE-2026-33534
2026-05-27
scramble - Remote Code Executionphpwebapps
CVE-2026-44262
9.42026-05-27
Wordpress Temporary Login Plugin 1.0.0 - 'temp-login-token' Authentication Bypass to Account Takeovermultiplewebapps
CVE-2026-7567
2026-05-26
Apache HTTP Server 2.4.66 - 'mod_http2' Double-Free Denial of Servicemultiplewebapps
CVE-2026-23918
2026-05-26
cPanel - CRLF Injectionphpwebapps
CVE-2026-41940
2026-05-26
Grav CMS 2.0.0-beta.2 - Remote Code Executionphpwebapps
CVE-2026-42607
9.12026-05-26
D-Link DSL2600U - 'rom-0' Admin Password Disclosuremultiplehardware
2026-05-26
Linux Kernel 6.8 - Local Privilege Escalationlinuxlocal
2026-05-26
BookStack 25.12.1 - Denial of Servicemultiplewebapps
2026-05-21
Lenovo LegionSpace 1.7.11.2 - 'DAService' Unquoted Service Pathwindowslocal
2026-05-21
Cockpit 359 - RCEmultiplewebapps
CVE-2026-4631
2026-05-21
solaredge - (CSRF-OOB-Injection)multiplewebapps
2026-05-21
FUXA 1.2.9 - RCEmultiplewebapps
CVE-2026-25895
2026-05-21
Windows Snipping Tool - NTLMv2 Hash Hijackwindowslocal
CVE-2026-33829
2026-05-15
Remote Sunrise Helper for Windows 2026.14 - Unauthenticated File/Directory Listingwindowslocal
2026-05-15
Remote Sunrise Helper for Windows 2026.14 - Remote Code Executionwindowslocal
2026-05-15
Apache HertzBeat 1.8.0 - Remote Code Executionmultiplewebapps
2026-05-14
PJPROJECT 2.16 - Heap Bufferoverflowmultiplewebapps
CVE-2026-25994
2026-05-14
ePati Antikor NGFW 2.0.1301 - Authentication Bypassmultiplewebapps
CVE-2026-2624
9.82026-05-14
WordPress Plugin Supsystic Contact Form 1.7.36 - SSTImultiplewebapps
CVE-2026-4257
2026-05-14
glances 4.5.2 - command injectionmultiplewebapps
CVE-2026-33641
2026-05-13
Flowise < 3.0.5 - Missing Authentication for Critical Functiontypescriptwebapps
CVE-2025-58434
2026-05-13
coreruleset 4.21.0 - Firewall Bypassmultiplewebapps
CVE-2026-21876
2026-05-13
Ninja Forms Uploads - Unauthenticated PHP File Uploadmultiplewebapps
CVE-2026-0740
2026-05-13
NocoBase 2.0.27 - VM Sandbox Escapemultiplelocal
CVE-2026-34156
2026-05-07
telnetd 2.7 - Buffer Overflowmultipleremote
CVE-2026-32746
2026-05-07
LuaJIT 2.1.1774638290 - Arbitrary Code Executionmultiplewebapps
2026-05-07
Ghost CMS 6.19.0 - SQLimultiplewebapps
CVE-2026-26980
9.42026-05-07
ThingsBoard IoT Platform 4.2.0 - Server-Side Request Forgery (SSRF)multiplewebapps
CVE-2025-34282
2026-05-07
Bludit CMS 3.18.4 - RCEmultiplewebapps
CVE-2026-25099
2026-05-07
Linux nf_tables 6.19.3 - Local Privilege Escalationlinuxlocal
CVE-2026-23231
7.82026-05-04
Windows 11 24H2 - Local Privilege Escalationwindowslocal
CVE-2026-21250
2026-05-04
Linux Kernel proc_readdir_de() 6.18-rc5 - Local Privilege Escalationlinuxlocal
CVE-2025-40271
2026-05-04
MindsDB 25.9.1.1 - Path Traversalmultiplewebapps
CVE-2026-27483
2026-05-04
Traccar GPS Tracking System 6.11.1 - Cross-Site WebSocket Hijacking (CSWSH)multiplewebapps
CVE-2025-68930
2026-05-04
Linksys E1200 2.0.04 - Authenticated Stack Buffer Overflow (RCE)multiplehardware
CVE-2025-60690
2026-05-04
Google Chrome 145.0.7632.75 - CSSFontFeatureValuesMapmultiplelocal
CVE-2026-2441
2026-04-30
Python-Multipart 0.0.22 - Path Traversalpythonwebapps
CVE-2026-24486
2026-04-30
Camaleon CMS v2.9.0 - Path Traversalmultiplewebapps
CVE-2024-46987
2026-04-30
Repetier-Server 1.4.10 - Path Traversalmultiplewebapps
CVE-2026-26335
2026-04-30
deephas 1.0.7 - Prototype Pollutionmultiplewebapps
CVE-2026-25047
2026-04-30
Windows 11 23H2 - Denial of Service (DoS)windowslocal
CVE-2025-47987
2026-04-30
BusyBox 1.37.0 - Path Traversalmultiplewebapps
CVE-2026-26157
7.02026-04-30
JUNG Smart Visu Server 1.1.1050 - Dosmultiplewebapps
CVE-2026-26235
2026-04-30
Erugo 0.2.14 - Remote Code Execution (RCE)multiplewebapps
CVE-2026-24897
2026-04-30
FUXA 1.2.8 - Authentication Bypass + RCE Exploitmultiplewebapps
CVE-2025-69985
2026-04-30
HUSTOJ Zip-Slip v26.01.24 - RCEmultiplewebapps
CVE-2026-24479
2026-04-30
SumatraPDF 3.5.2 - Remote Code Executionmultiplewebapps
CVE-2026-25961
2026-04-30
SUSE Manager 4.3.15 - Code Executionmultiplewebapps
CVE-2025-46811
2026-04-30
Windows 11 25H2 - Heap Overflowwindowslocal
CVE-2026-21244CVE-2026-21248
2026-04-30
Js2Py 0.74 - RCEmultiplewebapps
CVE-2024-28397
2026-04-30
Cybersecurity AI (CAI) Framework 0.5.10 - Command Injectionmultiplewebapps
2026-04-30
Frigate NVR 0.16.3 - Remote Code Executionmultiplewebapps
CVE-2026-25643
2026-04-30
NiceGUI 3.6.1 - Path Traversalmultiplewebapps
CVE-2026-25732
2026-04-30
Atlona ATOMERX21 - Authenticated Command Injectionmultiplelocal
CVE-2024-30167
2026-04-29
GeographicLib v2.5.1 - stack buffer overflowmultiplewebapps
CVE-2025-60751
2026-04-29
GNU InetUtils 2.6 - Telnetd Remote Privilege Escalationlinuxlocal
CVE-2026-24061
2026-04-29
LangChain Core 1.2.4 - SSTI/RCEmultiplewebapps
CVE-2025-68664
2026-04-29
phpMyFAQ 4.0.16 - Improper Authorizationphpwebapps
CVE-2026-24421
2026-04-29
Craft CMS 5.6.16 - RCEmultiplewebapps
CVE-2025-32432
2026-04-29
Fedora - Local Privilege Escalationlinuxlocal
CVE-2025-12744
2026-04-29
FacturaScripts 2025.43 - XSSmultiplewebapps
CVE-2025-69210
2026-04-29
JuzaWeb CMS 3.4.2 - Authenticated Remote Code Executionmultiplewebapps
2026-04-29
HAX CMS 24.x - Stored Cross-Site Scripting (XSS)multiplewebapps
CVE-2026-22704
2026-04-29
OpenKM 6.3.12 - Multiplemultiplewebapps
2026-04-29
Xibo CMS 4.3.0 - RCE via SSTImultiplewebapps
CVE-2025-62639
2026-04-29
GUnet OpenEclass E-learning platform < 4.2 - Remote Code Execution (RCE)multiplewebapps
CVE-2026-22241
2026-04-29
OpenWrt 23.05 - Authenticated Remote Code Execution (RCE)multiplelocal
2026-04-29
AVAST Antivirus 25.11 - Unquoted Service Pathwindowslocal
2026-04-22
Throttlestop Kernel Driver - Kernel Out-of-Bounds Write Privilege Escalationwindowslocal
CVE-2025-7771
2026-04-22
WordPress Plugin 5.2.0 - Broken Access Controlmultiplewebapps
CVE-2025-67586
2026-04-22
D-Link DIR-650IN - Authenticated Command Injectionmultiplewebapps
2026-04-10