Search
127,949 CVEs · High severity
CVEs (127,949, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 351–375 of 127,949 (capped at 500)
| CVE ID ↓ | Severity | Patch | CVSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-8414 | HIGH | Patched | 8.8 | 2026-05-21 | Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/event/duplicate. The Concrete CMS security team gave this vuln… |
| CVE-2026-8413 | HIGH | Patched | 8.8 | 2026-05-21 | Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/page/bulk/design. The Concrete CMS security team gave this vul… |
| CVE-2026-8412 | HIGH | Patched | 8.8 | 2026-05-21 | Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/page/bulk/cache. The Concrete CMS security team gave this vul… |
| CVE-2026-8411 | HIGH | Patched | 8.8 | 2026-05-21 | Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/page/bulk/delete. The Concrete CMS security team gave this vul… |
| CVE-2026-8410 | HIGH | Patched | 8.8 | 2026-05-21 | Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/logs/bulk/delete. The The Concrete CMS security team gave thi… |
| CVE-2026-8409 | HIGH | Patched | 8.8 | 2026-05-21 | Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/logs/delete. The The Concrete CMS security team gave this vul… |
| CVE-2026-8390 | HIGH | Patched | 7.3 | 2026-05-12 | Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150.0.3. |
| CVE-2026-8389 | HIGH | Patched | 8.8 | 2026-05-12 | JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 150.0.3. |
| CVE-2026-8361 | HIGH | 7.5 | 2026-05-27 | A path traversal vulnerability exists in WOSDefaultHttpModule.dll when processing a URL path starting with /woshome | |
| CVE-2026-8360 | HIGH | 7.5 | 2026-05-27 | Function calls to WOSCommonUtil.dll!WOSSysInfoGetDeviceInterface() in various DLLs (i.e., WOSProfileMgrModule.dll, WOSWebDavModule.dll) can return a NULL pointer (i.e., whe… | |
| CVE-2026-8359 | HIGH | 7.5 | 2026-05-27 | When processing a request with a URL path starting with /status or /sysinfo, WOSHttpStatusModule.dll is to be loaded to handle such URL patterns. The WOSBin_LoadHttpModule … | |
| CVE-2026-8350 | HIGH | Patched | 8.8 | 2026-05-21 | Concrete CMS 9.5.0 and below is vulnerable to missing authorization in the bulk_user_assignment.php which can lead to privilege escalation to Administrative Group. Any auth… |
| CVE-2026-8336 | HIGH | Patched | 7.5 | 2026-05-13 | After invoking $_internalJsEmit, which is not intended to be directly accessible, or mapreduce command’s map function in a certain way, an authenticated user can subsequent… |
| CVE-2026-8321 | HIGH | 7.3 | 2026-05-11 | A vulnerability was detected in inkeep agents 0.58.14. This vulnerability affects the function createDevContext of the file agents-api/src/middleware/runAuth.ts of the comp… | |
| CVE-2026-8305 | HIGH | Patched | 7.3 | 2026-05-11 | A vulnerability was detected in OpenClaw up to 2026.1.24. The impacted element is the function handleBlueBubblesWebhookRequest of the file extensions/bluebubbles/src/monito… |
| CVE-2026-8293 | HIGH | Patched | 7.5 | 2026-06-02 | The Really Simple Security WordPress plugin before 9.5.10.1 does not enforce the second-factor challenge in two of its two-factor authentication REST endpoints, allowing a… |
| CVE-2026-8260 | HIGH | Patched | 8.8 | 2026-05-11 | A vulnerability was found in D-Link DCS-935L up to 1.10.01. The impacted element is the function SetDeviceSettings of the file /web/cgi-bin/hnap/hnap_service of the compone… |
| CVE-2026-8234 | HIGH | 8.8 | 2026-05-10 | A security vulnerability has been detected in EFM ipTIME A8004T 14.18.2. This vulnerability affects the function formWifiBasicSet of the file /goform/WifiBasicSet. The mani… | |
| CVE-2026-8216 | HIGH | 7.3 | 2026-05-10 | A vulnerability was identified in Industrial Application Software IAS Canias ERP 8.03. This issue affects the function iasServerRemoteInterface.doAction of the component Ja… | |
| CVE-2026-8180 | HIGH | Patched | 7.5 | 2026-05-27 | IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Tr… |
| CVE-2026-8179 | HIGH | Patched | 8.8 | 2026-05-27 | IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Tr… |
| CVE-2026-8178 | HIGH | Patched | 8.1 | 2026-05-08 | An issue exists in Amazon Redshift JDBC Driver versions prior to 2.2.2. Under certain conditions, the driver could load and execute arbitrary classes when processing JDBC c… |
| CVE-2026-8177 | HIGH | 7.5 | 2026-05-10 | XML::LibXML versions through 2.0210 for Perl read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences. A node name ending in th… | |
| CVE-2026-8162 | HIGH | Patched | 7.5 | 2026-05-12 | multiparty@4.2.3 and lower versions are vulnerable to denial of service via uncaught exception. By sending a multipart/form-data request with a Content-Disposition header w… |
| CVE-2026-8161 | HIGH | Patched | 7.5 | 2026-05-12 | multiparty@4.2.3 and lower versions are vulnerable to denial of service via uncaught exception. By sending a multipart/form-data request with a field name that collides wit… |