Vulnerability Intelligence
Search every CVE — across OS, package, application, and exploit sources.
134,856
CVEs tracked
47
Active sources
last pull + run counts
1,611
KEV entries
CISA known-exploited
20 min ago
Last ingest
179
Published today
last 24 hours
1,673
Published this week
last 7 days
119
Critical (7d)
new critical this week
8,646
With public exploit
Exploit-DB / Metasploit
Recent critical CVEs See all critical →
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2026-36748 | critical | 9.0 | 9.0 | 6h ago | RockRMS v16.13 and before v.17.7.0 is vulnerable to Cross Site Scripting (XSS) via Social Media links in user profile. | |
| CVE-2026-36576 | critical | 9.8 | 9.8 | 6h ago | An OS command injection vulnerability in the app.py component of openlabs docker-wkhtmltopdf-aas up to commit 9f50579 allows attackers to execute arbitrary commands via a crafted … | |
| CVE-2026-35075 | critical | 9.8 | 9.8 | 9h ago | An unauthenticated remote attacker can recover a default, hard coded password from a firmware image and thus gain full access to all affected devices. | |
| CVE-2026-47065 | critical | 9.8 | 9.8 | 11h ago | ZDRES-232: resolveProxyClass Not Overridden - acceptMatchers Filter Bypass via java.lang.reflect.Proxy Assessment: Fully addressed. When the serialised stream contains a TC_PR… | |
| CVE-2025-14771 | critical | 9.9 | 9.9 | 11h ago | Files or directories accessible to external parties vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24. | |
| CVE-2026-4035 | critical | 9.1 | 9.1 | 13h ago | A vulnerability in mlflow/mlflow versions prior to 3.11.0 allows for the resolution of environment variables in AI Gateway secrets, which can be exploited to exfiltrate sensitive … | |
| CVE-2026-32625 | critical | 9.6 | 9.6 | 23h ago | LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, the Model Context Protocol (MCP) server integration resolves ${V… | |
| CVE-2026-49448 | critical | 9.8 | 9.8 | 1d ago | authentik is an open-source identity provider. Prior to versions 2025.12.6, 2026.2.4, and 2026.5.1, the Source stage can be bypassed by sending an empty POST. This issue has been … | |
| CVE-2026-42849 | critical | 9.3 | 9.3 | 1d ago | authentik is an open-source identity provider. Prior to versions 2025.12.5 and 2026.2.3, due to the implementation of stages in the SFE (Simple Flow Executor) in order to make the… | |
| CVE-2026-5076 | critical | 9.8 | 9.8 | 1d ago | The ARMember Premium plugin for WordPress is vulnerable to an insecure password reset mechanism in all versions up to, and including, 7.3.1. The plugin stores a plaintext copy of … |
Ubuntu (1,663 total) →
| CVE | Severity | Published |
|---|---|---|
| CVE-2026-47337 | low | 6d ago |
| CVE-2026-47336 | low | 6d ago |
| CVE-2026-47335 | medium | 6d ago |
| CVE-2026-31431 | high | 1mo ago |
| CVE-2026-3497 | high | 2mo ago |
Debian (52,667 total) →
| CVE | Severity | Published |
|---|---|---|
| CVE-2026-46273 | unknown | 6h ago |
| CVE-2026-3276 | unknown | 6h ago |
| CVE-2026-46272 | unknown | 6h ago |
| CVE-2026-46271 | unknown | 6h ago |
| CVE-2026-46270 | unknown | 6h ago |
Red Hat / RHEL (10,537 total) →
| CVE | Severity | Published |
|---|---|---|
| CVE-2026-35177 | medium | 22h ago |
| CVE-2026-5419 | low | 2d ago |
| CVE-2025-53020 | high | 3d ago |
| CVE-2026-4408 | critical | 7d ago |
| CVE-2026-34079 | high | 7d ago |
Windows (3,132 total) →
| CVE | Severity | Published |
|---|---|---|
| CVE-2026-46242 | unknown | 4d ago |
| CVE-2026-40528 | high | 5d ago |
| CVE-2026-40510 | medium | 5d ago |
| CVE-2026-41184 | unknown | 6d ago |
| CVE-2026-42250 | unknown | 6d ago |