CVE Find is a real-time vulnerability database indexing 366 604 security flaws (CVE) from MITRE, NVD, CISA KEV, CWE and CAPEC. 2402 new CVEs were published in the last 7 days.
Data aggregated from: MITRE Corporation (CVE, CWE, CAPEC), National Vulnerability Database – NIST (NVD), CISA Known Exploited Vulnerabilities (KEV), FIRST (EPSS).
| CVE ID | Published | Description | Score | Severity | |
|---|---|---|---|---|---|
CVE-2026-5674 |
2026-07-16 14h16 +00:00 |
A flaw was found in PipeWire, a multimedia server. This vulnerability allows an attacker to escape s... |
8.8 |
High |
|
CVE-2026-11386 |
2026-07-16 13h16 +00:00 |
An input validation and injection vulnerability exists in Canonical ubuntu-pro-client (formerly ubun... |
9 |
Critical |
|
CVE-2026-63306 |
2026-07-16 12h19 +00:00 |
stoatchat before 0.13.5 contains an unauthenticated server-side request forgery vulnerability in the... Server-Side Request Forgery - SSRF |
9.2 |
Critical |
|
CVE-2026-35149 |
2026-07-16 12h17 +00:00 |
HCL DFXServer is affected by an Authentication Bypass vulnerability via server response manipulation... |
8.2 |
High |
|
CVE-2026-35147 |
2026-07-16 12h17 +00:00 |
HCL DFXServer is affected by a Broken Authentication vulnerability via direct API access. The applic... Authorization problems |
8.2 |
High |
|
CVE-2023-49900 |
2026-07-16 11h16 +00:00 |
An unauthenticated remote attacker is able to perform remote code execution due to incorrectly sani... OS Command Injection |
9.8 |
Critical |
|
CVE-2023-49899 |
2026-07-16 11h16 +00:00 |
An unauthenticated remote attacker can execute any command on the affected device due to not correc... |
9.8 |
Critical |
|
CVE-2026-15103 |
2026-07-16 09h16 +00:00 |
The WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell plugin for WordPre... Improper Privilege Management |
8.8 |
High |
|
CVE-2026-15005 |
2026-07-16 09h16 +00:00 |
The Loco Translate plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions ... Cross-Site Request Forgery - CSRF |
8.8 |
High |
|
CVE-2026-13741 |
2026-07-16 09h16 +00:00 |
The Digits: WordPress Mobile Number Signup and Login plugin for WordPress is vulnerable to Privilege... Improper Privilege Management |
8.8 |
High |