Search
592 CVEs · Critical severity
CVEs (592, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 301–325 of 592 (capped at 500)
| CVE ID | Severity | Patch | CVSS | Published ↓ | Description |
|---|---|---|---|---|---|
| CVE-2026-48898 | CRITICAL | Patched | 9.8 | 2026-05-26 | An improper access check allows privilege escalation through the com_users batch task. |
| CVE-2026-48691 | CRITICAL | Patched | 9.8 | 2026-05-26 | FastNetMon Community Edition through 1.2.9 contains an integer overflow in the BGP AS_PATH attribute encoder. In src/bgp_protocol.hpp, the IPv4UnicastAnnounce::get_attribut… |
| CVE-2026-45721 | CRITICAL | Patched | 9.0 | 2026-05-26 | Algernon is a small self-contained pure-Go web server. Prior to 1.17.7, when Algernon is asked for any URL path that resolves to a directory without an index file, DirPage … |
| CVE-2026-40383 | CRITICAL | Patched | 9.8 | 2026-05-26 | An improper validation of user-supplied input leads to a local file inclusion vulnerability. |
| CVE-2026-35223 | CRITICAL | Patched | 9.8 | 2026-05-26 | An improper access check allows unauthorized access to com_config webservice endpoints. |
| CVE-2026-35222 | CRITICAL | Patched | 9.8 | 2026-05-26 | Improperly validated order clauses lead to a SQL injection vulnerability in com_tags. |
| CVE-2026-35221 | CRITICAL | Patched | 9.8 | 2026-05-26 | Improperly built filter clauses lead to a SQL injection vulnerability in the search query for com_finder. |
| CVE-2026-48687 | CRITICAL | Patched | 9.8 | 2026-05-26 | FastNetMon Community Edition through 1.2.9 contains an OS command injection vulnerability in the Juniper router integration plugin. The _log() function in src/juniper_plugi… |
| CVE-2026-48686 | CRITICAL | Patched | 9.8 | 2026-05-26 | FastNetMon Community Edition through 1.2.9 contains a stack-based buffer overflow in the BGP NLRI (Network Layer Reachability Information) decoder. The function decode_bgp_… |
| CVE-2026-4480 | CRITICAL | Patched | 9.0 | 2026-05-26 | A flaw was found in the Samba printing subsystem. Samba passes the client-controlled job description string to the command configured with the "print command" setting via t… |
| CVE-2026-45247 | CRITICAL | Patched | 9.8 | 2026-05-26 | Mirasvit Full Page Cache Warmer for Magento 2 before version 1.11.12 contains a PHP object injection vulnerability that allows unauthenticated attackers to achieve remote c… |
| CVE-2026-9543 | CRITICAL | 9.8 | 2026-05-26 | A vulnerability has been found in Totolink N300RH 6.1c.1353_B20190305. Affected is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component Web Managem… | |
| CVE-2026-7374 | CRITICAL | 9.9 | 2026-05-26 | A flaw was found in KubeVirt's virt-handler component. This vulnerability allows an authenticated OpenShift user with edit permissions in a single namespace to exploit impr… | |
| CVE-2026-42496 | CRITICAL | Patched | 9.1 | 2026-05-26 | Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory. _make_special_file() passes the tar header's… |
| CVE-2026-8376 | CRITICAL | Patched | 9.8 | 2026-05-26 | Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds. Perl_study_chunk in regcomp_stu… |
| CVE-2026-42774 | CRITICAL | 9.3 | 2026-05-25 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Crocoblock JetEngine allows SQL Injection. This issue affects JetEngi… | |
| CVE-2026-42773 | CRITICAL | 9.3 | 2026-05-25 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in eMagicOne eMagicOne Store Manager allows Blind SQL Injection. This is… | |
| CVE-2026-9478 | CRITICAL | 9.8 | 2026-05-25 | A weakness has been identified in Totolink A8000RU 7.1cu.643_b20200521. Impacted is the function setParentalRules of the file /cgi-bin/cstecgi.cgi of the component Web Mana… | |
| CVE-2026-9477 | CRITICAL | 9.8 | 2026-05-25 | A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function setAccessDeviceCfg of the file /cgi-bin/cstecgi.cgi of the comp… | |
| CVE-2026-9476 | CRITICAL | 9.8 | 2026-05-25 | A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the compo… | |
| CVE-2026-9475 | CRITICAL | 9.8 | 2026-05-25 | A vulnerability was determined in Totolink A8000RU 7.1cu.643_b20200521. This affects the function setIpQosRules of the file /cgi-bin/cstecgi.cgi of the component Web Manage… | |
| CVE-2026-9458 | CRITICAL | 9.8 | 2026-05-25 | A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. The impacted element is the function setWanCfg of the file /cgi-bin/cstecgi.cgi of the component Web… | |
| CVE-2026-9457 | CRITICAL | 9.8 | 2026-05-25 | A vulnerability was determined in Totolink A8000RU 7.1cu.643_b20200521. The affected element is the function UploadFirmwareFile of the file /cgi-bin/cstecgi.cgi of the comp… | |
| CVE-2026-9456 | CRITICAL | 9.8 | 2026-05-25 | A vulnerability was found in Totolink A8000RU 7.1cu.643_b20200521. Impacted is the function setOpenVpnCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management I… | |
| CVE-2026-9455 | CRITICAL | 9.8 | 2026-05-25 | A vulnerability has been found in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function UploadOpenVpnCert of the file /cgi-bin/cstecgi.cgi of the component … |