Search
30,911 CVEs · Critical severity
EOL hidden · Show all products
CVEs (30,911, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 426–450 of 30,911 (capped at 500)
| CVE ID | Severity | Patch | CVSS | Published ↓ | Description |
|---|---|---|---|---|---|
| CVE-2026-8721 | CRITICAL | 9.8 | 2026-05-17 | Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl truncates passwords with embedded NULLs. Password parameters in PKCS12.xs are declared char *, which routes through P… | |
| CVE-2026-8507 | CRITICAL | 9.8 | 2026-05-17 | Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl have out-of-bounds (OOB) write flaws. When parsing a PKCS12 file, with a >= 1 GiB OCTET STRING (or BIT STRING) attrib… | |
| CVE-2018-25335 | CRITICAL | 9.8 | 2026-05-17 | WordPress Plugin Peugeot Music 1.0 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests … | |
| CVE-2018-25332 | CRITICAL | Patched | 9.8 | 2026-05-17 | GitBucket 4.23.1 contains an unauthenticated remote code execution vulnerability that allows attackers to execute arbitrary commands by exploiting weak secret token generat… |
| CVE-2018-25320 | CRITICAL | 9.8 | 2026-05-17 | ACL Analytics versions 11.x through 13.0.0.579 contain an arbitrary code execution vulnerability that allows attackers to execute arbitrary commands by leveraging the EXECU… | |
| CVE-2021-47952 | CRITICAL | 9.8 | 2026-05-16 | python jsonpickle 2.0.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary Python commands by deserializing malicious JSON payloads c… | |
| CVE-2020-37239 | CRITICAL | 9.8 | 2026-05-16 | libbabl 0.1.62 contains a broken double free detection vulnerability that allows attackers to bypass memory safety checks by exploiting signature overwriting in freed chunk… | |
| CVE-2020-37228 | CRITICAL | 9.8 | 2026-05-16 | iDS6 DSSPro Digital Signage System 6.2 contains a CAPTCHA security bypass vulnerability that allows attackers to bypass authentication by requesting the autoLoginVerifyCode… | |
| CVE-2026-44551 | CRITICAL | Patched | 9.1 | 2026-05-15 | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the LDAP authentication endpoint does not validate that t… |
| CVE-2026-46364 | CRITICAL | Patched | 9.8 | 2026-05-15 | phpMyFAQ before 4.1.2 contains an unauthenticated SQL injection vulnerability in BuiltinCaptcha::garbageCollector() and BuiltinCaptcha::saveCaptcha() methods that interpola… |
| CVE-2026-45010 | CRITICAL | Patched | 9.1 | 2026-05-15 | phpMyFAQ before 4.1.2 contains an improper restriction of excessive authentication attempts vulnerability in the /admin/check endpoint, which accepts arbitrary user-id para… |
| CVE-2021-47965 | CRITICAL | 9.8 | 2026-05-15 | WordPress Plugin WP Super Edit 2.5.4 and earlier contains an unrestricted file upload vulnerability in the FCKeditor component that allows attackers to upload dangerous fil… | |
| CVE-2026-44774 | CRITICAL | Patched | 9.9 | 2026-05-15 | Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.46, 3.6.17, and 3.7.1, Traefik's Kubernetes Gateway API provider allows a tenant with HTTPRoute creation p… |
| CVE-2026-44717 | CRITICAL | Patched | 9.8 | 2026-05-15 | MCP Calculate Server is a mathematical calculation service based on MCP protocol and SymPy library. Prior to 0.1.1, the use of eval() to evaluate mathematical expressions w… |
| CVE-2026-41258 | CRITICAL | Patched | 9.1 | 2026-05-15 | OpenMRS is an open source electronic medical record system platform. From 2.7.0 to before 2.7.9 and 2.8.6, the ConceptReferenceRangeUtility.evaluateCriteria() method in Ope… |
| CVE-2026-45772 | CRITICAL | Patched | 9.8 | 2026-05-15 | Turborepo is a high-performance build system for JavaScript and TypeScript codebases. From 1.1.0 to before 2.9.14, Turborepo can be vulnerable to arbitrary code execution w… |
| CVE-2026-41553 | CRITICAL | Patched | 10.0 | 2026-05-15 | PDF Export Module used in DHTMLX's products Gantt and Scheduler is vulnerable to Remote Code Execution due to lack of "data" parameter sanitization. An unauthenticated atta… |
| CVE-2026-8398 | CRITICAL | 9.8 | 2026-05-15 | A supply chain attack compromised the official installation packages of DAEMON Tools Lite (Windows versions 12.5.0.2421 through 12.5.0.2434), distributed from the legitimat… | |
| CVE-2026-5229 | CRITICAL | 9.8 | 2026-05-15 | The Form Notify plugin for WordPress is vulnerable to Authentication Bypass in versions up to and including 1.1.10. This is due to the plugin trusting user-controlled cooki… | |
| CVE-2026-44212 | CRITICAL | Patched | 9.3 | 2026-05-14 | PrestaShop is an open source e-commerce web application. Prior to 8.2.6 and 9.1.1, there is a stored Cross-Site Scripting (XSS) vulnerability in the PrestaShop back-office … |
| CVE-2026-8634 | CRITICAL | 9.1 | 2026-05-14 | Crabbox prior to v0.12.0 contains an environment variable exposure vulnerability that allows attackers with access to a malicious or compromised repository to forward local… | |
| CVE-2026-8580 | CRITICAL | Patched | 9.6 | 2026-05-14 | Use after free in Mojo in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium securit… |
| CVE-2026-8511 | CRITICAL | Patched | 9.6 | 2026-05-14 | Use after free in UI in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security … |
| CVE-2026-26191 | CRITICAL | Patched | 9.8 | 2026-05-14 | Fleet is open source device management software. Prior to version 4.81.0, a vulnerability in Fleet's software installer pipeline could allow a crafted software package to e… |
| CVE-2026-45375 | CRITICAL | Patched | 9.0 | 2026-05-14 | SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, SiYuan's Bazaar (community marketplace) renders the name and version fields of a package's pl… |