Search
6,905 CVEs
CVEs (6,905, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 276–300 of 6,905 (capped at 500)
| CVE ID | Severity | Patch | CVSS ↓ | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-31072 | CRITICAL | 9.8 | 2026-05-19 | The JSONSerializer and CBORSerializer in APScheduler (all versions including 3.10.x and 4.0.0a5) are vulnerable to Remote Code Execution (RCE) via Insecure Deserialization.… | |
| CVE-2026-30117 | CRITICAL | 9.8 | 2026-05-19 | scalar/astro v0.1.13 was discovered to contain an arbitrary file upload vulnerability in the the scalar_url query parameter of the Scalar Proxy endpoint. This vulnerability… | |
| CVE-2026-44159 | CRITICAL | 9.8 | 2026-05-19 | Tyler Identity Local (TID-L) uses documented, default administrative credentials. Users are not required to change the credentials before deployment. TID-L has not been dis… | |
| CVE-2026-8956 | CRITICAL | Patched | 9.8 | 2026-05-19 | Integer overflow in the Networking: JAR component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11. |
| CVE-2026-47323 | CRITICAL | Patched | 9.8 | 2026-05-19 | Camel-CXF and Camel-Knative Message Header Injection via Missing Inbound Filtering The CXF and Knative HeaderFilterStrategy implementations (CxfRsHeaderFilterStrategy in c… |
| CVE-2026-4883 | CRITICAL | 9.8 | 2026-05-19 | The Piotnet Forms plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the 'piotnetforms_ajax_form_builder' function in all ve… | |
| CVE-2026-43493 | CRITICAL | 9.8 | 2026-05-19 | In the Linux kernel, the following vulnerability has been resolved: crypto: pcrypt - Fix handling of MAY_BACKLOG requests MAY_BACKLOG requests can return EBUSY. Handle t… | |
| CVE-2026-45434 | CRITICAL | Patched | 9.8 | 2026-05-19 | Improper Authentication vulnerability in Apache OFBiz via Password-Change Logic Flaw Leading to Remote Code Execution This issue affects Apache OFBiz: before 24.09.06. Us… |
| CVE-2026-4885 | CRITICAL | 9.8 | 2026-05-19 | The Piotnet Addons for Elementor Pro plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the 'pafe_ajax_form_builder' functio… | |
| CVE-2026-8838 | CRITICAL | Patched | 9.8 | 2026-05-18 | Unsafe use of Python's eval() on server-received data in the vector_in() function in amazon-redshift-python-driver before 2.1.14 allows a rogue server or man-in-the-middle … |
| CVE-2026-25244 | CRITICAL | Patched | 9.8 | 2026-05-18 | WebdriverIO is a test automation framework for unit, e2e and component testing using WebDriver, WebDriver BiDi and Appium. Versions below 9.24.0 contain a command injection… |
| CVE-2026-8836 | CRITICAL | 9.8 | 2026-05-18 | A vulnerability was found in lwIP up to 2.2.1. Affected is the function snmp_parse_inbound_frame of the file src/apps/snmp/snmp_msg.c of the component snmpv3 USM Handler. P… | |
| CVE-2026-7301 | CRITICAL | 9.8 | 2026-05-18 | SGLangs multimodal generation runtime scheduler's ROUTER socket binds to 0.0.0.0 by default and contains a sink that calls pickle.loads() on incoming messages, enabling RCE… | |
| CVE-2026-7304 | CRITICAL | 9.8 | 2026-05-18 | SGLangs multimodal generation runtime is vulnerable to unauthenticated remote code execution when the --enable-custom-logit-processor option is enabled, as Python objects l… | |
| CVE-2026-8721 | CRITICAL | 9.8 | 2026-05-17 | Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl truncates passwords with embedded NULLs. Password parameters in PKCS12.xs are declared char *, which routes through P… | |
| CVE-2026-8507 | CRITICAL | 9.8 | 2026-05-17 | Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl have out-of-bounds (OOB) write flaws. When parsing a PKCS12 file, with a >= 1 GiB OCTET STRING (or BIT STRING) attrib… | |
| CVE-2018-25335 | CRITICAL | 9.8 | 2026-05-17 | WordPress Plugin Peugeot Music 1.0 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests … | |
| CVE-2018-25332 | CRITICAL | Patched | 9.8 | 2026-05-17 | GitBucket 4.23.1 contains an unauthenticated remote code execution vulnerability that allows attackers to execute arbitrary commands by exploiting weak secret token generat… |
| CVE-2018-25320 | CRITICAL | 9.8 | 2026-05-17 | ACL Analytics versions 11.x through 13.0.0.579 contain an arbitrary code execution vulnerability that allows attackers to execute arbitrary commands by leveraging the EXECU… | |
| CVE-2021-47952 | CRITICAL | 9.8 | 2026-05-16 | python jsonpickle 2.0.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary Python commands by deserializing malicious JSON payloads c… | |
| CVE-2020-37239 | CRITICAL | 9.8 | 2026-05-16 | libbabl 0.1.62 contains a broken double free detection vulnerability that allows attackers to bypass memory safety checks by exploiting signature overwriting in freed chunk… | |
| CVE-2020-37228 | CRITICAL | 9.8 | 2026-05-16 | iDS6 DSSPro Digital Signage System 6.2 contains a CAPTCHA security bypass vulnerability that allows attackers to bypass authentication by requesting the autoLoginVerifyCode… | |
| CVE-2026-46364 | CRITICAL | Patched | 9.8 | 2026-05-15 | phpMyFAQ before 4.1.2 contains an unauthenticated SQL injection vulnerability in BuiltinCaptcha::garbageCollector() and BuiltinCaptcha::saveCaptcha() methods that interpola… |
| CVE-2021-47965 | CRITICAL | 9.8 | 2026-05-15 | WordPress Plugin WP Super Edit 2.5.4 and earlier contains an unrestricted file upload vulnerability in the FCKeditor component that allows attackers to upload dangerous fil… | |
| CVE-2026-44717 | CRITICAL | Patched | 9.8 | 2026-05-15 | MCP Calculate Server is a mathematical calculation service based on MCP protocol and SymPy library. Prior to 0.1.1, the use of eval() to evaluate mathematical expressions w… |