CVE-2026-32606
7.6HIGH
IncusOS is an immutable OS image dedicated to running Incus. Prior to 202603142010, the default configuration of systemd-cryptenroll as used by IncusOS through mkosi allows for an attacker with physic...
3/18/2026CWE-522
Security Database
VULNERABILITY
DATABASE
Comprehensive database of CVEs, exploits from Exploit-DB, and CISA's Known Exploited Vulnerabilities (KEV) catalog. Updated daily with the latest security vulnerabilities.
CVEs
3K+
Exploits
2K+
KEV
54
Daily
LIVE
Critical & Exploited
CRITICAL
CVE-2026-4312
GCB/FCB Audit Software developed by DrangSoft has a Missing Authentication vulnerability, allowing u...
CRITICAL
CVE-2026-3826
IFTOP developed by WellChoose has a Local File Inclusion vulnerability, allowing unauthenticated rem...
CRITICAL
CVE-2026-27842
Authentication bypass issue exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker to bypa...
CRITICAL
CVE-2026-24448
Use of hard-coded credentials issue exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker...
CRITICAL
CVE-2023-27573
netbox-docker before 2.5.0 has a superuser account with default credentials (admin password for the ...
Recent CVEs
CVE-2026-32596
NONE
Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.2, Glances web server runs without authentication by default when started with `glances -w`, exposing REST API with sensit...
3/18/2026CWE-200
CVE-2026-32268
NONE
The Azure Blob Storage for Craft CMS plugin provides an Azure Blob Storage integration for Craft CMS. In versions on the 2.x branch prior to 2.1.1, unauthenticated users can view a list of buckets the...
3/18/2026CWE-862
CVE-2026-3634
3.9LOW
A flaw was found in libsoup. An attacker controlling the value used to set the Content-Type header can inject a Carriage Return Line Feed (CRLF) sequence due to improper input sanitization in the `sou...
3/17/2026CWE-93
CVE-2026-3633
3.9LOW
A flaw was found in libsoup. A remote attacker, by controlling the method parameter of the `soup_message_new()` function, could inject arbitrary headers and additional request data. This vulnerability...
3/17/2026CWE-93
CVE-2026-3632
3.9LOW
A flaw was found in libsoup, a library used by applications to send network requests. This vulnerability occurs because libsoup does not properly validate hostnames, allowing special characters to be ...
3/17/2026CWE-1286
Recent Exploits
EDB-52465
webappsmultiple
WordPress Quiz Maker 6.7.0.56 - SQL Injection
CVE-2025-10042
Rahul Sreenivasan12/25/2025
EDB-52463
webappsmultiple
FreeBSD rtsold 15.x - Remote Code Execution via DNSSL
CVE-2025-14558
Lukas Johannes Möller12/25/2025
EDB-52464
webappsmultiple
Chained Quiz 1.3.5 - Unauthenticated Insecure Direct Object Reference via Cookie
CVE-2025-10493
0xsabre12/25/2025
EDB-52462
webappsmultiple
Summar Employee Portal 3.98.0 - Authenticated SQL Injection
CVE-2025-40677
Peter Gabaldon12/16/2025
EDB-52461
webappsmultiple
esm-dev 136 - Path Traversal
CVE-2025-59342
Byte Reaper12/16/2025
EDB-52460
webappsphp
Pluck 4.7.7-dev2 - PHP Code Execution
CVE-2018-11736
CodeSecLab12/8/2025
CISA KEV Catalog
| CVE ID | Vendor | Product | Date Added | Ransomware |
|---|---|---|---|---|
| CVE-2025-47813 | Wing FTP Server | Wing FTP Server | 2026-03-16 | - |
| CVE-2026-3909 | Skia | 2026-03-13 | - | |
| CVE-2026-3910 | Chromium V8 | 2026-03-13 | - | |
| CVE-2025-68613 | n8n | n8n | 2026-03-11 | - |
| CVE-2026-1603 | Ivanti | Endpoint Manager (EPM) | 2026-03-09 | - |
Data Sources
This vulnerability database is provided for educational and authorized security research purposes only.