Search
6,905 CVEs
CVEs (6,905, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 301–325 of 6,905 (capped at 500)
| CVE ID | Severity | Patch | CVSS ↓ | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-45772 | CRITICAL | Patched | 9.8 | 2026-05-15 | Turborepo is a high-performance build system for JavaScript and TypeScript codebases. From 1.1.0 to before 2.9.14, Turborepo can be vulnerable to arbitrary code execution w… |
| CVE-2026-8398 | CRITICAL | 9.8 | 2026-05-15 | A supply chain attack compromised the official installation packages of DAEMON Tools Lite (Windows versions 12.5.0.2421 through 12.5.0.2434), distributed from the legitimat… | |
| CVE-2026-5229 | CRITICAL | 9.8 | 2026-05-15 | The Form Notify plugin for WordPress is vulnerable to Authentication Bypass in versions up to and including 1.1.10. This is due to the plugin trusting user-controlled cooki… | |
| CVE-2026-26191 | CRITICAL | Patched | 9.8 | 2026-05-14 | Fleet is open source device management software. Prior to version 4.81.0, a vulnerability in Fleet's software installer pipeline could allow a crafted software package to e… |
| CVE-2026-41315 | CRITICAL | Patched | 9.8 | 2026-05-14 | mdserver-web is a simple Linux panel. From 0.18.0 to 0.18.4, mdserver-web has a front-end unauthorized remote command execution vulnerability. Due to the lack of authentica… |
| CVE-2026-42589 | CRITICAL | Patched | 9.8 | 2026-05-14 | Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, Gotenberg's /forms/pdfengines/metadata/write HTTP endpoint accepts a JSON metadata object and pa… |
| CVE-2026-44484 | CRITICAL | 9.8 | 2026-05-14 | PyTorch Lightning is a deep learning framework to pretrain and finetune AI models. Versions 2.6.2 and 2.6.2 have introduced functionality consistent with a credential harve… | |
| CVE-2026-2347 | CRITICAL | Patched | 9.8 | 2026-05-14 | Authorization bypass through User-Controlled key vulnerability in Akilli Commerce Software Technologies Ltd. Co. E-Commerce Website allows Session Hijacking. This issue af… |
| CVE-2025-11024 | CRITICAL | Patched | 9.8 | 2026-05-14 | Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Akilli Commerce Software Technologies Ltd. Co. E-Commerce Website allo… |
| CVE-2026-6510 | CRITICAL | 9.8 | 2026-05-14 | The InfusedWoo Pro plugin for WordPress is vulnerable to privilege escalation via missing authorization in all versions up to, and including, 5.1.2. This is due to missing … | |
| CVE-2026-6271 | CRITICAL | 9.8 | 2026-05-14 | The Career Section plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.7 via the CV upload handler. This is due to missing f… | |
| CVE-2026-8181 | CRITICAL | 9.8 | 2026-05-14 | The Burst Statistics – Privacy-Friendly WordPress Analytics (Google Analytics Alternative) plugin for WordPress is vulnerable to Authentication Bypass in versions 3.4.0 to … | |
| CVE-2026-8500 | CRITICAL | 9.8 | 2026-05-13 | Web::Passwd versions through 0.03 for Perl is vulnerable to RCE. Web::Passwd is a small CGI application for managing htpasswd files using the htpasswd command. The user p… | |
| CVE-2026-42031 | CRITICAL | Patched | 9.8 | 2026-05-13 | CKAN is an open-source DMS (data management system) for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, a vulnerability in datastore_search_sql allowed at… |
| CVE-2026-45411 | CRITICAL | Patched | 9.8 | 2026-05-13 | vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.3, it is possible to catch a host exception using the yield* expression inside an async generator. When the gene… |
| CVE-2026-44008 | CRITICAL | Patched | 9.8 | 2026-05-13 | vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.2, the new method neutralizeArraySpeciesBatch works with objects from the other side but can call into this side… |
| CVE-2026-44009 | CRITICAL | Patched | 9.8 | 2026-05-13 | vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.2, This vulnerability is fixed in 3.11.2. |
| CVE-2020-37168 | CRITICAL | 9.8 | 2026-05-13 | Ecommerce Systempay 1.0 contains a weak cryptographic implementation vulnerability that allows attackers to brute force the 16-character production secret key used for paym… | |
| CVE-2026-42062 | CRITICAL | 9.8 | 2026-05-13 | ELECOM wireless LAN access point devices contain an OS command injection in processing of username parameter. If processing a crafted request, an arbitrary OS command may b… | |
| CVE-2026-40621 | CRITICAL | 9.8 | 2026-05-13 | ELECOM wireless LAN access point devices do not require authentication to access some specific URLs. The affected product may be operated without authentication. | |
| CVE-2026-32661 | CRITICAL | 9.8 | 2026-05-13 | Stack-based buffer overflow vulnerability exists in GUARDIANWALL MailSuite and GUARDIANWALL Mail Security Cloud (SaaS version). If a remote attacker sends a specially craft… | |
| CVE-2026-42854 | CRITICAL | Patched | 9.8 | 2026-05-12 | arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Prior to 3.3.8, the WebServer multipart form parser in… |
| CVE-2026-45185 | CRITICAL | Patched | 9.8 | 2026-05-12 | Exim before 4.99.3, in certain GnuTLS configurations, has a remotely reachable use-after-free in the BDAT body parsing path. It is triggered when a client sends a TLS close… |
| CVE-2026-44277 | CRITICAL | Patched | 9.8 | 2026-05-12 | A improper access control vulnerability in Fortinet FortiAuthenticator 8.0.2, FortiAuthenticator 8.0.0, FortiAuthenticator 6.6.0 through 6.6.8, FortiAuthenticator 6.5.0 thr… |
| CVE-2026-44343 | CRITICAL | Patched | 9.8 | 2026-05-12 | WGDashboard is a dashboard for WireGuard VPN. Prior to 4.3.2, there are critical vulnerabilities affecting WGDashboard that, if exploited, could allow unauthorized parties … |