Search
19,591 CVEs · High severity
CVEs (19,591, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 401–425 of 19,591 (capped at 500)
| CVE ID | Severity | Patch | CVSS | Published ↓ | Description |
|---|---|---|---|---|---|
| CVE-2026-35082 | HIGH | Patched | 8.8 | 2026-06-03 | The ugw-logread method allows a remote attacker with user privileges to access arbitrary local files due to insufficient validation of user-supplied input. |
| CVE-2026-35081 | HIGH | Patched | 8.1 | 2026-06-03 | The ugw-logstop method allows a remote attacker with user privileges to terminate arbitrary processes due to insufficient validation of user-supplied input. |
| CVE-2026-35080 | HIGH | Patched | 8.1 | 2026-06-03 | The ugw-restoreinfo method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input. |
| CVE-2026-35079 | HIGH | Patched | 8.1 | 2026-06-03 | The ugw-restore method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input. |
| CVE-2026-35078 | HIGH | Patched | 8.1 | 2026-06-03 | The ugw-logstop method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input. |
| CVE-2026-35077 | HIGH | Patched | 8.1 | 2026-06-03 | The ugw-delete-file method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input. |
| CVE-2026-35076 | HIGH | Patched | 8.1 | 2026-06-03 | The bac-scanresult method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input. |
| CVE-2026-41032 | HIGH | 7.5 | 2026-06-03 | It is possible for an unauthenticated adjacent attacker to download log files of the controller, which may disclose some restricted information. | |
| CVE-2025-15656 | HIGH | 8.8 | 2026-06-03 | Incorrect Privilege Assignment vulnerability in Mojoomla School Management allows Privilege Escalation. This issue affects School Management: from n/a through 93.2.0. | |
| CVE-2025-15655 | HIGH | 7.6 | 2026-06-03 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mojoomla School Management allows SQL Injection. This issue affects S… | |
| CVE-2025-14774 | HIGH | 7.4 | 2026-06-03 | Incorrect Authorization vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24. | |
| CVE-2025-14773 | HIGH | 8.0 | 2026-06-03 | Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24. | |
| CVE-2025-14772 | HIGH | 8.8 | 2026-06-03 | Authorization bypass through User-Controlled key vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24. | |
| CVE-2026-4035 | HIGH | Patched | 7.7 | 2026-06-03 | A vulnerability in mlflow/mlflow versions prior to 3.11.0 allows for the resolution of environment variables in AI Gateway secrets, which can be exploited to exfiltrate sen… |
| CVE-2025-15654 | HIGH | 7.1 | 2026-06-03 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fox-themes Prague allows Reflected XSS. This issue affects Prague: fr… | |
| CVE-2026-50031 | HIGH | Patched | 7.5 | 2026-06-03 | ipmi-oem in FreeIPMI before 1.6.18 has exploitable buffer overflows on response messages. The Intelligent Platform Management Interface (IPMI) specification defines a set o… |
| CVE-2026-10704 | HIGH | 7.3 | 2026-06-03 | A vulnerability was detected in SourceCodester Pizzafy E-Commerce System 1.0. Affected by this vulnerability is the function Login of the file /admin/admin_class_novo.php o… | |
| CVE-2026-9516 | HIGH | Patched | 7.5 | 2026-06-03 | Cpanel::JSON::XS versions before 4.41 for Perl allow denial of service via UTF-8 BOM prefixed input when a decode filter callback throws. To skip a leading 3-byte UTF-8 BO… |
| CVE-2026-9334 | HIGH | Patched | 7.3 | 2026-06-03 | Cpanel::JSON::XS versions before 4.41 for Perl allow type confusion via duplicate object keys when dupkeys_as_arrayref is enabled. decode_hv() collapses duplicate object k… |
| CVE-2026-10694 | HIGH | 7.3 | 2026-06-03 | A vulnerability was detected in SourceCodester Online Food Ordering System 2.0. Affected by this issue is the function include of the file /index.php. The manipulation of t… | |
| CVE-2026-44654 | HIGH | Patched | 8.1 | 2026-06-02 | LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, a shared-agent editor can delete file records through `DE… |
| CVE-2026-42504 | HIGH | 7.5 | 2026-06-02 | Decoding a maliciously-crafted MIME header containing many invalid encoded-words can consume excessive CPU. | |
| CVE-2026-35482 | HIGH | 8.0 | 2026-06-02 | alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to version 2.0-M5-2606, a sandbox escape vulnerability in the… | |
| CVE-2026-31942 | HIGH | Patched | 7.1 | 2026-06-02 | LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.7.6, an Insecure Direct Object Reference (IDOR) vulnerability … |
| CVE-2024-14036 | HIGH | 7.5 | 2026-06-02 | Dräger Core 1.0.5 and Dräger M540 Converter Service 1.0.9 contain a denial of service vulnerability that allows network-adjacent attackers to trigger high CPU load by sendi… |