Search
19,079 CVEs
CVEs (19,079, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 251–275 of 19,079 (capped at 500)
| CVE ID | Severity | Patch | CVSS ↓ | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-7762 | CRITICAL | 9.8 | 2026-06-05 | A heap-based buffer overflow vulnerability in the dot11ah.ko HaLow Wi-Fi kernel driver in Morse Micro HaLowLink 2 software versions prior to 2.11.13 allows an unauthenticat… | |
| CVE-2026-7763 | CRITICAL | 9.8 | 2026-06-05 | A heap-based buffer overflow vulnerability in the morse.ko HaLow Wi-Fi kernel driver in Morse Micro HaLowLink 2 software versions prior to 2.11.13 allows an unauthenticated… | |
| CVE-2025-71316 | CRITICAL | 9.8 | 2026-06-04 | SQLite 'sqldiff.exe' does not securely handle the way the Microsoft Windows C runtime converts Unicode characters to ANSI codepages. An attacker could use the '-L' option … | |
| CVE-2026-10880 | CRITICAL | 9.8 | 2026-06-04 | OSNexus QuantaStor SDS Manager is vulnerable to SQL injection in the login endpoint. The username field is not properly sanitized before being incorporated into a SQL query… | |
| CVE-2026-25550 | CRITICAL | 9.8 | 2026-06-04 | Seagull Software BarTender 2010, 2016, and 2019 contain an unauthenticated remote code execution vulnerability in the .NET Remoting service exposed on TCP port 7375 via BtS… | |
| CVE-2025-67447 | CRITICAL | 9.8 | 2026-06-04 | The network diagnosis (ping) module in Neterbit NW-431F Router 20241014-IR03 and before is vulnerable to OS command injection. The application does not properly sanitize us… | |
| CVE-2025-67446 | CRITICAL | 9.8 | 2026-06-04 | Improper Authentication (Authentication Bypass) exists in Neterbit NW-431F Router 20241014-IR03 and before. The router uses a weak/predictable cookie value for authenticati… | |
| CVE-2026-36182 | CRITICAL | 9.8 | 2026-06-04 | GNCC GP5 v7.1.76 was discovered to utilize a weak hashing algorithm to protect the root password, possibly allowing attackers to obtain root credentials and privileges via … | |
| CVE-2026-35904 | CRITICAL | 9.8 | 2026-06-04 | Incorrect access control in the web management interface of T3 Technology CPE models T625Pro v1.0.07, T6825G v1.0.03, and T7281 v1.0.03 allows unauthorized attackers to ena… | |
| CVE-2026-35905 | CRITICAL | 9.8 | 2026-06-04 | T3 Technology CPE models T625Pro v1.0.07, T6825G v1.0.03, and T7281 v1.0.03 were discovered to contain a hardcoded password for root access under the "superadmin" account. | |
| CVE-2019-25738 | CRITICAL | 9.8 | 2026-06-04 | WordPress Hybrid Composer 1.4.6 contains an unauthenticated settings change vulnerability that allows unauthenticated attackers to modify WordPress options by exploiting th… | |
| CVE-2019-25741 | CRITICAL | 9.8 | 2026-06-04 | Mobatek MobaXterm 12.1 contains a structured exception handling (SEH) based buffer overflow vulnerability in the username field of session files that allows remote attacker… | |
| CVE-2019-25727 | CRITICAL | 9.8 | 2026-06-04 | WordPress Plugin ad manager wd 1.0.11 contains an arbitrary file download vulnerability that allows unauthenticated attackers to download sensitive files by manipulating th… | |
| CVE-2019-25729 | CRITICAL | 9.8 | 2026-06-04 | PDF Signer 3.0 contains a server-side template injection vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting PHP commands through the… | |
| CVE-2026-4104 | CRITICAL | 9.8 | 2026-06-04 | Authorization bypass through User-Controlled SQL primary key vulnerability in Akmer Informatics Automation Industry and Trade Ltd. Co. TeknoPass allows SQL Injection. This… | |
| CVE-2026-50214 | CRITICAL | Patched | 9.8 | 2026-06-04 | The /v1/Plan service relies entirely on a shared global API token for full administrative management, allowing arbitrary creation of zero-cost network access plans. |
| CVE-2026-50211 | CRITICAL | Patched | 9.8 | 2026-06-04 | Leftover engineering diagnostics and factory-level diagnostic software remain exposed on retail builds, giving malicious apps write privileges to internal NVRAM registers. |
| CVE-2026-49191 | CRITICAL | Patched | 9.8 | 2026-06-04 | The production build of the M3WebServer hard-codes its backend API keys, which can be easily intercepted through verbose error handling pages. |
| CVE-2026-49188 | CRITICAL | Patched | 9.8 | 2026-06-04 | The ai_cmd utility executes with full root permissions. It pipes socket inputs directly to popen(), paving the way for unauthenticated users to execute arbitrary root commands. |
| CVE-2026-49185 | CRITICAL | Patched | 9.8 | 2026-06-04 | The FieldX MDM adb messaging topic passes unverified payloads directly into Runtime.exec(), allowing command/instruction injection. |
| CVE-2026-49186 | CRITICAL | Patched | 9.8 | 2026-06-04 | The local MQTT broker does not enforce topic-level Access Control Lists (ACLs). This allows any client to subscribe using wildcard characters (# or +) to enumerate hidden n… |
| CVE-2026-36576 | CRITICAL | 9.8 | 2026-06-03 | An OS command injection vulnerability in the app.py component of openlabs docker-wkhtmltopdf-aas up to commit 9f50579 allows attackers to execute arbitrary commands via a c… | |
| CVE-2026-35075 | CRITICAL | Patched | 9.8 | 2026-06-03 | An unauthenticated remote attacker can recover a default, hard coded password from a firmware image and thus gain full access to all affected devices. |
| CVE-2026-47065 | CRITICAL | 9.8 | 2026-06-03 | ZDRES-232: resolveProxyClass Not Overridden - acceptMatchers Filter Bypass via java.lang.reflect.Proxy Assessment: Fully addressed. When the serialised stream contains … | |
| CVE-2026-49448 | CRITICAL | Patched | 9.8 | 2026-06-02 | authentik is an open-source identity provider. Prior to versions 2025.12.6, 2026.2.4, and 2026.5.1, the Source stage can be bypassed by sending an empty POST. This issue ha… |