Search
31,034 CVEs · Critical severity
CVEs (31,034, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 251–275 of 31,034 (capped at 500)
| CVE ID | Severity | Patch | CVSS | Published ↓ | Description |
|---|---|---|---|---|---|
| CVE-2026-44888 | CRITICAL | Patched | 9.8 | 2026-05-27 | Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. Prior to 2026-05-07, Pi.Alert's SaveConfigFile() endpoint writes user-supplied numeric config values… |
| CVE-2026-44887 | CRITICAL | Patched | 9.8 | 2026-05-27 | Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. Prior to 2026-05-07, Pi.Alert's web-based configuration editor allows arbitrary Python code to be in… |
| CVE-2026-44590 | CRITICAL | Patched | 9.3 | 2026-05-27 | Sherlock hunts down social media accounts by username across social networks. Prior to 0.16.1, the GitHub Actions workflow validate_modified_targets.yml is vulnerable to co… |
| CVE-2026-48150 | CRITICAL | Patched | 9.0 | 2026-05-27 | Budibase is an open-source low-code platform. Prior to 3.39.0, /api/public/v1/roles/assign is guarded by the builderOrAdmin middleware, which passes any user who is a build… |
| CVE-2026-46425 | CRITICAL | Patched | 9.9 | 2026-05-27 | Budibase is an open-source low-code platform. Prior to 3.38.2, packages/worker/src/api/routes/global/scim.ts attaches only two middlewares to the SCIM router: requireSCIM (… |
| CVE-2026-45087 | CRITICAL | Patched | 10.0 | 2026-05-27 | Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, when dalfox is started in REST API server mode (dalfox server), the server … |
| CVE-2026-48027 | CRITICAL | 9.8 | 2026-05-27 | Nx Console is the user interface for Nx & Lerna. On 19 May 2026, a malicious version of Nx Console, 18.95.0, was published at 12:30 PM UTC and removed soon after at 12:48 P… | |
| CVE-2026-44330 | CRITICAL | Patched | 10.0 | 2026-05-27 | free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the nnef-pfdmanagement route group without inbound OAuth2/bearer-token… |
| CVE-2026-44329 | CRITICAL | Patched | 10.0 | 2026-05-27 | free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's SMF mounts the UPI management route group without OAuth2/bearer-token authorizati… |
| CVE-2026-44327 | CRITICAL | Patched | 10.0 | 2026-05-27 | free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the nnef-oam route group without inbound OAuth2/bearer-token authoriza… |
| CVE-2026-44326 | CRITICAL | Patched | 9.4 | 2026-05-27 | free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the 3gpp-traffic-influence API without inbound OAuth2/bearer-token aut… |
| CVE-2026-44315 | CRITICAL | Patched | 9.4 | 2026-05-27 | free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the 3gpp-pfd-management API without inbound OAuth2/bearer-token author… |
| CVE-2026-45570 | CRITICAL | Patched | 9.6 | 2026-05-27 | go-git is an extensible git implementation library written in pure Go. Prior to 5.19.1 and 6.0.0-alpha.4, go-git's SSH transport constructs the remote exec command by wrapp… |
| CVE-2026-8175 | CRITICAL | Patched | 9.8 | 2026-05-27 | IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Tr… |
| CVE-2026-7876 | CRITICAL | Patched | 9.1 | 2026-05-27 | IBM Aspera HSTS for CP4I 1.5.1 through 1.5.19 |
| CVE-2026-7524 | CRITICAL | Patched | 9.8 | 2026-05-27 | IBM Langflow OSS 1.0.0 through 1.9.1 could allow remote code execution due to improper validation of symbolic links during archive extraction. |
| CVE-2026-46043 | CRITICAL | 9.1 | 2026-05-27 | In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Validate pad and ICRC before payload_size() in rxe_rcv rxe_rcv() currently checks only that … | |
| CVE-2026-46039 | CRITICAL | 9.8 | 2026-05-27 | In the Linux kernel, the following vulnerability has been resolved: rxgk: Fix potential integer overflow in length check Fix potential integer overflow in rxgk_extract_to… | |
| CVE-2026-45988 | CRITICAL | 9.8 | 2026-05-27 | In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix re-decryption of RESPONSE packets If a RESPONSE packet gets a temporary failure during proc… | |
| CVE-2026-45972 | CRITICAL | 9.8 | 2026-05-27 | In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF and double free in smb2_open_file() Zero out @err_iov and @err_buftype … | |
| CVE-2026-45898 | CRITICAL | 9.8 | 2026-05-27 | In the Linux kernel, the following vulnerability has been resolved: RDMA/iwcm: Fix workqueue list corruption by removing work_list The commit e1168f0 ("RDMA/iwcm: Simplif… | |
| CVE-2026-42761 | CRITICAL | 9.3 | 2026-05-27 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RealMag777 Active Products Tables for WooCommerce profit-products-tabl… | |
| CVE-2026-42758 | CRITICAL | 9.8 | 2026-05-27 | Incorrect Privilege Assignment vulnerability in Saleswonder Team: Tobias WebinarIgnition webinar-ignition allows Privilege Escalation.This issue affects WebinarIgnition: fr… | |
| CVE-2026-42757 | CRITICAL | 9.9 | 2026-05-27 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Saleswonder Team: Tobias WebinarIgnition webinar-ignition allows Path Traver… | |
| CVE-2026-42756 | CRITICAL | 9.9 | 2026-05-27 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Ludwig You QuickWebP – Compress / Optimize Images & Convert WebP |… |