Search
18,985 CVEs
CVEs (18,985, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 401–425 of 18,985 (capped at 500)
| CVE ID | Severity | Patch | CVSS ↓ | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-9141 | CRITICAL | 9.8 | 2026-05-20 | Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains an authentication bypass vulnerability in the embedded web configuration interface that allows unauthenticated… | |
| CVE-2026-33278 | CRITICAL | Patched | 9.8 | 2026-05-20 | NLnet Labs Unbound 1.19.1 up to and including version 1.25.0 has a vulnerability in the DNSSEC validator that enables denial of service and possible remote code execution a… |
| CVE-2026-7637 | CRITICAL | 9.8 | 2026-05-20 | The Boost plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.0.3 via deserialization of untrusted input in the STYXKEY-BOOST_USE… | |
| CVE-2026-24207 | CRITICAL | Patched | 9.8 | 2026-05-20 | NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause an authentication bypass. A successful exploit of this vulnerability might lead to cod… |
| CVE-2026-7284 | CRITICAL | 9.8 | 2026-05-20 | The Easy Elements for Elementor – Addons & Website Templates plugin for WordPress is vulnerable to privilege escalation via user registration in all versions up to, and inc… | |
| CVE-2026-6555 | CRITICAL | 9.8 | 2026-05-20 | The ProSolution WP Client plugin for WordPress is vulnerable to Arbitrary File Upload in versions up to, and including, 2.0.0. This is due to an array validation mismatch w… | |
| CVE-2026-8495 | CRITICAL | Patched | 9.8 | 2026-05-19 | Missing Authorization vulnerability in Drupal Date iCal allows Forceful Browsing. This issue affects Date iCal: from 0.0.0 before 4.0.15. |
| CVE-2026-8605 | CRITICAL | 9.8 | 2026-05-19 | In ScadaBR version 1.2.0, a Use of Hard-Coded Credentials vulnerability could allow an attacker to access the SCADA system as admin. | |
| CVE-2026-8603 | CRITICAL | 9.8 | 2026-05-19 | In ScadaBR version 1.2.0, an OS Command Injection vulnerability could allow an attacker to execute commands as root on the SCADA system. | |
| CVE-2026-36829 | CRITICAL | 9.8 | 2026-05-19 | An authentication bypass vulnerability exists in the embedded HTTP server of Panabit PAP-XM320 up to and including v7.7. The server validates session cookies using a filesy… | |
| CVE-2026-37281 | CRITICAL | Patched | 9.8 | 2026-05-19 | An OS command injection vulnerability in the /stream-to-vlc Express route in hitarth-gg Zenshin before 2.7.0 allows remote attackers to execute arbitrary commands via the u… |
| CVE-2026-30118 | CRITICAL | 9.8 | 2026-05-19 | scalar/astro v0.1.13 was discovered to contain a Server-Side Request Forgery (SSRF) in the scalar_url query parameter of the Scalar Proxy endpoint. This vulnerability allow… | |
| CVE-2026-31070 | CRITICAL | 9.8 | 2026-05-19 | The LalanaChami Pharmacy Management System (commit 5c3d028) allows unauthenticated remote attackers to escalate privileges by self-assigning an administrative role during r… | |
| CVE-2026-31072 | CRITICAL | 9.8 | 2026-05-19 | The JSONSerializer and CBORSerializer in APScheduler (all versions including 3.10.x and 4.0.0a5) are vulnerable to Remote Code Execution (RCE) via Insecure Deserialization.… | |
| CVE-2026-30117 | CRITICAL | 9.8 | 2026-05-19 | scalar/astro v0.1.13 was discovered to contain an arbitrary file upload vulnerability in the the scalar_url query parameter of the Scalar Proxy endpoint. This vulnerability… | |
| CVE-2026-44159 | CRITICAL | 9.8 | 2026-05-19 | Tyler Identity Local (TID-L) uses documented, default administrative credentials. Users are not required to change the credentials before deployment. TID-L has not been dis… | |
| CVE-2026-8956 | CRITICAL | Patched | 9.8 | 2026-05-19 | Integer overflow in the Networking: JAR component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11. |
| CVE-2026-47323 | CRITICAL | Patched | 9.8 | 2026-05-19 | Camel-CXF and Camel-Knative Message Header Injection via Missing Inbound Filtering The CXF and Knative HeaderFilterStrategy implementations (CxfRsHeaderFilterStrategy in c… |
| CVE-2026-4883 | CRITICAL | 9.8 | 2026-05-19 | The Piotnet Forms plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the 'piotnetforms_ajax_form_builder' function in all ve… | |
| CVE-2026-43493 | CRITICAL | 9.8 | 2026-05-19 | In the Linux kernel, the following vulnerability has been resolved: crypto: pcrypt - Fix handling of MAY_BACKLOG requests MAY_BACKLOG requests can return EBUSY. Handle t… | |
| CVE-2026-45434 | CRITICAL | Patched | 9.8 | 2026-05-19 | Improper Authentication vulnerability in Apache OFBiz via Password-Change Logic Flaw Leading to Remote Code Execution This issue affects Apache OFBiz: before 24.09.06. Us… |
| CVE-2026-4885 | CRITICAL | 9.8 | 2026-05-19 | The Piotnet Addons for Elementor Pro plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the 'pafe_ajax_form_builder' functio… | |
| CVE-2026-8838 | CRITICAL | Patched | 9.8 | 2026-05-18 | Unsafe use of Python's eval() on server-received data in the vector_in() function in amazon-redshift-python-driver before 2.1.14 allows a rogue server or man-in-the-middle … |
| CVE-2026-25244 | CRITICAL | Patched | 9.8 | 2026-05-18 | WebdriverIO is a test automation framework for unit, e2e and component testing using WebDriver, WebDriver BiDi and Appium. Versions below 9.24.0 contain a command injection… |
| CVE-2026-8836 | CRITICAL | 9.8 | 2026-05-18 | A vulnerability was found in lwIP up to 2.2.1. Affected is the function snmp_parse_inbound_frame of the file src/apps/snmp/snmp_msg.c of the component snmpv3 USM Handler. P… |