Discover Vulnerabilities Now!

Vulnerabilities
---
Vendors
---
Products
---
Vulnerability Media Exposure
These listed vulnerabilities have been referenced across multiple public sources, indicating high media attention and potential significance.
See more
CVE-2026-32202 EUVD-2026-22589
MEDIUM

Protection mechanism failure in Windows Shell allows an unauthorized attacker to perform spoofing over a network.

microsoft:windows_10_1607
microsoft:windows_10_1809
microsoft:windows_10_21h2
microsoft:windows_10_22h2
microsoft:windows_11_23h2
microsoft:windows_11_24h2
microsoft:windows_11_25h2
microsoft:windows_11_26h1
microsoft:windows_server_2012
microsoft:windows_server_2016
microsoft:windows_server_2019
microsoft:windows_server_2022
microsoft:windows_server_2022_23h2
microsoft:windows_server_2025
CVE-2026-41940 EUVD-2026-26246
CRITICAL

cPanel and WHM versions after 11.40 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel.

cpanel:cpanel
CVE-2026-3854 EUVD-2026-10744
HIGH

An improper neutralization of special elements vulnerability was identified in GitHub Enterprise Server that allowed an attacker with push access to a repository to achieve remote code execution on the instance. During a git push operation, user-supplied push option values were not properly sanitized before being included in internal service headers. Because the internal header format used a delimiter character that could also appear in user input, an attacker could inject additional metadata fields through crafted push option values. This vulnerability was reported via the GitHub Bug Bounty program and has been fixed in GitHub Enterprise Server versions 3.14.25, 3.15.20, 3.16.16, 3.17.13, 3.18.7 and 3.19.4.

github:enterprise_server
CVE-2026-21510 EUVD-2026-7337
HIGH

Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.

microsoft:windows_10_1607
microsoft:windows_10_1809
microsoft:windows_10_21h2
microsoft:windows_10_22h2
microsoft:windows_11_23h2
microsoft:windows_11_24h2
microsoft:windows_11_25h2
microsoft:windows_server_2012
microsoft:windows_server_2016
microsoft:windows_server_2019
microsoft:windows_server_2022
microsoft:windows_server_2022_23h2
microsoft:windows_server_2025
CVE-2026-31431 EUVD-2026-24639
HIGH

In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly.

Newly recorded security issues per week
Stay up to date! New information is added to our knowledge database every day. Here you can see the history of newly added vulnerabilities that have been added to our CVE DB in recent years.
Vulnerabilities by severity (over the last 7 days)
Information about the vulnerabilities of the last 7 days can be found here. As you can see, critical vulnerabilities are also added on a daily basis. Therefore, validate your current security situation sets on a daily basis to ensure the security of your IT.
CVSS Score Distribution
The CVSS score rates security vulnerabilities from 0 to 10, based on factors like attack vectors and impacts on confidentiality, integrity, and availability.
EPSS Score Distribution
The EPSS score predicts the likelihood of a known vulnerability being exploited, complementing CVSS by assessing real-world exploitability based on threat activity and exploit availability.
Enginsight Threat Intelligence
Our multi-source enrichment pipeline aggregates vulnerability data from dozens of security organizations worldwide — delivering affected product details and severity scores before the NVD has completed their analysis.
22,277
Early Detections
Vulnerabilities identified
before NVD analysis
8,776
Critical + High
CVSS 7.0 or above
among early detections
20+
Intelligence Sources
Security organizations
contributing data
---
Detections / Week
New vulnerabilities enriched
ahead of NVD each week
Monthly Early Detections
Vulnerabilities enriched with affected product data before NVD has completed analysis.
Severity Distribution
Severity breakdown of vulnerabilities detected ahead of the NVD.
Top Intelligence Sources
Security organizations contributing the most vulnerability intelligence to our database.
NVD Analysis Gap
Where our early detections stand in the NVD pipeline — most are still waiting for official analysis.
Latest Vulnerability Reports
The 10 most recently published CVE reports.
  • CVE-2026-36767 EUVD-2026-26401
    UNKNOWN

    A path traversal vulnerability in the /content/images/add endpoint of shopizer v3.2.5 allows attackers write arbitrary files to any writeable path via a crafted POST request.

  • CVE-2026-36764 EUVD-2026-26399
    UNKNOWN

    A Server-Side Request Forgery (SSRF) in the /ureport/datasource/testConnection endpoint of SpringBlade v4.8.0 allows authenticated attackers to scan internal resources via a crafted GET request.

  • CVE-2026-36760 EUVD-2026-26393
    UNKNOWN

    An issue in the fileMd5 parameter in the /a/file/upload endpoint of JeeSite v5.15.1 allows authenticated attackers with file upload permissions to execute a path traversal and write arbitrary files with whitelisted suffixes to arbitrary filesystem locations while chunked upload is enabled.

  • CVE-2026-36757 EUVD-2026-26391
    UNKNOWN

    A Server-Side Request Forgery (SSRF) in the /plugins/{name}/upgrade-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request.

  • CVE-2025-71284 EUVD-2025-209597
    CRITICAL

    Synway SMG Gateway Management Software contains an OS command injection vulnerability in the RADIUS configuration endpoint at /en/9-2radius.php where the radius_address POST parameter is split and interpolated directly into a sed command without sanitization. An unauthenticated remote attacker can inject arbitrary shell commands by submitting a POST request with crafted radius_address, radius_address2, shared_secret2, source_ip, timeout, or retry parameters along with save=1 and enable_radius=1 to achieve remote code execution. Exploitation evidence was first observed by the Shadowserver Foundation on 2025-07-11 (UTC).

  • CVE-2025-51846 EUVD-2025-209596
    HIGH

    CryptPad 2025.3.1 allows unbounded WebSocket frame flood. A remote, unauthenticated attacker can significantly degrade or deny service for all users of a CryptPad instance. Fixed in 2026.2.2.

  • CVE-2022-50993 EUVD-2022-55965
    CRITICAL

    Weaver (Fanwei) E-office versions prior to 10.0_20221201 contain an unauthenticated arbitrary file upload vulnerability in the OfficeServer.php endpoint that allows remote attackers to upload malicious files by sending multipart POST requests with arbitrary filenames and disguised content types. Attackers can upload PHP webshells to the Document directory and execute them via HTTP GET requests to achieve remote code execution as the web server user. Exploitation evidence was first observed by the Shadowserver Foundation on 2022-10-10 (UTC).

  • CVE-2022-50992 EUVD-2022-55964
    HIGH

    Weaver (Fanwei) E-cology 9.5 versions prior to 10.52 contain an arbitrary file read vulnerability in the XmlRpcServlet interface at the XML-RPC endpoint that allows unauthenticated remote attackers to read arbitrary files by supplying file paths to the WorkflowService.getAttachment and WorkflowService.LoadTemplateProp methods. Attackers can exploit these methods without authentication to retrieve sensitive files including system configuration files and database credentials from the server. Exploitation evidence was first observed by the Shadowserver Foundation on 2022-12-14 (UTC).

  • CVE-2026-5174 EUVD-2026-26390
    HIGH

    Improper input validation vulnerability in Progress Software MOVEit Automation allows Privilege Escalation. This issue affects MOVEit Automation: from 2025.1.0 before 2025.1.5, from 2025.0.0 before 2025.0.9, from 2024.0.0 before 2024.1.8, versions prior to 2024.0.0.

    progress:moveit_automation
  • CVE-2026-4670 EUVD-2026-26389
    CRITICAL

    Authentication bypass by primary weakness vulnerability in Progress Software MOVEit Automation allows Authentication Bypass. This issue affects MOVEit Automation: from 2025.0.0 before 2025.0.9, from 2024.0.0 before 2024.1.8, versions prior to 2024.0.0.

    progress:moveit_automation