Search
31,034 CVEs · Critical severity
CVEs (31,034, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 351–375 of 31,034 (capped at 500)
| CVE ID ↓ | Severity | Patch | CVSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-46595 | CRITICAL | Patched | 10.0 | 2026-05-22 | Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of callback is passed other than public key, then the sour… |
| CVE-2026-46425 | CRITICAL | Patched | 9.9 | 2026-05-27 | Budibase is an open-source low-code platform. Prior to 3.38.2, packages/worker/src/api/routes/global/scim.ts attaches only two middlewares to the SCIM router: requireSCIM (… |
| CVE-2026-46389 | CRITICAL | 10.0 | 2026-06-05 | UDS Identity Config builds the Keycloak configuration image (realm, plugins, theme, truststore, JARs) consumed by UDS Core's Identity deployment. In versions 0.11.0 through… | |
| CVE-2026-46376 | CRITICAL | Patched | 9.8 | 2026-05-29 | FreePBX is an open source IP PBX. From 15.0.42 to before 16.0.45 and 17.0.7, unauthenticated users may be able to access the User Control Panel (UCP) using hard-coded initi… |
| CVE-2026-46364 | CRITICAL | Patched | 9.8 | 2026-05-15 | phpMyFAQ before 4.1.2 contains an unauthenticated SQL injection vulnerability in BuiltinCaptcha::garbageCollector() and BuiltinCaptcha::saveCaptcha() methods that interpola… |
| CVE-2026-4631 | CRITICAL | 9.8 | 2026-04-07 | Cockpit's remote login feature passes user-supplied hostnames and usernames from the web interface to the SSH client without validation or sanitization. An attacker with ne… | |
| CVE-2026-46266 | CRITICAL | 9.1 | 2026-06-03 | In the Linux kernel, the following vulnerability has been resolved: inet: RAW sockets using IPPROTO_RAW MUST drop incoming ICMP Yizhou Zhao reported that simply having on… | |
| CVE-2026-46244 | CRITICAL | 9.1 | 2026-06-03 | In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_inner: Fix IPv6 inner_thoff desync In nft_inner_parse_l2l3(), when processing inner IPv… | |
| CVE-2026-4622 | CRITICAL | Patched | 9.8 | 2026-03-27 | OS Command Injection vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to execute arbitrary OS commands via network. |
| CVE-2026-4620 | CRITICAL | Patched | 9.8 | 2026-03-27 | OS Command Injection vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to execute arbitrary OS commands via network. |
| CVE-2026-46195 | CRITICAL | 9.8 | 2026-05-28 | In the Linux kernel, the following vulnerability has been resolved: smb: client: validate dacloffset before building DACL pointers parse_sec_desc(), build_sec_desc(), and… | |
| CVE-2026-4619 | CRITICAL | Patched | 9.8 | 2026-03-27 | Path Traversal vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to wtite over any file via network. |
| CVE-2026-46185 | CRITICAL | 9.1 | 2026-05-28 | In the Linux kernel, the following vulnerability has been resolved: smb/client: fix out-of-bounds read in symlink_data() Since smb2_check_message() returns success withou… | |
| CVE-2026-46155 | CRITICAL | 9.1 | 2026-05-28 | In the Linux kernel, the following vulnerability has been resolved: smb/client: fix out-of-bounds read in smb2_compound_op() If a server sends a truncated response but a … | |
| CVE-2026-46137 | CRITICAL | 9.8 | 2026-05-28 | In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: ADD_ADDR rtx: fix potential data-race This mptcp_pm_add_timer() helper is executed as a tim… | |
| CVE-2026-46135 | CRITICAL | 9.8 | 2026-05-28 | In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: fix race between ICReq handling and queue teardown nvmet_tcp_handle_icreq() updates queue->… | |
| CVE-2026-46119 | CRITICAL | 9.1 | 2026-05-28 | In the Linux kernel, the following vulnerability has been resolved: libceph: Fix slab-out-of-bounds access in auth message processing If a (potentially corrupted) message… | |
| CVE-2026-46115 | CRITICAL | 9.8 | 2026-05-28 | In the Linux kernel, the following vulnerability has been resolved: block: add pgmap check to biovec_phys_mergeable biovec_phys_mergeable() is used by the request merge, … | |
| CVE-2026-46043 | CRITICAL | 9.1 | 2026-05-27 | In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Validate pad and ICRC before payload_size() in rxe_rcv rxe_rcv() currently checks only that … | |
| CVE-2026-46039 | CRITICAL | 9.8 | 2026-05-27 | In the Linux kernel, the following vulnerability has been resolved: rxgk: Fix potential integer overflow in length check Fix potential integer overflow in rxgk_extract_to… | |
| CVE-2026-4599 | CRITICAL | Patched | 9.1 | 2026-03-23 | Versions of the package jsrsasign from 7.0.0 and before 11.1.1 are vulnerable to Incomplete Comparison with Missing Factors via the getRandomBigIntegerZeroToMax and getRand… |
| CVE-2026-45988 | CRITICAL | 9.8 | 2026-05-27 | In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix re-decryption of RESPONSE packets If a RESPONSE packet gets a temporary failure during proc… | |
| CVE-2026-45972 | CRITICAL | 9.8 | 2026-05-27 | In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF and double free in smb2_open_file() Zero out @err_iov and @err_buftype … | |
| CVE-2026-45898 | CRITICAL | 9.8 | 2026-05-27 | In the Linux kernel, the following vulnerability has been resolved: RDMA/iwcm: Fix workqueue list corruption by removing work_list The commit e1168f0 ("RDMA/iwcm: Simplif… | |
| CVE-2026-4585 | CRITICAL | 9.8 | 2026-03-23 | A vulnerability has been found in Tiandy Easy7 Integrated Management Platform up to 7.17.0. This vulnerability affects unknown code of the file /Easy7/apps/WebService/Impor… |