Search
127,949 CVEs · High severity
CVEs (127,949, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 276–300 of 127,949 (capped at 500)
| CVE ID ↓ | Severity | Patch | CVSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-8719 | HIGH | 8.8 | 2026-05-17 | The AI Engine – The Chatbot, AI Framework & MCP for WordPress plugin for WordPress is vulnerable to Privilege Escalation in version 3.4.9. This is due to missing WordPress … | |
| CVE-2026-8711 | HIGH | Patched | 8.1 | 2026-05-19 | NGINX JavaScript has a vulnerability when the js_fetch_proxy directive is configured with at least one client-controlled NGINX variable (for example, $http_*, $arg_*, $cook… |
| CVE-2026-8700 | HIGH | Patched | 7.3 | 2026-05-15 | Crypt::DSA versions before 1.20 for Perl generate seeds using rand. Seeds were generated using Perl's built-in rand function, which is predictable and unsuitable for secur… |
| CVE-2026-8697 | HIGH | 8.8 | 2026-05-28 | Due to improper enforcement of authentication rate-limiting on a debug SSH service in Archer C64 v1, the SSH service allows unlimited authentication attempts and uses the s… | |
| CVE-2026-8696 | HIGH | Patched | 7.5 | 2026-05-15 | radare2 6.1.5 contains a use-after-free vulnerability in the gdbr_pids_list() function within the GDB client core that allows remote attackers to cause a denial of service … |
| CVE-2026-8695 | HIGH | Patched | 7.5 | 2026-05-15 | radare2 6.1.5 contains a use-after-free vulnerability in the gdbr_threads_list() function that allows remote attackers to trigger memory corruption by sending a valid qfThr… |
| CVE-2026-8686 | HIGH | Patched | 7.5 | 2026-05-15 | Missing bounds validation in the MQTT v5.0 property parser in coreMQTT before 5.0.1 allows an MQTT broker to cause a denial of service by sending a crafted packet. To re… |
| CVE-2026-8679 | HIGH | 7.5 | 2026-05-22 | The AudioIgniter plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 2.0.2. This is due to the handle_playlist_endpoint… | |
| CVE-2026-8676 | HIGH | 8.8 | 2026-05-26 | An attacker is able to downgrade the security of a Bluetooth LE connection by deleting an existing bond, spoofing the bonded device and creating a new bond. | |
| CVE-2026-8671 | HIGH | Patched | 7.5 | 2026-05-22 | Insertion of sensitive information into log file vulnerability in syslink software AG Avantra on Linux, Windows allows Resource Leak Exposure. This issue affects Avantra: … |
| CVE-2026-8657 | HIGH | Patched | 8.2 | 2026-05-16 | Versions of the package jsondiffpatch before 0.7.6 are vulnerable to Prototype Pollution via the jsondiffpatch.patch() and jsondiffpatch/formatters/jsonpatch.patch() APIs. … |
| CVE-2026-8632 | HIGH | Patched | 7.8 | 2026-05-20 | A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software. This potential vulnerability may allow escalation of privileges and/or… |
| CVE-2026-8629 | HIGH | 8.1 | 2026-05-14 | Crabbox prior to v0.12.0 contains a privilege escalation vulnerability that allows users with shared visibility-only access to obtain Code, WebVNC, and Egress agent tickets… | |
| CVE-2026-8621 | HIGH | 8.8 | 2026-05-14 | Crabbox prior to v0.12.0 contains an authentication bypass vulnerability that allows non-admin shared-token callers to impersonate other owners or organizations by spoofing… | |
| CVE-2026-8620 | HIGH | Patched | 7.5 | 2026-05-26 | IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5, 9.0 IBM WebSphere Application Server and WebSphere Application Server Liberty are vulner… |
| CVE-2026-8604 | HIGH | 8.8 | 2026-05-19 | In ScadaBR version 1.2.0, a CSRF vulnerability could allow an attacker to trigger any authenticated action through a victim's session by luring any logged-in user to a mali… | |
| CVE-2026-8597 | HIGH | 7.2 | 2026-05-14 | Missing integrity verification in the Triton inference handler in Amazon SageMaker Python SDK v2 before v2.257.2 and v3 before v3.8.0 might allow a remote authenticated act… | |
| CVE-2026-8596 | HIGH | 7.2 | 2026-05-14 | Cleartext storage of sensitive information in the ModelBuilder/Serve component in Amazon SageMaker Python SDK before v2.257.2 and v3 before v3.8.0 might allow a remote auth… | |
| CVE-2026-8587 | HIGH | Patched | 8.8 | 2026-05-14 | Use after free in Extensions in Google Chrome on Mac prior to 148.0.7778.168 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary … |
| CVE-2026-8585 | HIGH | Patched | 7.5 | 2026-05-14 | Inappropriate implementation in Media in Google Chrome on iOS prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out o… |
| CVE-2026-8581 | HIGH | Patched | 8.8 | 2026-05-14 | Use after free in GPU in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium secur… |
| CVE-2026-8577 | HIGH | Patched | 8.8 | 2026-05-14 | Integer overflow in Fonts in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium s… |
| CVE-2026-8575 | HIGH | Patched | 8.3 | 2026-05-14 | Use after free in UI in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via… |
| CVE-2026-8574 | HIGH | Patched | 8.3 | 2026-05-14 | Use after free in Core in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandb… |
| CVE-2026-8573 | HIGH | Patched | 8.3 | 2026-05-14 | Integer overflow in Codecs in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted video file. (… |