CVE-2026-1839
6.5MEDIUM
A vulnerability in the HuggingFace Transformers library, specifically in the `Trainer` class, allows for arbitrary code execution. The `_load_rng_state()` method in `src/transformers/trainer.py` at li...
4/7/2026CWE-502
Security Database
VULNERABILITY
DATABASE
Comprehensive database of CVEs, exploits from Exploit-DB, and CISA's Known Exploited Vulnerabilities (KEV) catalog. Updated daily with the latest security vulnerabilities.
CVEs
4K+
Exploits
2K+
KEV
69
Daily
LIVE
Critical & Exploited
CRITICAL
CVE-2026-0740
The Ninja Forms - File Uploads plugin for WordPress is vulnerable to arbitrary file uploads due to m...
CRITICAL
CVE-2026-35022
Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection vulnerability in auth...
CRITICAL
CVE-2026-25371
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i...
CRITICAL
CVE-2018-25254
NICO-FTP 3.0.1.19 contains a structured exception handler buffer overflow vulnerability that allows ...
CRITICAL
CVE-2016-20052
Snews CMS 1.7 contains an unrestricted file upload vulnerability that allows unauthenticated attacke...
Recent CVEs
CVE-2025-65116
5.5MEDIUM
Buffer Overflow Vulnerability in JP1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management 2 - Operations Director on Windows, Job Management Partner 1/IT Desktop Management 2 - Mana...
4/7/2026CWE-763
CVE-2025-65115
8.8HIGH
Remote Code Execution Vulnerability in JP1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management 2 - Operations Director on Windows, Job Management Partner 1/IT Desktop Management 2 ...
4/7/2026CWE-73
CVE-2026-0740
9.8CRITICAL
The Ninja Forms - File Uploads plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'NF_FU_AJAX_Controllers_Uploads::handle_upload' function in all v...
4/7/2026CWE-434
CVE-2026-20446
NONE
In sec boot, there is a possible out of bounds write due to an integer overflow. This could lead to local denial of service, if an attacker has physical access to the device, with User execution privi...
4/7/2026CWE-787
CVE-2026-20433
NONE
In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the atta...
4/7/2026CWE-787
Recent Exploits
EDB-52465
webappsmultiple
WordPress Quiz Maker 6.7.0.56 - SQL Injection
CVE-2025-10042
Rahul Sreenivasan12/25/2025
EDB-52463
webappsmultiple
FreeBSD rtsold 15.x - Remote Code Execution via DNSSL
CVE-2025-14558
Lukas Johannes Möller12/25/2025
EDB-52464
webappsmultiple
Chained Quiz 1.3.5 - Unauthenticated Insecure Direct Object Reference via Cookie
CVE-2025-10493
0xsabre12/25/2025
EDB-52462
webappsmultiple
Summar Employee Portal 3.98.0 - Authenticated SQL Injection
CVE-2025-40677
Peter Gabaldon12/16/2025
EDB-52461
webappsmultiple
esm-dev 136 - Path Traversal
CVE-2025-59342
Byte Reaper12/16/2025
EDB-52460
webappsphp
Pluck 4.7.7-dev2 - PHP Code Execution
CVE-2018-11736
CodeSecLab12/8/2025
CISA KEV Catalog
| CVE ID | Vendor | Product | Date Added | Ransomware |
|---|---|---|---|---|
| CVE-2026-35616 | Fortinet | FortiClient EMS | 2026-04-06 | - |
| CVE-2026-3502 | TrueConf | Client | 2026-04-02 | - |
| CVE-2026-5281 | Dawn | 2026-04-01 | - | |
| CVE-2026-3055 | Citrix | NetScaler | 2026-03-30 | - |
| CVE-2025-53521 | F5 | BIG-IP | 2026-03-27 | - |
Data Sources
This vulnerability database is provided for educational and authorized security research purposes only.