Search
31,027 CVEs · Critical severity
CVEs (31,027, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 351–375 of 31,027 (capped at 500)
| CVE ID | Severity | Patch | CVSS | Published ↓ | Description |
|---|---|---|---|---|---|
| CVE-2026-39834 | CRITICAL | Patched | 9.1 | 2026-05-22 | When writing data larger than 4GB in a single Write call on an SSH channel, an integer overflow in the internal payload size calculation caused the write loop to spin indef… |
| CVE-2026-39833 | CRITICAL | Patched | 9.1 | 2026-05-22 | The in-memory keyring returned by NewKeyring() silently accepted keys with the ConfirmBeforeUse constraint but never enforced it. The key would sign without any confirmatio… |
| CVE-2026-39832 | CRITICAL | Patched | 9.1 | 2026-05-22 | When adding a key to a remote agent constraint extensions such as restrict-destination-v00@openssh.com were not serialized in the request. Destination restrictions were sil… |
| CVE-2026-39831 | CRITICAL | Patched | 9.1 | 2026-05-22 | The Verify() method for FIDO/U2F security key types (sk-ecdsa-sha2-nistp256@openssh.com, sk-ssh-ed25519@openssh.com) did not check the User Presence flag. Signatures genera… |
| CVE-2026-39830 | CRITICAL | Patched | 9.1 | 2026-05-22 | A malicious SSH peer could send unsolicited global request responses to fill an internal buffer, blocking the connection's read loop. The blocked goroutine could not be rel… |
| CVE-2026-34910 | CRITICAL | 10.0 | 2026-05-22 | A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection. | |
| CVE-2026-34909 | CRITICAL | 10.0 | 2026-05-22 | A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be m… | |
| CVE-2026-34908 | CRITICAL | 10.0 | 2026-05-22 | A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS devices to make unauthorized changes to the system. | |
| CVE-2026-33000 | CRITICAL | 9.1 | 2026-05-22 | A malicious actor with access to the network and high privileges could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection. | |
| CVE-2026-6960 | CRITICAL | 9.8 | 2026-05-21 | The BookingPress Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'bookingpress_validate_submitted_booking_form_f… | |
| CVE-2026-48207 | CRITICAL | Patched | 9.8 | 2026-05-21 | Deserialization of untrusted data in Apache Fory PyFory. PyFory's ReduceSerializer could bypass documented DeserializationPolicy validation hooks during reduce-state restor… |
| CVE-2026-39531 | CRITICAL | 9.3 | 2026-05-21 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wp Directory Kit WP Directory Kit allows Blind SQL Injection. This is… | |
| CVE-2025-71211 | CRITICAL | 9.8 | 2026-05-21 | A vulnerability in the Trend Micro Apex One management console could allow a remote attacker to upload malicious code and execute commands on affected installations. This v… | |
| CVE-2025-71210 | CRITICAL | 9.8 | 2026-05-21 | A vulnerability in the Trend Micro Apex One management console could allow a remote attacker to upload malicious code and execute commands on affected installations. Ple… | |
| CVE-2026-5118 | CRITICAL | 9.8 | 2026-05-21 | The Divi Form Builder plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.1.2. This is due to the plugin accepting a user-control… | |
| CVE-2026-43501 | CRITICAL | 9.8 | 2026-05-21 | In the Linux kernel, the following vulnerability has been resolved: ipv6: rpl: reserve mac_len headroom when recompressed SRH grows ipv6_rpl_srh_rcv() decompresses an RFC… | |
| CVE-2026-44050 | CRITICAL | 9.9 | 2026-05-21 | A heap-based buffer overflow in the CNID daemon comm_rcv() function in Netatalk 2.0.0 through 4.4.2 allows a remote authenticated attacker to execute arbitrary code with es… | |
| CVE-2026-6279 | CRITICAL | 9.8 | 2026-05-21 | The Avada Builder (fusion-builder) plugin for WordPress is vulnerable to Unauthenticated Remote Code Execution via PHP Function Injection in versions up to and including 3.… | |
| CVE-2026-48172 | CRITICAL | Patched | 9.8 | 2026-05-21 | LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation (possibly to root), as exploited in the wild in May 2026. Detection is best done via a command lin… |
| CVE-2026-47372 | CRITICAL | 9.1 | 2026-05-20 | Crypt::SaltedHash versions through 0.09 for Perl generate insecure random values for salts. These versions use the built-in rand function, which is predictable and unsuita… | |
| CVE-2026-8631 | CRITICAL | Patched | 9.8 | 2026-05-20 | A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software. This potential vulnerability may allow escalation of privileges and/or… |
| CVE-2026-9141 | CRITICAL | 9.8 | 2026-05-20 | Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains an authentication bypass vulnerability in the embedded web configuration interface that allows unauthenticated… | |
| CVE-2026-9139 | CRITICAL | 9.8 | 2026-05-20 | Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains a hard-coded credential vulnerability in the embedded web configuration interface where authentication is impl… | |
| CVE-2026-45444 | CRITICAL | 10.0 | 2026-05-20 | Unrestricted Upload of File with Dangerous Type vulnerability in WP Swings Gift Cards For WooCommerce Pro allows Using Malicious Files. This issue affects Gift Cards For W… | |
| CVE-2026-20223 | CRITICAL | 10.0 | 2026-05-20 | A vulnerability in the access validation of internal REST APIs of Cisco Secure Workload could allow an unauthenticated, remote attacker to access site resources with t… |