Search
31,034 CVEs · Critical severity
CVEs (31,034, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 376–400 of 31,034 (capped at 500)
| CVE ID | Severity ↑ | Patch | CVSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-48172 | CRITICAL | Patched | 9.8 | 2026-05-21 | LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation (possibly to root), as exploited in the wild in May 2026. Detection is best done via a command lin… |
| CVE-2026-47372 | CRITICAL | 9.1 | 2026-05-20 | Crypt::SaltedHash versions through 0.09 for Perl generate insecure random values for salts. These versions use the built-in rand function, which is predictable and unsuita… | |
| CVE-2026-8631 | CRITICAL | Patched | 9.8 | 2026-05-20 | A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software. This potential vulnerability may allow escalation of privileges and/or… |
| CVE-2026-9139 | CRITICAL | 9.8 | 2026-05-20 | Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains a hard-coded credential vulnerability in the embedded web configuration interface where authentication is impl… | |
| CVE-2026-9141 | CRITICAL | 9.8 | 2026-05-20 | Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains an authentication bypass vulnerability in the embedded web configuration interface that allows unauthenticated… | |
| CVE-2026-45444 | CRITICAL | 10.0 | 2026-05-20 | Unrestricted Upload of File with Dangerous Type vulnerability in WP Swings Gift Cards For WooCommerce Pro allows Using Malicious Files. This issue affects Gift Cards For W… | |
| CVE-2026-20223 | CRITICAL | 10.0 | 2026-05-20 | A vulnerability in the access validation of internal REST APIs of Cisco Secure Workload could allow an unauthenticated, remote attacker to access site resources with t… | |
| CVE-2026-8598 | CRITICAL | 9.1 | 2026-05-20 | An undocumented configuration export port is accessible on some models of ZKTeco CCTV cameras. This port does not require authentication and exposes critical information … | |
| CVE-2026-22314 | CRITICAL | 9.0 | 2026-05-20 | Improper Control of Generation of Code ('Code Injection') vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component enables code execution on… | |
| CVE-2026-42960 | CRITICAL | Patched | 10.0 | 2026-05-20 | NLnet Labs Unbound up to and including version 1.25.0 is vulnerable to poisoning via promiscuous records for the authority section. Promiscuous RRSets that complement DNS r… |
| CVE-2026-33278 | CRITICAL | Patched | 9.8 | 2026-05-20 | NLnet Labs Unbound 1.19.1 up to and including version 1.25.0 has a vulnerability in the DNSSEC validator that enables denial of service and possible remote code execution a… |
| CVE-2026-7637 | CRITICAL | 9.8 | 2026-05-20 | The Boost plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.0.3 via deserialization of untrusted input in the STYXKEY-BOOST_USE… | |
| CVE-2026-24207 | CRITICAL | Patched | 9.8 | 2026-05-20 | NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause an authentication bypass. A successful exploit of this vulnerability might lead to cod… |
| CVE-2026-7284 | CRITICAL | 9.8 | 2026-05-20 | The Easy Elements for Elementor – Addons & Website Templates plugin for WordPress is vulnerable to privilege escalation via user registration in all versions up to, and inc… | |
| CVE-2026-6555 | CRITICAL | 9.8 | 2026-05-20 | The ProSolution WP Client plugin for WordPress is vulnerable to Arbitrary File Upload in versions up to, and including, 2.0.0. This is due to an array validation mismatch w… | |
| CVE-2026-8495 | CRITICAL | Patched | 9.8 | 2026-05-19 | Missing Authorization vulnerability in Drupal Date iCal allows Forceful Browsing. This issue affects Date iCal: from 0.0.0 before 4.0.15. |
| CVE-2026-34234 | CRITICAL | Patched | 10.0 | 2026-05-19 | CtrlPanel is open-source billing software for hosting providers. In versions 1.1.1 and prior, the web-based installer (public/installer/index.php) is vulnerable to unauthen… |
| CVE-2026-33642 | CRITICAL | Patched | 9.9 | 2026-05-19 | Kitty is a cross-platform GPU based terminal. In versions 0.46.2 and below, the handle_compose_command() function in kitty/graphics.c performs bounds validation on composit… |
| CVE-2026-8605 | CRITICAL | 9.8 | 2026-05-19 | In ScadaBR version 1.2.0, a Use of Hard-Coded Credentials vulnerability could allow an attacker to access the SCADA system as admin. | |
| CVE-2026-8602 | CRITICAL | 9.1 | 2026-05-19 | In ScadaBR version 1.2.0, a Missing Authentication for Critical Function vulnerability could allow an unauthenticated attacker to send a HTTP GET requests to the SCADA syst… | |
| CVE-2026-8603 | CRITICAL | 9.8 | 2026-05-19 | In ScadaBR version 1.2.0, an OS Command Injection vulnerability could allow an attacker to execute commands as root on the SCADA system. | |
| CVE-2026-36829 | CRITICAL | 9.8 | 2026-05-19 | An authentication bypass vulnerability exists in the embedded HTTP server of Panabit PAP-XM320 up to and including v7.7. The server validates session cookies using a filesy… | |
| CVE-2026-37281 | CRITICAL | Patched | 9.8 | 2026-05-19 | An OS command injection vulnerability in the /stream-to-vlc Express route in hitarth-gg Zenshin before 2.7.0 allows remote attackers to execute arbitrary commands via the u… |
| CVE-2026-30118 | CRITICAL | 9.8 | 2026-05-19 | scalar/astro v0.1.13 was discovered to contain a Server-Side Request Forgery (SSRF) in the scalar_url query parameter of the Scalar Proxy endpoint. This vulnerability allow… | |
| CVE-2026-31070 | CRITICAL | 9.8 | 2026-05-19 | The LalanaChami Pharmacy Management System (commit 5c3d028) allows unauthenticated remote attackers to escalate privileges by self-assigning an administrative role during r… |