CVE-2026-7112
5.6MEDIUM
A vulnerability has been found in NousResearch hermes-agent 0.8.0. Affected by this vulnerability is the function _check_auth of the file gateway/platforms/api_server.py of the component API_SERVER_KE...
4/27/2026CWE-287
Security Database
VULNERABILITY
DATABASE
Comprehensive database of CVEs, exploits from Exploit-DB, and CISA's Known Exploited Vulnerabilities (KEV) catalog. Updated daily with the latest security vulnerabilities.
CVEs
6K+
Exploits
2K+
KEV
94
Daily
LIVE
Critical & Exploited
CRITICAL
CVE-2026-41409
The fix for CVE-2024-52046 in Apache MINA AbstractIoBuffer.getObject() was incomplete. The classname...
CRITICAL
CVE-2026-41635
Apache MINA's AbstractIoBuffer.resolveClass() contains two branches, one of them (for static classes...
CRITICAL
CVE-2026-6951
Versions of the package simple-git before 3.36.0 are vulnerable to Remote Code Execution (RCE) due t...
CRITICAL
CVE-2026-1952
Delta Electronics AS320T has denial of service via the undocumented subfunction vulnerability....
CRITICAL
CVE-2026-1951
Delta Electronics AS320T has no checking of the length of the buffer with the directory name vulne...
Recent CVEs
CVE-2026-7110
3.5LOW
A flaw has been found in code-projects Invoice System in Laravel 1.0. Affected is an unknown function of the file /item. Executing a manipulation of the argument item name/description can lead to cros...
4/27/2026CWE-79, CWE-94
CVE-2026-7109
5.3MEDIUM
A vulnerability was detected in code-projects Invoice System in Laravel 1.0. This impacts an unknown function of the file /item of the component API Endpoint. Performing a manipulation results in impr...
4/27/2026CWE-266, CWE-285
CVE-2026-41409
9.8CRITICAL
The fix for CVE-2024-52046 in Apache MINA AbstractIoBuffer.getObject() was incomplete. The classname allowlist of classes allowed to be deserialized was applied too late after a static initializer in ...
4/27/2026CWE-502
CVE-2026-40858
NONE
The camel-infinispan component's ProtoStream-based remote aggregation repository deserializes data read from a remote Infinispan cache using java.io.ObjectInputStream without applying any ObjectInputF...
4/27/2026CWE-502
CVE-2026-40022
NONE
When authentication is enabled on the Apache Camel embedded HTTP server or embedded management server (camel-platform-http-main) and a non-root context path such as /api or /admin is configured via ca...
4/27/2026CWE-288
Recent Exploits
EDB-52465
webappsmultiple
WordPress Quiz Maker 6.7.0.56 - SQL Injection
CVE-2025-10042
Rahul Sreenivasan12/25/2025
EDB-52463
webappsmultiple
FreeBSD rtsold 15.x - Remote Code Execution via DNSSL
CVE-2025-14558
Lukas Johannes Möller12/25/2025
EDB-52464
webappsmultiple
Chained Quiz 1.3.5 - Unauthenticated Insecure Direct Object Reference via Cookie
CVE-2025-10493
0xsabre12/25/2025
EDB-52462
webappsmultiple
Summar Employee Portal 3.98.0 - Authenticated SQL Injection
CVE-2025-40677
Peter Gabaldon12/16/2025
EDB-52461
webappsmultiple
esm-dev 136 - Path Traversal
CVE-2025-59342
Byte Reaper12/16/2025
EDB-52460
webappsphp
Pluck 4.7.7-dev2 - PHP Code Execution
CVE-2018-11736
CodeSecLab12/8/2025
CISA KEV Catalog
| CVE ID | Vendor | Product | Date Added | Ransomware |
|---|---|---|---|---|
| CVE-2024-57726 | SimpleHelp | SimpleHelp | 2026-04-24 | - |
| CVE-2024-57728 | SimpleHelp | SimpleHelp | 2026-04-24 | - |
| CVE-2024-7399 | Samsung | MagicINFO 9 Server | 2026-04-24 | - |
| CVE-2025-29635 | D-Link | DIR-823X | 2026-04-24 | - |
| CVE-2026-39987 | Marimo | Marimo | 2026-04-23 | - |
Data Sources
This vulnerability database is provided for educational and authorized security research purposes only.