Search
18,985 CVEs
CVEs (18,985, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 426–450 of 18,985 (capped at 500)
| CVE ID | Severity | Patch | CVSS ↓ | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-7301 | CRITICAL | 9.8 | 2026-05-18 | SGLangs multimodal generation runtime scheduler's ROUTER socket binds to 0.0.0.0 by default and contains a sink that calls pickle.loads() on incoming messages, enabling RCE… | |
| CVE-2026-7304 | CRITICAL | 9.8 | 2026-05-18 | SGLangs multimodal generation runtime is vulnerable to unauthenticated remote code execution when the --enable-custom-logit-processor option is enabled, as Python objects l… | |
| CVE-2026-8721 | CRITICAL | 9.8 | 2026-05-17 | Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl truncates passwords with embedded NULLs. Password parameters in PKCS12.xs are declared char *, which routes through P… | |
| CVE-2026-8507 | CRITICAL | 9.8 | 2026-05-17 | Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl have out-of-bounds (OOB) write flaws. When parsing a PKCS12 file, with a >= 1 GiB OCTET STRING (or BIT STRING) attrib… | |
| CVE-2018-25335 | CRITICAL | 9.8 | 2026-05-17 | WordPress Plugin Peugeot Music 1.0 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests … | |
| CVE-2018-25332 | CRITICAL | Patched | 9.8 | 2026-05-17 | GitBucket 4.23.1 contains an unauthenticated remote code execution vulnerability that allows attackers to execute arbitrary commands by exploiting weak secret token generat… |
| CVE-2018-25320 | CRITICAL | 9.8 | 2026-05-17 | ACL Analytics versions 11.x through 13.0.0.579 contain an arbitrary code execution vulnerability that allows attackers to execute arbitrary commands by leveraging the EXECU… | |
| CVE-2021-47952 | CRITICAL | 9.8 | 2026-05-16 | python jsonpickle 2.0.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary Python commands by deserializing malicious JSON payloads c… | |
| CVE-2020-37239 | CRITICAL | 9.8 | 2026-05-16 | libbabl 0.1.62 contains a broken double free detection vulnerability that allows attackers to bypass memory safety checks by exploiting signature overwriting in freed chunk… | |
| CVE-2020-37228 | CRITICAL | 9.8 | 2026-05-16 | iDS6 DSSPro Digital Signage System 6.2 contains a CAPTCHA security bypass vulnerability that allows attackers to bypass authentication by requesting the autoLoginVerifyCode… | |
| CVE-2026-46364 | CRITICAL | Patched | 9.8 | 2026-05-15 | phpMyFAQ before 4.1.2 contains an unauthenticated SQL injection vulnerability in BuiltinCaptcha::garbageCollector() and BuiltinCaptcha::saveCaptcha() methods that interpola… |
| CVE-2021-47965 | CRITICAL | 9.8 | 2026-05-15 | WordPress Plugin WP Super Edit 2.5.4 and earlier contains an unrestricted file upload vulnerability in the FCKeditor component that allows attackers to upload dangerous fil… | |
| CVE-2026-44717 | CRITICAL | Patched | 9.8 | 2026-05-15 | MCP Calculate Server is a mathematical calculation service based on MCP protocol and SymPy library. Prior to 0.1.1, the use of eval() to evaluate mathematical expressions w… |
| CVE-2026-45772 | CRITICAL | Patched | 9.8 | 2026-05-15 | Turborepo is a high-performance build system for JavaScript and TypeScript codebases. From 1.1.0 to before 2.9.14, Turborepo can be vulnerable to arbitrary code execution w… |
| CVE-2026-8398 | CRITICAL | 9.8 | 2026-05-15 | A supply chain attack compromised the official installation packages of DAEMON Tools Lite (Windows versions 12.5.0.2421 through 12.5.0.2434), distributed from the legitimat… | |
| CVE-2026-5229 | CRITICAL | 9.8 | 2026-05-15 | The Form Notify plugin for WordPress is vulnerable to Authentication Bypass in versions up to and including 1.1.10. This is due to the plugin trusting user-controlled cooki… | |
| CVE-2026-26191 | CRITICAL | Patched | 9.8 | 2026-05-14 | Fleet is open source device management software. Prior to version 4.81.0, a vulnerability in Fleet's software installer pipeline could allow a crafted software package to e… |
| CVE-2026-41315 | CRITICAL | Patched | 9.8 | 2026-05-14 | mdserver-web is a simple Linux panel. From 0.18.0 to 0.18.4, mdserver-web has a front-end unauthorized remote command execution vulnerability. Due to the lack of authentica… |
| CVE-2026-42589 | CRITICAL | Patched | 9.8 | 2026-05-14 | Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, Gotenberg's /forms/pdfengines/metadata/write HTTP endpoint accepts a JSON metadata object and pa… |
| CVE-2026-44484 | CRITICAL | 9.8 | 2026-05-14 | PyTorch Lightning is a deep learning framework to pretrain and finetune AI models. Versions 2.6.2 and 2.6.2 have introduced functionality consistent with a credential harve… | |
| CVE-2026-2347 | CRITICAL | Patched | 9.8 | 2026-05-14 | Authorization bypass through User-Controlled key vulnerability in Akilli Commerce Software Technologies Ltd. Co. E-Commerce Website allows Session Hijacking. This issue af… |
| CVE-2025-11024 | CRITICAL | Patched | 9.8 | 2026-05-14 | Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Akilli Commerce Software Technologies Ltd. Co. E-Commerce Website allo… |
| CVE-2026-6510 | CRITICAL | 9.8 | 2026-05-14 | The InfusedWoo Pro plugin for WordPress is vulnerable to privilege escalation via missing authorization in all versions up to, and including, 5.1.2. This is due to missing … | |
| CVE-2026-6271 | CRITICAL | 9.8 | 2026-05-14 | The Career Section plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.7 via the CV upload handler. This is due to missing f… | |
| CVE-2026-8181 | CRITICAL | 9.8 | 2026-05-14 | The Burst Statistics – Privacy-Friendly WordPress Analytics (Google Analytics Alternative) plugin for WordPress is vulnerable to Authentication Bypass in versions 3.4.0 to … |