CVE Find is a real-time vulnerability database indexing 367 605 security flaws (CVE) from MITRE, NVD, CISA KEV, CWE and CAPEC. 2729 new CVEs were published in the last 7 days.
Data aggregated from: MITRE Corporation (CVE, CWE, CAPEC), National Vulnerability Database – NIST (NVD), CISA Known Exploited Vulnerabilities (KEV), FIRST (EPSS).
| CVE ID | Published | Description | Score | Severity | |
|---|---|---|---|---|---|
CVE-2026-10130 |
2026-07-18 23h17 +00:00 |
QueryWeaver contains an authentication bypass vulnerability that allows unauthenticated attackers to... Authorization problems |
8.2 |
High |
|
CVE-2026-12228 |
2026-07-18 21h17 +00:00 |
A stored cross-site scripting (XSS) vulnerability exists in the `POST /api/prompts/share` endpoint o... Cross-site Scripting |
8.7 |
High |
|
CVE-2026-16117 |
2026-07-18 14h17 +00:00 |
Impact: @fastify/http-proxy versions up to and including 11.5.0 fail to rewrite the request prefix w... |
10 |
Critical |
|
CVE-2026-11826 |
2026-07-18 14h17 +00:00 |
OpenPLC_v3 contains a heap-based buffer overflow in the getData() function in webserver/core/modbus_... |
8.8 |
High |
|
CVE-2024-58366 |
2026-07-18 14h17 +00:00 |
SurrealDB before 1.1.1 contains a format string vulnerability in the rquickjs Exception::throw_type ... |
8.5 |
High |
|
CVE-2024-58362 |
2026-07-18 14h17 +00:00 |
SurrealDB before 1.5.5 (and 2.0.0-beta before 2.0.0-beta.3) accepts an arbitrary object in the signi... |
8.8 |
High |
|
CVE-2023-54366 |
2026-07-18 14h17 +00:00 |
SurrealDB before 1.0.1 sets default table permissions to FULL instead of NONE, allowing SELECT, CREA... |
8.8 |
High |
|
CVE-2026-9323 |
2026-07-18 13h51 +00:00 |
The urwid web display backend (urwid/display/web.py) generates web session identifiers (urwid_id) in... |
9.2 |
Critical |
|
CVE-2026-15631 |
2026-07-18 13h17 +00:00 |
Impact: @fastify/http-proxy versions from 9.4.0 up to and including 11.5.0 fail to validate the reso... Directory Traversal |
8.7 |
High |
|
CVE-2026-9147 |
2026-07-18 12h46 +00:00 |
uproot dynamically generates Python class source code from ROOT TStreamerInfo records in a file and ... Code Injection |
8.5 |
High |