Search
127,912 CVEs · High severity
CVEs (127,912, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 376–400 of 127,912 (capped at 500)
| CVE ID ↓ | Severity | Patch | CVSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-8148 | HIGH | Patched | 7.8 | 2026-05-08 | NAVER MYBOX Explorer for Windows before 3.0.11.160 allows a local attacker to escalate privileges to NT AUTHORITY\SYSTEM via registry manipulation due to improper privilege checks. |
| CVE-2026-8143 | HIGH | 7.2 | 2026-05-27 | The HBook plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'hb_country_iso', 'hb_usa_state_iso', and 'hb_canada_province_iso' parameters in all ver… | |
| CVE-2026-8138 | HIGH | 8.8 | 2026-05-08 | A vulnerability was found in Tenda CX12L 16.03.53.12. This issue affects the function formSetPPTPServer of the file /goform/SetPptpServerCfg”. The manipulation results in s… | |
| CVE-2026-8137 | HIGH | 8.8 | 2026-05-08 | A vulnerability has been found in Totolink X5000R 9.1.0u.6369_B20230113. This vulnerability affects the function sub_458E40 of the file /boafrm/formDdns. The manipulation o… | |
| CVE-2026-8135 | HIGH | Patched | 7.2 | 2026-05-21 | Concrete CMS 9.5.0 and below is vulnerable to Remote Code Execution due to insecure deserialization occurring in the ExpressEntryList block controller. An rogue administra… |
| CVE-2026-8134 | HIGH | Patched | 7.2 | 2026-05-21 | Concrete CMS 9.5.0 and below fails to sanitize path traversal sequences in the ptComposerFormLayoutSetControlCustomTemplate field when saving page type composer form layout… |
| CVE-2026-8133 | HIGH | 7.3 | 2026-05-08 | A security vulnerability has been detected in zyx0814 FilePress up to 2.2.0. Affected by this vulnerability is an unknown functionality of the file dzz/shares/admin.php of … | |
| CVE-2026-8132 | HIGH | 7.3 | 2026-05-08 | A weakness has been identified in CodeAstro Leave Management System 1.0. Affected is an unknown function of the file /login.php. This manipulation of the argument txt_usern… | |
| CVE-2026-8131 | HIGH | 7.3 | 2026-05-08 | A security flaw has been discovered in SourceCodester SUP Online Shopping 1.0. This impacts an unknown function of the file /admin/replymsg.php. The manipulation of the arg… | |
| CVE-2026-8130 | HIGH | 7.3 | 2026-05-08 | A vulnerability was identified in SourceCodester SUP Online Shopping 1.0. This affects an unknown function of the file /admin/message.php. The manipulation of the argument … | |
| CVE-2026-8129 | HIGH | 7.3 | 2026-05-08 | A vulnerability was determined in SourceCodester SUP Online Shopping 1.0. The impacted element is an unknown function of the file wishlist.php. Executing a manipulation of … | |
| CVE-2026-8128 | HIGH | 7.3 | 2026-05-08 | A vulnerability was found in SourceCodester SUP Online Shopping 1.0. The affected element is an unknown function of the file /admin/viewmsg.php. Performing a manipulation o… | |
| CVE-2026-8126 | HIGH | 7.3 | 2026-05-08 | A flaw has been found in SourceCodester Comment System 1.0. This issue affects some unknown processing of the file post_comment.php. This manipulation of the argument Name … | |
| CVE-2026-8111 | HIGH | Patched | 8.8 | 2026-05-12 | SQL injection in the web console of Ivanti Endpoint Manager before version 2024 SU6 allows a remote authenticated attacker to achieve remote code execution. |
| CVE-2026-8110 | HIGH | Patched | 7.8 | 2026-05-12 | Incorrect permissions assignment in the agent of Ivanti Endpoint Manager before version 2024 SU6 allows a local authenticated attacker to escalate their privileges. |
| CVE-2026-8108 | HIGH | 7.8 | 2026-05-12 | The installation of Fuji Tellus adds a driver to the kernel which grants all users read and write permissions. | |
| CVE-2026-8098 | HIGH | 7.3 | 2026-05-07 | A security vulnerability has been detected in code-projects Feedback System 1.0. Impacted is an unknown function of the file /admin/checklogin.php. Such manipulation of the… | |
| CVE-2026-8093 | HIGH | Patched | 8.1 | 2026-05-07 | Memory safety bugs present in Firefox 150.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been … |
| CVE-2026-8092 | HIGH | Patched | 8.1 | 2026-05-07 | Memory safety bugs present in Firefox ESR 115.35.1, Firefox ESR 140.10.1 and Firefox 150.0.1. Some of these bugs showed evidence of memory corruption and we presume that wi… |
| CVE-2026-8090 | HIGH | Patched | 7.3 | 2026-05-07 | Use-after-free in the DOM: Networking component. This vulnerability was fixed in Firefox 150.0.2, Firefox ESR 140.10.2, Firefox ESR 115.35.2, Thunderbird 150.0.2, and Thund… |
| CVE-2026-8083 | HIGH | 7.3 | 2026-05-07 | A vulnerability was found in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects an unknown part of the file /ajax.php?action=save_user. The manipulation o… | |
| CVE-2026-8073 | HIGH | 7.5 | 2026-05-19 | The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation and m… | |
| CVE-2026-8053 | HIGH | Patched | 8.8 | 2026-05-13 | An issue in MongoDB Server's time-series collection implementation allows an authenticated user with database write privileges to trigger an out-of-bounds memory write in t… |
| CVE-2026-8051 | HIGH | Patched | 7.2 | 2026-05-12 | OS command injection in Ivanti Virtual Traffic Manager before version 22.9r4 allows a remote authenticated attacker with admin privileges to achieve remote code execution. |
| CVE-2026-8047 | HIGH | 7.5 | 2026-05-26 | The affected products perform improper length checking when parsing incoming HTTP requests, resulting in a size-limited out-of-bounds write. An unauthenticated remote attac… |