Search
31,034 CVEs · Critical severity
CVEs (31,034, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 301–325 of 31,034 (capped at 500)
| CVE ID ↓ | Severity | Patch | CVSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-48567 | CRITICAL | 10.0 | 2026-06-04 | Authentication bypass by spoofing in Azure HorizonDB allows an unauthorized attacker to elevate privileges over a network. | |
| CVE-2026-4851 | CRITICAL | Patched | 9.8 | 2026-03-29 | GRID::Machine versions through 0.127 for Perl allows arbitrary code execution via unsafe deserialization. GRID::Machine provides Remote Procedure Calls (RPC) over SSH for … |
| CVE-2026-48207 | CRITICAL | Patched | 9.8 | 2026-05-21 | Deserialization of untrusted data in Apache Fory PyFory. PyFory's ReduceSerializer could bypass documented DeserializationPolicy validation hooks during reduce-state restor… |
| CVE-2026-48188 | CRITICAL | Patched | 9.1 | 2026-06-01 | An improper Input Validation vulnerability in OTRS or ((OTRS)) Community Edition database layer module allows an unauthenticated SQL injection which can lead to an authenti… |
| CVE-2026-48172 | CRITICAL | Patched | 9.8 | 2026-05-21 | LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation (possibly to root), as exploited in the wild in May 2026. Detection is best done via a command lin… |
| CVE-2026-48150 | CRITICAL | Patched | 9.0 | 2026-05-27 | Budibase is an open-source low-code platform. Prior to 3.39.0, /api/public/v1/roles/assign is guarded by the builderOrAdmin middleware, which passes any user who is a build… |
| CVE-2026-4809 | CRITICAL | 9.8 | 2026-03-26 | plank/laravel-mediable through version 6.4.0 can allow upload of a dangerous file type when an application using the package accepts or prefers a client-supplied MIME type … | |
| CVE-2026-48040 | CRITICAL | Patched | 9.1 | 2026-06-04 | The netty incubator codec.bhttp is a java language binary http parser. The library implements Oblivious HTTP (RFC 9458) using BoringSSL's HPKE C library via JNI. When deriv… |
| CVE-2026-48027 | CRITICAL | 9.8 | 2026-05-27 | Nx Console is the user interface for Nx & Lerna. On 19 May 2026, a malicious version of Nx Console, 18.95.0, was published at 12:30 PM UTC and removed soon after at 12:48 P… | |
| CVE-2026-4789 | CRITICAL | Patched | 9.8 | 2026-03-30 | Kyverno, versions 1.16.0 and later, are vulnerable to SSRF due to unrestricted CEL HTTP functions. |
| CVE-2026-47744 | CRITICAL | Patched | 9.9 | 2026-05-29 | Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, two distinct authorization defects in the team settings allowed any authenticated panel user to take over the … |
| CVE-2026-4755 | CRITICAL | Patched | 9.8 | 2026-03-24 | CWE-20 vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7: before 7.1.2-11. |
| CVE-2026-4753 | CRITICAL | 9.1 | 2026-03-24 | Out-of-bounds Read vulnerability in slajerek RetroDebugger.This issue affects RetroDebugger: before v0.64.72. | |
| CVE-2026-4750 | CRITICAL | 9.1 | 2026-03-24 | Out-of-bounds Read vulnerability in fabiangreffrath woof.This issue affects woof: before woof_15.3.0. | |
| CVE-2026-47372 | CRITICAL | 9.1 | 2026-05-20 | Crypt::SaltedHash versions through 0.09 for Perl generate insecure random values for salts. These versions use the built-in rand function, which is predictable and unsuita… | |
| CVE-2026-47323 | CRITICAL | Patched | 9.8 | 2026-05-19 | Camel-CXF and Camel-Knative Message Header Injection via Missing Inbound Filtering The CXF and Knative HeaderFilterStrategy implementations (CxfRsHeaderFilterStrategy in c… |
| CVE-2026-4729 | CRITICAL | Patched | 9.8 | 2026-03-24 | Memory safety bugs present in Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these … |
| CVE-2026-47280 | CRITICAL | 10.0 | 2026-05-22 | Improper authentication in Azure Resource Manager (ARM) allows an unauthorized attacker to elevate privileges over a network. | |
| CVE-2026-4725 | CRITICAL | Patched | 10.0 | 2026-03-24 | Sandbox escape due to use-after-free in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149 and Thunderbird 149. |
| CVE-2026-4724 | CRITICAL | Patched | 9.1 | 2026-03-24 | Undefined behavior in the Audio/Video component. This vulnerability was fixed in Firefox 149 and Thunderbird 149. |
| CVE-2026-4723 | CRITICAL | Patched | 9.8 | 2026-03-24 | Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 149 and Thunderbird 149. |
| CVE-2026-4721 | CRITICAL | Patched | 9.8 | 2026-03-24 | Memory safety bugs present in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory co… |
| CVE-2026-4720 | CRITICAL | Patched | 9.8 | 2026-03-24 | Memory safety bugs present in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we pres… |
| CVE-2026-4717 | CRITICAL | Patched | 9.8 | 2026-03-24 | Privilege escalation in the Netmonitor component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9. |
| CVE-2026-4716 | CRITICAL | Patched | 9.1 | 2026-03-24 | Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and… |