Search
31,027 CVEs · Critical severity
CVEs (31,027, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 326–350 of 31,027 (capped at 500)
| CVE ID | Severity | Patch | CVSS | Published ↓ | Description |
|---|---|---|---|---|---|
| CVE-2026-9408 | CRITICAL | 9.8 | 2026-05-25 | A vulnerability was detected in Totolink A8000RU 7.1cu.643_b20200521. Affected by this issue is the function setStaticDhcpRules of the file /cgi-bin/cstecgi.cgi of the comp… | |
| CVE-2026-9407 | CRITICAL | 9.8 | 2026-05-25 | A security vulnerability has been detected in Totolink A8000RU 7.1cu.643_b20200521. Affected by this vulnerability is the function setFirewallType of the file /cgi-bin/cste… | |
| CVE-2026-9406 | CRITICAL | 9.8 | 2026-05-25 | A weakness has been identified in Totolink A8000RU 7.1cu.643_b20200521. Affected is the function setRemoteCfg of the file /cgi-bin/cstecgi.cgi of the component Web Manageme… | |
| CVE-2026-9405 | CRITICAL | 9.8 | 2026-05-25 | A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. This impacts the function setGameSpeedCfg of the file /cgi-bin/cstecgi.cgi of the component Web… | |
| CVE-2026-9404 | CRITICAL | 9.8 | 2026-05-24 | A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. This affects the function setDdnsCfg of the file /cgi-bin/cstecgi.cgi of the component Web Managemen… | |
| CVE-2026-9388 | CRITICAL | 9.8 | 2026-05-24 | A weakness has been identified in Totolink A8000RU 7.1cu.643_b20200521. The impacted element is the function setScheduleCfg of the file /cgi-bin/cstecgi.cgi of the componen… | |
| CVE-2026-9387 | CRITICAL | 9.8 | 2026-05-24 | A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. The affected element is the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi of the compo… | |
| CVE-2026-9386 | CRITICAL | 9.8 | 2026-05-24 | A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. Impacted is the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi of the component Web Manage… | |
| CVE-2026-9385 | CRITICAL | 9.8 | 2026-05-24 | A vulnerability was determined in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component W… | |
| CVE-2026-9384 | CRITICAL | 9.8 | 2026-05-24 | A vulnerability was found in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component… | |
| CVE-2018-25357 | CRITICAL | Patched | 9.8 | 2026-05-23 | Dolibarr ERP CRM 7.0.3 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting PHP code through the db_n… |
| CVE-2018-25350 | CRITICAL | 9.8 | 2026-05-23 | userSpice 4.3.24 contains a username enumeration vulnerability that allows unauthenticated attackers to discover valid usernames by sending POST requests to the existingUse… | |
| CVE-2026-47280 | CRITICAL | 10.0 | 2026-05-22 | Improper authentication in Azure Resource Manager (ARM) allows an unauthorized attacker to elevate privileges over a network. | |
| CVE-2026-42901 | CRITICAL | 10.0 | 2026-05-22 | Origin validation error in Microsoft Entra ID allows an unauthorized attacker to elevate privileges over a network. | |
| CVE-2026-41104 | CRITICAL | 10.0 | 2026-05-22 | Deserialization of untrusted data in Microsoft Planetary Computer Pro allows an unauthorized attacker to disclose information over a network. | |
| CVE-2026-41090 | CRITICAL | 9.3 | 2026-05-22 | Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an unauthorized attacker to perform tampering over a network. | |
| CVE-2026-40412 | CRITICAL | 10.0 | 2026-05-22 | Unrestricted upload of file with dangerous type in Azure Orbital Spatio allows an unauthorized attacker to execute code over a network. | |
| CVE-2026-40411 | CRITICAL | 9.9 | 2026-05-22 | Improper input validation in Azure Virtual Network Gateway allows an authorized attacker to execute code over a network. | |
| CVE-2026-33843 | CRITICAL | 9.1 | 2026-05-22 | Authentication bypass using an alternate path or channel in Microsoft Azure Active Directory B2C allows an unauthorized attacker to elevate privileges over a network. | |
| CVE-2026-23652 | CRITICAL | 10.0 | 2026-05-22 | Improper neutralization of special elements used in a command ('command injection') in Microsoft Power Pages allows an unauthorized attacker to execute code over a network. | |
| CVE-2026-32253 | CRITICAL | Patched | 9.8 | 2026-05-22 | Sunshine is a self-hosted game stream host for Moonlight. In versions prior to 2026.516.143833, the client-certificate authentication can be bypassed because of how OpenSSL… |
| CVE-2026-39821 | CRITICAL | Patched | 9.6 | 2026-05-22 | The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode("xn--example-.com") incorrectly re… |
| CVE-2026-8670 | CRITICAL | Patched | 9.6 | 2026-05-22 | Insufficient session expiration vulnerability in syslink software AG Avantra on Linux, Windows allows Reusing Session IDs (aka Session Replay). This issue affects Avantra:… |
| CVE-2026-46595 | CRITICAL | Patched | 10.0 | 2026-05-22 | Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of callback is passed other than public key, then the sour… |
| CVE-2026-42508 | CRITICAL | Patched | 9.1 | 2026-05-22 | Previously, a revoked 'SignatureKey' belonging to a CA was not correctly checked for revocation. Now, both the 'key' and 'key.SignatureKey' are checked for @revoked. |