Search
19,079 CVEs
CVEs (19,079, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 276–300 of 19,079 (capped at 500)
| CVE ID | Severity | Patch | CVSS ↓ | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-5076 | CRITICAL | 9.8 | 2026-06-02 | The ARMember Premium plugin for WordPress is vulnerable to an insecure password reset mechanism in all versions up to, and including, 7.3.1. The plugin stores a plaintext c… | |
| CVE-2026-38967 | CRITICAL | 9.8 | 2026-06-02 | CrowCpp Crow through v1.3.1 HTTP is vulnerable to response header injection via unvalidated response header values. | |
| CVE-2026-42074 | CRITICAL | Patched | 9.8 | 2026-06-02 | OpenClaude is an open-source coding-agent command line interface for cloud and local model providers. Prior to version 0.5.1, the dangerouslyDisableSandbox parameter is exp… |
| CVE-2026-0611 | CRITICAL | Patched | 9.8 | 2026-06-02 | Spacelabs Healthcare Sentinel versions 10.5.x and higher and 11.x.x before 11.6.0 contain an unauthenticated remote code execution vulnerability through a deprecated .NET R… |
| CVE-2026-47117 | CRITICAL | Patched | 9.8 | 2026-06-02 | OpenMed before 1.5.2 contains a remote code execution vulnerability in the PII privacy-filter model loading path. The privacy-filter dispatcher used broad substring matchin… |
| CVE-2026-7198 | CRITICAL | Patched | 9.8 | 2026-06-02 | CWE-284: Improper Access Control in web services in Progress Sitefinity 15.4.8623 before 15.4.8630 allows a remote unauthenticated attacker to access content that should be… |
| CVE-2025-53209 | CRITICAL | 9.8 | 2026-06-02 | Incorrect Privilege Assignment vulnerability in Themeisle Masteriyo LMS PRO allows Privilege Escalation. This issue affects Masteriyo LMS PRO: from n/a through 2.20.0. | |
| CVE-2026-8206 | CRITICAL | 9.8 | 2026-06-02 | The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions 6.0.0 to 6.0… | |
| CVE-2026-25879 | CRITICAL | Patched | 9.8 | 2026-06-01 | Langroid is a framework for building large-language-model-powered applications. Prior to version 0.63.0, SQLChatAgent executes SQL produced by an LLM, which is influenceabl… |
| CVE-2018-25427 | CRITICAL | 9.8 | 2026-06-01 | Arm Whois 3.11 contains a stack-based buffer overflow vulnerability that allows remote attackers to execute arbitrary code by supplying oversized input to the IP address or… | |
| CVE-2026-48879 | CRITICAL | 9.8 | 2026-06-01 | Incorrect Privilege Assignment vulnerability in Sergey AIWU allows Privilege Escalation. This issue affects AIWU: from n/a through 1.4.17. | |
| CVE-2026-42680 | CRITICAL | 9.8 | 2026-06-01 | Incorrect Privilege Assignment vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery Pro allows Privilege Escalation. This issue affects Contest Gal… | |
| CVE-2026-7858 | CRITICAL | 9.8 | 2026-06-01 | A Deserialization of Untrusted Data vulnerability affecting Teamwork Cloud from No Magic Release 2022x through No Magic Release 2026x and Magic Collaboration Studio from CA… | |
| CVE-2026-10187 | CRITICAL | 9.8 | 2026-05-31 | A vulnerability was detected in Totolink N300RH 6.1c.1353_B20190305. Affected by this issue is the function setWiFiBasicConfig of the file wireless.so of the component Web … | |
| CVE-2018-25412 | CRITICAL | 9.8 | 2026-05-30 | Delta Sql 1.8.2 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to docs_upload.php … | |
| CVE-2026-45697 | CRITICAL | Patched | 9.8 | 2026-05-29 | Formie is a Craft CMS plugin for creating forms. Prior to 2.2.20 and 3.1.24, unauthenticated users could submit crafted values into Hidden fields (with Default value → Cust… |
| CVE-2026-45700 | CRITICAL | Patched | 9.8 | 2026-05-29 | FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, FreeRDP's planar bitmap decoder has an out-of-bounds heap write when decoding RLE planar d… |
| CVE-2026-44649 | CRITICAL | Patched | 9.8 | 2026-05-29 | SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voi… |
| CVE-2026-7786 | CRITICAL | 9.8 | 2026-05-29 | Jinan USR IOT Technology Limited (PUSR) USR-W610 RS232/485 to Wi-Fi/Ethernet Converter device firmware contains plaintext administrative credentials embedded in the firmwar… | |
| CVE-2026-10042 | CRITICAL | 9.8 | 2026-05-29 | manga-image-translator contains a remote code execution vulnerability in the shared API server mode due to unsafe deserialization of untrusted pickle data in the share.py m… | |
| CVE-2026-46376 | CRITICAL | Patched | 9.8 | 2026-05-29 | FreePBX is an open source IP PBX. From 15.0.42 to before 16.0.45 and 17.0.7, unauthenticated users may be able to access the User Control Panel (UCP) using hard-coded initi… |
| CVE-2026-10071 | CRITICAL | 9.8 | 2026-05-29 | DreamMaker developed by Interinfo has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby e… | |
| CVE-2025-41276 | CRITICAL | Patched | 9.8 | 2026-05-29 | Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-50… |
| CVE-2025-41277 | CRITICAL | Patched | 9.8 | 2026-05-29 | Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-50… |
| CVE-2025-41269 | CRITICAL | Patched | 9.8 | 2026-05-29 | Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-50… |