Search
19,079 CVEs
CVEs (19,079, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 326–350 of 19,079 (capped at 500)
| CVE ID | Severity | Patch | CVSS ↓ | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-46135 | CRITICAL | 9.8 | 2026-05-28 | In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: fix race between ICReq handling and queue teardown nvmet_tcp_handle_icreq() updates queue->… | |
| CVE-2026-46137 | CRITICAL | 9.8 | 2026-05-28 | In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: ADD_ADDR rtx: fix potential data-race This mptcp_pm_add_timer() helper is executed as a tim… | |
| CVE-2026-46115 | CRITICAL | 9.8 | 2026-05-28 | In the Linux kernel, the following vulnerability has been resolved: block: add pgmap check to biovec_phys_mergeable biovec_phys_mergeable() is used by the request merge, … | |
| CVE-2026-45083 | CRITICAL | Patched | 9.8 | 2026-05-27 | The Goobi viewer is a web application that allows digitised material to be displayed in a web browser. From 4.8.0 to before 26.04.1, the Goobi viewer REST endpoint POST /ap… |
| CVE-2026-8363 | CRITICAL | 9.8 | 2026-05-27 | A stack-based buffer overflow condition exists in WOSDeviceDropFolder.dll when processing a long URL path starting with /resources: | |
| CVE-2026-8364 | CRITICAL | 9.8 | 2026-05-27 | Gladinet Triofox Cloud Server Agent Access Service (GladServerAgentService.exe) listens on TCP port 7878 and processes remote HTTP messages with URL paths starting with /re… | |
| CVE-2026-8362 | CRITICAL | 9.8 | 2026-05-27 | A stack-based buffer overflow condition exists in WOSDefaultHttpModule.dll when processing a long URL path starting with /woshome | |
| CVE-2026-44888 | CRITICAL | Patched | 9.8 | 2026-05-27 | Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. Prior to 2026-05-07, Pi.Alert's SaveConfigFile() endpoint writes user-supplied numeric config values… |
| CVE-2026-44887 | CRITICAL | Patched | 9.8 | 2026-05-27 | Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. Prior to 2026-05-07, Pi.Alert's web-based configuration editor allows arbitrary Python code to be in… |
| CVE-2026-48027 | CRITICAL | 9.8 | 2026-05-27 | Nx Console is the user interface for Nx & Lerna. On 19 May 2026, a malicious version of Nx Console, 18.95.0, was published at 12:30 PM UTC and removed soon after at 12:48 P… | |
| CVE-2026-7524 | CRITICAL | Patched | 9.8 | 2026-05-27 | IBM Langflow OSS 1.0.0 through 1.9.1 could allow remote code execution due to improper validation of symbolic links during archive extraction. |
| CVE-2026-8175 | CRITICAL | Patched | 9.8 | 2026-05-27 | IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Tr… |
| CVE-2026-46039 | CRITICAL | 9.8 | 2026-05-27 | In the Linux kernel, the following vulnerability has been resolved: rxgk: Fix potential integer overflow in length check Fix potential integer overflow in rxgk_extract_to… | |
| CVE-2026-45988 | CRITICAL | 9.8 | 2026-05-27 | In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix re-decryption of RESPONSE packets If a RESPONSE packet gets a temporary failure during proc… | |
| CVE-2026-45972 | CRITICAL | 9.8 | 2026-05-27 | In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF and double free in smb2_open_file() Zero out @err_iov and @err_buftype … | |
| CVE-2026-45898 | CRITICAL | 9.8 | 2026-05-27 | In the Linux kernel, the following vulnerability has been resolved: RDMA/iwcm: Fix workqueue list corruption by removing work_list The commit e1168f0 ("RDMA/iwcm: Simplif… | |
| CVE-2026-42758 | CRITICAL | 9.8 | 2026-05-27 | Incorrect Privilege Assignment vulnerability in Saleswonder Team: Tobias WebinarIgnition webinar-ignition allows Privilege Escalation.This issue affects WebinarIgnition: fr… | |
| CVE-2026-42731 | CRITICAL | 9.8 | 2026-05-27 | Incorrect Privilege Assignment vulnerability in miniOrange miniorange otp verification miniorange-otp-verification allows Privilege Escalation.This issue affects miniorange… | |
| CVE-2025-12686 | CRITICAL | Patched | 9.8 | 2026-05-27 | Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in AdminCenter in Synology BeeStation OS before 1.3.2-65648 allows remote attackers to … |
| CVE-2026-8760 | CRITICAL | 9.8 | 2026-05-27 | The Login with OTP plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.6. This is due to an incomplete fix for CVE-2024-1117… | |
| CVE-2026-48689 | CRITICAL | Patched | 9.8 | 2026-05-26 | FastNetMon Community Edition through 1.2.9 contains an off-by-one heap-based buffer overflow in the dynamic_binary_buffer_t class (src/dynamic_binary_buffer.hpp). Five meth… |
| CVE-2026-3660 | CRITICAL | 9.8 | 2026-05-26 | IBM Engineering Lifecycle Management 7.0.3, 7.1.0, and 7.2.0 could allow an unauthenticated remote attacker to update server property files that would allow them to gain un… | |
| CVE-2026-9170 | CRITICAL | 9.8 | 2026-05-26 | IBM HTTP Server 8.5, and 9.0 | |
| CVE-2026-8633 | CRITICAL | Patched | 9.8 | 2026-05-26 | IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5, 9.0 IBM WebSphere Application Server and WebSphere Application Server Liberty are vulner… |
| CVE-2026-7251 | CRITICAL | 9.8 | 2026-05-26 | Eppendorf BioFlo 320 is vulnerable due to VNC server using a hard-coded password. If a remote attacker knows the network address of any BioFlo 320 model with remote access … |