🔍 CVE Explorer
Search any CVE by ID. Instant severity scores, affected software, exploit status, and patch information from the National Vulnerability Database.
200K+CVEs Indexed
LiveNVD Data
InstantLookup
Enter a CVE ID like CVE-2026-21643 or just the number 2026-21643
🔥 Notable Vulnerabilities
CVE-2026-39337
10.0 CRITICAL
ChurchCRM pre-authentication RCE in setup wizard allows complete server compromise via unsanitized input.
CVE-2026-34208
10.0 CRITICAL
SandboxJS protection bypass allows malicious code to directly assign values to global objects, defeating sandbox.
CVE-2026-34976
10.0 CRITICAL
Dgraph authorization middleware leaves restoreTenant admin mutation completely unauthenticated.
CVE-2026-20147
9.9 CRITICAL
Cisco ISE authenticated RCE via crafted HTTP requests allowing root access on Identity Services Engine.
CVE-2026-20186
9.9 CRITICAL
Cisco ISE command injection allowing read-only admin to escalate to root via crafted HTTP requests.
CVE-2026-20184
9.8 CRITICAL
Cisco Webex SSO certificate validation flaw enabling unauthenticated user impersonation across services.
CVE-2026-33827
9.8 CRITICAL
Windows TCP/IP wormable RCE — unauthenticated remote code execution via malicious packets, no user interaction.
CVE-2026-33824
9.8 CRITICAL
Windows IKE Service wormable RCE — remote code execution on systems with Internet Key Exchange enabled.
CVE-2026-21643
9.8 CRITICAL
Fortinet FortiClient EMS SQL injection allowing unauthenticated code execution via crafted HTTP requests.
CVE-2026-35616
9.8 CRITICAL
Fortinet FortiGate improper access control — CISA KEV listed, actively exploited in the wild.
CVE-2026-33017
9.8 CRITICAL
Apple Safari, iOS, macOS buffer overflow via malicious web content leading to memory corruption.
CVE-2026-34197
9.8 CRITICAL
Apache ActiveMQ remote code execution allowing unauthenticated attackers to compromise message brokers.
CVE-2026-22562
9.8 CRITICAL
UniFi Play device path traversal allowing malicious network actors to write arbitrary files on firmware.
CVE-2026-0740
9.8 CRITICAL
Ninja Forms WordPress plugin missing file validation allows arbitrary uploads leading to full site takeover.
CVE-2026-33634
9.8 CRITICAL
Langflow code injection enabling public flow execution without authentication — CISA KEV listed.
CVE-2026-1340
9.8 CRITICAL
Ivanti Endpoint Manager Mobile code injection — actively exploited for unauthenticated RCE on MDM platforms.
CVE-2026-34621
9.8 CRITICAL
Adobe Acrobat use-after-free vulnerability allowing arbitrary code execution through crafted PDF documents.
CVE-2026-39987
9.3 CRITICAL
Marimo Python Notebooks pre-auth RCE via unauthenticated terminal WebSocket endpoint prior to v0.23.0.
CVE-2026-22679
9.3 CRITICAL
Weaver E-cology 10.0 unauthenticated RCE in devops/dubboApi/debug endpoint — zero-day exploited in wild.
CVE-2026-32201
9.1 CRITICAL
Microsoft SharePoint Server spoofing — actively exploited, April 2026 Patch Tuesday, data theft risk.
CVE-2026-6388
9.1 CRITICAL
ArgoCD Image Updater privilege escalation in multi-tenant Kubernetes environments via modified resources.
CVE-2026-21992
9.1 CRITICAL
Oracle Identity Manager and Web Services Manager unauthenticated RCE — emergency security alert issued.
CVE-2026-6284
9.1 CRITICAL
Horner Automation PLC brute-force vulnerability — no rate limiting on authentication, CISA advisory.
CVE-2026-4149
9.0 CRITICAL
Sonos Era 300 out-of-bounds access in SMB response handler enabling remote code execution on speakers.
CVE-2026-40322
9.0 CRITICAL
SiYuan knowledge management Mermaid rendering XSS with securityLevel set to loose in versions 3.6.3 and below.
CVE-2026-33100
8.8 HIGH
Windows AFD.sys kernel driver local privilege escalation to SYSTEM — April 2026 Patch Tuesday.
CVE-2026-33825
8.8 HIGH
Microsoft Defender elevation of privilege — publicly disclosed before patch, affects Windows Defender.
CVE-2026-26167
8.8 HIGH
Windows Push Notifications sandbox escape — low complexity, no race condition needed for exploitation.
CVE-2026-20148
8.6 HIGH
Cisco ISE-PIC path traversal allowing authenticated administrators to read arbitrary files on the system.
CVE-2026-35385
8.1 HIGH
Windows .NET Framework unauthenticated denial of service — critical DoS over network against .NET apps.
📊 How to Use
Type any CVE identifier in the search box above (e.g. CVE-2024-3094) and click Lookup. You will see the full vulnerability details including CVSS severity score, affected products, available patches, and exploit references — all fetched live from the National Vulnerability Database.
Each CVE page has its own permanent URL you can bookmark and share: securityelites.com/cve/CVE-2024-3094/