Search
31,034 CVEs · Critical severity
CVEs (31,034, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 326–350 of 31,034 (capped at 500)
| CVE ID ↓ | Severity | Patch | CVSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-4715 | CRITICAL | Patched | 9.1 | 2026-03-24 | Uninitialized memory in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9. |
| CVE-2026-47117 | CRITICAL | Patched | 9.8 | 2026-06-02 | OpenMed before 1.5.2 contains a remote code execution vulnerability in the PII privacy-filter model loading path. The privacy-filter dispatcher used broad substring matchin… |
| CVE-2026-4711 | CRITICAL | Patched | 9.8 | 2026-03-24 | Use-after-free in the Widget: Cocoa component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9. |
| CVE-2026-4710 | CRITICAL | Patched | 9.8 | 2026-03-24 | Incorrect boundary conditions in the Audio/Video component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9. |
| CVE-2026-47065 | CRITICAL | 9.8 | 2026-06-03 | ZDRES-232: resolveProxyClass Not Overridden - acceptMatchers Filter Bypass via java.lang.reflect.Proxy Assessment: Fully addressed. When the serialised stream contains … | |
| CVE-2026-4705 | CRITICAL | Patched | 9.8 | 2026-03-24 | Undefined behavior in the WebRTC: Signaling component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9. |
| CVE-2026-4702 | CRITICAL | Patched | 9.8 | 2026-03-24 | JIT miscompilation in the JavaScript Engine component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9. |
| CVE-2026-4701 | CRITICAL | Patched | 9.8 | 2026-03-24 | Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9. |
| CVE-2026-4700 | CRITICAL | Patched | 9.8 | 2026-03-24 | Mitigation bypass in the Networking: HTTP component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9. |
| CVE-2026-4698 | CRITICAL | Patched | 9.8 | 2026-03-24 | JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunder… |
| CVE-2026-4696 | CRITICAL | Patched | 9.8 | 2026-03-24 | Use-after-free in the Layout: Text and Fonts component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9. |
| CVE-2026-4692 | CRITICAL | Patched | 10.0 | 2026-03-24 | Sandbox escape in the Responsive Design Mode component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9. |
| CVE-2026-4691 | CRITICAL | Patched | 9.8 | 2026-03-24 | Use-after-free in the CSS Parsing and Computation component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunde… |
| CVE-2026-4689 | CRITICAL | Patched | 10.0 | 2026-03-24 | Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 1… |
| CVE-2026-4688 | CRITICAL | Patched | 10.0 | 2026-03-24 | Sandbox escape due to use-after-free in the Disability Access APIs component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbi… |
| CVE-2026-46840 | CRITICAL | Patched | 10.0 | 2026-05-28 | Vulnerability in Oracle REST Data Services (component: Backend-as-a-Service). Supported versions that are affected are 24.2.0-26.1.0. Easily exploitable vulnerability allo… |
| CVE-2026-46839 | CRITICAL | Patched | 9.9 | 2026-05-28 | Vulnerability in Oracle REST Data Services (component: Core). Supported versions that are affected are 24.2.0-26.1.0. Easily exploitable vulnerability allows low privilege… |
| CVE-2026-46833 | CRITICAL | Patched | 9.0 | 2026-05-28 | Vulnerability in the Net Service component of Oracle Database Server. Supported versions that are affected are 23.4.0-23.26.2. Difficult to exploit vulnerability allows un… |
| CVE-2026-46824 | CRITICAL | Patched | 9.9 | 2026-05-28 | Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite (component: Work Provider Site Level Administration). Supported versions that are affec… |
| CVE-2026-46822 | CRITICAL | Patched | 9.9 | 2026-05-28 | Vulnerability in the Oracle iAssets product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily ex… |
| CVE-2026-46819 | CRITICAL | Patched | 9.1 | 2026-05-28 | Vulnerability in the Oracle Internet Procurement Connector product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12… |
| CVE-2026-46817 | CRITICAL | Patched | 9.8 | 2026-05-28 | Vulnerability in the Oracle Payments product of Oracle E-Business Suite (component: File Transmission). Supported versions that are affected are 12.2.3-12.2.15. Easily exp… |
| CVE-2026-46775 | CRITICAL | Patched | 9.9 | 2026-05-28 | Vulnerability in Oracle REST Data Services (component: Core). Supported versions that are affected are 24.2.0-26.1.0. Easily exploitable vulnerability allows low privilege… |
| CVE-2026-4670 | CRITICAL | Patched | 9.8 | 2026-04-30 | Authentication bypass by primary weakness vulnerability in Progress Software MOVEit Automation allows Authentication Bypass. This issue affects MOVEit Automation: from 202… |
| CVE-2026-46624 | CRITICAL | Patched | 9.9 | 2026-05-26 | Twenty is an open source CRM. From 1.7.7 through 1.16.7, a critical Remote Code Execution (RCE) vulnerability exists in Twenty CRM via a chained SQL Injection and PostgreSQ… |