Search
19,079 CVEs
CVEs (19,079, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 351–375 of 19,079 (capped at 500)
| CVE ID | Severity | Patch | CVSS ↓ | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-44668 | CRITICAL | Patched | 9.8 | 2026-05-26 | FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, AccessControlInterceptor, the authentication gate for all Struts2 actions, unconditio… |
| CVE-2026-48904 | CRITICAL | Patched | 9.8 | 2026-05-26 | An improper access check allows privelege escalation through the com_users group editing webservice endpoint. |
| CVE-2026-48898 | CRITICAL | Patched | 9.8 | 2026-05-26 | An improper access check allows privilege escalation through the com_users batch task. |
| CVE-2026-48899 | CRITICAL | Patched | 9.8 | 2026-05-26 | An improper access check allows privilege escalation through the com_users batch task. |
| CVE-2026-48902 | CRITICAL | Patched | 9.8 | 2026-05-26 | The password and username reset features created plain http links for https connections if the "Force SSL" flag wasn't explicitly set. |
| CVE-2026-48691 | CRITICAL | Patched | 9.8 | 2026-05-26 | FastNetMon Community Edition through 1.2.9 contains an integer overflow in the BGP AS_PATH attribute encoder. In src/bgp_protocol.hpp, the IPv4UnicastAnnounce::get_attribut… |
| CVE-2026-40383 | CRITICAL | Patched | 9.8 | 2026-05-26 | An improper validation of user-supplied input leads to a local file inclusion vulnerability. |
| CVE-2026-35223 | CRITICAL | Patched | 9.8 | 2026-05-26 | An improper access check allows unauthorized access to com_config webservice endpoints. |
| CVE-2026-35221 | CRITICAL | Patched | 9.8 | 2026-05-26 | Improperly built filter clauses lead to a SQL injection vulnerability in the search query for com_finder. |
| CVE-2026-35222 | CRITICAL | Patched | 9.8 | 2026-05-26 | Improperly validated order clauses lead to a SQL injection vulnerability in com_tags. |
| CVE-2026-48686 | CRITICAL | Patched | 9.8 | 2026-05-26 | FastNetMon Community Edition through 1.2.9 contains a stack-based buffer overflow in the BGP NLRI (Network Layer Reachability Information) decoder. The function decode_bgp_… |
| CVE-2026-48687 | CRITICAL | Patched | 9.8 | 2026-05-26 | FastNetMon Community Edition through 1.2.9 contains an OS command injection vulnerability in the Juniper router integration plugin. The _log() function in src/juniper_plugi… |
| CVE-2026-45247 | CRITICAL | Patched | 9.8 | 2026-05-26 | Mirasvit Full Page Cache Warmer for Magento 2 before version 1.11.12 contains a PHP object injection vulnerability that allows unauthenticated attackers to achieve remote c… |
| CVE-2026-9543 | CRITICAL | 9.8 | 2026-05-26 | A vulnerability has been found in Totolink N300RH 6.1c.1353_B20190305. Affected is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component Web Managem… | |
| CVE-2026-8376 | CRITICAL | Patched | 9.8 | 2026-05-26 | Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds. Perl_study_chunk in regcomp_stu… |
| CVE-2026-9478 | CRITICAL | 9.8 | 2026-05-25 | A weakness has been identified in Totolink A8000RU 7.1cu.643_b20200521. Impacted is the function setParentalRules of the file /cgi-bin/cstecgi.cgi of the component Web Mana… | |
| CVE-2026-9477 | CRITICAL | 9.8 | 2026-05-25 | A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function setAccessDeviceCfg of the file /cgi-bin/cstecgi.cgi of the comp… | |
| CVE-2026-9475 | CRITICAL | 9.8 | 2026-05-25 | A vulnerability was determined in Totolink A8000RU 7.1cu.643_b20200521. This affects the function setIpQosRules of the file /cgi-bin/cstecgi.cgi of the component Web Manage… | |
| CVE-2026-9476 | CRITICAL | 9.8 | 2026-05-25 | A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the compo… | |
| CVE-2026-9457 | CRITICAL | 9.8 | 2026-05-25 | A vulnerability was determined in Totolink A8000RU 7.1cu.643_b20200521. The affected element is the function UploadFirmwareFile of the file /cgi-bin/cstecgi.cgi of the comp… | |
| CVE-2026-9458 | CRITICAL | 9.8 | 2026-05-25 | A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. The impacted element is the function setWanCfg of the file /cgi-bin/cstecgi.cgi of the component Web… | |
| CVE-2026-9454 | CRITICAL | 9.8 | 2026-05-25 | A flaw has been found in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the function setOpenVpnCertGenerationCfg of the file /cgi-bin/cstecgi.cgi of the c… | |
| CVE-2026-9455 | CRITICAL | 9.8 | 2026-05-25 | A vulnerability has been found in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function UploadOpenVpnCert of the file /cgi-bin/cstecgi.cgi of the component … | |
| CVE-2026-9456 | CRITICAL | 9.8 | 2026-05-25 | A vulnerability was found in Totolink A8000RU 7.1cu.643_b20200521. Impacted is the function setOpenVpnCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management I… | |
| CVE-2026-9435 | CRITICAL | 9.8 | 2026-05-25 | A vulnerability was detected in Totolink A8000RU 7.1cu.643_b20200521. The affected element is the function setQosCfg of the file /cgi-bin/cstecgi.cgi of the component Web M… |