Search
59,162 CVEs
CVEs (59,162, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 426–450 of 59,162 (capped at 500)
| CVE ID | Severity | Patch | CVSS ↓ | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-30269 | CRITICAL | 9.9 | 2026-04-20 | Improper access control in Doorman v0.1.0 and v1.0.2 allows any authenticated user to update their own account role to a non-admin privileged role via /platform/user/{usern… | |
| CVE-2026-6643 | CRITICAL | Patched | 9.9 | 2026-04-20 | A stack-based buffer overflow vulnerability was found in the VPN Clients on the ADM. The issue stems from the use of unbounded sscanf() and passing user-controlled data dir… |
| CVE-2026-40342 | CRITICAL | Patched | 9.9 | 2026-04-17 | Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the external engine plugin loader concatenates a user-suppli… |
| CVE-2026-20180 | CRITICAL | Patched | 9.9 | 2026-04-15 | A vulnerability in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an… |
| CVE-2026-20186 | CRITICAL | Patched | 9.9 | 2026-04-15 | A vulnerability in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an… |
| CVE-2026-20147 | CRITICAL | Patched | 9.9 | 2026-04-15 | A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected… |
| CVE-2026-39842 | CRITICAL | Patched | 9.9 | 2026-04-15 | OpenRemote is an open-source IoT platform. Versions 1.21.0 and below contain two interrelated expression injection vulnerabilities in the rules engine that allow arbitrary … |
| CVE-2026-35031 | CRITICAL | Patched | 9.9 | 2026-04-14 | Jellyfin is an open source self hosted media server. Versions prior to 10.11.7 contain a vulnerability chain in the subtitle upload endpoint (POST /Videos/{itemId}/Subtitle… |
| CVE-2026-38526 | CRITICAL | 9.9 | 2026-04-14 | An authenticated arbitrary file upload vulnerability in the /admin/tinymce/upload endpoint of Webkul Krayin CRM v2.2.x allows attackers to execute arbitrary code via upload… | |
| CVE-2026-27681 | CRITICAL | 9.9 | 2026-04-14 | Due to insufficient authorization checks in SAP Business Planning and Consolidation and SAP Business Warehouse, an authenticated user can execute crafted SQL statements to … | |
| CVE-2026-5412 | CRITICAL | Patched | 9.9 | 2026-04-10 | In Juju versions prior to 2.9.57 and 3.6.21, an authorization issue exists in the Controller facade. An authenticated user can call the CloudSpec API method to extract the … |
| CVE-2026-40089 | CRITICAL | Patched | 9.9 | 2026-04-09 | Sonicverse is a Self-hosted Docker Compose stack for live radio streaming. The Sonicverse Radio Audio Streaming Stack dashboard contains a Server-Side Request Forgery (SSRF… |
| CVE-2026-34987 | CRITICAL | Patched | 9.9 | 2026-04-09 | Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime with its Winch (baseline) non-default compiler backend may allow properly … |
| CVE-2025-62718 | CRITICAL | Patched | 9.9 | 2026-04-09 | Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.31.0, Axios does not correctly handle hostname normalization when checking NO_PROXY … |
| CVE-2026-39888 | CRITICAL | Patched | 9.9 | 2026-04-08 | PraisonAI is a multi-agent teams system. Prior to 1.5.115, execute_code() in praisonaiagents.tools.python_tools defaults to sandbox_mode="sandbox", which runs user code in … |
| CVE-2026-39355 | CRITICAL | Patched | 9.9 | 2026-04-07 | Genealogy is a family tree PHP application. Prior to 5.9.1, a critical broken access control vulnerability in the genealogy application allows any authenticated user to tra… |
| CVE-2026-23696 | CRITICAL | 9.9 | 2026-04-07 | Windmill CE and EE versions 1.276.0 through 1.603.2 contain an SQL injection vulnerability in the folder ownership management functionality that allows authenticated attack… | |
| CVE-2026-34612 | CRITICAL | Patched | 9.9 | 2026-04-03 | Kestra is an open-source, event-driven orchestration platform. Prior to version 1.3.7, Kestra (default docker-compose deployment) contains a SQL Injection vulnerability tha… |
| CVE-2026-34838 | CRITICAL | Patched | 9.9 | 2026-04-02 | Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.156, 25.0.90, and 26.0.12, a vulnerability in the AbstractSettingsC… |
| CVE-2026-34717 | CRITICAL | Patched | 9.9 | 2026-04-02 | OpenProject is an open-source, web-based project management software. Prior to version 17.2.3, the =n operator in modules/reporting/lib/report/operator.rb:177 embeds user i… |
| CVE-2026-25212 | CRITICAL | Patched | 9.9 | 2026-04-02 | An issue was discovered in Percona PMM before 3.7. Because an internal database user retains specific superuser privileges, an attacker with pmm-admin rights can abuse the … |
| CVE-2026-34571 | CRITICAL | Patched | 9.9 | 2026-04-01 | CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, a S… |
| CVE-2026-34569 | CRITICAL | Patched | 9.9 | 2026-04-01 | CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the… |
| CVE-2026-33579 | CRITICAL | Patched | 9.9 | 2026-03-31 | OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in the /pair approve command path that fails to forward caller scopes into the core approval check. … |
| CVE-2026-34156 | CRITICAL | Patched | 9.9 | 2026-03-31 | NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to version 2.0.28, NocoBase's Workflow Script Node ex… |