База данных безопасности

БАЗА ДАННЫХ
УЯЗВИМОСТЕЙ

Комплексная база данных CVE, эксплойтов из Exploit-DB и каталога CISA KEV. Ежедневно обновляется.

CVE

2K+

Эксплойты

2K+

KEV

1K+

Ежедневно

ЖИВО

Критические и эксплуатируемые

Каталог KEV

CRITICAL

CVE-2025-62878

A malicious user can manipulate the parameters.pathPattern to create PersistentVolumes in arbitrary ...

CRITICAL

CVE-2026-27641

Flask-Reuploaded provides file uploads for Flask. A critical path traversal and extension bypass vul...

CRITICAL

CVE-2026-27637

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version ...

CRITICAL

CVE-2026-27597

Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to version 2...

CRITICAL

CVE-2026-27822

RustFS is a distributed object storage system built in Rust. Prior to version 1.0.0-alpha.83, a Stor...

Последние CVE

Все CVE

CVE-2026-27976

8.8HIGH

Zed, a code editor, has an extension installer allows tar/gzip downloads. Prior to version 0.224.4, the tar extractor (`async_tar::Archive::unpack`) creates symlinks from the archive without validatio...

2/26/2026CWE-61

CVE-2026-27967

7.1HIGH

Zed, a code editor, has a symlink escape vulnerability in versions prior to 0.225.9 in Agent file tools (`read_file`, `edit_file`). It allows reading and writing files **outside the project directory*...

2/26/2026CWE-59

CVE-2026-27933

6.8MEDIUM

Manyfold is an open source, self-hosted web application for managing a collection of 3d models, particularly focused on 3d printing. Versions prior to 0.133.0 are vulnerable to session hijack via cook...

2/26/2026CWE-613

CVE-2026-27821

NONE

GPAC is an open-source multimedia framework. In versions up to and including 26.02.0, a stack buffer overflow occurs during NHML file parsing in `src/filters/dmx_nhml.c`. The value of the xmlHeaderEnd...

2/26/2026CWE-121

CVE-2026-27818

NONE

TerriaJS-Server is a NodeJS Express server for TerriaJS, a library for building web-based geospatial data explorers. A validation bug in versions prior to 4.0.3 allows an attacker to proxy domains not...

2/26/2026CWE-20, CWE-918

CVE-2026-27812

NONE

Sub2API is an AI API gateway platform designed to distribute and manage API quotas from AI product subscriptions. A vulnerability in versions prior to 0.1.85 is a Password Reset Poisoning (Host Header...

2/26/2026CWE-116

Последние эксплойты

Все эксплойты

EDB-52465

webappsmultiple

WordPress Quiz Maker 6.7.0.56 - SQL Injection

CVE-2025-10042

Rahul Sreenivasan12/25/2025

EDB-52463

webappsmultiple

FreeBSD rtsold 15.x - Remote Code Execution via DNSSL

CVE-2025-14558

Lukas Johannes Möller12/25/2025

EDB-52464

webappsmultiple

Chained Quiz 1.3.5 - Unauthenticated Insecure Direct Object Reference via Cookie

Каталог CISA KEV

Полный каталог

ID CVE	Поставщик	Продукт	Дата добавления	Вымогатели
CVE-2026-20805	Microsoft	Windows	2026-01-13	-
CVE-2025-8110	Gogs	Gogs	2026-01-12	-
CVE-2025-37164	Hewlett Packard Enterprise (HPE)	OneView	2026-01-07	-
CVE-2009-0556	Microsoft	Office	2026-01-07	-
CVE-2025-14847	MongoDB	MongoDB and MongoDB Server	2025-12-29	-

Источники данных

Программа CVE (MITRE)NVD (NIST)Exploit-DB (OffSec)Каталог CISA KEV

Эта база данных предоставляется только для образовательных целей и авторизованных исследований безопасности.

БАЗА ДАННЫХУЯЗВИМОСТЕЙ

Критические и эксплуатируемые

CVE-2025-62878

CVE-2026-27641

CVE-2026-27637

CVE-2026-27597

CVE-2026-27822

Последние CVE

CVE-2026-27976

CVE-2026-27967

CVE-2026-27933

CVE-2026-27821

CVE-2026-27818

CVE-2026-27812

Последние эксплойты

WordPress Quiz Maker 6.7.0.56 - SQL Injection

FreeBSD rtsold 15.x - Remote Code Execution via DNSSL

Chained Quiz 1.3.5 - Unauthenticated Insecure Direct Object Reference via Cookie

Summar Employee Portal 3.98.0 - Authenticated SQL Injection

esm-dev 136 - Path Traversal

Pluck 4.7.7-dev2 - PHP Code Execution

Каталог CISA KEV

Источники данных

БАЗА ДАННЫХ
УЯЗВИМОСТЕЙ