Search
31,034 CVEs · Critical severity
CVEs (31,034, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 226–250 of 31,034 (capped at 500)
| CVE ID ↓ | Severity | Patch | CVSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-5963 | CRITICAL | Patched | 9.8 | 2026-04-20 | EasyFlow .NET developed by Digiwin has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete… |
| CVE-2026-5902 | CRITICAL | Patched | 9.8 | 2026-04-08 | Race in Media in Google Chrome on Android prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to corrupt media stream metadata via a c… |
| CVE-2026-5874 | CRITICAL | Patched | 9.6 | 2026-04-08 | Use after free in PrivateAI in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform … |
| CVE-2026-5854 | CRITICAL | 9.8 | 2026-04-09 | A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this issue is the function setWiFiEasyCfg of the file /cgi-bin/cstecgi.cgi of the compone… | |
| CVE-2026-5853 | CRITICAL | 9.8 | 2026-04-09 | A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this vulnerability is the function setIpv6LanCfg of the file /cgi-bin/cstec… | |
| CVE-2026-5852 | CRITICAL | 9.8 | 2026-04-09 | A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. Affected is the function setIptvCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. … | |
| CVE-2026-5851 | CRITICAL | 9.8 | 2026-04-09 | A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. This impacts the function setUPnPCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Han… | |
| CVE-2026-5850 | CRITICAL | 9.8 | 2026-04-09 | A vulnerability was identified in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setVpnPassCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handl… | |
| CVE-2026-5845 | CRITICAL | Patched | 9.6 | 2026-04-21 | An improper authorization vulnerability in scoped user-to-server (ghu_) token authorization in GitHub Enterprise Server allows an authenticated attacker to access private r… |
| CVE-2026-5760 | CRITICAL | Patched | 9.8 | 2026-04-20 | SGLang's reranking endpoint (/v1/rerank) achieves Remote Code Execution (RCE) when a model file containing a malcious tokenizer.chat_template is loaded, as the Jinja2 chat … |
| CVE-2026-5752 | CRITICAL | 9.3 | 2026-04-14 | Sandbox Escape Vulnerability in Terrarium allows arbitrary code execution with root privileges on a host process via JavaScript prototype chain traversal. | |
| CVE-2026-5735 | CRITICAL | Patched | 9.8 | 2026-04-07 | Memory safety bugs present in Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some o… |
| CVE-2026-5734 | CRITICAL | Patched | 9.8 | 2026-04-07 | Memory safety bugs present in Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption… |
| CVE-2026-5731 | CRITICAL | Patched | 9.8 | 2026-04-07 | Memory safety bugs present in Firefox ESR 115.34.0, Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidenc… |
| CVE-2026-5722 | CRITICAL | 9.8 | 2026-05-05 | The MoreConvert Pro plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.9.14. This is due to the guest waitlist verification… | |
| CVE-2026-5720 | CRITICAL | Patched | 9.1 | 2026-04-17 | miniupnpd contains an integer underflow vulnerability in SOAPAction header parsing that allows remote attackers to cause a denial of service or information disclosure by se… |
| CVE-2026-5652 | CRITICAL | Patched | 9.0 | 2026-04-21 | An insecure direct object reference vulnerability in the Users API component of Crafty Controller allows a remote, authenticated attacker to perform user modification actio… |
| CVE-2026-5503 | CRITICAL | Patched | 9.1 | 2026-04-09 | In TLSX_EchChangeSNI, the ctx->extensions branch set extensions unconditionally even when TLSX_Find returned NULL. This caused TLSX_UseSNI to attach the attacker-controlled… |
| CVE-2026-5450 | CRITICAL | 9.8 | 2026-04-20 | Calling the scanf family of functions with a %mc (malloc'd character match) in the GNU C Library version 2.7 to version 2.43 with a format width specifier with an explicit … | |
| CVE-2026-5445 | CRITICAL | Patched | 9.1 | 2026-04-09 | An out-of-bounds read vulnerability exists in the `DecodeLookupTable` function within `DicomImageDecoder.cpp`. The lookup-table decoding logic used for `PALETTE COLOR` imag… |
| CVE-2026-5443 | CRITICAL | Patched | 9.8 | 2026-04-09 | A heap buffer overflow vulnerability exists during the decoding of `PALETTE COLOR` DICOM images. Pixel length validation uses 32-bit multiplication for width and height cal… |
| CVE-2026-5442 | CRITICAL | Patched | 9.8 | 2026-04-09 | A heap buffer overflow vulnerability exists in the DICOM image decoder. Dimension fields are encoded using Value Representation (VR) Unsigned Long (UL), instead of the expe… |
| CVE-2026-5426 | CRITICAL | 9.1 | 2026-04-16 | Hard-coded ASP.NET/IIS machineKey value in Digital Knowledge KnowledgeDeliver deployments prior to February 24, 2026 allows adversaries to circumvent ViewState validation m… | |
| CVE-2026-5412 | CRITICAL | Patched | 9.9 | 2026-04-10 | In Juju versions prior to 2.9.57 and 3.6.21, an authorization issue exists in the Controller facade. An authenticated user can call the CloudSpec API method to extract the … |
| CVE-2026-5393 | CRITICAL | Patched | 9.1 | 2026-04-10 | Dual-Algorithm CertificateVerify out-of-bounds read. When processing a dual-algorithm CertificateVerify message, an out-of-bounds read can occur on crafted input. This can … |