Search
31,027 CVEs · Critical severity
CVEs (31,027, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 426–450 of 31,027 (capped at 500)
| CVE ID ↓ | Severity | Patch | CVSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-44881 | CRITICAL | Patched | 9.9 | 2026-05-28 | Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environme… |
| CVE-2026-4480 | CRITICAL | Patched | 9.0 | 2026-05-26 | A flaw was found in the Samba printing subsystem. Samba passes the client-controlled job description string to the command configured with the "print command" setting via t… |
| CVE-2026-44774 | CRITICAL | Patched | 9.9 | 2026-05-15 | Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.46, 3.6.17, and 3.7.1, Traefik's Kubernetes Gateway API provider allows a tenant with HTTPRoute creation p… |
| CVE-2026-44717 | CRITICAL | Patched | 9.8 | 2026-05-15 | MCP Calculate Server is a mathematical calculation service based on MCP protocol and SymPy library. Prior to 0.1.1, the use of eval() to evaluate mathematical expressions w… |
| CVE-2026-44694 | CRITICAL | Patched | 9.1 | 2026-05-08 | n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. From version 2.18.7 to before version 2.50.2, there is an… |
| CVE-2026-44668 | CRITICAL | Patched | 9.8 | 2026-05-26 | FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, AccessControlInterceptor, the authentication gate for all Struts2 actions, unconditio… |
| CVE-2026-44650 | CRITICAL | Patched | 9.1 | 2026-05-29 | SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voi… |
| CVE-2026-44649 | CRITICAL | Patched | 9.8 | 2026-05-29 | SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voi… |
| CVE-2026-44643 | CRITICAL | Patched | 10.0 | 2026-05-11 | Angular Expressions provides expressions for the Angular.JS web framework as a standalone module. Prior to 1.5.2, an attacker can write a malicious expression using filters… |
| CVE-2026-44631 | CRITICAL | Patched | 9.8 | 2026-06-08 | Buffer Underwrite vulnerability in Apache HTTP Server on crafted regular expressions in the configuration. This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67… |
| CVE-2026-44592 | CRITICAL | Patched | 9.4 | 2026-05-14 | Gradient is a nix-based continuous integration system. In 1.1.0, when GRADIENT_DISCOVERABLE=true (the default, and the NixOS module default), anyone who can reach /proto ca… |
| CVE-2026-44590 | CRITICAL | Patched | 9.3 | 2026-05-27 | Sherlock hunts down social media accounts by username across social networks. Prior to 0.16.1, the GitHub Actions workflow validate_modified_targets.yml is vulnerable to co… |
| CVE-2026-44551 | CRITICAL | Patched | 9.1 | 2026-05-15 | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the LDAP authentication endpoint does not validate that t… |
| CVE-2026-44547 | CRITICAL | Patched | 9.6 | 2026-05-12 | ChurchCRM is an open-source church management system. From 7.2.0 to 7.2.2, The fix for CVE-2026-4058 is incomplete. The hardening commit was merged and then silently stripp… |
| CVE-2026-44542 | CRITICAL | Patched | 9.1 | 2026-05-14 | FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to 1.3.1-stable and 1.3.9-beta, attacker-controlled path input is joined with a trusted base path … |
| CVE-2026-44523 | CRITICAL | Patched | 10.0 | 2026-05-14 | Note Mark is an open-source note-taking application. Prior to 0.19.4, no minimum length or entropy is enforced on the JWT_SECRET configuration value. The application accept… |
| CVE-2026-44497 | CRITICAL | Patched | 9.1 | 2026-05-08 | ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.4.0 and prior to zebra-script version 6.0.0, the fix for CVE-2026-41583 introduced a separate issu… |
| CVE-2026-44484 | CRITICAL | 9.8 | 2026-05-14 | PyTorch Lightning is a deep learning framework to pretrain and finetune AI models. Versions 2.6.2 and 2.6.2 have introduced functionality consistent with a credential harve… | |
| CVE-2026-44482 | CRITICAL | Patched | 9.6 | 2026-05-14 | soundcloud-rpc is a SoundCloud Client with Discord Rich Presence, Dark Mode, Last.fm and AdBlock support. Prior to 0.1.8, a track title containing an HTML payload executed … |
| CVE-2026-44477 | CRITICAL | Patched | 9.9 | 2026-05-28 | CloudNativePG is a platform designed to manage PostgreSQL databases within Kubernetes environments. Prior to 1.29.1 and 1.28.3, the CloudNativePG metrics exporter opens its… |
| CVE-2026-44451 | CRITICAL | Patched | 9.3 | 2026-05-26 | Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the component override system transpiles user-supplied TSX via Sucrase and evaluates it with new Function,… |
| CVE-2026-44450 | CRITICAL | Patched | 9.9 | 2026-05-26 | Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the MCP server creation endpoint validates the command field against an allowlist of binary names but forw… |
| CVE-2026-44449 | CRITICAL | Patched | 9.1 | 2026-05-26 | Lumiverse is a full-featured AI chat application. Prior to 0.9.7, when the primary toSmbPath(fullPath) call throws, the method falls back to a dirname/basename split and on… |
| CVE-2026-44444 | CRITICAL | Patched | 9.1 | 2026-05-26 | Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the Spindle extension build pipeline calls bun install without the --ignore-scripts flag before running th… |
| CVE-2026-44442 | CRITICAL | Patched | 9.9 | 2026-05-13 | ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 16.9.1, certain endpoints failed to enforce proper authorization checks, allowing users to mod… |