Search
6,905 CVEs
CVEs (6,905, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 351–375 of 6,905 (capped at 500)
| CVE ID | Severity | Patch | CVSS ↓ | Published | Description |
|---|---|---|---|---|---|
| CVE-2025-6577 | CRITICAL | Patched | 9.8 | 2026-05-12 | Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Akilli Commerce Software Technologies Ltd. Co. E-Commerce Website allo… |
| CVE-2026-7210 | CRITICAL | Patched | 9.8 | 2026-05-11 | `xml.parsers.expat` and `xml.etree.ElementTree` use insufficient entropy for Expat hash-flooding protection, which allows a crafted XML document to trigger hash flooding.\r… |
| CVE-2026-43995 | CRITICAL | Patched | 9.8 | 2026-05-11 | Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, multiple tool implementations directly import and invoke raw HTTP c… |
| CVE-2026-38567 | CRITICAL | 9.8 | 2026-05-11 | HireFlow v1.2 is vulnerable to SQL injection in the /login and /search endpoints. User-supplied input is concatenated directly into SQL queries without parameterization. An… | |
| CVE-2026-40636 | CRITICAL | Patched | 9.8 | 2026-05-11 | Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains a use of hard-coded credentials vulnerability. An unauthenticated attacke… |
| CVE-2021-47940 | CRITICAL | 9.8 | 2026-05-10 | WordPress Plugin Download From Files version 1.48 and earlier contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious file… | |
| CVE-2021-47932 | CRITICAL | 9.8 | 2026-05-10 | WordPress TheCartPress 1.5.3.6 contains an unauthenticated privilege escalation vulnerability that allows attackers to create administrator accounts by submitting crafted r… | |
| CVE-2021-47933 | CRITICAL | 9.8 | 2026-05-10 | WordPress MStore API 2.0.6 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to the R… | |
| CVE-2021-47936 | CRITICAL | 9.8 | 2026-05-10 | OpenCATS 0.9.4 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary commands by uploading malicious PHP files disguised… | |
| CVE-2021-47923 | CRITICAL | 9.8 | 2026-05-10 | OpenCart 3.0.3.8 contains a session fixation vulnerability that allows attackers to hijack user sessions by injecting arbitrary values into the OCSESSID cookie. Attackers c… | |
| CVE-2026-6722 | CRITICAL | Patched | 9.8 | 2026-05-10 | In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, the SOAP extension's object deduplication mechanism stores pointers t… |
| CVE-2026-7261 | CRITICAL | Patched | 9.8 | 2026-05-10 | In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, when SoapServer is configured with SOAP_PERSISTENCE_SESSION, the hand… |
| CVE-2025-14179 | CRITICAL | Patched | 9.8 | 2026-05-10 | In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, the PDO Firebird driver improperly handles NUL bytes when preparing S… |
| CVE-2026-11671 | CRITICAL | 9.6 | 2026-06-09 | Use after free in Navigation in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium s… | |
| CVE-2026-11651 | CRITICAL | 9.6 | 2026-06-09 | Use after free in Network in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium s… | |
| CVE-2026-11638 | CRITICAL | 9.6 | 2026-06-09 | Use after free in Printing in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium sec… | |
| CVE-2026-11634 | CRITICAL | 9.6 | 2026-06-09 | Use after free in Gamepad in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Ch… | |
| CVE-2026-45758 | CRITICAL | Patched | 9.6 | 2026-06-05 | Guardrails AI is a Python framework that helps build AI applications. On May 11, 2026 at approximately 6:00 PM Pacific, an attacker published a malicious version of `guardr… |
| CVE-2026-11293 | CRITICAL | 9.6 | 2026-06-05 | Use after free in Input in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium securit… | |
| CVE-2026-11282 | CRITICAL | 9.6 | 2026-06-05 | Insufficient policy enforcement in Sandbox in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted … | |
| CVE-2026-11250 | CRITICAL | Patched | 9.6 | 2026-06-05 | Inappropriate implementation in DevTools in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially se… |
| CVE-2026-11213 | CRITICAL | Patched | 9.6 | 2026-06-04 | Insufficient validation of untrusted input in Reading Mode in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to pot… |
| CVE-2026-11207 | CRITICAL | Patched | 9.6 | 2026-06-04 | Insufficient validation of untrusted input in Autofill in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via malicio… |
| CVE-2026-11198 | CRITICAL | Patched | 9.6 | 2026-06-04 | Insufficient validation of untrusted input in Codecs in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted… |
| CVE-2026-11165 | CRITICAL | 9.6 | 2026-06-04 | Use after free in WebMIDI in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromiu… |